Posts

4 Pillars of Cloud Security: The Most Important Strategies to Know

Learn about the four pillars of cloud security that can help you reduce risk, increase agility, and run more efficiently: (C/I/A), external threat protection, data loss protection, and compliance.

While Cyber Security month comes and goes, the four pillars of cloud security remain integral to long term business success.  In what seems like a never-ending process, we continue to face new and advancing cyber security threats to the integrity of our data, identities, and businesses.  For those of use with small and midsize businesses, we need to ensure our systems and information are secure. At the same time, we want to keep our IT systems simple and manage our budgets.

Four Strategies for Cloud Security

To strike the right balance, we need to assess our current security foundation, identify gaps, and fill in services where needed. Doing so creates a security foundation that covers your basic needs.  From there, with the four pillars of cloud security in place, you can add services and build the security footprint you need to meet industry expectations and regulatory requirements.

A sound cloud security foundation is built on four pillars of cloud security.

1. Basic C/I/A

Ensure the confidentiality, integrity, and availability (C/I/A) of information you create, receive, maintain, or transmit.

This first pillar of cloud security establishes your basic security infrastructure that protects against attacks and prevents breaches across your IT systems.  It also creates your ability to respond to issues and recover, key to ensuring business continuity and resilience.

2. External Threat Protection

Identify and protect against reasonably anticipated threats.

This pillar of cloud security focuses on the attacks and threats from outside your business. From phishing, ransomware, and business email compromise, to DNS and advanced persistent threats, the focus is on protecting your data, applications, systems,  and people from harm.

3. Data Loss Protection

Identify and protect against reasonably anticipated uses and disclosures.

Data breaches and data loss result from configuration issues, application errors, and individual actions. Permission errors, inappropriate sharing, and other actions are often accidental, resulting from a lack of understanding of policies and/or how systems work. They can, however, result from intentional acts of misconduct. Proper data protection and security solutions will help protect against these internal risks and threats.

4. Compliance

Ensure workforce and business compliance.

Nearly all businesses must meet basic legal requirements to protect sensitive information. Most businesses must also adhere to industry and additional legal requirements.  This cornerstone encompasses the policies and procedures that ensure your team, and your business meet your compliance requirements. IT also includes the tools and methods to enforce policies and report on compliance.

Tactics for Implementing the Four Pillars of Cloud Security

To ensure your cornerstones are set and your cloud security foundation is place, conduct a security footprint assessment.  For each pillar of cloud security, identity the services you have in place and those that may be needed. The assessment should cover the “CPRs” of security:

  • Communication/Education
  • Protect / Prevent
  • Respond / Recover

For more information, send us an email or complete our contact form.

COVID-19 Survey: Revenue Losses and Diminishing Cash Reserves

In a national survey of more than 2400 businesses conducted and published by American City Business Journals finds that small and midsize businesses are seeing severe impacts from the COVID-19 pandemic.

The Impacts: Profits, Revenue, Cash, and Survivability

About 69% of respondents have seen revenue decline since the major onset of COVID-19 in March 2020.  Of those seeing revenue decline, close to half see revenue falling by 50% or more year over year.

Additionally, 47% indicate that they have not been profitable and nearly one third report being cash flow negative over the first six months of the pandemic. About 70% of those losing money are losing more than $10,000 per month and 64% will run out of funds within the five months.

About 40% of respondents raised cash through loans or equity investments since March 1, with 91% of these businesses receiving loans from a federal stimulus program, such as the Paycheck Protection Program. These funds were predominantly used to cover payroll and operating expenses as opposed to funding investment or growth.

Change in Focus

With the stark financial impacts, most smaller businesses are changing their focus. Rather than looking forward one to three years, most SMBs are focuses on the current and next quarter. The shift from strategic to tactical is a direct response to the many unknowns of the pandemic, the near-term economy, business sector and market impacts, and government recovery and stimulus plans.

The near-term focus makes sense as we look to minimize costs, conserve cash, and ensure profits and our sustainability.

Where IT Services Can Help

Leveraging the right IT services can help you prepare and react to changes as you navigate the on-going unknowns.  Here are 5 ideas to consider.

Audit your IT services for redundant services.
  • Most businesses find they are paying for multiple services with redundant or overlapping capabilities.
  • In many instances, we see businesses paying for third party services that are available for no additional cost in their productivity suites.
  • Eliminating duplication will require some change of habits, but can dramatically reduce on-going IT costs.
Audit your communication tools.
  • Are you paying for, and not using your available communication tools?
  • Chat, video, and collaboration tools are standard in Microsoft 365 and G Suite, and can reduce or eliminate the need for expensive voice, teleconference, video conference, and online meeting solutions.
  • A modest investment in training/education can help minimize communication costs.
Replace file servers with file services.
  • Most businesses using Microsoft 365 or G Suite are storing files in these systems; these same businesses still run on-premise or hosted file servers.
  • OneDrive, SharePoint, My Drive, and Shared Drives make it easy to save, share, and manage files.  The OneDrive and Drive File Stream clients connect your end user applications to your cloud file services.
  • Moving files from servers to cloud services eliminates the need for physical services, monthly MSP monitoring fees, backup/recovery costs, anti-virus costs, and more.
  • If your staff need to access your on-premise services remotely, you may also be able to reduce or eliminate expenses related to VPN and other remote access services.
  • While you will still want and need to protect cloud-resident files, your cost to store, share, and manage files will be lower.
Move applications and systems from on-premise to cloud
  • You can lower you monthly operating costs and give you the ability to scale your resources and costs up and down as needed on a monthly basis.
  • Make it easier to reduce your physical footprint for potential savings on rent and utilities.
  • Scale your services up and down as needed to avoid unnecessary costs and capital expenditures.
Execute a service and data governance strategy
  • Scale services up and down as needed to manage costs
  • Ensure data is secure, managed, and protected
  • Leverage data archiving services to minimize active account costs

To explore your options and best next moves, contact us for a complimentary Cloud Advisor session.


 

SBA Re-Opens Disaster Loan and Grant Program

(Published 6/17/2020)

The Small Business Administration (sba.gov) announced earlier this week that small businesses can again apply for relief via the Economic Injury Disaster Loan (EIDL) program.  This includes applications for fee, up to 10,000 advances, regardless of the loan’s approval.

The interest rate is fixed at 3.75 percent and terms run from 2 to 30 years based on each borrower’s cash flow and ability to make payments. You can defer an EIDL for a year and can use the funds for “debts, payroll, accounts payable, and other bills that cannot be paid due to the impact of the disaster and that are not already covered by a Paycheck Protection Program loan,” the SBA wrote in a news release.

You can request an advance of $1,000 per employee, up to a combined $10,000. This advance will not have to be repaid, and small businesses may receive an advance even if they are not approved for a loan. If you have received a Paycheck Protection Program (PPP) loan, the amount that can be forgiven will be reduced by the amount of your EIDL advance.

Some agricultural businesses are now also eligible as a result of the latest round of funds appropriated by Congress in response to the COVID-19 pandemic.

Unlike PPP loans, you must apply directly through the SBA, and not through a lender. Click here to learn more or here to apply.

Prepare Your Business for the Next Normal

(Updated 5/4/20)

With some states and local jurisdictions beginning to loosen or remove stay-at-home and essential business orders and advisories, many small businesses will begin to adjust for the next phase of response and recovery.  For some, this will be a re-opening; for others it will be another shift in how we conduct our business on a day-to-day basis.  Either way, the process will be a minefield of financial, operational, legal, liability, and personnel issues. Before “flipping” the sign from closed to open, plan your return with care and compassion. Both will be needed to keep your employees, customers, and business safe.

Prepare the Groundwork

Guidance on opening is coming from many sources. We recommend a top-down approach, starting at the federal level and working down the your local municipalities and property owners.

  1. Start with the expertise and guidance from the US Centers for Disease Control and Prevention (CDC).  The CDC website  provides guidance for different types of businesses and gathering places that centers on three mitigation strategies:
    • Personal protective measures (e.g., hand-washing, cough etiquette, and face coverings) that persons can use at home or while in community settings
    • Social distancing (e.g., maintaining physical distance between persons in community settings and staying at home)
    • Environmental surface cleaning at home and in community settings, such as schools or workplaces.
  2. Review current laws and regulations under the Families First Coronavirus Recovery Act (FFCRA). This legislation requires almost all employers to provide expanded sick time, medical leave, and family leave pay for employees dealing with illness or childcare issues themselves or within their immediate family unit.  Make sure your return to work plans accommodate these programs and
  3. Second, understand your state’s rules and regulations with with respect to physically opening your business.  Many states are staging how they will allow business to open.  Then, check with local governments where your business is located and where your employees live.  In some states, municipalities and counties are adjusting how they implement state and federal orders and advisories to address local needs and issues.
  4.  Understand your state’s unemployment rules and regulations. In some states, lifting of stay-at-home orders may mean employees are no longer eligible for unemployment even if you keep your business closed or cannot bring everyone back to work. Your team will have differing concerns and levels of comfort; it is important to provide them with timely and accurate communications.
  5. Check with your landlord. Many office and retail complexes are setting up guidelines and rules for how businesses can and will be able to operate in their properties.  Some office complexes, for example, are limiting access to employees only and restricting access to trades and delivery personnel.
  6. Ask your landlord what additional steps they will be taking to clean and sanitize bathrooms, elevators, stair railings, door handles, and other common areas and high touch surfaces.  You and your employees will want and need to know how safe the environment will be when then return to the office or store.

With an understanding of how you can and want to take your next steps, create a Communications Plan.  More than just determined who, when, and how you will share information with employees and other stakeholders, the plan should provide a clear and easy way for employees to get answers to their questions.  As many smaller businesses do not have internal HR resources, you may want to assign a particular manager or executive team to the role.  If you have a contracted HR service or consultant, you will need to coordinate both the process and information. Set clear expectations for how quickly you will answer questions and how answers to common questions will be addressed to the company at large.

Prepare Your Place

As you do your groundwork, begin planning and putting your workplace together for the return of staff.  Social distancing is the current normal. With an expected recurrence of COVID-19 in the fall, social distancing will be part of our lives, and work places, for some time to come. For employees to return, you may be considering:

  • Setting up protocols to ensure that workers who may be ill, or have been exposed, do not enter the workplace and accidentally infect others.
  • Placing dividers between work spaces, or re-configuring your office layout to create separation.
  • Acquiring additional office space, temporarily, to allow more team members to return.
  • Requiring the use of masks or other appropriate personal protective equipment (PPE). Depending on your work environment, this may be full-time or only when employees leave personal work spaces and head to common or communal areas.
  • Cleaning and sanitation of common areas, like kitchens and break rooms, and high touch surfaces.
  • Coordinating disinfection and sanitation efforts with building management and neighboring businesses in leased office spaces.
  • Ensuring availability of cleaning supplies, disinfectants, and sanitizers.
  • Creating a means for employees to express concerns about the work environment and actions of others, without fear of retribution.

For some businesses, the safest course of action will be establishing split shifts or a rotating schedule of employee teams working in the office. Doing so can ease physical separation issues, but we should expect that some employees will need to, or want to, continue working from home.

Prepare Your People

Communications — timely, open, and honest — will be critical for successfully taking the next steps with your business.  For many, personal anxiety and stress will be high as we navigate shifts in our personal and work lives.

Provide your team as much information as possible on what to expect, and how things will move forward, as you go through each upcoming phase of your plans.

As you communicate with your team, keep in mind that employees may be dealing with personal COVID-19 impacts, such as:

  • Death of a family member of close friend
  • Sick or quarantined family member(s)
  • Loss of income by a spouse/partner/family member
  • Supervision of children learning from home
  • Lack of available daycare
  • Anxiety and stress
  • Feeling unable to return to working in the office

Be prepared to deal with the human side of Covid-19, not just the logistics.

  • Anticipate and have answers ready for employees about your requirements and their options
  • Establish a feedback loop and listen to staff issues and concerns
  • Engage your HR staff, service, or consultants to assist with communications, feedback, and responses
  • Update plans and timing as needed to mitigate staff concerns and business conditions

Prepare to Settle In

Set Expectations

As noted, above, experts are telling us to expect local/regional COVID-19 outbreaks throughout the fall and winter. With this expectation, we should plan for future stay-at-home orders and business restrictions. These will likely vary by location, complicating your planning efforts.

Remote work will be part of our operations for the foreseeable future. As you plan your next steps, make sure that your team is ideally equipped to continue working from home.

In the scramble to respond to stay-at-home orders, many businesses make necessary technology decisions for the near-term.  Now is the time to step back and take a long-term view. Employees may be working on home computers, using personal software, and working in a less-then-ideal space. Many businesses are also finding employees have signed up for free or consumer IT services to work around limitations, such as difficulty accessing files on company servers.  We still have a responsibility to keep information secure and private, and our employees and businesses safe.

Get Your IT Resources in Place

Settling in means adapting work environments — at the office and in employees’ homes — to our anticipated reality.

  • Improve security and access to company systems and data
    • Move data from on-premise servers to cloud file services to improve access and security; Map drives to cloud-data for compatibility with desktop software
    • Use Remote desktop and VDI solutions to move on-premise applications to the cloud, providing easy, high performance access without distributing data to remote computers
  • Ensure employees have workable use of your phone system (see this post for more info)
  • Reduce the need for remote PC, VPN and other remote access solutions that increase cost, complexity, and delays
  • Eliminate the need for shadow IT services by helping employees use existing capabilities in your productivity suite
  • Provide devices for employees that do not usually work from home
    • Consider rental, lease, and device-as-a-service option to manage costs
  • If unable to provide devices, upgrade home computers:
    • Add memory for performance and ensure the ability to run business applications
    • Deploy licenses of business software, even if employees are using consumer versions of the applications
    • “Next Gen” endpoint protections from viruses, malware, and ransomware
    • Web filtering and DNS security to prevent malware from infected websites
  • Provide employees with helpful accessories, such as noise cancelling headsets for video calls

We are here to help you plan and execute your next steps.  Our free Response and Recovery Assessment will help you with your planning, fully utilize your existing IT Services, and identify budget-friendly solutions to address any unmet needs and priorities. Email us or complete the form on our home page to schedule your assessment.


 

Federal Reserve Opens Main Street Lending Program with $600 Billion

(Published 4/25/20 – New links to program information)


On April 9, 2020, the Federal Reserve System quietly announced the opening of the Main Street Lending Program.  Through this program, the “Fed” is providing $600 Billion in loans to small and mid-market businesses. Loans are available to companies with up to 10,000 employees and annual revenues up to $2.5 Billion. Business must commit to make reasonable efforts to maintain payroll and retain workers.  Loans may be new, or may be used to expand existing loans.

Given the limited funds in the SBA’s EIDL Program, the Main Street Lending Program may be a useful alternative.

The program has two types of loans:

  1. Main Street New Loan Facility (MSNLF), which provides new loans to businesses per the MSNLF Term Sheet.
  2. Main Street Expanded Loan Facility (MSELF), which expands existing loans to businesses per the MSELF Term Sheet.

The minimum loan is $1 million and the term is fixed at 4 years with the amortization of principal and interest deferred for the first year.  The rate is adjustable based on the Secured Overnight Funds Rate (SOFR) plus 250 to 400 basis points, equating to a current rate between 2.51% and 4.01%.

US Chamber Launches Save Small Business Fund

(Updated 4/22/20)

4/22/20: The Save Mall Business Fund application process is closed as all available funds have been committed.

—-

The U.S. Chamber of Commerce launched a fund to provide assistance to small businesses in the form of $5,000 grants.

The Save Small Business Fund — in collaboration with Vistaprint and with support from Merck, S&P Global Foundation, and Travelers — will include contributions from corporations and philanthropies. The grant is expected to address small businesses’ immediate needs such as closures and job loss and will support their long-term recovery.

Applications for the Chamber’s fund will open on April 20, 2020.

In order to qualify a business must:

  • Employ between 3 and 20 people
  • Be located in an economically vulnerable community
  • Have been harmed financially by the COVID-19 pandemic

Click here for more information.

The Cost of Downtime Explained in 7 Ways

A recent survey found that 40% of small and midsize businesses (SMBs) experiences 8 or more hours of downtime due to a severe security breach within the past year. According to the National Cyber Security Alliance, 60% of SMBs who experience a significant data breach go out of business within six months. The highest cost of an unplanned outage is more than $17,000 per minute. The average cost per minute of an unplanned outage is nearly $9,000 per incident. These statistics are sobering. For many SMBs, however, the risks still feel foreign and not something that warrants action. To protect your business requires some knowledge and good advice, intent, action, small investments.

It is easier to rely on myths such as, “We are not a target for cyber attackers”, “We can run on pen and paper until we recover”, and “Our customers will understand” than it is to assess your risks and take action. Nevertheless, the risks are real and the number of SMBs hurt by downtime continues to rise.

The cost of downtime can vary depending on the size of the organization, the industry, and the nature of the downtime. Downtime can be caused by various factors such as power outages, network failures, software issues, or hardware failures. In today’s world, it’s essential to streamline security if you’re a SMB, and understand the consequences downtime can have on your business.

Here are seven ways downtime can damage your business:

1. Monetary Cost

Downtime leads to lost sales and lost productivity impacting top-line revenue and your bottom line. These costs hit your pocket in addition to the cost of recovery and returning to normal operations. If you need to calculate the average cost of downtime, our specialists can help.

2. Customer Trust

When you are unable to serve your customers, they lose faith in your business. While downtime for natural disasters is understandable, today’s customers have little tolerance for disruptions due to cyber attacks and breaches. Lost trust means lost customers.

3. Brand Damage

Your brand identity and reputation drives customer loyalty and growth. Service disruptions from technology failures or breaches sends a message that your business may be poorly managed and is unreliable. These messages lead to loss of goodwill and create negative impressions of your business in the minds of your customers.

4. Employee Morale 

Disasters due to data loss or breaches means employees need to perform double duties. Employees spend time on recovery while working to keep the business operational. It often requires additional work hours. Recovery can be stressful and demoralizing.

5. Business Value 

Businesses that suffer data breaches and service disruptions are perceived as poorly managed. With the potential financial liability, public companies can see stock prices fall. All companies can suffer a loss of business value.

6. Legal Action

Downtime creates the risk of legal action. This is particularly true for downtime that is perceived as preventable. System failures, data loss, security breaches, and other incidents can put your business in breach of contract. You may also be in violation of state and federal regulations, making proper data protection and security vital.

7. Compliance Fines & Penalties 

As information privacy and security regulations expand, data loss and breaches create the real potential for fines and penalties related to regulatory compliance, privacy, and data retention requirements.

These risks carry the potential for lasting damage. Whether by increased financial burdens or winning back customers, the impact of downtime extends well beyond getting yourself up and running again.

Is your business worth protecting?

Protecting your business will not break the bank. We offer practical, affordable cloud infrastructure solutions that help you and your team understand the risks, prevent problems from happening, and continue operating in the event something bad does happen.

If your business is worth protecting, contact us for a complimentary Cloud Advisor session to discuss how we can improve your business’ resiliency.


 

3 More Reasons You Are an Easy Cybercrime Target

Cyber AttackLast week, we gave you three reasons why you, as a small or midsize business, are a viable and desirable target for cyber criminals.

If those reasons don’t give you enough reason to act, here are three (3) more reasons SMBs, and you, a target for cyber criminals…

SMB data is increasingly networked

  • All of your systems — databases, email, documents, marketing, point-of-sale, and more — are likely running on a single network.
  • Access to one of your systems can lead to access to others. Target’s POS system was hacked using a security flow in the HVAC monitoring system running on the same network.
  • Moving data and systems into secure cloud solutions, and segregating network traffic minimizes the cross-over risk.

SMBs are using consumer products for business data

  • Consumer grade services are often more affordable, but often lack the security and data protection features of the higher-priced, business versions.
  • Separate work and home and use solutions designed for business, and, make sure to configure the security and privacy setting accordingly.

SMBs are often lax when it comes to security

  • Many small businesses operate in an environment of trust; people know and trust one another. This trust can be exploited by a disgruntled employee or an outsider.
  • Keep user identity management and passwords private and secure; Manage administrator and “super user” passwords so that they are unique, complex, and secure.
  • Keep servers and systems with sensitive data/access secure; enforce screen locking and passwords.
  • Educate your staff on security risks and behaviors.

 

Taking cyber security seriously is the first and best step in protecting your business, employees, and customers. Protection need not be overly complex; nor must reasonable protection be a budget busting expense. Reasonable measures balance cost and security.


Interested in ensuring you are protected, contact us for a free Cloud Advisor Session, or learn about our data protection solutions and our privacy solutions.


 

 

 

3 Reasons You Are an Easy Cybercrime Target

Cyber AttackAs we’ve mentioned before, more small and midsize businesses (SMBs) are falling victim to cybercrime. You might believe that hackers won’t bother targeting your business due to its small size. However, it is crucial to recognize that cybercrime aimed at smaller companies is undeniably escalating, and you could be the next cybercrime target if you do not take the necessary precautions.

According to HP’s Cyber Security and Your Business report, Cybercrime costs SMBs 4.2 times more per employee than larger businesses, and 60% of SMBs that experience a data breach are out of business in six months.

So, why exactly are cybercriminals interested in your business, and more importantly, what actions can you take to combat this threat?

Why Small Businesses are Prone to Cybercrime

It’s essential for you to acknowledge the following three reasons why you may be seen as an easy target for cybercrime and take proactive and defensive measures to protect your business.

1. SMBs spend less on security while larger businesses are increasing their security protections.

  • Your business is an easier cybercrime target because you are more likely to lack basic protections. In effect, you may attract cyber criminals because you are an easier target.
  • Budget for, and implement, reasonable protections covering user identities, access controls, user permissions, data loss prevention, and employee awareness and training.

2. SMBs do not have in-house security expertise.

  • Keeping up with risks and trends is time consuming, above and beyond ensuring that your security measures are updated and working on a day-to-day basis.
  • Leverage technology and your IT partners for automated solutions and expertise, as well as on-going management of your security and privacy solutions.

3. SMBS are moving into the cloud.

  • Using cloud applications and storage makes sense. But, your data is no longer behind a physical or logical “firewall”.  Protecting your data means protecting the cloud systems and services you use.
  • Always select business-grade services over consumer services. Implement all security features, including 2 Factor Authentication. And, when possible, integrate access to cloud services into a single system for managing user identities. And, do not forget to train, and periodically remind, your staff how their awareness and actions can allow or prevent an attack.

15 Actions You can take to Improve Your Cybersecurity

  1. Implement a robust cybersecurity strategy tailored to your business needs, including firewalls, intrusion detection systems, and antivirus software.
  2. Regularly update and patch all software and operating systems to protect against known vulnerabilities.
  3. Conduct regular security audits and risk assessments to identify and address potential weaknesses in your systems.
  4. Train your employees on cybersecurity best practices, such as recognizing phishing attempts, creating strong passwords, and handling sensitive data securely.
  5. Implement strict access controls and user privileges to limit unauthorized access to sensitive information.
  6. Encrypt sensitive data both in transit and at rest to protect it from interception or theft.
  7. Backup your data regularly and store backups in separate, secure locations to ensure data recovery in case of a breach or system failure.
  8. Develop and enforce a strong password policy, including the use of complex passwords and regular password changes.
  9. Enable multi-factor authentication (MFA) for all user accounts to add an extra layer of security.
  10. Monitor your network and systems for any unusual or suspicious activity using intrusion detection and prevention systems.
  11. Stay informed about the latest cybersecurity threats and trends through industry publications, forums, and reputable security organizations.
  12. Establish an incident response plan that outlines the steps to be taken in the event of a cybersecurity incident, including notification procedures and communication channels.
  13. Regularly educate your employees on emerging threats and provide ongoing training to ensure their knowledge remains up to date.
  14. Limit the use of personal devices for work-related activities and enforce strong security measures for those devices that are permitted.
  15. Partner with reputable cybersecurity vendors or consultants to get expert advice and assistance in securing your systems.

By implementing these actions and cybersecurity best practices, you can significantly reduce the risk of cybersecurity breaches and protect your business from potential threats. Remember, cybersecurity is an ongoing effort that requires continuous vigilance and adaptation to evolving threats.

It’s always a good time to perform a review of your IT security and data privacy policies, procedures, and systems.  Doing so is an affordable way to protect your business, your employees, and your customers from cyber crime. The cost of prevention is miniscule compared to the cost of a breach.


Interested in ensuring you are protected, contact us for a free Cloud Advisor Session, or learn about our data protection solutions and our privacy solutions.


 

Fast Fact Friday: SMB IT in the Cloud

fastfacts2According to a survey of 1,500 SMB IT leaders by BetterCloud in the spring of 2015 …

49% of SMBs expect to run 100% of their IT in the cloud by 2020.


Are you moving to the cloud? Is your roadmap in line with your business goals? Contact us for a no-obligation Cloud Advisor session.