On the never ending problem of cyber security, small firms often do not have any/much in-house IT support. As a consequence, they may be less likely to be able to make sure their software is consistently updated to reflect any patches released by the product’s maker. This simple oversight, deliberate or not, is a major source of data breaches and ransomware attacks.Think back many years to when Microsoft pulled the plug on maintaining Windows XP. Many users refused to upgrade because there were afraid of losing compatibility with other software programs, the unintended consequences of moving to a new OS, or just not being sure how to install an upgrade. Whatever the issue, it meant those users had an operating system that was no longer updated to reflect the latest security fixes. Their operating system became an unlocked gate.

 You may not be scared of technology, but as a small business owner, tracking the release of new updates or taking the time to install them as soon as they come out probably just isn’t a priority. You have a business to run. Adding to this problem, you may also allow your employees to use their personal laptops, mobile devices, and tablets for work duties. If that is the case, then every program on each of those devices is subject to the owner’s willingness and ability to update everything in a timely fashion. If any single device accessing your corporate files and data misses a security patch and is breached, so is your business.

 The lesson here is that you need to take action to implement a company-wide process for maintaining all of your software applications so they don’t become an unlocked door in the middle of the night. A managed service provider can develop a plan to address update and security fixes on all the devices that access your data. It can be more than a small business owner can handle, so instead of ignoring the problem, reach out to find real solutions that will protect your business.

Every business, small or large, has 3 basic levels of technology support needs.

1. Make sure it works - Every organization, from enterprise to not-for-profit, needs IT staff who are able to offer routine maintenance and support, including the updating of hardware and software, handling maintenance, and putting out daily fires.

2. Make sure it works when needed - Technology supports business activity 24/7. Even when everyone in a small business has gone home, there are periodic non-negotiable staff needs at unpredictable times.

3) Make sure it helps make you more money - This top tier is the most important. This is the support that is helping you to proactively manipulate technology to improve revenue.

Download our full White Paper Here.

In our last blog, we explained what ransomware is, and why it can be an especially troublesome virus. Today, let’s look at what you can do to avoid falling victim.

Prevention is the best cure. Follow standard “data hygiene” principles that you probably hear about all of the time. Update your OS, software, and apps whenever a new release or patch is released. Do this ASAP. Some patches may be released solely as a result of the discovery of a vulnerability. Watch out for phishing scams. If anything looks “off” about an email, don’t open it. And never open links you aren’t totally sure of. If unsure, email back to the sender to verify they actually sent you a link. Unfortunately, human error is one of the biggest problems for data security. Employees unwittingly open links received via email or download information from insecure websites.

Beyond prevention, the most important thing you can do to make sure your data cannot be held ransom is strictly adhering to a regimen of backups. Routinely backup your data. However, with ransomware, even backups may not be foolproof. If your data has been infected and you are unaware of it, or the backup is not segregated from your network, your backups may also be corrupted. Given the severe consequences of a ransomware attack, consider having a security evaluation done by a managed service provider who will have the security expertise to advise on the best backup protocols for your situation. Ransomware presents some unique challenges that require more sophisticated data protection protocols. Contact a managed service provider for a complete security evaluation.

The daily reports of cybercrime are important reminders about the need to protect your business from malicious behavior that could threaten the success of your business. There are so many different things that can attack your computer, steal your data, and wreck your day. One of the most troublesome has been the development of ransomware. (FYI. Ransomware isn’t actually all that new– some version has been around for decades)  Ransomware is a type of computer virus that takes your data hostage and like any kidnapping scheme, demands money for the release of your data.

Why is ransomware so nasty? Because it steals the most important thing your business possesses. Data. Worse, once infected there isn’t generally a way out. No one can “disinfect” your machine. You aren’t going to be able to call in IT support to solve the problem. Basically, you have three options.

1. Pay the ransom. This payment is usually via credit card or bitcoin (a digital currency). Some ransomware viruses even provide help lines if you’re having trouble. Of course there are no guarantees your will get access to your data–these are thieves you’re dealing with.

2. Don’t pay and lose your data – This has its obvious downsides, unless…

3. You have a safe, clean backup. In that case, you are stuck with the nuisance of restoring your data with the backup, but you aren’t out any money. However, this comes with a caveat: your backups have to be clean. The problem with ransomware viruses is that just making backups may not be sufficient to protect your data, as the backups can be infected also. In the next blog, we will address your need to add an additional layer of protection to handle ransomware attacks.

You use the cloud and don’t even know it. Do you go to Amazon and create a wish list? Do you have an email account on Yahoo? That is cloud computing. All your emails are stored on Yahoo servers somewhere. They are on physical servers, of course, but they aren’t on your laptop. The advantage is that when you spill your coffee onto the laptop keyboard, you haven’t lost all your emails even if you never backed up your hard drive. ( If you haven’t, shame on you, by the way.)

Here is a simple analogy to explain how the cloud works and why it might be a very useful part of your business model. Picture the small, very cramped office space of a little start-up. You and a few coworkers sit in tight quarters with messy desktops buried in mounds of papers, files, and pizza boxes. There is absolutely no room for storage. (Throw the boxes out yourself. There are limits even to cloud technology) It will be a long time until you can afford a larger office space. Your building manager offers to rent you an empty file cabinet in the basement. Although the basement space is shared with other tenants, only you and your team have keys to this locked cabinet where you will store all those piles of paper. Your rent is relatively cheap compared to other tenants, since you’re only paying for the cabinet, and not the larger lockers they have leased.

Suddenly, those once covered desktops are clean, leaving space to work. More importantly, the papers are all nearby, each of you has a key, but they are safe from everyone else in the building or outside. They are also safe from spilled coffee and pizza crumbs. You’ve avoided the dramatic jump in fixed costs required to find bigger office space, when all you needed were several feet of filing cabinets. Even better, the money saved is put back into the core goal of providing a product or service to a customer.

The cloud does the same thing. You rent only the space you need, it is safer from hackers than your on-site server will ever be, secure from thieves, and protected from accident prone employees. Unlike the rest of us, cloud service providers don’t have coffee cups near their keyboards or forget to do monthly backups. In short, the cloud provides scalable storage without large incremental leaps in fixed costs you really can’t afford.

Loss of Data: Causes and Prevention

The adoption of technology from the simplest of matters to the most complex problems has rendered us heavily dependent on it. We love paying our bills minutes before they are due. We enjoy seeing loved ones face-to-face on our computer screens. We can access and print our extremely sensitive records from government and financial websites in a matter of minutes instead of waiting for the mail for days. The time and resources that technology saves are invaluable, but this convenience has a very ugly side. This convenience brings costs, which could include irreparable financial, professional, and social damage. The technology that is designed to make life easier can also wreak havoc when criminals use it to breach secured, personal information. So how do we tame this beast called ‘breach of data security’?

Background: The gravity of the problem: To look for a solution, we first need to understand how serious this problem is. Breaches in data security and loss of data could spell imminent demise for many small companies. According to the National Archives & Records Administration in Washington, 93% of companies that have experienced data loss resulting in ten or more days of downtime have filed for bankruptcy within a year. 50% wasted no time and filed for bankruptcy immediately and 43% that have no data recovery and business continuity plan go out of business following a major data loss. In the past, small- to medium-businesses (SMBs) thought that data security problems were reserved for large corporations, but cyber criminals are finding out that SMBs are more complacent in securing their data thus making themselves easier targets. More importantly, the lightly guarded SMBs can provide backdoor access to the large entities hackers really want to hit. Fewer than half of the SMBs surveyed said they back up their data every week. Only 23% have a plan for data backup and business continuity. That is why the number of cyber attacks on SMBs has doubled in the recent past.

Causes of lost data: Loss of data can be attributed to two factors.

• Breach of data security: As we discussed above, theft is the main reason for loss of data. Hackers can get into networks by installing their own software hidden inside emails and other Web content. They take over PCs and networks and then access files containing personal information. They can then use that information to empty people’s bank accounts and exploit data for other purposes.

• Human error and employee negligence: Humans still have to instruct technology to perform as desired. Examples of negligence include unattended computer systems, weak passwords, opening email attachments or clicking the hyperlinks in spam and visiting restricted websites. Fortunately, this type of loss of data is easily preventable, but it is just as detrimental and can bring your business to a halt. Downtimes can be very harmful to your business continuity and revenue.

Five ways to minimize data loss

1. Enforce data security: More than technology, this is the management of human behavior. SMB management must communicate data protection policy to the entire staff and see to it that the policy is adhered to. Rules and policy must be enforced very strictly regarding the use of personal devices. Tell employees to create passwords that are hard to crack and change them frequently.

2. Stress the consequences: Rules are only good if there are consequences for not following them. Define what those consequences mean for the both the individual and the organization.

3. Mobile device management: Mobile devices may be the weakest link in data security. “Mobile device management” refers to processes that are designed for the control of mobile devices used within the company. Devices tapping into company systems are identified and monitored 24/7. They are proactively secured via specified password policies, encryption settings, etc. Lost or stolen devices can be located and either locked or stripped of all data.

4. Snapshots: Fully backing up large amounts of data can be a lengthy process. The data being backed up is also vulnerable to file corruption from read errors. This means sizeable chunks of data may not be stored in the backup and be unavailable in the event of a full restoration. This can be avoided by backing up critical data as snapshots.

5. Cloud replication and disaster recovery services: For SMBs who consider data backup to be too costly, time consuming and complex there is an answer. The Cloud provides a cost-effective, automated off-site data replication process that provides continuous availability to business-critical data and applications. Cloud replication can often get systems back online in under an hour following a data loss.

To conclude our conversation, it is very important to understand the causes and consequences of data loss. Be proactive and minimize the likelihood of a data breach and data loss, so you can stay in business without interruption. Make sure you have a solid data recovery and business continuity plan so you don’t become another statistic about small firms who didn’t make it.

OK. You pay someone to store all of your data in the cloud, as opposed to keeping it on your own server and backing it up. And you pay on an ongoing basis. How is that possibly going to be cheaper than just making a one-time investment and keeping it your self? 

Let’s count the ways:

(1)  You lose the hardware expense –a capital expenditure cost.
(2)  If that hardware fails, you are out in the cold. 
(3)  Someone has to maintain that hardware. In house IT labor is expensive. 
(4)  If you need more capacity, you have to ramp up at a tiered level, which means you may need to buy capacity you don’t presently need
(5)  All of that hardware runs on software, which costs money
(6)  All of that software needs to be installed, updated, etc. (see # 3) 
(7)  All of that hardware and software has to run 24/7. Are you large enough to pay for in house monitoring and support 24/7? (See again #3) 
(8)  All of that data has to be protected with security software, which means skilled IT support and expensive virus protection

Ok. The list doesn’t end here, but this blog will. Talk to Net DirXions, Inc about how the cloud can be a really budget saver for small and medium sized firms.