OPTION I

Mark Email as Not Junk in Outlook

OPTION II

Add Contacts in Outlook to Safe Senders List

STEP 1

• Open Outlook and click the Home tab. Then click the Junk button and select Junk E-mail Options.

In today’s always-connected world, the time-honored separation of work and personal time is quickly disappearing. Mobile devices such as laptops, netbooks, tablets, and smartphones have fundamentally changed how all of us live and work. With work no longer confined to a physical office space, or limited to traditional business hours, we’ve created an increasingly mobile and dispersed workforce capable of working anywhere at anytime. 3 out of 5 workers today no longer believe an office presence is necessary for a productive day’s work.

Transferring IT hardware and equipment expenses to employees can save SMBs significant money. A study conducted by Cisco’s Internet Business Solutions projected that U.S. companies utilizing BYOD can save up to $3,150 per employee each year.

With some SMBs it’s no longer a question of what devices employees use and when they use them. Rather, businesses are looking at how to leverage the latest technologies so that employees can be more productive and efficient, even when they aren’t in the office. With this change in attitude comes new challenges: Both business and IT leaders will face new questions about security, productivity, infrastructure, and staff training.

According to Gartner analysts, more than half of organizations today already allow their employees to use third-party devices for work. While 80% of companies surveyed by Dell trust their employees in terms of device security, just 2% trust them completely.

A Managed IT Service Provider can provide a Mobile Device Management (MDM) Solution. The MDM solutions are a cost-effective means to ensure that any mobile device accessing their network is identified, controlled, and monitored.

This method of centralized management makes it easy to configure devices for enterprise access, stipulates password policy and encryption settings, locates and remotely clears and locks any lost or stolen device, automates security updates, and proactively identifies and resolves device or app issues.

Many times when working with new SMB's and reviewing their network infrastructure, we will ask "Do you have a firewall" and sometimes the answer is "I don’t think so” “Do I need one”. After investigating, we see the router, and then the discussion begins, ISP Router firewall, software firewall and hardware firewall capabilities..

It's important to use at least one type of a firewall , whether hardware, software or a combination of both. Firewalls are important components that help protect the organization from unauthorized access to its systems. There are other security measures, like anti-virus software, encryption and intrusion detection/prevention systems, that help combat a variety of threats.

However, a firewall is the “first line of defense” because it can be used to secure access to the network and to stop malicious attacks. A firewall that is designed and operated with security in mind will help prevent attacks from occurring by restricting certain types of traffic that could result in unauthorized access.

Simply, a firewall (selective) allows traffic based on selected criteria such as source or destination IP addresses, for instance. A firewall (non-selective) denies all traffic not in the log of approved applications.

So to answer the question: Yes, as a best practice for network security and data protection a firewall is recommend for all SMBs.

With cyberattacks and data breaches increasing at an alarming rate, without firewall security, it will leave your business vulnerable to a cyberattack.

Email Threats

Social engineering is non-technical, malicious activity that exploits human interactions to obtain information about internal processes, configuration and technical security policies in order to gain access to secure devices and networks. Such attacks are typically carried out when cybercriminals pose as credible, trusted authorities to convince their targets to grant access to sensitive data and high-security locations or networks.

An example of social engineering is a phone call or email where an employee receives a message that their computer is sending bad traffic to the Internet. To fix this issue, end users are asked to call or email a tech support hotline and prompted to give information that could very likely give the cybercriminal access to the company’s network.

 Phishing Email Compromises

One of the most common forms of social engineering is email phishing—an attempt to acquire sensitive information such as usernames, passwords and credit card data by masquerading as a trustworthy entity. Phishing is likely the #1 primary email threat employees need to focus on.

 Such emails often spoof the company CEO, a customer or a business partner and do so in a sophisticated, subtle way so that the victim thinks they are responding to a legitimate request. The FBI says CEO (or C-level) fraud has increased 270 percent in the past two years with over 12,000 reported incidents totalling over $2 billion dollars in corporate losses.

 Among the reasons these scams succeed are the appearance of authority—staffers are used to carrying out CEO instructions quickly. That’s why phishing can be so easy to fall victim to.

RSA Conference, “How a Security CEO Fell Prey to Scammers (Almost),” 3/3/2016: http://www.rsaconference.com/blogs/security-ceo-scammers#sthash.egMiB2xW.dpuf

Loss of Data: Causes and Prevention

The adoption of technology from the simplest of matters to the most complex problems has rendered us heavily dependent on it. We love paying our bills minutes before they are due. We enjoy seeing loved ones face-to-face on our computer screens. We can access and print our extremely sensitive records from government and financial websites in a matter of minutes instead of waiting for the mail for days. The time and resources that technology saves are invaluable, but this convenience has a very ugly side. This convenience brings costs, which could include irreparable financial, professional, and social damage. The technology that is designed to make life easier can also wreak havoc when criminals use it to breach secured, personal information. So how do we tame this beast called ‘breach of data security’?

Background: The gravity of the problem: To look for a solution, we first need to understand how serious this problem is. Breaches in data security and loss of data could spell imminent demise for many small companies. According to the National Archives & Records Administration in Washington, 93% of companies that have experienced data loss resulting in ten or more days of downtime have filed for bankruptcy within a year. 50% wasted no time and filed for bankruptcy immediately and 43% that have no data recovery and business continuity plan go out of business following a major data loss. In the past, small- to medium-businesses (SMBs) thought that data security problems were reserved for large corporations, but cyber criminals are finding out that SMBs are more complacent in securing their data thus making themselves easier targets. More importantly, the lightly guarded SMBs can provide backdoor access to the large entities hackers really want to hit. Fewer than half of the SMBs surveyed said they back up their data every week. Only 23% have a plan for data backup and business continuity. That is why the number of cyber attacks on SMBs has doubled in the recent past.

Causes of lost data: Loss of data can be attributed to two factors.

• Breach of data security: As we discussed above, theft is the main reason for loss of data. Hackers can get into networks by installing their own software hidden inside emails and other Web content. They take over PCs and networks and then access files containing personal information. They can then use that information to empty people’s bank accounts and exploit data for other purposes.

• Human error and employee negligence: Humans still have to instruct technology to perform as desired. Examples of negligence include unattended computer systems, weak passwords, opening email attachments or clicking the hyperlinks in spam and visiting restricted websites. Fortunately, this type of loss of data is easily preventable, but it is just as detrimental and can bring your business to a halt. Downtimes can be very harmful to your business continuity and revenue.

Five ways to minimize data loss

1. Enforce data security: More than technology, this is the management of human behavior. SMB management must communicate data protection policy to the entire staff and see to it that the policy is adhered to. Rules and policy must be enforced very strictly regarding the use of personal devices. Tell employees to create passwords that are hard to crack and change them frequently.

2. Stress the consequences: Rules are only good if there are consequences for not following them. Define what those consequences mean for the both the individual and the organization.

3. Mobile device management: Mobile devices may be the weakest link in data security. “Mobile device management” refers to processes that are designed for the control of mobile devices used within the company. Devices tapping into company systems are identified and monitored 24/7. They are proactively secured via specified password policies, encryption settings, etc. Lost or stolen devices can be located and either locked or stripped of all data.

4. Snapshots: Fully backing up large amounts of data can be a lengthy process. The data being backed up is also vulnerable to file corruption from read errors. This means sizeable chunks of data may not be stored in the backup and be unavailable in the event of a full restoration. This can be avoided by backing up critical data as snapshots.

5. Cloud replication and disaster recovery services: For SMBs who consider data backup to be too costly, time consuming and complex there is an answer. The Cloud provides a cost-effective, automated off-site data replication process that provides continuous availability to business-critical data and applications. Cloud replication can often get systems back online in under an hour following a data loss.

To conclude our conversation, it is very important to understand the causes and consequences of data loss. Be proactive and minimize the likelihood of a data breach and data loss, so you can stay in business without interruption. Make sure you have a solid data recovery and business continuity plan so you don’t become another statistic about small firms who didn’t make it.

You can have all the locks on your data center and have all the network security available, but nothing will keep your data safe if your employees are careless with passwords.

1. Change Passwords – Most security experts recommend that companies change out all passwords every 30 to 90 days.
2. Require passwords that mix upper and lowercase, number, and a symbol.
3. Teach employees NOT to use standard dictionary words ( in any language), or personal data that can be known, or can be stolen: addresses, telephone numbers, SSNs, etc.
4. Emphasize that employees should not access anything using another employee’s login. To save time or for convenience, employees may leave systems and screens open and let others access them. This is usually done so one person doesn’t have to take the time to logout and the next take the effort to log back in. Make a policy regarding this and enforce it. If you see this happening, make sure they are aware of it.

These are just a few basic password hints, but they can make a difference.

Ashley Schwartau of The Security Awareness Company says the two biggest mistakes a company can make are "assuming their employees know internal security policies" and "assuming their employees care enough to follow policy."

To avoid falling into these traps, you must: a) Have a plan, b) Educate users about your plan, and c) Make them care about procedures.

To give a quick summary, you need to have a defense plan for each of the layers that a hacker can attack: the physical layer (i.e. you need policies to ensure that only authorized personnel can access your devices), the network layer (i.e. make sure that only authorised devices access your network, and your devices only access authorized networks), and the human layer (i.e. you should make your employees practice good password hygiene, and are aware of security threats).

You should train employees on your security and disaster recovery policies at least twice year, and your IT person should keep your employees up-to-date on security issues on a weekly basis. Make sure that they understand the risks of a breach.

Most importantly you need to create a "culture of security," where employees go beyond the minimum guidelines laid down by your IT staff and always ask "is this good security sense" for every action they take. You need to have clearly defined penalties for those who practice bad security, and reward those who display good security sense.