IT Best Practices Security Best Practices

Here’s Why Smaller Companies Could Have Bigger Cyber Claims

A data breach doesn’t discriminate based on the size of your company. Making sure you’re protected, therefore, is extremely important. This is more or less the reason why a lot of companies take out cyber insurance to help pay for indirect costs associated with a data breach. While it’s great news that companies are taking security very seriously, it comes at a bit of a shock once you see how much these claims actually cost. And, not only that, but also where those costs are coming from.

A study done by NetDiligence on cyber claims costs tells us a lot of interesting information. Though the larger companies make up a higher total average of claims at six million dollars, it was actually the smaller companies with less than two billion dollars in revenue that represented a higher cost of claims individually. That’s a whopping 87% majority of the all the companies surveyed.

But, why? Why would a smaller company who makes a heck of a lot less than a larger one be claiming more money than their larger-company counterparts?

Here are a few possible reasons.

Fortune 500 Companies Are No Longer the Only Targets

For many years, only Fortune 500 companies and government organizations were the main targets for data breaches. IT teams and managed service providers were still an up and coming career. Those who knew how to prevent hackers were mostly hired to protect large organizations like these. But, times are a changin’, and smaller companies are just as likely to get breached. Particularly, in retail and financial sectors.

Small Companies Aren’t As Aware of Their Exposure

Without putting any of you small-company folks down, these kind of companies just are not as aware of their exposure as much as large companies are. This means that not only are they unfamiliar with how much sensitive information they possess, but how much of that information isn’t safe from attackers.

Resources are Limited

When it comes to smaller companies, there aren’t as many resources available to guard against data breaches. Unlike larger companies, they might have a smaller budget or they may be currently preoccupied with getting their business off the ground or managing their customer relations. During these times, a small company may not realize how vulnerable they are. But, that doesn’t necessarily mean they aren’t protecting themselves. When companies have less resources to invest in IT, they may just put that towards insurance. Hence why we see more claims from small companies.

Overall, Smaller Organizations Have More Incidents

You might wonder why a smaller organization with less to offer hackers would have more incidents than a larger organization. But, believe it or not, the size of your company has both a lot to do and very little to do with it. One thing to note is that hackers don’t really care about the size of your company. If you have important information somewhere in your ne
twork, then you can be a target.

That being said, the fact that you are a small company, in general, may mean you’re not quite up to par with larger companies when it comes to cyber security. That means more incidents can happen, thus leading to a higher cost of claims.

So, where does your company fall in all of this? Smeester & Associates is here to provide you with more information on these topics, so you can make the right decisions for your company.

CEO Best Practices

12 Things to Consider When Performing a Security Assessment

With recent big-name breaches from Yahoo, ADP, and the IRS in the news, security is a top concern for many business owners.

And with the advent of the cloud and evolution of the Internet of Things (IoT), hackers have evolved too. They’re finding increasingly clever ways to exploit technology designed to make doing business easier.

Yet most businesses are using outdated security software and practices, and failing to refresh their cybersecurity solutions/practices to meet the increased risk.

network-security-assessment3 Common SMB Security Threats

Most small- and medium-sized business (SMB) owners are very cost-conscious, and won’t spend money on beefing up their IT security unless they understand that they risk more by doing nothing. And ignoring security vulnerabilities won’t make them disappear. Here are a few vulnerabilities that are often overlooked.

1. Outdated security software

This is more common than you might think. Some businesses feel comfortable using a boxed product purchased years ago, others forget to renew expiring licenses, and still others find themselves in the unfortunate position of finding out their own network is blocking routine security updates.

2. Haphazard access control

Making everyone an admin can prove to be just as detrimental as failing to turn off an employee’s access when (s)he leaves your company. Many SMBs need to find a better way to manage access to and control over their systems, network, and data.

3. Leaving passwords out for prying eyes

Yes, even in 2016, people still leave their passwords out for anyone to see. All the IT security technology in the world can’t protect against a little slip-up like this. SMB’s need to build—and hold accountability to—stronger security practices that assist in preventing messy data breaches.

Can you spot the 13 security flaws in this photo? Play along now!

An IT assessment will quickly flag these obvious vulnerabilities and more. What is your cost of a breach? Factor in downtime, lost opportunities, clean-up costs, reputation damage, and of course, the big fines. In most cases, the cost of a single breach will be considerably higher than that of a comprehensive security assessment from time to time.

What Steps to Take as Part of Your Security Risk Assessment

When you schedule your 360-degree security assessment with an IT provider equiped to perform them, here are 12 essential tasks we recommend you that IT firm includes:

1. Evaluate inbound firewall configuration and search for known external vulnerabilities

If a managed firewall service is not in place, this report will help show you why you need to implement one. It can also help ensure that the impact of changes made to the external firewall—or exposure of outward-facing applications—is minimized.

2. Review out-bound firewall configuration

The SANS Institute best practices for egress filtering points to the vital role that the blocking of unnecessary traffic plays in eliminating the spread of viruses, worms and Trojans in the environment.

3. Inspect the effectiveness of the current patch management tool

The purpose of this task is to identify systems in which security patches have not been applied in a timely manner.

4. Examine antivirus and anti-spyware deployment

This activity determines where antivirus and anti-spyware is not deployed or is out of date.

5. Conduct administrator review

This review validates, through interview(s) with the business owner(s), the list of users with administrative privileges.

6. Share permission review

This action validates which users have access to critical business data through interview(s) with the business owner(s).

7. Perform physical security walk-through

This in-person walk-through of the office helps you identify issues a network assessment tool can’t—like employees leaving their passwords in plain sight.

8. Run an internal vulnerability scan

By scanning your network for internal security vulnerabilities that could be exploited once an attacker gains access, you’ll have a better understanding of what you’re up against.

9. Look for anomalous logins

This task is intended to review security audit logs for suspicious logins or log-in attempts.

10. Perform a security policy review

Review default Group Policy and applicable Local Security Policies for consistency and alignment with best practices.

11. Do an IT administrator review

Review user, computers, and Layer 2/3 detail with the in-house administrator to identify possible defunct or rogue users and systems.

12. Check compliance with basic standards

For all companies, even if they are not required to comply with a compliance standard such as HIPAA or PCI, a compliance-level audit is beneficial in finding security-related, best-practice violations.

IT Best Practices

Thanks to Samsung, It’s Time to Amp Up Your Mobile Device Security

Over the last few months, Samsung has made the news for their Galaxy Note 7, which has had its batteries exploding, causing danger for users. The problem has gotten so bad that you can now get into serious trouble for bringing one onto an airplane. Though, the recent round of total recalls on all devices should help prevent that from happening.

Besides the fact that a phone exploding in your pocket or under your pillow can be a serious physical risk to a person, it also presents a huge security risk. If you were one of the one million users who had to send their phone back, then you must know Samsung now has a ton of phones with sensitive information on it. One of them could be yours.

So, Samsung may care less about your information. But, this whole situation is a clear representation of the security risks mobile devices can present if not handled correctly. All it takes is one bad person to get their hands on a device to ruin your identity or your company. Whether you owned a Galaxy Note 7 or not, you might want to give more attention to your own company’s mobile security situation.

And, you can do it in less time than a phone blows up. Here’s how.

Add Mobile Devices to Your Current Security Plan

If you already have a current security plan managed by a service provider, you don’t need to take out a new one for your mobile devices. It’s easy to call up whoever is helping you run your network and ask them to add on security for any devices that are or will be connected. There’s no sense making things more difficult for yourself and your budget when you can keep everything simple.

Make Sure Your IT Team is Well-Prepared

If you rely on your IT team or an IT person to manage your security, then there are some things you need to understand. First of all, it’s time to consider outsourcing to a managed service provider, because then you can be sure your bases are covered. We live in a world where technology is rapidly changing and therefore mobile device security must be a priority. Unfortunately, not all IT personnel can keep up. If you’re still using your IT person or team, then that’s fine, but make sure you’re investing in their tools and resources which would be necessary to ensure you’re protected

Re-Assess Your BYOD Policy

A BYOD policy is definitely not something you want to take away from your employees if you’ve already implemented it. We know that having a BYOD policy allows for a happier and more efficient workplace. That being said, in light of the events of Samsung, you might need to tighten up your mobile device security until things get under control. This could involve anything from keeping very close tabs on who is starting to bring in their own devices, to having a stricter procedure altogether.

Be Careful about Who Goes in and Who Goes Out

Does your company have a WiFi system that anyone can connect to? What about people who work at your company for a year, have access to everything, and then they just leave? Shouldn’t their devices be swiped of all company-related information and access before they’re gone for good? Remember, when it comes to cyber security, you can’t trust anyone. And, when mobile device usage continues to grow as such a fast rate, companies need to crack down.

Smeester & Associates can provide you with the tools and recommendations needed to make sure your company’s mobile devices aren’t putting you at risk.

CEO Best Practices

The IT Guy That Didn’t Scale, and the Client Who Went With Him

How can a lone IT guy compete with large teams of certified technicians? Though having one IT guy may be easier, there are just a lot of factors of why going with he or she can put you at risk. If you’re still stuck with choosing between an IT person or an outsourced team, then we’re going to make your choice very easy. Don’t be the client who went with the IT guy. Be the client who went on to a bigger and better managed service provider.

Here’s what you need to know!

Two Heads (Or Five) are Better Than One

Now, not all things are better when they are left to more than one person. But, in the case of managing your network, you want there to be more people. When you’re counting on one IT guy, there may be a problem that he or she just can’t figure out. After all, we are only human. That being said, an entire team of certified technicians can work together to quickly find a solution to your problem.

Managed Service Providers Lower Costs Overall

On the surface, it may seem like hiring just one IT guy is more affordable for a company. But, when you go with a team of certified technicians, it will lower your costs. This is due to ‘economies of scale,’ in which production is increased across the board, and therefore, costs decrease.

The IT Guy Just Can’t Handle it All

Maybe your IT Guy is super-efficient and gets things done, sometimes even before you ask. But, the reality is, if your business is growing, there are just some things that can’t be dealt with alone. For example, let’s say your company is thinking of switching over to the cloud. That’s a big switch on its own, but it’s something that requires a lot of monitoring. Monitoring that an IT person can’t handle by him or herself. Something like the cloud is constantly changing and growing, with new features and additions. Only a team of managed service providers can stay on top of everything associated with something as vast as the cloud.

You Don’t Need to Let Anyone Go

So, you’re starting to see the advantages of having a managed service provider. But, what are you supposed to do with the IT guy you already have? Or, what about the in-house IT team you already rely on to help you manage everything? Well, the good news is, doing what’s right for your company doesn’t always mean having to let your staff go. Choosing one over the other isn’t necessarily mutually exclusive.

Instead, use both. Managing your network is one of the most important things you can do for your company, but there are ways to go about it so no one needs to lose their job. One way to do this is by keeping your IT guy, but hiring a managed service provider to help him or her as a back up; an extra set of hands, if you will.

BUT, If You Had to Choose…

If your company is in a place where they can choose between an IT guy and a managed service provider, then you know what you need to do. A managed service provider can conduct an entire array of useful services, and you can choose how much help you need (or how much you want to pay for).

The Bottom Line

Whether you choose to go full throttle with a managed service provider or you’re going to make the transition gradually, make the best decision for your company. Even if you choose to keep your IT guy, a managed service provider can be there to pick up any dust that wasn’t swept up by your IT person.

Smeester & Associates is here to provide you with the tools and recommendations necessary to choose the appropriate IT management option for your company.

CEO Best Practices

4 Tools Designed to Prevent Screen Fatigue & Boost Employee Productivity

Most if not all of us spend too much time in front of a screen. Televisions, smartphones, laptops – we are surrounded by screen, after screen, after screen. As a result, our relationship with technology can be bittersweet. As awesome as it is to have all of the information we ever needed right at our fingertips, our health and productivity depend on our ability to unplug.

I am constantly in front of my laptop or cell phone. Each time I unlock my mobile, I am tempted to check my social media feeds and often fall down the rabbit hole of clickbait. Before I know it, sixty minutes have passed and I’m wondering where the time went. On top of this, I find my sleep interrupted or lacking. Sometimes I can even feel my eyes becoming strained, followed closely by a pounding headache.

Chances are, you suffer screen fatigue as well. To help you, following is a few mobile apps and browser extensions that can help with the eye strain!

1. f.lux®

Research shows that that blue light emitted from screens and monitors can interrupt sleep patterns. If you are on your phone or computer well into the evening, or close to bedtime, you may have experienced this firsthand! f.lux is a browser extension that adjusts the color of your computer’s display to adapt to the time of day – “warm at night and like sunlight during the day.” Long story short, by reducing the harsh blue glow, f.lux may help you power down and fall asleep more easily, especially if you find you’re staying up too late working or checking Facebook.

FYI: There is a smartphone version of Flux, but I find that another app called Twilight works a little better on my Android.

2. StayFocusd

How much time have you or your employees lost to time-wasting websites? Maybe your team has a procrastination problem and accidentally loses hours of productivity to entertainment and leisure websites and apps. It’s so easy to say you’ll only spend five minutes setting your Fantasy Football lineup or taking a Buzzfeed quiz. Encourage staff to add the StayFocusd Chrome extension! With it, users can block any and all distracting sites for custom time periods. I also recommend an extension called TaskTimer, where you can set your own schedule and view analytics that measure Internet activity and time spent browsing the Web.

3. Pocket

We’ve all been there. Someone shares a compelling article, and then all of a sudden you find yourself consuming a never-ending string of suggested readings. Then, you look at the clock only to wonder where the time went! Sign up for a Pocket account to save Web pages, videos or articles you wish to visit at a later time! This app integrates with most browsers and will sync your saved content across all devices. And the best part is that you don’t even need an Internet connection! You can access everything you add all in one convenient place.

4. eyeCare

This vision protection extension notifies you regularly when it’s time to stop staring at your computer or smartphone screen so that you may rest your eyes. It even provides suggestions for what to do during your breaks to minimize discomfort! Use eyeCare in conjunction with Screen Shader to reduce eye strain and headaches.

Modern business doesn’t always follow the typical 9-5 schedule. With increased IT mobility, employees are easily spending more time staring at their screens. In implementing the preceding list of apps and extensions in my work and personal life, I’ve found myself more alert and productive at work. Help your prospect and client base achieve the same desirable results by passing these tools on!

Note: If you choose to use these extensions, most are available across all mobile devices, but some also require the Chrome browser. Keep in mind that there are multiple equivalents of each platform out there for whatever browser or smart device that you are using.

Check out this article that also looks at how technology affect our lives:

How Electronics and Technology Affect Sleep Quality

IT Best Practices New Trends

Cyber Insurance Should Be Part of Your Safety Net

When it comes to taking out insurance for anything, it can be a controversial issue. Many people tend to wonder why they should get insurance when the chances of something happening are slim, or they feel as though the insurance wouldn’t really help them out much if something did happen. This isn’t any different for cyber security. No matter how much you’ve already invested in preventative security measures, it’s still vital that you take out cyber insurance.

Here’s why:

The Risks are Just Too High

When it comes to cyber security, the risks of not getting insurance make it a no-brainer. There are thousands of ways data can be breached, and those numbers are only continuing to grow. You can be hacked through independent devices, social media, software, ransomware, malware, etc, etc. The list goes on and on and a company should never think of itself invincible to an attack.

Insurance Always Serves a Purpose

Even if you take all the proper precautions and have a vendor or IT team to help you with managing your network, there’s never really any guarantee there won’t be a breach. Therefore, it’s really important to take out insurance because it can cover you for indirect costs, such as sending letters to those who were affected (which can be rather expensive).

It’s a Good Time to Take Advantage

Cyber security insurance hasn’t been around for too long. In fact, it’s a rather new concept, which began roughly around 2005. However, by 2020, it’s predicted that the total cost of cyber security premiums will reach $7.5 billion. Therefore, there’s still time to take advantage of this new “trend” before it starts becoming more pricy.

Think About What You’ve Heard

Major companies have had data breaches, including Target in 2013. This year alone, there have been attacks on Snapchat, the U.S Department of Justice, Yahoo!, and Oracle. And, let’s not forget about the Ashley Madison hack in 2015. If hackers want to get your information, they’re going to get it, and it doesn’t matter whether you run a jewelry store or thrift shop. Your information and the information of your customers can be gold in a hacker’s eyes. If it can happen to these companies, it can happen to you, too.

Each Potential Data Breach Requires Default Costs

When you think about the potential of your company having a data breach, it may seem like something you’d be able to take on, especially if your company is small. However, each data breach, no matter the size or equity of the company, has default costs associated with it. Companies must pay for a forensic investigation, business losses, privacy and notification, and potential lawsuits and extortion. Of course, cyber insurance would help take care of a majority of those things.

But, Insurance Is Not As Expensive as You Think

Compared to the crazy costs of repairing a breach, cyber insurance costs nothing. While we’d like to give you a precise number, the fact of the matter is that premiums can range a lot. It all depends on the size of your business, what kind of coverage you’re looking for, data risk exposure and the revenue of the company. But, when you think about how Playstation’s 2011 data breach costs them $171M, a lot of which could have been offset by cyber insurance, you might realize you want to avoid that for your business.

You Can Sit Back and Relax

When it comes to taking out cyber insurance, there’s not too much you have to worry about. The first thing you should do is create a cyber risk profile for your company. You should think about if you were to have a data breach, what kind of estimated costs would you have to make repairs? Then, sit down and discuss your budget. Lastly, consult insurance companies, many of whom have insurance calculators on their website, to see what your company can afford to pay (and what you can’t afford to lose).

So, are you ready to invest in cyber security insurance? Smeester & Associates can help give you the tools and recommendations you need to choose the insurance policy that’s best for your company.