Tag Archives: data protection

Protecting Your Business from an Evolving Threat Landscape

Whether man-made or natural, threats to the security of your company’s network are on the rise. Not only do effects of climate change (such as wildfires and floods) pose threats to businesses, but cyberattacks including ransomware via phishing emails, jeopardize your network and data. Read on to learn more about threats and how to overcome them.

 

Common Risks For Businesses

 

Risk management professionals have their hands full! Natural disasters like floods or wildfires can damage, even destroy, security operations data centers, homes and businesses, and infrastructure like power lines. Even a winter storm can keep workers from accessing work systems, and break the connection between a technical problem and its solution. At the very least, natural disasters can result in costly downtime.  According to a CSO Online article, the number of climate change-related incidents with damage exceeding $1 billion dollars had occurred by October 2023. 

 

As if the consequences of natural disasters aren’t serious enough, bad actors are seeking access to business networks to steal data, infect the networks with malware, or both. These cybercriminals might also use a natural disaster to take advantage of a company’s vulnerability. Data breaches are also very much in the news. According to a 2021 cybersecurity threat trends report, phishing emails are responsible for roughly 90% of data breaches. These data breaches come from unsuspecting recipients giving up confidential information when they are tricked into doing so.  

 

Phishing schemes are becoming more sophisticated, too. Another threat is escalating cyberattacks using the same artificial intelligence tools your business might be using to automate processes and make work more efficient. If your company is using the tools, so are the bad actors. Cyber criminals can create more sophisticated phishing schemes, drafting emails lacking the usual spelling and grammatical errors in social engineering messages. Not only that, criminals can create videos (“deep fakes”) that mimic the voice and/or image of someone the recipient knows. 

 

How You Can Protect Your Business

 

It’s said that the question is not if your business is attacked, but when. You may know what your business is up against, but how do you protect yourself? You need a plan. A good place to start is taking inventory of technological assets, including data. Taking a risk management approach by assessing the most likely threats first helps prioritize your response. Partnering with a provider for Managed Detection and Response (MDR) and mobile device management can protect your network and its connected devices.

 

Tools for Protecting Your Network 

 

Two solutions for protecting your network include managed detection and response and mobile device management. Managed detection and response is a cybersecurity service that proactively protects organizations from cyber threats with a combination of technology and human expertise. The provider serves as a partner, taking on time-consuming tasks and using human expertise to hunt down and destroy threats. The end result is the preservation of your company’s reputation and brand. Mobile device management provides visibility across multiple devices and applications, protecting the devices with security features, in accordance with company policies.

 

Threats are escalating, including malware that takes advantage of unprotected devices as well as sophisticated phishing schemes involving artificial intelligence. For advice on shielding your company’s network, contact your trusted technology advisor today. 

 

Perform a Cybersecurity Assessment

How do you know your network and your digital assets are really safe? How can you be sure? Often, it takes a cyber attack and subsequent data breach to learn that your company’s defenses are not what you thought. Read on to learn more about taking stock of your company’s cybersecurity posture to prevent a cyber attack and its damage.

 

Review Cybersecurity Policies and Procedures

 

One place to start evaluating your cybersecurity posture is reviewing your cybersecurity policy, which states not just your company’s stance on cybersecurity, but the ways you plan to keep your network secure and processes and procedures you will follow while pursuing business goals. A sound policy starts with general security expectations as well as roles and responsibilities within your organization. Once these are clear, more specific policies deal with  guidelines for antivirus software and use of cloud applications. Other specific elements include  how devices can and cannot be used, how the system can be securely accessed, and what will happen in the event of an attack, like one resulting from a phishing email.  Do workers know where and how to access the company network, and where not to? What are the processes for recovering from a disaster, and how will the business continue operating if one happens? These questions are just some of many to have a definite answer to, to be sure of your ability to keep your company secure.

 

Auditing Your Network

 

Do you know the security of your network, and all devices connected to it? Keeping a detailed asset inventory; records of all devices–their type, model, operating systems, which versions of software they have, and what they’re used for–is just the first step in securing them. And then, your workers may have their own devices, for which you need the same information. Are the software, operating system patches and antivirus/anti-malware definitions current? Does your network itself have these same protections? 

 

Take Stock of Protecting Your Data

 

Another key piece of the cybersecurity puzzle is data. Knowing where your data resides, how it’s classified, and its quality can help you protect it. Is there old data you’re keeping, that you no longer use, that if compromised, can result in fines and other penalties? How much data do you keep in the cloud, and what about your provider’s security and data centers? What data regulations is your business bound to comply with, to keep personal data secure? And where is your data backed up, to prevent its loss? Answering specific questions about the health of your data will help you maintain its security, and protect you from penalties resulting from data breaches.

 

If you want to be sure (not just assume) your business is secure, and prepare for cyber threats, contact us today. 

Keeping Your Data Safe with Privacy Measures

In our digital age, gathering information online is anything but difficult. It is imperative for both to keep  information from landing in the wrong hands. Read on to learn about the crucial need to keep data safe, the threats to data privacy, and what to do about it.

 

The Importance of Data Privacy

 

A basic definition of data privacy is keeping confidential data confidential online and on computer systems. Privacy of information applies to collected personal information including medical and financial records, customer payment data, and customer data obtained from websites. Medical and financial data especially are subject to stringent regulations on access and security, and many companies indicate on their website how they use customers’ data in the course of business (if they don’t, they should). Personally identifiable data can be kept safe through encryption, and multi-factor authentication–for example, a password and at least one security question. 

 

Awareness of Threats to Your Data

 

Ideally, basic measures to keep data private would be enough. But both existing and new threats continue to increase. For example, in recent years automated calls (“robocalls”) have proliferated, increasing more than tenfold in the last few years. Of the three to five billion robocalls each month, at least 40% are thought to be fraudulent. And phone calls are just one way bad actors attempt to steal your data. Phishing schemes via text or email can also be a way to get unsuspecting recipients to give up personal data that can be used for fraud or even penetrating company computer systems with malware. According to CompTIA, phishing scams account for more than 80% of security incidents, and users are often the “weak link” that allow the attacks to happen. 

 

How to Protect Your Data

 

Even with threats escalating, you can protect your company’s data, customers and reputation. The FCC has recently addressed robocalls with STIR/SHAKEN, a technology framework designed to reduce fraudulent robocalls including ones using “spoofing” to mimic a legitimate phone number. Fraudulent calls will be designated as “potential spam,” which helps keep recipients from being tricked into giving up personal information. Along with STIR/SHAKEN, making your staff aware of phishing emails and texts can keep them and your business from possibly giving fraudsters valuable information. Phishing emails can often appear as urgent requests for help or information, or threaten consequences if the recipient doesn’t act. These emails should be reported, and then deleted, to remove the danger of clicking a dangerous link and introducing malware into your computer system. 

 

While threats continue to grow, there are ways to protect your business. For help in protecting your confidential data, contact us today.

Developing A Plan for Data Protection

Data breaches have become so common that they are no longer news. Gartner predicts,  “as more companies look to benefit from data, there will be an inevitable increase in data use and sharing missteps.” However, organizations that have a culture of ethics for data use will be better prepared to avoid such mistakes, and to handle them well if they do occur. Read on to learn how your company can have not just a data protection plan, but a culture that revolves around protecting the personal data of your customers. 

 

Protecting Your Business and Your Customer’s Data

 

In spite of the occurrence of data breaches, your company can be protected. If you haven’t already done so, you might draw up a data-protection plan that will address what to do in case of a breach. Ideally your organization will already have technology in place to prevent data breaches–tools such as updated antivirus and anti-malware definitions and network monitoring, for instance. Hopefully, there is also a culture of ethics around use of customer information, including transparency with customers about what is done to protect their personal data. 

 

Countries and entire regions, such as Australia and Europe, have put legislation into effect to protect customers. Europe’s GDPR mandates a notification within 72 hours of a data breach. Australia’s Consumer Data Right gives its citizens the right to delete information that is no longer needed, as well as stopping data collection at any time While the U.S. has no nationwide law, individual states have their own regulations. For example, California gives their residents certain rights under the California Consumer Privacy Act, such as the right to opt out of having their data sold.  The CCPA also sets forth steep monetary penalties for failing to protect customer information. Businesses are required, among other things, to have a conspicuous link for customers to click in order to opt out of having their personal information used. Regulations may vary, but their intent–the protection of data–is similar. 

 

Using Legislation as a Data Protection Template

 

Even in areas without this legislation yet in place, businesses can develop a robust plan based on such standards. Topics to address in this plan can include what your company will do in the event of a data breach, and whether data will be shared with third-party vendors. One task for companies is to inventory their vendors; smaller vendors might not have rigorous rules for handling data. 

 

To protect your company from the consequences of a data breach is vital. To develop a plan for protecting your customers’ data, or to fine-tune one you already have, contact us today. 

The Importance of Data Protection Before a Disaster

Hurricane Dorian is just one event that can potentially affect a business’s access to its data and reemphasizes the importance of having a data protection plan in place. Other events can have the same effect—cyclones, earthquakes, and hurricanes–suspending business operations for days or weeks.  Even a brief power outage can put your company at risk, not to mention the threat of cyberattacks. Read on to learn more about keeping your business’ data safe and accessible. 

Reasons to Safeguard Your Data

Data can be considered the lifeblood of your business, enabling transactions as well as access to customer or patient records, and containing a company’s intellectual property. Loss or compromise due to corruption by malware and viruses, or even a brief outage, can result in costly downtime. Not only that, a company can suffer a loss of revenue and even reputation. If subject to industry regulations, a business can incur fines for revealing personal information. These consequences can be prevented with a solid data protection strategy. 

Assess Data Protection Needs to Develop Your Plan

A data protection strategy starts with assessing your business’ needs. Consider first which data and applications are mission-critical for keeping the business running—for example, phone communications, Internet, and email. Depending on your business type you may need to comply with certain regulations—HIPAA, for example. Consider natural hazards common to your area, and whether you want your data to reside on-premises, or in a cloud data center. With your data in the cloud, it can be accessed remotely and without interruption. If using the cloud, decide which environment is best, whether public or private.  

Test Your Plan and Involve Your Staff

Once your data protection plan is in place, test it regularly to make sure it works. An added benefit is that a test can show any gaps or potential problems, giving you a chance to correct them. It can serve as a good “dry run” for a real disaster. Educate your employees about what practices to follow to protect company data, including how to recognize and report phishing attempts. 

While data protection incorporates numerous practices and procedures, its bottom-line purpose is preserving your company’s revenue and reputation. For help developing your data-protection plan, contact your trusted technology advisor today.

The Importance of Data Protection in Business Continuity and Disaster Recovery

In the last week, two earthquakes have shaken southern California, alerting us to the need to have our businesses prepared for a disaster, whether natural or manmade. Not only can fires, floods and earthquakes cause business interruptions, but so can systems failures, human error, malware and ransomware attacks. It’s never too soon to evaluate what needs to be done to prepare your business for a disaster. And a disaster doesn’t have to be large-scale; a power outage of an hour or two can be enough to stall business operations. Read on to learn about the most important things to do before an emergency

Make Data Protection a Key Part of Business Continuity

Data is the lifeblood of many businesses, its loss or compromise affecting their ability to do business. Data is needed for transactions and communications, among other functions, and even a short period of downtime can have a potentially disastrous impact on revenue and reputation. When considering the data protection aspect of your business continuity plan, focus on your mission-critical data and applications. What do you need in order to stay in business during a disaster, or recover afterward? Perhaps it’s customer records, or an in-house research database. Be sure to get mission-critical data backed up first, so your business can continue operating. Make sure there is failover—when one network backbone falters, another picks up the slack.  

Different Methods Can Achieve the Same Goal

While the ultimate goal is to remain in business without compromise of revenue or reputation, different methods exist to realize this goal. However, one common thread is the idea of storing data offsite, in the cloud or in geographically diverse data centers. Throughout the working day, “snapshots” can be taken of business activity, and copies placed in these data centers, which adds an extra layer of security. Software-defined wide area networks (SD-WAN) are another good option, with multiple carriers providing redundancy and reliability. Finally, storing data in the cloud can help you access it in case you can’t get physical access to your office. Many tools exist for helping minimize the impact of a disaster.

Instead of waiting for a disaster to slow or stop your business operations, learn how protecting your data can keep your business running during and after a disaster. To evaluate your preparedness and make strides toward business continuity, contact your technology advisor today.

The Importance of Data Protection

Cyber attacks and data breaches are regularly in the news, and often come with a loss or exposure of customers’ data and a loss of reputation to the business. Large, well-known businesses are often in the headlines; small to medium-size businesses, however, are just as much at risk.  Knowledge of cybersecurity practices has yet to keep up with new threats. According to CompTIA’s 2018 Trends in Cybersecurity report, “Businesses with fewer than 100 employees are far more likely than their larger counterparts to feel that their IT security is simply adequate or unsatisfactory. Without a deep resource pool to lean on, smaller firms struggle to address new facets of IT security.” To learn more about protecting your data, read on.

The Importance of Data Protection

When a cyberattack occurs, customer data can be either lost or get in the hands of cybercriminals. As a result, customers can lose trust in your company to keep their data safe, data that is generated through online interactions with your company. How do you protect this data, your relationships with your customers, and your company’s bottom line? Your business may also be subject to regulatory compliance, such as following GDRP, HIPAA or PCI-DDS. As ever, it’s important to keep antivirus and anti-malware definitions up to date and to monitor your network. Backing up data in the Cloud is also an option to consider. But just as important is to develop a culture of cybersecurity in your organization.

Develop a Culture of Cybersecurity

Managers and CEOs can set the tone for a culture of cybersecurity by emphasizing the benefits of data protection. Not only does it keep customers safe, it can keep employees safe, too. Educate your employees about every individual being an end-user, both at work and outside of work. Remind them of the importance of protecting their own data on social media, and how it’s easier to prevent a breach than repair the effects of one. The same goes in the workplace. Data protection can help keep the business running and keep employees working effectively without experiencing downtime.

Training employees doesn’t have to be a one-time event, nor does it have to be dull. Inventive executives can create incentives and rewards, such as the confidence that they are protecting the company and themselves or giving a prize to the first person to accurately recognize a phishing attempt.

Assess Your Current State of Security

A good place to start is to assess your current level of data security; an audit of your computing resources will help you know where you stand.  Contact your technology advisor today to start on the road to data security.

How To Stay in Business with a Business Continuity and Disaster Recovery Plan

With technology growing by leaps and bounds, and regulations assigned to protect the data generated by this technology, you need a business continuity and disaster recovery plan in place to determine how that data is collected, protected, analyzed and stored. Read on to find out how to protect your company from data loss and its consequences.

Why You Should Care About Data Protecting Your Data

According to COMPTIA, data protection will be a key trend in 2018 and beyond. Businesses will continue to generate large amounts of data; for some companies, regulations such as PCI, GDPR and HIPAA require protection of data and plans for business continuity in the face of potential data loss. Even without the need for compliance to regulations, businesses need access to their data even in the event of a natural disaster or a cyberattack.

How Much Downtime Can you Afford?

The average cost of downtime is $5,600 per minute. Not only that, but if your business is inaccessible during a flood, fire or other disaster, or simply a power outage, customers can lose confidence in the product or service you provide. Even more serious is the prospect of confidential data being lost or exposed. Having a plan in place can make the difference in whether your business stays in business.

What to Include in Your Plan

How much data can you afford to lose, and how long can you be without it? The best plan provides for storage and restoration of data during and after a disaster. How long can your systems be down before it affects profitability? How will you restore data that is lost? A robust plan is one that enables your company to retrieve lost data as quickly as possible. Data can be stored on-premise on a server, or in the cloud, or a combination of both. Once you have a plan in place, test it to make sure it works, and verify it periodically to make sure all your data is accessible.

Having a plan for business continuity can keep your business in business during a disaster and afterward. If you do not yet have a plan, or if you’re not sure the plan you do have is optimal, contact your trusted technology advisor today.

Is Patch Policy Part of Your Data Protection Plan?

Data security needs to operate on more than one front. Not only does your network need to keep data secure, it needs to respond to threats both inside and outside the business. There are numerous protections, including current anti-malware and anti-virus software and operating system patches, to keep your network stable and secure. Read on to find out how operating system patch policy can be part of your data-protection plan.

The Role of Operating System Patches

Operating system patches are updates that help maintain the stability and security of your network. These updates come out on a regular basis and are needed to keep systems working. Typically, operating system patches are frequently available, although older operating systems past end of life may no longer have patches. Windows 7 and Windows server 2008 are next up for end of life in January of 2020. Some are vital to your mission-critical systems and must be accessed immediately, while others may pertain to less-vulnerable systems, and can be postponed.

How a Service-Level Agreement Can Help Protect Your Data

Instead of trying to choose which operating system patches need to be installed now, let your managed service provider take over. Draw up a service level agreement that specifies what services the managed service provider can take care of, including backup, data recovery, network security updates, and operating system patches. Keeping your systems—including operating system patches—current helps protect your data and prevent downtime. The MSP can detect and resolve many problems remotely, outside of business hours.  Problems can be solved before they result in downtime for your business, and a reputable IT business can help to prevent a potentially expensive problem before it even starts.

Your network is only as strong as its most vulnerable point. Talk to your technology advisor today about how a service plan, including current operating system patches, can help keep your business running smoothly.

Technology Budget

What’s in Your Technology Budget Next Year?

Many companies start their budget this time of year. As you are thinking about strategic investments, consider how you can leverage technology to improve customer service, make your employees more productive, and possibly save money. Here are a few considerations for next year’s technology budget.

Network Upgrade

Your network is the backbone of your technology infrastructure. Growing demand for high bandwidth activities including Communications and Collaboration, Call Center and Cloud Backup all require a bullet-proof network. What’s more, a number of advancements in Software Defined Wide Area Networking (SD-WAN) could save you a bundle. Consider having a network assessment or Telecom Expense Audit to see if you can save on your communications and networking costs next year.

Fixed Priced IT

If you haven’t deployed Managed Services to augment your technology infrastructure, you might consider how you could benefit from this model. By proactively monitoring and managing your infrastructure, your systems will work better and your cost of systems updates and support will be fixed.

Cloud Computing

The economic model of Cloud Computing allows companies to avoid unnecessary capital expense (CapEx) and use operating expense to subscribe to a range of Cloud Services.  Software as a Service (SaaS) provides the latest version of your popular productivity applications, and Infrastructure as a Service (IaaS) offers a consumption model for scalable computing power.

Data Protection

Cyber threat, privacy data breach, human error and natural disasters can put your business at risk. Having a solid data protection plan helps businesses avoid the unnecessary downtime, fines, legal fees, and loss of reputation associated with data loss.

There are many ways to invest in the future of your business. Technology infrastructure is one of them. Consult your technology advisor now to get input on your planning for next year.