4 Tips for Protecting Your Small Business from a Ransomware Attack

Cybersecurity attacks are becoming more common as the business world continues doing more online. It can seem like every time you turn on the news, theres another major company announcing they were hit by a ransomware attack or data breach

These stories of high-profile companies being the victim of hacks can give small business owners a false sense of security, thinking criminals only go after big fish. However, small businesses need to be on the lookout for ransomware attacks, too. According to Verizon’s 2019 Data Breach Investigations Report, 43 percent of breaches involved small businesses. 

While the thought of trying to defend your business from hackers can feel overwhelming, there are ways to reduce the risk of becoming a victim. Here are four tips for keeping your small business safe from ransomware attacks. 

   1. Educate Your Employees

All it takes for a hacker to gain access to your network is one employee opening a phishing email and clicking on the wrong link. By teaching your employees safe web surfing practices, they’ll be less likely to open those unsolicited emails or download software from shady websites

   2. Limit Administrative Access

How many employees have administrative access to your entire network? If that number is more than a select few, then you need to start limiting privileges. No users should be granted admin access unless they need it.

   3. Keep Your System Updated

Don’t ignore the prompts to update your software. Hackers often target vulnerabilities in older versions of computer programs. The easiest way to prevent that from happening is to keep your system patched and updated with the latest program version. 

  4. Audit User Access

Whenever an employee leaves your company, it’s good practice to remove their user accounts from your network. Many businesses forget to clean up their user account lists. Develop a routine of deleting user accounts on the employee’s last day. This will help prevent hackers from using these accounts to spread malware or cause data breaches. 

By following these four tips, you can immediately reduce the risk of your small business being affected by a cybersecurity attack. However, keeping your network safe can be a time-consuming task. If time is an issue, then let us take care of your tech.

How We Can Help

We are the IT experts you need to keep your essential data safe from digital threats now and into the future. We’ll create a customized security package that best fits your needs while staying within your budget. Don’t wait until you’ve lost your data in a ransomware attack. Call us today to find out how we can keep your business safe. 


2020 in Tech: 5 Trends to Keep an Eye On

The technology industry moves in one direction — forward. As more companies continue to use advanced programs to run their businesses, knowing what the technology forecast looks like can help companies stay ahead of the competition. So, which ones do you need to know? Here are the five tech trends to keep an eye on in 2020.

AI as a Service

As artificial intelligence (AI) continues making advances across the technology spectrum, you can expect to see more applications for business purposes. Some prominent companies are already experimenting to see how they can use AI to streamline business functions to help their companies run more efficiently. Google, Amazon and Microsoft already offer machine-learning solutions, but 2020 may be the year where AI business solutions go mainstream as part of a monthly subscription service. 

Subscription Model Supremacy

Speaking of monthly subscription services, don’t expect this model to go away any time soon. With cloud solutions growing in popularity, the everything as a service (XaaS) model will become commonplace. Businesses are showing they’d rather pay a flat monthly fee instead of the expensive and unpredictable break/fix model of service.

Faster Mobile Data Networks

The next generation of wireless internet connectivity is expanding. 5G made its debut in 2019, mostly in limited areas or major cities. However, 2020 looks to be the year that coverage extends, and data rates become affordable to more people. This advancement means people will be able to upload and download data at lightning speeds, and businesses will be able to work faster on the go than ever before.  

Older Products Reach End of Life

Some of your favorite business programs and solutions are about to bite the dust. Microsoft is ending support for several programs and services beginning in January 2020. Some of the more notable names on the list include Windows 7 and Microsoft Server 2008. When tech is no longer supported or patched by its developer, it opens the door for hackers to exploit weaknesses. If you’re still using any of the products on this list, then it’s time for an upgrade. 

Improved Smartphone Security

As smartphones continue to replicate the features and computing power of desktop PCs, businesses need to be ready to provide the same data security standards for mobile devices. Many small companies and startups are adopting the BYOD (bring your own device) model as a way to save money and cut down on the number of hardware devices employees need. This trend means employee-owned smartphones will need security programs in place to meet your business requirements.

How We Can Help

As the new year approaches, all we have are predictions as to what will happen. Nothing is certain as trends may change, going in a new direction. Your business needs to be ready, and the best way to do that is by having a trusted tech consultant in your corner. We help businesses like yours with their IT needs, making them more resilient to the tech headaches of the future. Contact us today to find out how we can help get your company ready for a productive 2020.


cybersecurity

Follow These 5 Steps to Give Your Business the Best Gift of All

As the year comes to an end, business owners are keeping an eye on the latest holiday deals to purchase new items for their companies. Ergonomic keyboards, dual monitors and stand-up desks are great ideas to consider, but there’s one gift that should be at the top of your list — cybersecurity. 

Hackers are targeting small and mid-size businesses in addition to big corporations. According to Verizon’s 2019 Data Breach Investigations Report, 43 percent of victims are small businesses. 

How Is My Business at Risk?

Phishing has emerged as a popular way for hackers to inflict damage. A phishing attack typically comes in the form of an email that appears to come from a trusted source but contains a fake link or attachment that installs malware on your network. This malware can come in many forms, but most notably, ransomware. Ransomware is when hackers block access to your data, then give it back after you pay the hacker money. However, there is no guarantee you’ll get your data back after you pay. According to the Hartford Courant, less than a quarter of people who pay the ransom get their data back.

Fortunately, there ways you can improve your cybersecurity. Here are five steps you can take to give yourself the gift of peace of mind this year.  

Invest in Employee Training 

Can your staff recognize a phishing attack? According to Tech Radar, 90 percent of data breaches are caused by human error. Consider investing in cybersecurity training so your team can work smarter by avoiding blatant hacking attempts.    

Move to the Cloud  

It’s time to say goodbye to only saving your data on your local drive. When your information is in the cloud, you can rest easy knowing that all your data is being protected with automatic backups while being flexible enough to scale with your company. 

Create Multiple Forms of Backup

Always have a backup plan ready. If your business runs on a local server, it may be time to consider getting a cloud or offsite backup. That way, if your local server ever gets compromised, you’ll still have access to your data.

Install Two-Factor Authentication 

It’s harder for hackers to break through two levels of protection instead of one. With two-factor authentication, an access code will be sent to the corresponding user’s phone or email after entering a program password. If someone tries to break into your network, you’ll know right away. 

Replace Outdated Tech  

Money can be tight for some small businesses, and using older tech may seem like a cheaper solution, but that can be shortsighted. Microsoft is planning to end its support of many popular hardware and software solutions — including Microsoft Server 2008 and Windows 7 — in January 2020. If you’re using tech without continuing support, then you won’t receive any security patches in the future, opening the door for hackers to expose weaknesses in your system. When you update your software, you're protecting your business and increasing office morale. Your employees will appreciate working with the latest tech 

How We Can Help 

Don’t let a Grinch ruin your holiday season by wreaking havoc on your IT network. Let our cybersecurity specialists help you protect your business so you can get some peace of mind heading into 2020. Contact us today to find out how.  


cybersecurity

7 Ways to Prevent a Data Breach in Your Business

Don’t think you’re vulnerable to a data breach? Think again. In 2018, businesses reported 1,244 breaches – and small businesses accounted for 58 percent of victims. In honor of National Cybersecurity Awareness Month, here are seven ways to prevent a data breach in your business:

Take Inventory of Your Risks

Conduct a complete audit of your systems, including on-premises, cloud and third-party IT assets that could lead to your network. Think about not only obvious points, like your servers and applications, but also your employees’ devices, Internet of Things-enabled devices, and industrial control systems.

Once you’ve taken stock of your infrastructure, prioritize any issues you find. Likely, you’re dealing with limited resources, so decide which problems are putting you at the most risk, like unpatched software or weak passwords.

Control User Access

When possible, employees should only have access to the data they need for their positions, and sensitive data should only be accessible to authorized users. It’s unlikely that all of your employees need access to all of your data, all the time.

Think also about how to handle departing employees and temporary employees like vendors and contractors. Provide the necessary passwords, key cards, laptop access and more that those employees need, but make it a priority to rescind access as soon as their work with your company ends.

Keep Software Updated

Many high-profile data breaches, including the WannaCry ransomware attack in 2017, are a result of hackers exploiting a weakness in older software. In the case of the WannaCry attack, Microsoft had already released patches to close the exploit, but many companies had failed to apply the patches or were using out-of-date Windows systems that no longer had support. 

Fortunately, the fix for this is fairly simple. Patch and update your software as soon as the developer releases those options, and upgrade your software when it’s no longer supported by the developer. This is especially timely now with the end of support for many Microsoft products starting in January 2020.

Enforce BYOD Policies

Your employees are probably using laptops, tablets and smartphones for at least some of their work. Unsecured endpoints can lead hackers straight to your network, rendering your other security measures much less effective and making your sensitive data vulnerable to a breach.

To combat this threat, you need a dedicated mobile device management program. Whether you provide the device or employees use their own personal devices, implement data security measures to ensure that employees are handling, retrieving and sending data safely. If a device is lost or stolen, create a policy to protect your data, such as remotely wiping the device.

Strengthen Credentials

No one likes managing their passwords, but unique passwords are critical to preventing a data breach. Don’t leave password strength up to chance. Require your employees to use complex passwords that are changed frequently, at least every 90 days. Employees should not write passwords down where others can find them. 

A password management tool such as LastPass or OneLogin can store and remember multiple encrypted passwords to reduce the hassle of employees forgetting complex passwords. Another security best practice is multi-factor authentication, where passwords are supplemented by passcodes, challenge questions and other identification measures. Even if an employee accidentally gives their login information away in a phishing attack, two-factor authentication will minimize that damage.

Educate Employees

Security-wise, employees are your weakest link; 95 percent of cybersecurity breaches are due to human error. Train your employees to identify and report signs of a data breach, but more importantly, train them to prevent a data breach. When your employees fully understand and support initiatives such as BYOD security or password management, your security will be stronger across the board.

Perhaps the most crucial area for employee training is email. Since the majority of malware, ransomware and phishing attacks stem from illegitimate emails, training your employees how to spot and report strange senders, links or attachments can drastically minimize the chance of a breach.

Back Up Files

Our last tip is to back up your files. While this is always a best practice for all businesses, it can especially pay off when your business suffers a ransomware attack. When your files are securely backed up to an off-site or cloud location, you won’t have to debate whether or not to pay the hacker. You’ll simply clean your systems, retrieve your data and continue your day.

Unfortunately, backups are no longer a set-it-and-forget-it measure. Hackers are disabling backups and then waiting 30, 60, 90 days to take systems down, leaving companies with no choice but to pay a ransom to retrieve their data. Regularly testing your backups to ensure that they’re working as intended is key to protecting yourself.

How We Can Help

Implementing all of these security procedures can be time-consuming and costly, especially for a small or mid-size business. We assess your security needs and implement procedures to help you minimize the chances of a data breach or quickly identify and contain a breach in progress. Don’t ignore the threat of data breaches – contact us today.


2020’s End-of-Support List: Why it Matters & What to Do

January 14, 2020 is the fast-approaching date when a long list of Microsoft® products and solutions will reach their End of Support. That’s a lot of widely used products, and there’s a good chance your company relies on at least a few of them to get your job done every day.   

Why it Matters 

Microsoft solutions likely represent a big part of your daily software use. Even still, you might be tempted to ignore those incoming reminders from Microsoft about End of Support  but it’s imperative to your business and your clients that you don’t. Every Microsoft solution on the End-of-Support list will need to be upgraded or you will be facing three serious issues.  

  1. Security is DownWithout the ongoing patching and updates that come out regularly from the Microsoft team, your solutions will be vulnerable to the resulting security and compliance risks that can happen without proactive maintenance.  
  2. UX is Lacking – As patches stop happening, updates aren’t applied and support disappears, your users will start seeing user-experience issues that will make their everyday tasks significantly more complicated. 
  3. Support is OverIf you’re used to calling Microsoft when there’s an issue with one of the solutions on this list, that won’t be an option anymore. Microsoft’s support team will no longer be offering support for any of the listed solutions.

Proactive planning and aggressive action are the keys to making sure this transition leaves your business successful, protected and ready for growth. So how do you make it happen? 

What to Do 

If you’re ready to be proactive about updating your solutions, you have a few important steps to take.  

  1. Replace your Windows Server instance with cloud-based Azure and Windows Server 2019.
  2. Make the move to Windows 10.
  3. Replace your SharePoint and Office instances with Microsoft 365 and Office 365.

These three steps represent a big change for your business and your end users, but making the switch means future-proofing your business and building a stronger foundation for growth. Upgrading to cloud-specific solutions can offer you the flexibility of the cloud without the added cost (and expiration date) of paying for Extended Support from Microsoft.  

But to make the transition to the cloud as successful, simple and stable as possible, you’ll need an IT expert solely dedicated to your solutions and systems. Don’t have one on staff? That’s where we come in.  

How We Can Help 

We are the IT experts you need to take the pressure of the 2020 End-of-Support date off of your shoulders. With our comprehensive IT support, we can help you create an upgrade timeline, update your systems and avoid a dip in productivity. Don’t wait until the final hour to think about how your business will handle Microsoft’s 2020 End of Support. Call us today and we’ll get started on your upgrade plan. 


business continuity

4 Ways a Business Continuity Plan Can Help Your Company

As a business owner, the buck stops with you. Your employees rely on you to have the answers when problem occurs. But what are you going to do when you find out a hurricane or wildfire is heading your way? What about massive hardware failure? Will you be prepared? 

Nobody wants to think about a natural or manmade disaster affecting their business, so that’s why companies delay or ignore creating an emergency plan. A Travelers Insurance study found that 48 percent of small businesses have no plan in place. 

To be prepared in the event of a data, natural or manmade disaster, companies need to have a business continuity plan in place before a crisis occurs. A business continuity plan is a document outlining how a business will continue services following an emergency. 

With that in mind, here are four ways a business continuity plan can help your business:

  1. Identify Essential Business Functions

Do you know the minimum requirements for running your company? One of the primary goals of a business continuity plan is to identify the core functions of your business. These functions are what need to be addressed first to get back up and running at a minimum acceptable level. That way, you can reopen while continuing to address other issues.

  2. Minimize Downtime

Every hour your website, production line or office is down costs you money in lost profit. Following a disaster, 90 percent of smaller companies fail within a year unless they can resume operations within five days, according to FEMA. With a well-developed plan, your employees will know what to do to get operations running again as quickly as possible. 

  3. Uncover Gaps in Your Business

While doing a business impact analysis, you may find gaps in your plan. For example, if you’re in manufacturing, do you have a secondary location to shift operations if the main facility is inoperable? If not, then you may need to come up with a plan to temporarily use a rental facility or stock up on emergency inventory. 

  4. Get Peace of Mind

Researching and developing a business continuity plan can be a daunting task, no matter the size of your company. But once you’ve tested your plan and it works, you’ll be glad you have it. You and your employees can rest easy knowing that if the worst happens, you’ll be ready. 

Unfortunately, not all small-to-midsize businesses have the time to halt work and focus on building a plan. Luckily, they don’t have to do it alone. Our team of experts can help simplify the business continuity process to help prepare your business if the worst ever happens. 

Stop worrying about the worst-case scenario and contact us today. 


backup-disaster-recovery

BDR: A Shelter from the Storm

As a business owner, you’re always focusing on how to best move your company
forward. But have you taken time to consider the potential threats to your operations?

Having a backup and disaster recovery (BDR) plan is the best way to safeguard your
data from all types of loss and destruction. Get to know these threats and the
preparations you can make to keep your business going when dark clouds begin to
loom.

Natural Disasters

You may assume backing up your data locally on a hard drive is the best way to recover
it in the event your primary system fails. But what would you would do if that hard drive
(and the entire building it resides in) was destroyed by a natural disaster?
Be it a hurricane, earthquake, fire or flood, the threats to your vital data are very real.
But even if your business becomes a sinking ship, you can have enough lifeboats for
every byte.

The best course of action is to store all data in a secure location using cloud services.
This way, when it’s time to pick your business back up, your only concern will be
selecting new office furniture.

Cyber Crime

A common way for cyber criminals to steal your data and make money is ransomware.
This malicious software holds data hostage unless a specified amount is paid.
“WannaCry” ransomware was a recent program that received worldwide attention for its
effectiveness in blocking access to crucial data. Unfortunately, many of those who paid
the ransom never had their data returned.

Setting up a firewall will block most attacks, but having an active image of all your data
stored is the best defense. Data images provide a comprehensive and usable mirror of
everything you’ve worked on and provide access when your primary system is locked
out. It will also save you time on setting up new servers and reinstalling applications.

Internal Problems

Technology will induce audible rage in even the quietest cubical when it malfunctions for
seemingly no reason. Sometimes data loss can occur due to forces from within your
company. Even though you invested in the best servers and equipment, there’s always
the chance something will cause a catastrophic failure and the loss of everything your
business relies on to function.

Data loss can also stem from basic human error. Employees who are new, temporary or
even long-term could mistakenly delete vital data. There’s also the unfortunate reality
that data could purposely be deleted or corrupted by disgruntled employees.

How We Can Help

With so many unpredictable threats looming, BDR is your shelter from the storm.
Disasters do happen, but you can rest easy knowing that the most important things will
survive. Contact us now and ask how we can disaster-proof your business.


GDPR HIPAA Compliance

How Compliant is Your Business? 4 Questions You Need to Ask

No matter which industry you serve, odds are your business needs to comply with some kind of regulatory standards. As companies continue integrating technology into their business operations, more legislation will be created to dictate how companies manage the personal and financial data of its users and customers. 

 

Why Compliance is Important

Not being in compliance with industry regulations results in consequences for your business. Companies and high-level executives may be fined thousands or millions of dollars and face prison time, depending on the severity of the violation. 

 

How These Policies Affect Your Business

Below are some examples of industry regulations which may affect your business. Not every market will be affected by all of these regulations, but it’s critical to know which ones apply to you. Here are four compliance questions to ask yourself:

 

  1. Do You Have European Customers? 

In May 2018, a set of guidelines for how personal information from individuals living in the European Union is collected and processed went into effect. This became known as the General Data Protection Regulation (GDPR). This regulation not only affects websites based in the EU, but applies to any website that offers services to EU residents.

 

Under these rules, visitors must be alerted that your website will be collecting their data and give them the option to consent or “opt-in” – allowing their data to be collected. 

 

  1. Does Your Website Allow Credit Card Payments?

If your website has the functionality to conduct credit card transactions, you need to be in compliance with the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS is the compliance regulation that requires all companies that accept, transmit, process or store credit card holder data during a transaction to maintain a secure digital environment.

Each major credit card company has its own set of levels and requirements based on the number of credit card transactions a business accepts annually. For example, a Level Four merchant with Visa is a business processing less than 20,000 Visa transactions a year. This level requires companies to annually complete a Self-Assessment Questionnaire (SAQ), submit an Attestation of Compliance (AOC) Form and conduct a quarterly network scan by an Approved Scan Vendor (ASV) when needed. 

  1. Do You Handle Health Care Records? 

Patient confidentiality is one of the pillars of the health care industry — hence why there are so many compliance regulations to remember. The Health Insurance Portability and Accountability Act (HIPAA) sets compliance standards for companies that handle protected health information (PHI). 

Anyone that has access to patient records, provides or supports treatment, collects payments, or operates within the health care space must follow HIPAA compliance to keep personal patient data safe. 

  1. Does Your Company Store Financial Records?

Are your company’s financial records up to date? To stop companies from reporting false or inaccurate financial information, the U.S. government passed legislation known as the Sarbanes-Oxley Act (SOX) in 2002. This regulation protects shareholders and the general public from accounting errors and corrupt financial business practices by public companies.

This regulation affects how financial and IT departments maintain, store and archive their corporate records. It also sets dates for how long companies need to archive this data.

How to Simplify Compliance 

If you’re a small or medium-sized business, you may not have the manpower to focus on maintaining data compliance and meeting industry regulations. That’s where we come in. We conduct audits and assessments to see where your company stands with industry regulations. Then we create and maintain policies and procedures that will keep your company compliant in the future. 

Don’t tackle this complex topic alone — contact us today to jumpstart your compliance efforts.