What is phishing?

Email Phishing scams are carried out online by tech-savvy con artists and identity theft criminals. They use spam, fake websites constructed to look identical to real sites, email and instant messages to trick you into divulging sensitive information, like bank account passwords and credit card numbers. Once you take the phisher's bait, they can use the information to create fake accounts in your name, ruin your credit, and steal your money or even your identity.

How do phishing scams find me?

This style of identity theft is extremely widespread because of the ease with which unsuspecting people share personal information. Phishing scams often lure you with spam email and instant messages requesting you to "verify your account" or "confirm your billing address" through what is actually a malicious Web site. Be very cautious. Phishers can only find you if you respond.

What can email phishing scams do to me?

After you've responded to a phishing scam, the attacker can:

• Hijack your usernames and passwords
• Steal your money and open credit card and bank accounts in your name
• Request new account Personal Identification Numbers (PINs) or additional credit cards
• Make purchases
• Add themselves or an alias that they control as an authorized user so it's easier to use your credit
• Obtain cash advances
• Use and abuse your Social Security number
• Sell your information to other parties who will use it for illicit or illegal purposes

How will I know?

Phishers often pretend to be legitimate companies. Their messages may sound genuine and their sites can look remarkably like the real thing. It can be hard to tell the difference, but you may be dealing with a phishing scam if you see the following:

• Requests for confidential information via email or instant message
• Emotional language using scare tactics or urgent requests to respond
• Misspelled URLs, spelling mistakes or the use of sub-domains
• Links within the body of a message
• Lack of a personal greeting or customized information within a message. Legitimate emails from banks and credit card companies will often include partial account numbers, user name or password.

How can I get phishing protection?

When you arm yourself with information and resources, you're wiser about computer security threats and less vulnerable to phishing scam tactics. Take these steps to fortify your computer security and get better phishing protection right away:

• Do not provide personal information to any unsolicited requests for information
• Only provide personal information on sites that have "https" in the web address or have a lock icon at bottom of the browser
• If you suspect you've received phishing bait, contact the company that is the subject of the email by phone to check that the message is legitimate
• Type in a trusted URL for a company's site into the address bar of your browser to bypass the link in a suspected phishing message
• Use varied and complex passwords for all your accounts
• Continually check the accuracy of personal accounts and deal with any discrepancies right away
• Avoid questionable Web sites
• Practice safe email protocol:
  • Don't open messages from unknown senders
  • Immediately delete messages you suspect to be spam

• Use antivirus protection and a firewall
• Get antispyware software protection

The cloud is more or less a sexy word for the Internet… or at least a recent iteration of the Internet. Anyone who has ever used a hosted email server such as Gmail has already had sensitive data stored in the cloud. Cloud-based email hosting was one of the first and most broadly adopted cloud services on both the personal and professional level. If you use social media sites such as Facebook, Twitter, Linkedin or Instagram, you are already part of the public cloud.

SO WHAT IS THIS CLOUD?

Let’s describe the cloud without any technical lingo. Picture a really cramped office space. You and a few co-workers sit in tight quarters with messy desktops buried in mounds of files and paperwork. There is absolutely no room for storage, and it will be years before you can afford a larger office space.Your building manager offers to rent you an empty file cabinet in the basement. Although the basement space is shared with other tenants, only you and your team will have a key to this locked file cabinet to store and retrieve files as you wish. Your rent is relatively cheap compared to other tenants since you're only paying for the file cabinet and not the larger storage areas they are renting.

 Another analogy commonly used is the public utility. Obviously, no one would expect you to power your home or business with your very own electrical plant. The costs would be enormous and the maintenance impossible. Consequently, you and others within the same grid share in the overall cost of the infrastructure to generate and transmit electric power to your home. Being part of the grid enables us all to have access to affordable power based on our usage--just as the cloud makes business solutions that were once only affordable to large enterprises possible by spreading costs across a network of users and charging only for actual usage. This is what makes the cloud work. Small firms can have the technology they need while benefitting from the economies of scale once reserved for the largest firms. Suddenly those once cluttered desktops are cleared, leaving you with actual physical space to work. This is close to what the cloud does for the back end of small business IT infrastructure.

THE CLOUD IS A TECHNOLOGY EQUALIZER!

Historically, the technology used by larger companies has never been available to smaller businesses. Most SMBs have neither the hardware budget nor internal support to “own” a massive internal network infrastructure.

Previously, only large organizations could invest in IT infrastructure. Now, the cloud truly democratizes computing and levels the playing field. In many ways, it is the great equalizer, giving companies of any size the ability to store information at a remote data center rather than on premise. It gives small businesses the ability to do large scale business at a lower cost.

WHY USE THE CLOUD?

Reduced Costs: Significant savings can be achieved since the cloud’s mass scale computing minimizes onsite physical storage hardware and internal IT staffing.

Anytime, Anywhere Access: Since data access is no longer restricted to a solitary employee or physical device, users can access, share and collaborate in the cloud whenever and from wherever they please.

Better Collaboration: The cloud is available on-demand to computers and other devices from any location at any point in time. This allows for better collaborative efforts among teams working in today’s increasingly dispersed mobile workforce. Today, anyone can share data and collaborate across their organization.

Greater Scalability: Cloud-based services offer greater flexibility to scale IT needs up or down as the varying business environment demands.

Faster deployment: Cloud-based services can be deployed within just an hour or a few days rather than the weeks or months it takes to strategically plan, buy, build, and implement an internal IT infrastructure.

Environmental Friendliness: The cloud’s energy efficiency is attractive to any company that is conscientious about the environment and wants to be “greener.” The Berkeley Lab conducted a six month study which determined that shifting 86 million U.S. office workers to the cloud reduced energy usage by 87 percent. That is enough electricity to power the city of Los Angeles for one year.

Improved Security: Although many firms cite security as a reason for their reluctance to move to the cloud, there are actually very few data breaches involving cloud providers. A significant portion of data breaches are due to lost, stolen, or discarded devices and paper records, rogue employees, and human error. Data in the cloud may actually be more secure than data stored on computers, laptops, and company servers, with their array of security vulnerabilities. Unlike a laptop, the cloud can’t be left behind in a hotel lobby. Most smaller and medium sized businesses cannot secure their data centers without the advanced tools, encryption methods, testing, and third party certifications used by Cloud Service Providers.

For a small business owner like you, building and supporting a baseline IT infrastructure that provides reliable 24/7 services to you and your customers can be forbiddingly expensive. Even a wobbly, poorly supported infrastructure can be a budget breaker.

Large capital expenditures, high fixed-labor costs, and endless spending for upgrades don’t have to be your fate. The cloud offers a way out - it can not only save you money, it eliminates a lot of headaches and can spur growth and boost profits. Let’s look at just a few things the cloud can do for you.

CAPEX Most of the expenses of hardware disappear into the cloud. Servers, cabling, all the redundant equipment needed for backup can be handled by a cloud service provider. And more importantly, if you need to ramp up fast for an unexpected surge in business, a cloud service provider can easily accommodate your demands as needed.

DISASTER RECOVERY IS SIMPLIFIED

While you always need disaster recovery plans, the biggest headaches disappear. When you handle everything in-house, considerable expenditures arise if you want high reliability. Redundant equipment, fully loaded with software is required in case of hardware failure. Uninterruptible power supplies to support the full load of all your servers and backups can be extraordinarily expensive. And even if you keep a lot of your infrastructure on-site, the cloud can be used as a reliable data backup system.

LABOR

The cloud can cut and/or re-allocate your IT labor costs. The benefits of the cloud in the area of IT resources are twofold. 

First, you will have 24/7 resources to support your infrastructure. Even if you have only minimal in-house support, emergency on-call break/fix services come at very high hourly rates, and cannot always respond fast enough to eliminate downtime. Of course, your cloud fees include the labor needed to support your infrastructure, but you are sharing that labor cost with all the other renters. Economies of scale really step in when it comes to labor, and this is a condition a small business can’t create on its own.

Second, when you migrate to the cloud, your in-house IT resources can be re-directed to strategic IT planning for future growth and boost profit. This staff can now be used for innovation, not just housekeeping. 

And finally, the cloud isn't blue- It's green. While big server farms use enormous amounts of energy, they are a more efficient method than equipment dispersed in offices worldwide.

OTHER UNEXPECTED BENEFITS

As you move your IT into the cloud, some unseen expenses go away. The extra office space that houses equipment no longer needs to be leased, or can be used to house other revenue producing resources, like a few new salespeople. The electric power to drive it all doesn’t come free, and the cooling power to keep everything from overheating is often an overlooked cost of in-house infrastructure.

In summary, the cloud lets you save money, move it to more strategic uses, and direct your energies and capital to boost profits and growth, not infrastructure support.

For small firms, the internet was a great leveller. Small businesses, even the tiniest startups, could suddenly access wide markets they never could have penetrated before the World Wide Web. Geography and the need for deep pockets to build real-life distribution points retail or otherwise no longer presented barriers to market entry. Similarly, the cloud now offers another breakthrough for small businesses. Before the cloud, the expense of an in-house IT infrastructure hardware, software, upgrades and labor created a mashup of capital expenses and high fixed costs that just were out of reach of most small firms. 

However, with the cloud, small firms can be part of the massive aggregated IT infrastructure and benefit from the economies of scale that previously only benefited large firms. 

How does the cloud help small firms? Let’s count the ways. 

First, big capital expenses. No matter how minimal your technology needs, a certain amount of your business is completely reliant on technology. Systems fail, and no business can afford to be offline. That means spending money for mirrored servers and other redundant hardware. 

Second, small businesses that experience cyclical sales peaks may end up having expensive, unused capacity for parts of the year. Also, small firms may be unable to ramp up quickly to meet new demands and opportunities, and therefore leave money on the table. IT expansion takes time, planning and immediate cash. 

Third, there is labor. Small firms cannot benefit from economies of scale when it comes to IT labor support. Clearly, everyone needs 24/7 support, but to maintain that level of staffing would mean IT labor resources go unused, as they sit just waiting for a disaster to occur. 

In short, the traditional IT model doesn't work well for a small firm. However, the cloud has upended that completely. Now, even the smallest business can have a complete, backed up and redundant IT infrastructure with 24/7 support. By moving to the cloud, all of those capex and labor expenditures are shared among thousands of small to large businesses. Vast economies of scale mean lower costs for the small business owner, an opportunity that never existed until the cloud. 

In the end, the cloud creates a disrupting model that allows the small firm to benefit from all the advantages of available technology without the cost barriers of in-house IT support.. Before the cloud, only large established firms with deep pockets could afford the infrastructure. Now anyone can enter the market. 

Did you know the illicit trading of personal data was worth $3.88 billion last year? Cybercrime is a growing industry known for its innovation. It goes far beyond the image many of us have of some hacker kid in his basement. Many who engage in this activity are professionals and work in large teams. Some may even be sponsored by governments. If you follow the news, you can find large corporations and even government agencies who have fallen prey to hackers and had massive amounts of data compromised. Unfortunately, this has led smaller firms to feel they fly below the radar. In fact, the opposite is true. Small businesses-especially those in regulated areas such as medical, financial, and legal services-need to be hyper vigilant about security. The cybercriminals’ professional efforts will outdo your amateur efforts at security.

As a small business, you are vulnerable for two reasons. First, serious hackers see small business as entrances into larger entities. Small firms that have any interaction with larger firms, perhaps as a subcontractor, can be easy targets for professional criminals. Second, the clients or customers of small firms are shown to be less forgiving of data compromises that occur in small businesses.

Security now goes beyond buying an antivirus program online. You should seek professional advice setting up security policies and business continuity plans, or testing these policies on a routine basis. A professional can spot vulnerabilities and prevent breaches before they occur.

Any business that stores customer payment information must comply with a number of state and federal regulations. The legal, healthcare, and financial sectors have a number of laws tailored specifically for them (such as HIPAA or CISPA). If you run almost any kind of professional practice or agency you probably have very specific data security requirements. Running afoul of these regulations puts you at risk for legal action and probably means that you have bad security in place.

As a professional, your focus needs to be on your clients and running your firm. Regulatory requirements to ensure data security can be complex and include rigorous testing requirements. Ensuring compliance with the regulations can be a serious distraction for you and take you into territory where your experience is limited.

One of the best solutions is to work with a third party who has strong credentials in the area of regulatory compliance and data security. When you are working with a third party to set up security or data storage, make sure that they have experience working in your industry. Finding a service provider with experience in your profession can give you peace of mind knowing that you can focus on running your business without the distraction of ongoing technology concerns.

If you are a smaller Not-for-Profit, it is likely that your organization has been driven from its inception by individuals strongly motivated with a passion for their cause or humanitarian goal. As a result, it is also possible that the leadership has little interest in developing the administrative technology infrastructure that is necessary for any organization to function in the internet age.

Failure to understand and focus on technology can damage an organization’s growth and success. However, NPO leadership has to be laser focused on the day-to-day struggles of the organization such as seeking funding, keeping the doors open, and pursuing the mission. As a consequence, technology infrastructure may be cobbled together as an afterthought; resource limitations may lead to short term tech decisions that can be wasteful and more expensive in the long term.

An NPO, with its tight budget margins, is an excellent example of an organization that could benefit from outsourcing its fundamental tech needs to a MSP. A MSP can determine short and long term needs, assess possible solutions, and propose the most cost effective tech solutions to ensure a stable, long-term tech infrastructure. Without the time or stomach for administrative distractions,

You can have all the locks on your data center and have all the network security available, but nothing will keep your data safe if your employees are careless with passwords.

1. Change Passwords – Most security experts recommend that companies change out all passwords every 30 to 90 days.
2. Require passwords that mix upper and lowercase, number, and a symbol.
3. Teach employees NOT to use standard dictionary words ( in any language), or personal data that can be known, or can be stolen: addresses, telephone numbers, SSNs, etc.
4. Emphasize that employees should not access anything using another employee’s login. To save time or for convenience, employees may leave systems and screens open and let others access them. This is usually done so one person doesn’t have to take the time to logout and the next take the effort to log back in. Make a policy regarding this and enforce it. If you see this happening, make sure they are aware of it.

These are just a few basic password hints, but they can make a difference.