Posts

5 data management best practices for small businesses

/in /by

Data is the greatest asset for modern organizations of any size, and data management is key in running organizations smoothly. Business data can also be one of the greatest risks when left unprotected or inadequately managed. As the volume of data within businesses grows, so do the challenges of protecting and managing it.

“Knowing where your data is, how to manage it, who owns it, who has privileges to see and use it and what resources to feed it with … has become even tougher,” writes Forbes’ Adrian Bridgwater.

For small organizations, establishing effective governance practices is especially critical. Threat actors are more likely to target smaller organizations. Small firms are also less likely to recover from the disastrous financial consequences of a cybersecurity incident. Sixty percent of small businesses fail within 6 months of a cyber attack.

Effective data management for small organizations isn’t limited to information security. You must practice data lifecycle management, employee education and other efforts.

Comprehensive data management best practices reduce business risks, create new business models, and streamline employee workflows. Read on to discover a framework and use cases for a smarter take on data.

Practice comprehensive data governance

You can’t protect your data if you can’t access it, and you can’t mine business intelligence from inaccurate data. Data governance aligns people, processes, policy and technology to discover data assets.

A recent industry survey by ObservePoint found that organizations glean many benefits from data governance. Thirty-four percent of organizations report that governance results in improved decision-making. Other benefits of formal data management include:

  • Data quality
  • Compliance with privacy regulations
  • Operational efficiency
  • Company revenue

Adopt cloud solutions

As your business’ most valuable asset, your data must be accessible, defensible and recoverable. Migrating to the cloud offers flexibility, scalability and end-to-end business visibility through cloud enterprise resource planning (ERP).

Adopting a flexible, cloud-based core for enterprise resources planning allows for global access, unlimited scalability, automated updates and business continuity planning.

Develop a cybersecurity strategy

Small businesses at an elevated risk of cybercrime, but the relative costs of a data breach are also rising.

Firms that experience an incident can lose revenue, brand value and customer trust. They also pay legal fees and heightened insurance premiums. Protecting your employee and customer data requires a comprehensive and proactive cybersecurity stance against quickly evolving security threats.

Safeguard against insider threats

Your employees are your second greatest asset—and liability—after your data. Data leaks or losses from insider risks can be as costly as external threats. And insider risks can go undetected longer.

Teaching your employees cybersecurity best practices is critical for good data management. Providing employees with the least access possible can minimize the risk of errors.

Streamline operations

Effective data management for small business can reduce risks and improve quality. Moving to the cloud can also introduce access to an amazing suite of lightweight, integrated cloud apps for business process optimization. Time is money, and organizations can use business rules and data visibility to save time.

Several examples of how cloud apps can enhance productivity include but aren’t limited to:

Conclusion: Data management is a business opportunity

If you think you don’t need to focus on data management, you’re probably wrong. Every organization needs to put effective data governance at the forefront of its business strategy. Companies that effectively manage data have a competitive advantage.

As inside BigData writes, “organizations that have been able to adapt quickly to the demands of modern-day data management have created great opportunities to increase business value.”

Good data management involves knowing where your data is stored and who can access it. Moving to the cloud and adopting cloud-based ERP can pave the way for mobile apps and streamlined operations.

 

5 amazing things you can do with cloud ERP

/in , /by

Cloud ERP (Enterprise Resource Planning) is changing the business game. According to Forbes, “Cloud ERP is the fastest growing sector of the global ERP market with services-based businesses driving the majority of new revenue growth.”

They cited the increased flexibility and speed of cloud ERP as chief factors in the fast-emerging system’s success.

What does this mean for growing SMBs? In addition to the myriad advantages cloud systems provide over their on-premises counterparts, making use of cloud ERP opens the door to some interesting capabilities you might not have considered. The following are just a few examples.

1. You can go mobile

If you’re accustomed to using on-premise ERP, you already know you have to stay connected into the local server to gain access to it. This isn’t the case with cloud ERP.

As a cloud-based system, you can pull up information from your cloud ERP anywhere you have an internet connection, on almost any device. This increased availability translates to an improved ability to collaborate with your team and freedom to engage in critical business while on the go.

2. You can streamline your operations

As a function of cloud ERP’s accessibility and mobility, you can streamline your business operations and productivity. You needn’t wait for an onsite connection to perform critical tasks. You can perform those tasks wherever and whenever you choose.

Let’s use accounting as an example.

Working in tandem and on the go, you and your team can ensure that accounts are always accurate and current. This also grants a real-time look at your accounts/finances—an invaluable benefit in situations where every moment counts.

3. You can scale more easily

With cloud ERP, you aren’t “locked in” as restrictively as you might be with on-premise ERP. This means you can scale-up—adding new features and functions as they become necessary—more easily. You can grow at your own pace and improve your business more strategically than before.

4. You can stay up-to-date automatically

When using on-premise ERP, the downtime and scheduling woes of software updates are often a major hassle. You might have to shut down your system entirely to perform said updates, and may even lose some of the customizations you had in place.

With cloud ERP, you can perform updates automatically without affecting your business or losing integrations and customization. The process is quicker, simpler, and more conducive to allowing your business to continue moving ahead at full steam.

5. You can maintain tighter security

With cloud ERP, you can manage security concerns more easily than with on-premise ERP. The cloud-based solution mitigates the need for team members to save sensitive files to their devices. They can access what they need through portals and dashboards.

And in the event a device goes missing, you’ve reduced the likelihood of important information falling into the wrong hands.

A dual advantage here is that with most of your information stored in the cloud, you’re already ahead of the curve if disaster strikes at your place of business and you need to implement your business continuity plan to stay in action.

Keep the cloud in mind when selecting your ERP

The amount you can do with cloud ERP will often outclass what’s capable with an on-premise ERP system. Be sure to work with a provider who understands the finer points of cloud ERP implementation to maximize your potential benefits.

Phishing 101: What it is, how it works and how to avoid it

/in , /by

Ever gone fishing? The cybercrime phishing works in a very similar way.

Tech-savvy con artists bait an email hook, send them out into the internet waters, and pull in personal information that can help them gain access to protected systems.

You know what this means, right? That Nigerian prince doesn’t actually need help transferring “much funds” to “American dollars US.” In fact, if you click on that link, you’re the one likely to suffer heavy losses.

It’s better if you don’t respond at all.

Phishing can also include attachments that download malicious code onto your systems. Keylogging software and other information-gathering viruses give malicious coders access to sensitive data like logins and passwords. Just opening the wrong email could put your entire company database at risk.

Understanding the risk

With phishing, hackers have an easy way to attack that can be highly profitable. Consider the fact that the average cost of a successful phishing attempt on a mid-sized business comes with a $1.6 million price tag.

Enterprise businesses are not exempt, even with massive IT departments and increasingly complex security protocols.

Spear phishing, more targeted phishing attempts that mimic other known users, make up 95 percent of all attacks on enterprise businesses. If you received an email from the CEO, you’d probably open it too—even if it turned out it was from a hacker.

Leaving the bait on the hook

Keeping your company safe from phishing attacks starts with something very basic: education.

Give your employees examples of some of the most sophisticated attack scenarios and strategies to avoid them. For example, if you get an email from “Google” asking you to log in, never use an embedded link. Always load websites using the actual URL, not hyperlinks provided via email. This avoids the risk of spoofed pages designed to capture login credentials.

Ignoring attachments also helps eliminate the risk of ransomware downloads.

In addition to educating your workforce about the most common lines of attack, you can also institute some company-wide defense strategies and tools.

Better passwords using management software

Encouraging your employees to use strong passwords is helpful. But the longer and more complex the password, the more likely users are to write them down, send them to an accessible email box, or otherwise immediately undo their increased security.

Password management software can take care of the problem by automatically filling in software and password information on recognized sites. When the password manager doesn’t recognize the site, it’s a warning sign to employees about a possible spoofed site.

Social media monitoring

Email phishing is still the most common form of phishing, but social media platforms also offer an avenue of attack.

Using fake accounts, hackers can approach your employees through less guarded communications like social media. Monitoring what happens on corporate social accounts and teaching your workers about the risks of corporate espionage through social contact can go a long way toward minimizing your risks.

Partnering with a cybersecurity expert

Small businesses rarely have the budget to support an in-house IT department, and even when they do, cybercriminals are relentless. The number of cyberattacks creeps up every year, leaving you with some tough choices.

Thankfully, it is possible to get high-level protection against phishing without investing in more top-level salaries. Talk to your managed services provider to see how they can provide the defenses you need against phishing attacks, without the cost that comes with a whole new department.

The cybersecurity employee training checklist

/in , /by

By 2019, it’s estimated that cybercrime will cost more than $2 trillion and affect businesses across the world. The numbers indicate how serious this issue is. However, what many business owners don’t realize is what their biggest risk actually is.

Their employees.

Effective cybersecurity employee training is an essential step when it comes to protecting your company. After all, a secure business is a protective one.

Creating, planning and executing cybersecurity training can seem daunting; however, with the tips here, it doesn’t have to be.

What employees need to know to protect your data

While cybersecurity employee training is imperative. And the foundation for network security training is simple. You need to make sure your employees fully understand their role in this.

Some of the things employees should know in include:

  • They have a responsibility to protect company data.
  • Proper document management practices need to be used, along with notification procedures.
  • Passwords need to be strong and secure, so they are not easy to guess.
  • Ensure employees understand that they are not allowed to install unlicensed software on any of the company’s devices.
  • Internet use needs to be restricted to sites that are known to be safe.

How to ensure your employees receive proper cybersecurity training

You almost certainly have anti-virus software, intrusion prevention systems and a strong firewall to protect your network. And even with all of that, isn’t possible to block every single threat out there.

As a result, you have to be able to rely on your employees to keep the network safe.

After all, these are the individuals who are on the front lines. They’re determining whether or not they should download that mysterious email attachment, or click on that oh-so-tempting pop-up ad. One of the best ways to ensure they make the right decision is with quality, cybersecurity employee training.

Provide ongoing cybersecurity training

Cybercriminals and hackers are always looking for new and innovative ways to “trick” even the most experienced users into downloading malware or responding to a malicious email. If you want to ensure your workers don’t fall for these tricks, it’s essential to let them know these threats exist.

Not only do you need initial training when you first hire a new employee, but also ongoing training to ensure that your network is protected from the latest threats out there.

There are some businesses that even send out daily security tips via email to their workforce. Not only is this beneficial in keeping everyone informed, but it helps to keep cybersecurity top of mind.

Make security something personal

When you have employees who aren’t directly involved in your company’s technology efforts, then network security may seem like a foreign concept. However, most of your employees have purchased something from their home computer with a credit card.

You can use this very practical, relatable example to help make your business’s security more personal for your employees. They’re likely careful with their credit card number. They need to be careful with company data, too.

Help them understand that their information is best protected when they follow certain security policies that have been designed to keep the network safe.

Be accessible to employees

Part of cybersecurity training for your employees should include letting them know who to turn to if they experience any type of network security incident, or if there are any questions about cybersecurity. If you don’t have an IT support team on-site, be sure your employees know how to get support and help from your service provider.

Keeping your data safe

If you want to ensure your small business’s network is secure, it starts with proper cybersecurity employee training. Be sure to play your part. Protecting your company’s sensitive information is serious business.

If you need additional help with your cybersecurity employee training, consider reaching out to a security expert. Most managed services providers can help you achieve an optimal level of security and protection.

Spoofing: What it is and how to avoid it

/in , /by

Cyberattacks cost businesses around the world about $15.80 million per company, according to estimates. And the number of security breaches has increased. In fact, the World Economic Forum’s Global Risks Report 2018 says that cyberattacks are now just as threatening as natural disasters such as extreme weather events and catastrophes.

One of the most commonly used scams that businesses are falling prey to is known as spoofing. Let’s take a closer look at what spoofing is and how you can avoid it.

What is spoofing?

Spoofing happens when a hacker gains access to your computer systems and is able to steal personal or sensitive information. That information can be as simple as passwords or as complex as business data.

You may have come across an attempt at spoofing before—for example, in the form of a suspicious email that promises cash rewards or an ad with questionable links. However, spoofing is not limited to spam emails. An intruder can use caller IDs or get you to click on a uniform resource locator (more commonly known as a URL).

There are several types of spoof attacks. Probably the most common are phishing emails, where you are sent a link and then given the option to download something. Even if you clicked the bait, usually nothing will happen unless you download the attachment.

How to safeguard yourself from spoofing

To protect yourself and your organization from spoofing, the best course of action is to avoid clicking any shady-looking links. And never download attachments unless you are absolutely sure the sender is legitimate.

If you have been the victim of URL spoofing, spammers may have attempted to infect your computer’s hardware with a virus. This is why it’s essential to install firewalls. Otherwise, you are putting your business—and your clients’ data—at risk.

You may think of cybercriminal activity as something that is unlikely to affect you or your business. But at the rate the threat is growing, it’s something to take seriously.

A 2017 Juniper Research report forecasts that the number of personal data stolen by spoofing attackers could reach 5 billion in 2020. The authors of the report expect businesses around the world to lose a combined amount of $8 trillion over the next few years.

On your side

If you take a proactive approach to cybersecurity, you are less likely to become a victim of a cyberattack. The first thing to do is examine where your walls of defense may be weak and get expert help to protect your organization.

A little self-directed proactive education can really help in this department. Take the time to keep up with industry news and pay attention to cybersecurity headlines. You can also follow our blog for everything you need to know about cybersecurity, spoofing and business data analytics.

Also, contact your as can a managed IT services provider. They’re there to help. All those years of experience providing IT support and managed IT services make a huge difference when it comes to protecting your business from cybercrime.

This is social engineering in action

/in , /by

In the simplest terms, social engineering is manipulation. It plays on the frailty of the human psyche.

According to CSO, it doesn’t matter if your company has the best defensive technologies and physical security in place. If a sneaky social engineer can trick your employee into giving out a password, you’re still at risk.

There are several aspects of social engineering in the business world that you need to know about so you can avoid it.

Pretexting

Pretexting involves setting up a false scenario such as pretending to be an official from a bank. The victim thinks they’re talking, emailing or texting someone legitimate who just needs more information about an account. Sometimes the attacker even pretends to be providing an IT service.

The attacker will then insist that certain information is needed in order to fix a problem or to confirm an employee’s identity. This method relies on exploiting a relationship built on trust.

Tailgating

Digital Guardian defines tailgating as a situation in which someone without authorization simply follows someone with authorization into a restricted space. This is a type of physical social engineering.

For example, someone might ask to borrow your access card, claiming they forgot their own. Or someone might ask to use your laptop or phone, using the opportunity to install a virus. The absolute simplest example is when one person asks another to hold a door open for them.

Phishing

This is probably the most common form of social engineering used. Fraudulent information is passed off as legitimate in an attempt to get you to install malware on your network, computer or mobile device.

Most of these kinds of cyberattacks begin with an email. Unfortunately, many of your employees may assume email is basically safe. All it takes is one employee clicking on the wrong link.

Baiting

Baiting happens when someone puts a malware-infected CD or flash drive in a place where another person is likely to find it.

The attacker is counting on someone finding the infected device and loading it onto their computer. Once it has been loaded the attacker has access to that person’s system . . . and you have a potential data disaster.

Tips for avoiding social engineering

The first step for avoiding social engineering is knowing who and what you can really trust. No matter what industry you’re in, there are several steps your organization should take to prevent social engineers from wreaking havoc.

Conduct random tests

You should periodically test your employees to discern how easily they succumb to various social engineering threats.

Fight phishing

Reduce phishing attacks by refraining from opening any links in emails from unknown senders. When in doubt, it’s always better to delete suspicious emails.

Require identification

You can eliminate pretexting and tailgating by insisting on identification before letting anyone enter any area of your business.

Continual education

Social engineers are constantly changing and upgrading their tricks, making it imperative to keep your staff trained and updated on what to look out for and avoid.

Choose the right IT company

An experienced IT company should be reliable, responsive and have years of experience and expertise.

Wrapping up

Social engineering can be just as complex as hacking. The only real difference is it adds an especially frustrating psychological twist.

We highly recommend partnering with an IT provider who understands all levels of security your company needs. Complete IT support should include technology as well as thorough employee training.

What to learn from the most interesting data breaches of 2017

/in , /by

Several high-profile organizations experienced data breaches in 2017. For instance, you probably saw media reports about data breaches involving Equifax or the InterContinental Hotel Group.

It isn’t enough to know that these breaches occurred. Companies and organizations need to pay attention to the mistakes that made the security breaches possible. That way, you can inspect your own company’s policies to make sure you protect yourself and your customers.

Equifax proved that how you behave after a data breach matters

A 2017 data breach at Equifax, one of the world’s largest credit reporting companies, exposed the personal information of approximately 143 million Americans. The problem was deemed so important that Congress held several hearings to understand what had happened.

According to Equifax, the breach happened because of a flaw in one of the company’s web applications.

Obviously, Equifax didn’t get the help it needed closing common cybersecurity holes. The worst part, though, was how Equifax chose to handle the situation. Some of the company’s most egregious actions included:

  • Waiting about two months to tell consumers about the breach.
  • Letting executives sell their Equifax personal holdings before announcing the breach.
  • Creating an unsecured WordPress site to help consumers determine whether they were affected by the breach.
  • Requiring consumers to provide even more sensitive information to determine whether the breach affected them.

The most important thing to learn from Equifax is how to behave after a breach happens. Basically, do the opposite of what Equifax did. The organization’s tarnished reputation may never recover.

InterContinental Hotel Group (IHG) exposes thousands of consumers to identity fraud

InterContinental Hotel Group (IHG) revealed in early 2017 that a data breach had affected 12 of its properties. Malware on the company’s servers had stolen credit card information from guests who used their cards at the hotels’ on-site restaurants and bars. Understandably, the announcement concerned thousands of people.

Unfortunately, that wasn’t the end of IHG’s security problems. A couple of months later, the company admitted that the malware hadn’t attacked 12 of its locations. Instead, it had targeted 1,200 locations. The malware also did more than gather credit card information from restaurants and bars. It had stolen personal information from payments processed at hotels, too.

A better cybersecurity process would have likely uncovered the malware before it had a chance to affect so many people. Unfortunately, IHG didn’t have the IT security to identify the threat before it had an opportunity to spread from a handful of locations to thousands.

Ransomware Targeted Organizations in Nearly 100 Countries

In 2017, ransomware became such a huge problem that it affected organizations in nearly 100 countries. Hospitals in Great Britain had to turn away patients because they couldn’t access their medical records. The malware also affected hospitals, police stations and businesses in the United States, Russia, Spain and Portugal. Overall, the ransomware affected about 57,000 networks around the world.

Educating employees to recognize phishing attempts is one of the most effective ways to prevent ransomware attacks. Organizations also need to update their systems and applications to patch security vulnerabilities.

Given the excessively wide reach of the 2017 attack, it’s obvious that most people don’t know how to protect themselves from ransomware.

If you’re worried that you don’t have the right technology or policies to protect your company from data breaches, contact your managed services provider to learn more about the most effective defenses. Without the right tools, you could fall victim to attacks just as easily as the organizations mentioned above.

The most common SMB cybersecurity threats and how to protect your business

/in , /by

The headlines may spend more time focusing on data breaches suffered by enterprises and other large companies, but that doesn’t mean hackers have forgotten about small businesses.

The typical data breach costs small businesses $117,000, which can take a big chunk out of your operating budget. Plus, you have to account for the cost of disaster recovery, informing consumers about the breach, paying for security audits, and dealing with the reputation loss.

Approximately 60% of small businesses never recover from a cyberattack, instead going out of business. Understanding and proactively addressing SMB cybersecurity threats puts you in a position to protect your business.

Alert Icon

Ransomware

You most likely already familiar with the term “malware.” Malware is a malicious application that can help hackers get into your network, hijack your computers or cause system problems. Ransomware is a specific type of malware. It makes it possible for a cybercriminal to take complete control of your data and hold it for ransom.

Ransomware relies on encryption, so you can’t just turn off one computer and move to another. Instead, you have to restore from a  backup or pay the attackers to get your data back.

You see ransomware frequently mentioned because it’s a profitable way for hackers to bring in revenue. You can reduce the potential damage of a ransomware attack with a robust backup, which allows you to restore your systems without paying anything.

Alert Icon

Social engineering and phishing

A common portrayal of a hacker is someone furiously typing, trying to find the right username and password combination to get into your network. In reality, they may end up getting unintentional help from the people in your organization.

Phishing takes place through email. The would-be hacker sends malware through emails that look legitimate. The victim ends up opening the file and downloading the malicious file on their workstation.

Social engineering is a broad term that describes situations where the hacker manipulates people to get the result that they want. For example, they can pretend to be a person in a different department and use that fake identity to access resources they should not have access to.

One way to protect against the people skills of certain charismatic hackers is to give the entire company training that explains the situations they may encounter. You don’t need everyone to have an IT specialist’s level understanding of cybersecurity, but you do want them to know what they’re looking for.

Hacker Quote

Alert Icon

POS viruses

If you have a physical retail location, your point of sale systems may be at risk of getting hacked.

POS viruses are loaded directly onto this equipment, typically by leveraging some sort of security loophole or breach. They can access credit card information, customer addresses and other personal data. (It’s also worth mentioning that POS terminals should be separated from any connections to office workstations and other devices to avoid malicious data injection/hijacking.)

Limit the chances of this cybersecurity breach from happening by staying up to date on operating system and firmware updates for your POS. Talk to your vendor to see whether they have other security recommendations in place.

Alert Icon

DDOS

A distributed denial of service (DDOS) attack overwhelms your network’s capacity and causes your resources to crash and become inaccessible. DDOS attacks often leverage botnets of compromised devices, making so many server requests that your server simply can’t handle them.

Or, in plain English, the hacker overwhelms your server, which keeps it from working.

Sometimes bringing your systems down is the entire point of a DDOS. In other cases, the hackers use a DDOS to try to identify other vulnerabilities that they can use to gain access to your systems.

A proactive cybersecurity system can help you stay ahead of a DDOS attack. The affected IP addresses can be blocked. Or you can spread the traffic over multiple servers to stop the spike in requests from bringing everything down. You might even resort to backup servers that are distributed elsewhere, such as a cloud-based resource.

Alert Icon

SQL injection

Many web applications depend on SQL databases to store data. They can’t function without having access to this valuable digital asset.

An SQL injection introduces malicious tables into your databases that could lead to data breaches, unauthorized access and other problems. SQL injections can happen due to unpatched software or forms that fail to sanitize user-submitted fields. If you don’t realize that your database has been breached, then you may end up getting attacked multiple times without finding the culprit.

Keep your SQL databases updated and audit them frequently. Look over all of your forms and confirm that any code gets removed from the text fields before it reaches the database. Preventative maintenance can stop a lot of SQL injections in their tracks.

Alert Icon

Internal bad actor

The most significant threat could come from within your organization. Employees sometimes work in concert with “bad actors” or an employee could even be a “bad actor.”

What’s a bad actor? Someone who wants to breach your security and compromise your data. Sometimes this happens when an employee is working for the competition. Other times they may be disgruntled and upset at the company.

While it’s difficult to protect against malicious individuals who have leadership positions in your organization, you can easily limit what lower level employees can do. Use a robust user account management strategy to control permissions and stay on top of deactivating user accounts when necessary.

Your company’s HR department, if you have one, also needs a streamlined process for firing employees that limits how much damage they could do on your network before leaving.

Preventative protection can stop most SMB cybersecurity attacks before they start.

Stay a step ahead

Cyber attacks are a threat to companies of all sizes. Keep your SMB protected by exploring these methods for staying safe and reducing the risk of a data breach.

No cybersecurity strategy is 100% effective, but you can put yourself in a position where you minimize your risk profile.

Internal threats 101: What they are and how to avoid them

/in , /by

We’ve warned you before that half of all small to midsize businesses have endured at least one cyberattack. But did you know that “the biggest cybersecurity threats are inside your company?”

That’s an eye-opening claim from a 2016 report by the Harvard Business Review. It’s also backed by data from IBM’s 2016 Cyber Security Intelligence Index. According to that report, some “60% of all attacks were carried out by insiders,” with 75 percent of those coming from malicious actors. (The rest were inadvertent—which is better but still bad.)

What’s more, these internal threats can be particularly harmful. A 2017 article from Tripwire stated that “53 percent of companies estimate remediation costs of $100,000 and more, with 12 percent estimating a cost of more than $1 million.”

Ouch.

On top of that, insider threats can go undetected for years on end. And guilt in such cases is really difficult to establish. It’s little wonder why an estimated “74 percent of companies feel that they are vulnerable to insider threats,” and a whopping 7 percent classify their vulnerability as “extreme.”

The conclusion?

While it’s critical to defend against external cybersecurity threats (and they are, generally speaking, more widely sensationalized), internal threats are just as important to catch. Today, we’ll be giving you a leg up by delving into what constitutes an internal threat and how you can mitigate the risks.

Just what is an internal threat?

For a straightforward definition, we turn to SecureList:

“Internal threats include any harmful actions with data that violate at least one of the fundamental principles of information security (integrity, availability, and confidentiality) and originate from within a company’s information system.”

Easy enough to comprehend, but classifying internal threats goes even deeper. According to CSO, internal vulnerabilities come in three main flavors: accidental, negligent and malicious. Those first two have a degree of overlap, as there’s no ill will on the part of the employees who are responsible.

Accidental threats arise when employees aren’t well-educated on proper protocol (and, by extension, open your company to maladies like ransomware and phishing schemes). Negligent threats occur when employees understand the protocols but willfully ignore them in favor of completing a task the “easy way.”

Malicious threats, on the other hand, are a whole different ballgame.

The offending employee might be holding a grudge. They might have been paid off. Whatever the case, malicious instances are categorized by employees within your company who wish to intentionally cause damage. Those employees use their knowledge of your systems to further their less-than-well-intended goals.

How to guard against internal threats

The strategies you employ for mitigating internal threat risk will vary based on the types of danger we listed above.

For accidental and negligent threats, education and enforcement are key. As EY so succinctly put it, “education is prevention.” Getting employees up to speed is a great way to cut down on the mistakes that can put your organization in a cybersecurity predicament.

solid IT support team can help with educational efforts. Combine that with a no-nonsense policy that reminds employees that cybersecurity rules are not to be taken lightly. That’s how to deal with a sizable portion of the internal risks your company faces.

Malicious threats require a different approach.

Preventing these are where background checks, employee monitoring and restricted access to various systems will benefit your overall preparedness. Again, leveraging IT pros to formulate a strategy will grant you significant benefit.

With the right methodologies in place, your vulnerability will diminish drastically.

Your definitive guide to business data: How to keep it alive, mobile and meaningful

/in , /by

Here’s what we’re going to cover:

    1. Keeping your data alive (AKA cybersecurity)
        1. Covering the basics
        1. Software protection
        1. Hardware protection
        1. Human error protection
      1. Worst-case scenario protection
    1. Keeping your data mobile (AKA remote access & collaboration)
        1. The right tools for the job
        1. The power of BYOD
      1. Mobility tips, training and feedback
  1. Keeping your data meaningful (AKA analytics)
      1. Slice and dice
    1. Connecting the dots

Boy, you said it, Andy. The whole world, including your business, is one big data problem. Then again, as Aaron Koblin pointed out, “I think you can have a ridiculously enormous and complex data set, but if you have the right tools and methodology then it’s not a problem.”

And that’s what this article is all about—turning your business data problems into strategic business advantages. In order to accomplish that, we’re going to explore how to keep your data alive, mobile and meaningful.

Or, if you prefer business-speak, we’re going to look at cybersecurity, remote access, collaboration, and business data analytics.

Keeping your business data alive (AKA cybersecurity)

Cybersecurity breaches make headlines on a regular basis. So often that we’re getting used to hearing about them—when they happen to someone else. The moment your business data falls prey to cybercriminals, it’s a whole different story.

Let’s keep that from happening so that your business data remains safe and secure.

Covering the basics

Basic cybersecurity is a fairly easy thing to accomplish. You don’t have to be an IT professional to make sure your business has the most essential protection. You just have to know what’s needed.

You need four things:

  1. Software protection
  2. Hardware protection
  3. Human error protection
  4. Worst-case scenario protection

Know the terms

It’s also smart to have a working knowledge of some of the most common forms of cyberattack. Ransomware headlines are meaningful because you know what ransomware is. But if there are other forms of attack you don’t know (for example, social engineering or SQL injection), you won’t keep an eye out for new information about them.

We have a guide that covers the most common forms of cyberattack. It’s definitely worth the few minutes it will take you to read it.

Software protection

Antivirus and anti-spam programs are practically a given on any network these days, personal or professional. If you don’t already have both kinds of protection for your company’s network, get on that. There are plenty of good, affordable options out there.

The harder work of software protection rests squarely on your shoulders—or on the shoulders of your managed IT services partner, if you have one. We’re talking about updates.

Those annoying notifications you get about various programs needing a patch or an update? Yeah, those are actually really important if you’re committed to protecting your business data.

Software manufacturers often include beefed-up security in software patches. In fact, the WannaCry virus that made headlines in 2017 took advantage of Windows vulnerabilities that Microsoft had already addressed (you guessed it) in a previous software update.

Hardware protection

Hardware protection runs the gamut from using business-appropriate equipment (like routers designed for commercial use) to sophisticated, encryption-enabling servers that make business data nearly untouchable. The former is easy to stay on top of as long as you’re paying attention, and you probably don’t need to worry about the latter.

Additionally, there are all kind of hardware issues you can likely address on your own. While there will undoubtedly be times when a bit of professional help is warranted, the most common troubleshooting techniques (the ones the pros will use first) aren’t shrouded in mystery. On the contrary, anyone can do basic troubleshooting.

Consider checking out common computer problems you can fix yourself before accruing any billable hours with your MSP.

7 interesting tech facts you might not know

Human error protection

Here’s a brutal truth. Software and hardware protection can only take you so far. And unfortunately, human error can completely wipe out the protection even the best hardware and software can provide. One employee mistake can literally expose all of your business data.

And that’s to say nothing of actual internal threats. Even small businesses need to keep their guard up against malicious insider activity. One way to do that is to make sure everyone on your staff knows what to keep an eye out for.

Said another way, employee cybersecurity training isn’t a luxury. It’s a vital necessity.

If you’re not sure how to get started with employee training, check out our guide. It’ll walk you through the high-level ins and outs of an employee training program aimed at cybersecurity and data protection. Additionally, we recommend that you train your staff on some of the most common cybercriminal tactics, like phishing, social engineering and spoofing.

If your employees know about these devious tricks and how to avoid them, your business data is far more likely to remain safe.

Worst-case scenario protection

Okay, so it’s obviously better to stop a business data breach than to deal with one after the fact. That said, there are no guarantees. Cybercriminals are a resilient bunch. We find ways to stop ‘em dead in their tracks, and they bounce right back with newer, sneakier, more sinister ways of breaking into your network.

So you need a backup and disaster recovery (BDR) plan. The goal of a BDR is to minimize downtime, getting you back into productivity mode as soon as possible in the wake of any kind of network failure.

In addition to your BDR strategy (sometimes also called a business continuity plan), we recommend developing plans for deleting old data, retiring out-of-date hardware, and annual reviews of your technology to ensure you have all the protection you need.

Keeping your business data mobile (AKA remote access & collaboration)

Cloud computing has changed the way we handle business data in profound ways. The cloud offers secure options for storing even massive amounts of data combined with the convenience of anywhere, anytime access.

Mobility is where it’s at. Here’s what you need to know to stay connected to your data on the go.

The right tools for the job

First and foremost, you need the right technology solutions. Broadly speaking, these come in two forms: data storage and mobile-ready apps. However, in an increasing number of cases, the line between those two categories is pretty blurry.

Take Microsoft’s OneNote as a prime example. Included as a core component of Office 365, OneNote is a ridiculously robust note-taking and organization tool, complete with online access and collaborative sharing. We’re fans. In this single tech tool, you have both remote business data storage and a user-friendly interface designed for mobility.

But that’s just the tip of the iceberg.

In addition to relatively basic (but extremely convenient) tools like OneNote, there are some sophisticated business data management solutions that are just as mobile-friendly. Not that long ago, it would have been hard to envision something as robust as a CRM or ERP in the cloud. Today, both classes of software are just as remotely accessible as email.

The power of BYOD

BYOD stands for “bring your own device.” Even if you don’t realize it, you probably already work in a BYOD environment.

Any time any employee connects any device they own to your network to access business data, that’s BYOD. That includes smartphones and tablets. If any of your employees check work email from their phones, that’s BYOD in action.

BYOD is great. It keeps your staff engaged and productive, even when they’re not in the office. However, it also has the potential to expose your business data to potential breaches. We recommend that you develop a formal BYOD policy that includes specific guidelines to ensure your employees don’t inadvertently compromise your security.

Mobility tips, training and feedback

We’ve already touched on several of the mobility-ready tools out there that can take your company’s productivity to the next level. Anything that allows your employees to access business data on the go has the potential to boost productivity—provided they know how to use those tools.

Similar to cybersecurity, we recommend that you take an active role in training your staff on the pros, cons and best practices of remote access. Give them practical, hands-on tips and tricks, encourage them to share what works for them, and stay engaged.

It would be a shame to learn that super-expensive mobility software you’re paying through the nose for is basically worthless . . . but a much cheaper alternative would have been perfect.

Keeping your business data meaningful (AKA analytics)

Having a lot of business data isn’t enough. So you’ve got spreadsheets full of stats? So what? What matters is what you do with all that data.

Slice and dice

In business-speak, the strategic use of your data is referred to as Business Intelligence (BI). You could utilize BI to determine where there are bottlenecks in your supply chain. Or who your most profitable customers are. Or even predict future buying trends, taking into account variables like seasonality, weather, activity in related markets, and even the political atmosphere.

Real world examples of BI in action are compelling and exciting. They show us just how powerful data analytics has the potential to be. And while your SMB may not be ready to dive into the deep end, there are almost certainly ways you can use BI.

Putting BI to work for your company is simply a matter of digging into your business data in meaningful, actionable ways. When you know how to listen to the story your data tells, you’ll begin to get an idea of how you could use that data to stay ahead of the curve.

Connecting the dots

Now you’re on your way. Your data is safe and secure, you can get to it from anywhere, you’ve got convenient tools for recording, accessing and analyzing it, and you know what kinds of trends to look for in the data so you can take action based on your analysis.

This is where things get fun.

If you’re in the manufacturing or distribution field, for example, this is the point where you can begin to leverage your ERP business data to make meaningful changes to your entire process. Those changes can result in greater efficiency, lower cost, faster turnaround times, and easier internal communication.

Or what about the impact on customer relationships, regardless of the industry you work in? Modern CRM software can help you manage your sales funnel, upsell current customers, address customer complaints, and even maintain automated communication with your customer base. Just make sure you choose the right type of CRM for your business—one that meets your needs and gives you the strategic tools to move your business forward.

This is where the rubber meets the road—and where you start to see the very real bottom-line impact of effective business data analysis.