3 Reasons You Are an Easy Cybercrime Target

Cyber AttackAs we’ve mentioned before, more small and midsize businesses (SMBs) are falling victim to cybercrime. You might believe that hackers won’t bother targeting your business due to its small size. However, it is crucial to recognize that cybercrime aimed at smaller companies is undeniably escalating, and you could be the next cybercrime target if you do not take the necessary precautions.

According to HP’s Cyber Security and Your Business report, Cybercrime costs SMBs 4.2 times more per employee than larger businesses, and 60% of SMBs that experience a data breach are out of business in six months.

So, why exactly are cybercriminals interested in your business, and more importantly, what actions can you take to combat this threat?

Why Small Businesses are Prone to Cybercrime

It’s essential for you to acknowledge the following three reasons why you may be seen as an easy target for cybercrime and take proactive and defensive measures to protect your business.

1. SMBs spend less on security while larger businesses are increasing their security protections.

  • Your business is an easier cybercrime target because you are more likely to lack basic protections. In effect, you may attract cyber criminals because you are an easier target.
  • Budget for, and implement, reasonable protections covering user identities, access controls, user permissions, data loss prevention, and employee awareness and training.

2. SMBs do not have in-house security expertise.

  • Keeping up with risks and trends is time consuming, above and beyond ensuring that your security measures are updated and working on a day-to-day basis.
  • Leverage technology and your IT partners for automated solutions and expertise, as well as on-going management of your security and privacy solutions.

3. SMBS are moving into the cloud.

  • Using cloud applications and storage makes sense. But, your data is no longer behind a physical or logical “firewall”.  Protecting your data means protecting the cloud systems and services you use.
  • Always select business-grade services over consumer services. Implement all security features, including 2 Factor Authentication. And, when possible, integrate access to cloud services into a single system for managing user identities. And, do not forget to train, and periodically remind, your staff how their awareness and actions can allow or prevent an attack.

15 Actions You can take to Improve Your Cybersecurity

  1. Implement a robust cybersecurity strategy tailored to your business needs, including firewalls, intrusion detection systems, and antivirus software.
  2. Regularly update and patch all software and operating systems to protect against known vulnerabilities.
  3. Conduct regular security audits and risk assessments to identify and address potential weaknesses in your systems.
  4. Train your employees on cybersecurity best practices, such as recognizing phishing attempts, creating strong passwords, and handling sensitive data securely.
  5. Implement strict access controls and user privileges to limit unauthorized access to sensitive information.
  6. Encrypt sensitive data both in transit and at rest to protect it from interception or theft.
  7. Backup your data regularly and store backups in separate, secure locations to ensure data recovery in case of a breach or system failure.
  8. Develop and enforce a strong password policy, including the use of complex passwords and regular password changes.
  9. Enable multi-factor authentication (MFA) for all user accounts to add an extra layer of security.
  10. Monitor your network and systems for any unusual or suspicious activity using intrusion detection and prevention systems.
  11. Stay informed about the latest cybersecurity threats and trends through industry publications, forums, and reputable security organizations.
  12. Establish an incident response plan that outlines the steps to be taken in the event of a cybersecurity incident, including notification procedures and communication channels.
  13. Regularly educate your employees on emerging threats and provide ongoing training to ensure their knowledge remains up to date.
  14. Limit the use of personal devices for work-related activities and enforce strong security measures for those devices that are permitted.
  15. Partner with reputable cybersecurity vendors or consultants to get expert advice and assistance in securing your systems.

By implementing these actions and cybersecurity best practices, you can significantly reduce the risk of cybersecurity breaches and protect your business from potential threats. Remember, cybersecurity is an ongoing effort that requires continuous vigilance and adaptation to evolving threats.

It’s always a good time to perform a review of your IT security and data privacy policies, procedures, and systems.  Doing so is an affordable way to protect your business, your employees, and your customers from cyber crime. The cost of prevention is miniscule compared to the cost of a breach.


Interested in ensuring you are protected, contact us for a free Cloud Advisor Session, or learn about our data protection solutions and our privacy solutions.


 

3 Reasons to Consider Replacing Active Directory

Identity ManagementActive Directory was designed for on-premise local and enterprise networks.  As the use of cloud continues to move forward, Active Directory has not adapted as quickly as needed to provided robust, unified, identity management.  Here are three (3) reasons to consider replacing (or augmenting) Active Directory.

1) Active Directory is not “Cloud Ready”

According to a survey by security firm BetterCloud, almost 50% of SMBs will be all cloud by 2020, up from 15% today. Even SMBs are using more than one cloud service.

Keeping Active Directory means setting up sync services and other tools across multiple cloud platforms — a complex and expensive solution.

2) Users are Mobile and Working Remotely

Global Workplace Statistics reports that between 20% and 25% of employees already work remotely on a semi-regular or regular basis. And, 50% of employees hold jobs that are compatible with remote work. Since 2005, remote work has grown 103% and continues to grow.

Keeping Active Directory means requiring employees to log into the corporate domain when working remotely, typically by VPN. This is slow and cumbersome for users, and expensive to setup and maintain.

3) The Windows-Only World is Gone

Macs are normal part of the ecosystem; Computerworld reports that 90% of Fortune 500 companies officially support Apple desktops, laptops, and tablets. Chrome devices are starting to move from education to the business market. And, most employees work at least some of their day on smartphones or tablets; iOS and Android are now business operation systems.

Keeping Active Directory means bridging identity management and policies between network operating systems or adding third party products to properly manage users and devices.

The good news is that you do not need to live with the cloud-related limitations of Active Directory. You can run directory services, manage identities, and control access to devices (even when off-network) with cloud-based directory services. These services simply administration and provide a single system of record for user identities.


Want to learn more or give it a try? Contact us and we will show you how.


 

Fast Fact Friday: Cloud Adoption Trends Up

Fast FactAs reported by CloudTech, a recent survey of more than 500 IT professionals in companies with 50 to 2000 employees …

  • 20% report extensive use of cloud
  • 52% report significant use of cloud
  • 24% report modest use of cloud

And, 56% of respondents indicated that cloud use will increase over time.

 

Heads Up: Google Drive Desktop Ending Support for Win XP, Vista, Server 2003

Important UpdateIn case you missed this …   Google is ending support for the Google Drive desktop app on January 1, 2017 for MS Windows XP, Windows Vista, and Windows Server 2003.  As Google will no longer test or support the Google Drive app on these platforms, you are unprotected if the app fails to work.  While the app may still work, Google will no longer test or provide updates — leaving you at risk for errors including data corruption and loss.

If you are still using one of these operating systems and need to  running the Google Drive app, contact us about upgrading your version of Windows.

Myth Busting Monday: Office 365 Updates Will Break our Business Applications

Office365-Logo-and-textYour business depends on your employees being able to use business-critical applications.  You want and need your applications to be available and reliable, and the integration with Office needs to work.

Office 365 is Designed to Work with Your Business Applications

Microsoft is committed to Office 365 compatibility with the tools you use every day. They do this by:

  • Using one worldwide standard for desktop applications with the familiar tools you use and love, including Word, Excel, and Powerpoint.
  • Minimizing object model and API changes in updates and fixed that might interfere with other applications. Chances are, if your business application works with Office 2010, 2013, or 2016 today, it will work with Office 365.
  • Closely collaborating with leading software vendors, providing them with tools, and helping them test and maintain compatibility with Office 365.
  • Providing you with best-practice guidance for update management and software development.
  • Allowing side-by-side installation of Office 365 ProPlus with older versions of office, giving you and your software vendors time to address any issues.

With a clear commitment backed by action, Microsoft lowers the risk of compatibility issues with Office 365 in ways that exceed their historical support for MS Office.


This is the ninth post in a multi-part series designed to help companies better assess the opportunity and value of cloud-based solutions. Contact us to schedule a free, no-obligation Cloud Advisor session to discuss your priorities and plans.


Shield Your Data: Learn How to Prevent Ransomware Attacks with These 3 Effective Methods

Looking at the frequency and scope of ransomware attacks, and the number of small and midsize businesses falling victim, we remain surprised at how many SMBs are not yet taking steps to prevent the problem. If you don’t work to prevent ransomware attacks it can result in devastating financial and reputational consequences, making prevention a critical priority for businesses of all sizes. In this article, we’ll explore what ransomware is, how it works, and most importantly, what steps you can take to protect your organization against this threat.

What Is Ransomware and How Can it Affect Your Business?

Ransomware is a type of malicious software designed to encrypt files or lock computer systems, effectively holding them hostage until a ransom is paid. It infiltrates a system through various means, such as phishing emails, malicious downloads, or exploiting software vulnerabilities. Once the ransomware infects a device or network, it quickly encrypts files, rendering them inaccessible to the owner.

A ransomware attack with no data loss can still cost your business $1,500 per employee, or more, in recovery costs and lost productivity. Organizations all throughout the world detected 493.33 million ransomware assaults in 2022, emphasizing the importance of good ransomware prevention techniques. 

Recently on our 3T@3 Webcast we focused on Ransomware, and following that we also published a Business Guide to Ransomware. Both highlighted the need for the CPR methods (communicate, prevention, recover).

3 Proactive Methods to Prevent Ransomware and Protect Your Data

1. Communicate:

Educate and train employees on how not to fall victim; provide clear policies and procedures that reinforce positive behaviors.

2. Prevention:

Deploy technologies in support of your policies and procedures with multi-layered protection against malware and, specifically, ransomware.

3. Recover:

No prevention is perfect; have backup and continuity systems in place that enable a quick return to normal operations.

While most of the SMBs and schools we speak with understand and have some of the ransomware prevention and recovery solutions in place, the up-front education is missing. These businesses and schools remain vulnerable targets.


Earlier this year, we announced a strategic partnership with Privacy Ref, offering affordable Privacy Solutions for SMBs, including a subscription-based Privacy Education Program. For a small base fee and $10 per employee per year, we help ensure your team understands the risks, the importance of awareness, and how to avoid becoming a victim.

For a fraction of the cost of an attack, you can empower your team to avoid and prevent it from happening.

Contact us for more information.


 

 

Fast Fact Friday: AWS vs Azure vs Google

fastfacts2According to the RightScale 2016 State of the Cloud report …

57% of respondents are running applications on Amazon Web Services. 

30% are running apps in Microsoft Azure Iaas and PaaS.

13% are running Apps on Google Cloud Platform and App Engine

 


Are you moving to the cloud? Is your roadmap in line with your business goals? Contact us for a no-obligation Cloud Advisor session.


Fast Fact Friday: SMB IT in the Cloud

fastfacts2According to a survey of 1,500 SMB IT leaders by BetterCloud in the spring of 2015 …

49% of SMBs expect to run 100% of their IT in the cloud by 2020.


Are you moving to the cloud? Is your roadmap in line with your business goals? Contact us for a no-obligation Cloud Advisor session.


 

“Deja Vu?” or “Have We Learned Our Lesson?”

Hurricane Matthew as of 2pm on Oct 4th

Hurricane Matthew as of 2pm on Oct 4th

As of this blog post, Hurricane Matthew is churning through the western Caribbean with a projected path eerily similar to Superstorm Sandy in 2012. In its wake, Sandy left a path of destruction up the East Coast and deep into New England with many families and businesses still in the process of rebuilding. Small and mid-size businesses (SMBs) up and down the eastern seacoast were crippled by flooding, loss of infrastructure, and extended Internet and power outages; many were unable to recover.

Could this be a devastating Deja Vu, or did we learn our lesson?

Have you ensured that your information services and data will survive the next storm? Do you know how quickly your business can recover if (more like when) the next storm hits?

Path of Superstorm Sandy in 2012

Path of Hurricane Sandy in 2012

These questions feel more pressing as our next potential big storm churns towards Florida.

Good. Better. Best.

Your “Good” strategy is Backup. Ensure that you back up all of your critical data. Backups should be off site to a service that lets you restore to new systems quickly and efficiently.

Your “Better” strategy is Recovery. In addition to backups, ensure you have the ability to recovery quickly to new systems or to a temporary data center. When your  Return to Operations (RTO) time lets you continue running your business without significant impact to you or your customers, your recovery plan is sound.

Your “Best” strategy is ResilienceYour business is resilient when you can continue running your business with minimal disruption and with little or no inconvenience to your customers, regardless of the weather outside. By placing key applications and services in the cloud, your business can continue to run whether or not your office is open. With Internet access and a browser, your team can connect and work. And while you still may have some aspects of your IT running on premise, a solid cloud strategy keeps critical systems available and operating.

Resiliency Roadmap

For most SMBs, you should consider having the following services hosted or in the cloud. Depending on your applications and needs, you can use Software-as-a-Service (SaaS) solutions or host your applications on cloud/hosted servers with virtual/remote desktops.

  • Communications
    • Email / Calendar / Contacts
    • Telephony — cloud/hosted Voice over IP (VoIP)
    • Messaging / Voice & Video Conferencing
  • Collaboration
    • File Storage & Sharing
    • Productivity Tools (document, spreadsheet, presentation editors)
  • Key Business Apps
    • Customer Relationship Management (CRM)
    • Account / Finance
    • Service / Support
    • Others …

Creating a Resilient business requires strategic thinking, advanced planning, and solid execution. This is especially true when you have integrated applications and systems that you cannot change in isolation. At a high level, the roadmap is:

  1. Identify the applications and services
  2. Prioritize all applications and services based on the impact in the event of a service outage. Look outward and inward, remembering to consider customer impact.
  3. Starting with your highest priority applications and systems, evaluate if your level or protection: Backup, Recovery, or Resilient protection.
  4. Identify and implement solutions that take you from Backup to Recovery, from Recovery to Resilience, or from Backup all the way to Resilience.
  5. Repeat as you move through your prioritized list.

While you may not have time to make your business Resilient before Hurricane Matthew works its way up the coast, you have options to improve your backups and your ability to recover that can be implemented within hours rather than days and weeks. Think about the value of keeping your business running and ensuring its survival. Act now.


Contact us immediately if you want assistance with your backup, recovery, or resiliency services.