Category Archives for "Security Best Practices"

human error
Sep 05

Are Your Employees Hiding the Truth About Your Recent Security Breach?

By Hana LaRock | CEO Best Practices , IT Outsourcing , Security , Security Best Practices

Though company leaders would like to believe that their own employees wouldn’t do anything to put the company’s security at risk, sometimes, these employees are actually the most likely suspects. Though we tend to think data breaches are only caused by malicious hackers, usually, those aren’t the people you need to worry about. That’s because most of the potential problems are being caused by the people sitting right in front of you every day.

So, are your employees ignoring security measures deliberately? Probably not. But, they could be avoiding telling you about a cyber-security incident, that could ultimately result in a major loss for your company.

So, if it’s just a little mistake, why are these employees not saying anything? And, as a leader of your company, how can you get them to speak up so you can stop the problem in its tracks?

 5 Reasons Employees are Causing Data Breaches and Not Saying Anything

Typically, one of the biggest reasons an employee won’t tell you about a data breach is the same reason no human likes to admit he or she is wrong. After all, why bring attention to something when it might not be a big deal after all? This mentality, along with other things, is putting companies at major risk, resulting in huge losses that could have otherwise been avoided.

Besides that, there are other reasons why employees don’t say anything.

1) They’re scared of losing their job.

These days, companies have strict rules in place when it comes to their employees correctly managing the equipment. If employees are held accountable for a data breach, it’s certainly not the kind of news an employer wants to hear. Therefore, employees are under a lot of pressure and thus afraid of losing their job if they put the blame on themselves.

2) Policies are too loose and employees are taking advantage.

If your company has a BYOD policy or you have a lot of remote workers accessing the system from all over the world, you’re already at risk. If that device is not solely for work and thus lacks the proper security on it, you’re at risk of a data breach whenever that person uses their device at home, at a cafe, or while traveling. Don’t let your employees take advantage of your leniency, because once a BYOD policy is implemented, it’s very difficult to supervise.

3) They were uninformed or unaware that they even did something.

Perhaps an employee made a security error, but they didn’t even know they did. With technology being so advanced, even the best and most skilled employees may not be too read up in the IT department. In many cases when there’s a data breach, it’s very likely the person who is at fault isn’t even aware that they are. All employees need to have basic knowledge when it comes to protecting your company’s security.

4) They were actually careless.

While in most instances we want to believe that a potential cyber breach was really just an accident, we know that’s not always the case. There are employees who don’t follow guidelines and are quite careless. And, if that is what happened, that’s not something an employee is going to be so willing to admit.

5) They were doing it intentionally.

It’s hard to trust any one 100%, and when that one untrustworthy person has access to your company’s most sensitive data, there’s always a chance that you’ll receive an unfortunate surprise; that someone you hired has been intentionally stealing your company’s data or hacking your systems to their own benefit. As scary and unlikely as this may seem, it has happened before, and will continue to happen if employers aren’t more diligent.

How to Prevent Employees from Causing Serious Breaches

The first step in making sure your employees don’t cause a data breach is by screening employees before they start working for your company. It may seem obvious, but you don’t want any suspected hackers slipping through the cracks.

If your employees are all deemed trustworthy but you still want to prevent them from accidentally causing a breach, start by implementing strict security standards in the office. Make sure new employees are aware of how to use the systems securely and update current staff regularly. Secondly, make sure your employees feel comfortable letting you know that they may have made some kind of error. If they feel worried about losing their job, they aren’t going to be willing to talk. But, encouraging them to speak up and assuring them that it’s the right thing to do, will save your company from any serious breaches and leave your employees feeling secure in their job.

Additionally, it’s your job as a company leader to make sure you implement specific instructions given to you from your outsourced CIO. For example, if your CIO strongly advises you against using a BYOD policy, then listen. Most of all, make sure your CIO is doing their job of keeping your company’s security safe above everything else, and it will be much easier to prevent problems from happening altogether.

Don’t have time to worry about your employees making an expensive mistake? Your CIO will take care of that.

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

passwords
Aug 17

You Can’t Protect Your Network Without Knowing This About Passwords

By Hana LaRock | CEO Best Practices , Security , Security Best Practices

When it comes to protecting a network from data breaches, there are many things a company can do to help secure themselves as best as possible. But, most of the time, it’s not what companies are doing, but what they’re not doing correctly that puts them at risk.

One of the most basic yet most important things that companies need to pay attention to is their passwords. There have been many reports over the years on what qualifies as a “good password.” However, according to recent reports, it seems that what we think we know about passwords is very, very wrong.

If company leaders don’t stay up to date on the latest security news, then they could be making big mistakes in their overall Internet security plan.

So, here’s the advice you need to update your passwords and upgrade your security.

Complicated Passwords are Hard for Humans, Easy for Computers

For a long time, the creator of the NIST Memo back in 2003, Bill Burr, suggested that the best passwords were those that used a combination of letters, numbers, and symbols. He also encouraged users to make passwords that were not obvious keywords in their lives, but maybe used the first letter of each word from their favorite quote.

This is why, nowadays, when you create a password, you’re asked to write a password that falls between 8-12 characters and includes different letter cases, numbers, and symbols.

Well, that’s a lot to remember. And, when we’re also encouraged to keep changing out passwords frequently, we forget. After all, how many times have you forgotten a password?

See, we might try our best to re-create fancy passwords every other month. But, the fact of the matter is, hackers using the right technology are able to figure out those kinds of passwords easily. In fact, it wouldn’t be a surprise if A.I. could guess your password faster than you can remember it.

So, what’s the new solution?

Longer Passwords

That’s right, folks. According to new reports, the current methods you’re using to create passwords aren’t exactly helping you stay secure. If you really want to protect your network, you should continue to be vigilant. Use two-step notifications, use different passwords for each of your programs, and make your passwords longer. Computers are less likely to guess longer passwords than the type of passwords we’ve been encouraged to use for years.

Only One Problem

Making longer passwords is no problem, right? Wrong. Because of what we know to be the “best” way to guard ourselves against hackers, most websites don’t even give you the option of creating longer passwords. As with most things, the status quo takes time to catch up to what we actually know to be true. Therefore, it might be quite a while before you’re even allowed to create longer passwords, and by then, maybe we won’t be using passwords much at all anymore.

So, How Can I Help My Company Stay Secure?

When you have the opportunity to create a longer password, go for it! But, in the meantime, you’ll have to continue to practice tight security measures for your company’s network. One way to do this is of course by staying on top of the news. See what current threats are out there, and what experts are saying you can do to protect yourself further.

And, speaking of experts, you don’t need to go at this alone. All the conversation surrounding appropriate security measures can be rather overwhelming. To combat it, seek the help of an outsourced expert in cyber security and risk management. This way, you can always be sure you’re doing everything you can to take your company’s network security seriously; whether that’s creating the right password or implementing other smart security tactics along the way.

CIO
Jul 24

The Role a CIO Can Play for Your Company and Why You Should Hire One Now

By Hana LaRock | CEO Best Practices , IT Best Practices , IT Outsourcing , Managed Services , Security , Security Best Practices

Technology has taken over the business world. Ever since we’ve become more reliant on technology, we’ve been seeing new jobs added to companies to help maintain it all. And, when it comes to that technology, those who will be managing it on your company’s behalf need to have the appropriate skills and expertise to do their job correctly.

You may already have an IT team, or maybe even a CTO. But, you as the CEO need to make sure the right decisions are being made for your company at all times (and at all costs). So, isn’t it about time to outsource a chief information officer?

Why You Need a CIO

While all roles in a company are unique and important, a CIO does a number of tasks that bridge all those roles together. Ultimately, the CIO is responsible for making sure technology is properly integrated throughout the company so that operations can run smoothly. He or she has the final say on how technology is managed so that the business can keep moving forward without any hold ups.

Why Outsourcing is Important

One of the biggest questions that comes up when a company integrates technology into their everyday tasks is the issue of cyber security. Though there are many ways in which a system could potentially be hacked from outside intruders, human error is still one of the main causes of breaches that we commonly see today. Certain protocols need to be followed in order to guarantee a network’s safety. To eliminate any risks of vulnerability or conflicts among high-level decision makers, a CEO should consider outsourcing their CIO. This way, any decisions that are made are unbiased and are therefore solely for the best interest of the company.

Also, don’t forget that one of the perks of hiring any type of managed service means that you have more time to run your business. Any worries you may have will now be dealt with by that service provider.

When is the Best Time To Hire a CIO? 

Most company leaders may think it’s best to wait until a company reaches a certain level before hiring a CIO. Perhaps when a certain number of sales have been made or a certain number of followers has been reached. But, it may be that it’s time to get one sooner than later if you’re noticing some inconsistencies at your company. This could involve anything from repetitive inefficiency, seeing your network has become vulnerable to attacks, disagreements among executives, or too many tasks being handled by a small staff. Whether it’s one of these reasons, a combination of these reasons, or you just feel the need to extend such an important role to someone else, then it might be time to hire a CIO.

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

Apr 05

Is Human Error the Biggest Risk to Company Data?

By Audrey Smeester | CEO Best Practices , Employee Education , IT Best Practices , Security Best Practices

We all make mistakes. I mean, we’re only human after all. But did you know that according to CompTIA’s Trends in Information Security study, human error actually accounts for 52 percent of security and data breaches? Yikes, looks like being human can be a big cause for concern when it comes to any business’s data security.

Although human error is normal and inevitable in some cases, it can be more of a threat to businesses than most are aware of! Backup and disaster recovery (BDR) plays an important role in ensuring that these mistakes don’t turn into serious problems. Read on about these threats to discover how to protect yourself against potential data disasters.

What Is Human Error?

Any business with employees has something to worry about when human error is this high. However, it can be difficult to define because error comes in many forms. Typically, it involves circumstances in which certain actions, decisions or behaviors threaten business security. Some goofs and gaffes may seem harmless, but major slip-ups happen more often than you’d think and can seriously jeopardize sensitive data. So why are these mistakes so threatening to IT environments, and just what kind of bad habits should be corrected? Here are some examples of what human error could look like:

Using weak passwords

Although passwords may seem like the most basic security technique, they can be easily cracked or obtained by malicious perpetrators when not handled with proper care. In this year’s Verizon Data Breach Investigations Report, they found that 63 percent of confirmed data breaches involved using weak, default or stolen passwords. This goes to show that using simple passwords, sharing them with other employees or even leaving Post-Its with credentials lying around, can lead to precious and private data being compromised.

Low security awareness

Most employees have a surprisingly low awareness about phishing and other cybersecurity attacks. According to the same Verizon report, 30 percent of phishing emails were opened, and of those, 13 percent caused malware to activate. Emails containing malicious links are becoming increasingly sophisticated, and malware authors are finding new ways to bypass filters and make it to your inbox. Without full user awareness of these security risks, employees could click on phishing links, exposing their network to viruses and malware. Employees with insufficient cybersecurity education could be unknowingly helping hackers gain access to their business networks. What would that mean for you? Do you know how to spot a malicious scheme before the damage is done?

Carelessly handling data

We’ve all had those days when we’re not feeling at the top of our game, but when it comes to handling sensitive company data, careless actions can result in major disaster. According to the same study by CompTIA, 42 percent of error-related breaches are caused by “general carelessness” of users or employees. Whether it be accidentally deleting important files, sending company data to the wrong email recipient, neglecting software updates, or even misplacing mobile devices – a little carelessness can cause a lot of trouble.

 

Why Is Human Error a Threat?

Most businesses are unaware that the greatest security threat could be internal. With criminal cyber-activity on the rise, not enough business owners are paying attention to the avoidable consequences of human error. Unfortunately, people still suffer from what I like to call the “this could never happen to me” mindset.

You could have the best technology and procedures in place, or a well-thought out disaster plan, but one unforeseen slip-up by an employee could mean the end of the road. It is your Managed Service Provider’s responsibility to ensure that your network and data are protected from these potential threats. Understanding that human error is the root of these problems is only the first step, so what else can you do?

 

Have a Strategic Business Advisor

Having an effective backup and disaster recovery (BDR) solution can give you the opportunity to strengthen your data security, but there are other methods as well.

Walk through your errors

Talking about common mistakes and mapping them out is the best way to work through problems. Tracking and analyzing how errors occur can help you minimize the chances of them happening again and also mitigate the potential damage.

Create a solid security policy

It’s always a good idea to have a documented procedure when it comes to data security. Strategically creating rules and best practices will ensure clarity and that all company data and information is being handled and stored properly.

Inform and train

CompTIA’s study also revealed that only 54 percent of companies offer some form of cybersecurity training! Avoid falling under that statistic and use your BDR advisor to educate yourself and your employees about smart security procedures. Have a conversation with them about the daily threats that human error can pose, or provide tips on security best practices. This will also open the opportunity to reinforce the benefits of your BDR solution, the ultimate backup plan. Employees at all levels within your company will walk away with a better appreciation for how a business continuity solution can protect your bottom line if and when human error occurs.

 

In the end, eliminating human error is nearly impossible, but having a BDR solution will help ensure the preservation of sensitive company data in the event someone makes a business-crippling mistake. Remember, users likely won’t know if they’re endangering corporate proprietary information because they’re probably not familiar with the various data threats to watch out for. Set your company up for success by regularly having an open dialogue with your backup and disaster recovery provider.

Nov 04

Are Outdated Browsers Leaving Your Business Vulnerable?

By Scott Smeester | Cyber Scams , IT Best Practices , Malware , Security , Security Best Practices

Users must regularly maintain, patch and update software, applications, plug-ins and more, but just how many businesses are overlooking this important security concern? In our latest chart, we reveal the percentage of users running outdated browsers. As you know, cybercriminals continually look for vulnerabilities to exploit in frequently used programs. Proper patch management, however, helps prevent devices from becoming compromised. So how do you have this conversation with potential clients, and which questions should you expect to answer?

outdate-browsers-vulnerable-statistics

WHY ARE EXPLOITS POPULAR AMONG CYBERCRIMINALS?

As software becomes more advanced, it becomes virtually impossible to eliminate all potential vulnerabilities. Consider all the lines of code on a single operating system, and then note every single program and application installed on top of that. You need to protect all of it, but a lot can go wrong. Attackers only have to find one flaw to manipulate in order to gain access – hence why these attacks are so popular. Typically, cybercriminals are looking to pick the lowest-hanging fruit, and software vulnerabilities are easy targets. Hackers also favor attacks that can do the most damage. To exploit a vulnerability, they seek applications with a high volume and frequency of usage. That way, they can maximize their attack surface. This is why Adobe Flash, Microsoft Office and other similar applications are attractive targets for attacks.

WHY DO I NEED PROACTIVE PATCH MANAGEMENT TO PROTECT AGAINST EXPLOITS?

A recent HPE cyber risk report shows that 2015 was a record year for the number of security vulnerabilities reported and patches issued. However, what good are security patches if they’re never installed? Businesses today are faced with an ever-changing security risk landscape, which means that threats are becoming stealthier and more sophisticated. If your applications aren’t updated with the latest security patches, you run the risk of being successfully exploited by attackers – which can lead to unplanned downtime, sensitive data being compromised or even a data breach. Proactive patch management is essential to an effective security and business continuity strategy, because it only takes one device to compromise an entire network.

WHY SHOULD I WORK WITH AN MSP FOR THIS?

Most small- and medium-sized businesses (SMBs) don’t have the time and bandwidth to stay completely up-to-date on the latest security flaws and updates. That’s where Smeester & Associates comes in. We can help mitigate these risks with a proactive monitoring and management platform that deploys patches remotely and at a time most convenient for you. You don’t have to worry about the health of your IT system. It’s our job to manage the patching process and make sure that policies are continually revisited and improved. When you work with us, you can rest easy knowing your data is protected and your network, secure. And rather than burden your staff with this responsibility, our 24x7x365 expert support team is trained to take care of this for you.

Also, it’s important to remember that just because a new patch is released doesn’t mean that it should immediately be deployed. Often, patches will contain unseen vulnerabilities, have installation issues, or even prevent machines from successfully rebooting once the installation is complete. We can provide you with additional security, peace of mind and uptime by testing and researching patches before pushing them to your machines.


How low is your fruit hanging? Is that bear about to eat you or the other guy?

Discover how much risk you’re exposed to and get a complimentary RiskAware™ Cyber Security Scan & Report today!

Sep 29

IT Management Vs. Vendor Management: What’s Right for Your Company?

By Hana LaRock | CEO Best Practices , IT Outsourcing , Security Best Practices

When it comes to protecting your company’s network, there are a lot of questions you need to ask yourself. What type of approach is right for your company? Should you choose the hands-on IT management, or the remote and resourceful vendor management?

The two are very different, and depending on various factors, like the size of your company or what kind of company you have (like e-commerce), makes a difference as to which type of management will be right for you.

If you’re having trouble deciding, then this is what you’ll need to look at.

What’s the Difference?

IT management is a type of network management that’s in the hands of one individual, or in some cases, an IT team. It’s the actual management of network resources, including, but not limited to, patch management, service pack updates, or just any quick adjustments that need to be done. Their expertise is more general.

Vendor management, on the other hand, happens remotely. The vendor is managing and monitoring your backups, mobile devices, and your security. The vendor has all the resources beside them to deal with a whole array of network issues. They are able to do this because they know the specific products and networks they are dealing with and can leverage them effectively.

Which Type is Better for Which Company?

IT Management

IT management is hands on and it usually involves one IT person at a company. In IT management, your network resources are being managed as best as they can. When those are confirmed to be working well, then business should run smoothly. An IT person checks on your software, your firewalls, your devices, and any other type of network resources your company is currently using, to make sure they’re working correctly.

If you are a small company or you’re just starting out, then IT management is a good way to go. It’s best for companies that just want to be sure everything is working how it should be; that nothing gets in the way of you interacting with your customers or managing your website.

Vendor Management

Vendor management is essentially when your management is outsourced to one person or group who can help you remotely. A vendor typically has better resources than your company’s IT management, simply because this is what they specialize in. They are therefore able to manage each thing in your company that needs to be managed, one at a time, and with precision. They can do what they need to do from the back-end, without interrupting your flow of business.

Vendor management is, therefore, better for small and medium sized companies, if they are able to switch over.

Make Your Choice

Still not convinced?

We are. Having a vendor to manage your network is just more reliable and consistent than a single IT person. While having an IT person around is certainly a nice thing, as companies grow, they simply can’t manage it all alone. With vendor management, you simply won’t have to worry because they have EVERYTHING covered.


How low is your fruit hanging? Is that bear about to eat you or the other guy?

Discover how much risk you’re exposed to and get a complimentary RiskAware™ Cyber Security Scan & Report today!

Aug 17

Can You Spot The 13 Security Flaws In This Photo?

By Scott Smeester | CEO Best Practices , Employee Education , Security , Security Best Practices

Many offices don't enforce best practices for physical information security, and frankly may just not be aware of them.

Many offices don’t enforce best practices for physical information security, and frankly may just not be aware of them. Use the link to view to view the big picture for easy viewing.

With all of the recent security breaches in the news, it’s easy to get caught up in the “technical” side of information security. Sure, there is a lot of work to be done to keep your information safe from hackers and malicious software programs, however, there’s another side to the coin, and that’s physical security. Many offices don’t enforce best practices for physical information security, and frankly may just not be aware of them. Are you and your employees educated on the best practices, both from a technology standpoint and from a physical standpoint?

So, time to put your knowledge to the test. Can you find the 13 security flaws in this picture?

Click Here to See Larger Image

So, think you spotted them all? Check your answers…

  1. Computer screen left on with no password protection – passerby has access to information on the device
  2. Unshredded files in trash could contain sensitive information
  3. File cabinet open – easy for someone to steal sensitive information
  4. Cell phone left out in the open – may display sensitive information and/or can be easily stolen
  5. Notes left on whiteboard – could contain confidential product updates, information or ideas
  6. Backpack left out and open
  7. Usernames and passwords left out in the open
  8. Key to locked drawer left out in the open – easy access to confidential files
  9. Calendar out in the open – could contain sensitive dates and/or information
  10. Credit card left out on desk
  11. Documents left out on desk that could contatin sensitive information
  12. USB drive left out in the open
  13. Wallet left on desk

While some of these may seem like obvious fixes, and some of these may seem redundant, it’s important for all of your employees to understand where company and/or personal data can be easily stolen. Maybe it’s a repairman in your office who sees the opportunity to steal confidential personal data, maybe it’s just an office visitor who glances over and sees confidential information out in the open. Either way, there needs to be someone to educate employees on security best practices, and for your clients.


How low is your fruit hanging? Is that bear about to eat you or the other guy?

Discover how much risk you’re exposed to and get a complimentary RiskAware™ Cyber Security Scan & Report today!