The Cloud: what do you get?

 
 
The cloud refers to using off site computing resources and storage to supplement or even replace the use of on-site/in-house resources. Instead of buying hardware and software to support your business, you are basically outsourcing this set of tasks.

There are 4 benefits for the small firm and today we will look at the first 2.

Elasticity – With onsite computing, if you need additional capacity you have no choice but to purchase that capacity in discrete steps, which means bearing the costs of being over-capacity for a period of time until growth catches up. Onsite computing also means you must have the capacity to handle your own peak computing and storage demands, and resources may go underutilized much of the time. The cloud allows complete elasticity in the utilization of computing resources. You buy only what you need, as you need it. You can grow or downsize as the business demands.

Pay as you go – On-site hardware involves significant capital expenditures. The cloud allows you to pay for only what you use. The cloud also allows you to benefit from economies of scale that aren’t available using the in-house model. Labor, equipment and maintenance expenses are shared across a vast pool of users.

In the next few weeks, we’ll return to this subject to look at other ways the cloud brings efficiencies to your technology infrastructure that you could never achieve on your own.
The Cloud: what do you get?

Avoid Common Holiday Scams

Joe Pesci Home AloneChristmas is a great time to be generous.  Unfortunately, there are Grinch’s out there that have hearts 2 sizes smaller than yours.  So, as you are going about spreading your normal holiday cheer, make sure you trust, but verify.  Don’t open every ecard.  Don’t give to every charity drive.  Fraudsters have done their homework, and they are wolves in sheep’s clothing.  Falling for these attacks can result in security breaches, identity theft, or financial loss.  So, how can you identify and avoid them?

  • Avoid following unsolicited links or downloading attachments from unknown sources
  • Use safe online shopping practices like only shopping from reputable vendors and make sure the webpage begins with ‘https://’
  • Keep your computer patched and protected with antivirus
  • Check your shopping app settings – you are responsible for all charges in your shopping app unless otherwise stated
  • Check your statements
  • Be suspicious- if something seems odd, pay attention and follow your lead
  • Before you make a charitable donation, check out the charity, ask for details, and consider donating a Gift-in-kind rather than a monetary donation– review the FTC publication on Charity Scams

Check out these tips and more from the Department of Homeland Security.  Be careful, trust but verify, and have yourself a merry little Christmas and a Happy New Year!

https://www.us-cert.gov/ncas/current-activity/2017/11/16/Holiday-Scams-and-Malware-Campaigns

Avoid Common Holiday Scams

What the cloud means for you–Part II

 

 
Recently, we talked about ways the cloud brings value, business protection, and economies of scale to the smaller firm that they could never achieve by themselves. Today, we look at a final benefit of the cloud.

Protection against on-site disaster – If a disaster strikes your physical business location, on-site resources can be damaged, destroyed, or become inaccessible for a period of time. Even if it isn’t a major disaster, if you have a failed server your business could be down for an extended period. When everything occurs in the cloud, you are vaccinated against this type of business calamity. You can still access and use computing resources from anywhere.

In summary, left entirely on its own a small firm just does not have the resources and capital to fully support its own technology infrastructure. The cloud turns that upside down, enabling firms to enjoy the benefits of a fully supported tech foundation without levels of expenditures that are just not feasible for smaller operations.

What the cloud means for you–Part II

The Cloud means no more stormy weather

  

 
Many small firms are pretty busy handling their own business, and don’t give much thought to what they would do if a natural disaster from a bad snowstorm to much worse hit their physical location and cut power, or physical access to the building. What if the equipment storing all of your data and software needed to run day to day operations became inaccessible? What would happen to your ability to continue to serve your clients or customers?
 
Though we call it the cloud, with images of gray skies and rain, the cloud can be a ray of sunshine. It is an excellent and cost effective resource for smaller firms to make sure they maintain 24/7 access even in bad weather. Because everything is maintained off site, you can (1) bypass disruption or damage that may have occurred at your physical site, and (2) access what you need to keep your business functioning from any remote location.

Small firms need to realize they are most vulnerable to business disruptions, as they have less capital and fewer resources to carry them through a bad period. The cloud represents a simple and value driven resource to address business continuity issues that could turn a small firm’s business upside down.

The Cloud means no more stormy weather

Your front door is talking

 

 
If you’ve been following the news, the Internet of Things is getting increasing attention. You’re probably also thinking this is some Silicon Valley fancy thing that will take years to reach the rest of us.
 
Not really. You probably already have some items of your own tied into the Internet of Things.
 
First of all, what is the I of T? Simply, it is any object that collects data about itself or its surroundings, and then transfers that data across a network to some other object, which can then make use of that data. For example, if you have a baby monitor that sends crib pictures from upstairs to your phone, you’re tied into the I of T.
 
But what about business people? Where is it showing up in the workplace? You may have security cameras tied to a network where they can be monitored by a PC or phone. A front door lock that can be remotely opened via phone. A thermostat that can changed by the same phone. Internal lights that go on when you phone approach. All of these are part of the Internet of Things.

If you have questions about whether being tied into I of T presents a data security issue or hacking threat, you should contact a service consultant to discuss these issues. Headlines are now appearing about hacking into the I of T for nefarious purposes. It is a good idea to stay ahead of the curve because as a business, data security is a revenue-critical issue. Seriously, you don’t want the front door telling someone your client’s private data.

Your front door is talking

NPO’s and volunteer security nightmare

 

 
Not-for-profits have an unusual issue regarding security. Firms that have trained, paid full-time employees have a strong level of control over the actions of their workers. NPOs, however, may rely heavily on volunteers whose time in the office may be minimal and sporadic. You may feel grateful for their dedication and be less likely to subject them to rigid security training. Also, a threat of punishment for those who make inadvertent errors that create security risks isn’t going to be acceptable in the “volunteer” environment.
 
Though it may seem a waste of precious volunteer time, you need to consider implementing ongoing training and reminders to all volunteers about what they can do to protect your data and digital infrastructure. The 2 most common human errors are falling for phishing scams and bringing storage devices to your office and introducing them to laptops and other devices. Think of the volunteer who creates a brochure for you in their home office, then downloads it to your office PC. This is an excellent backdoor for a virus or malware to break into your infrastructure.
 
Remind your volunteers on a consistent basis that no outside storage devices are to be brought into the office for use on the NPO’s equipment. Secondly, provide training on how to recognize phishing scams and the risks of opening unfamiliar emails and links. Finally, for volunteers who work from home, consider using safe shared software platforms like Google Drive or Microsoft 365.

NPO’s and volunteer security nightmare

Security and your sub-contractors

 
 
So you feel relatively comfortable that you have created cyber security around your data and your employees are trained to avoid security errors in their day-to-day business ( a MAJOR source of security breaches, by the way.) However, you may be overlooking one area where you are exceptionally vulnerable. What protection do you have from those you do business with? If you are a manufacturer, for example, you may have several vendors who provide components and raw materials. How careful are they about data security? Smaller producers and service providers may perceive themselves as not being a likely hacker target, which is incorrect. Small firms are significant targets for data hacking because they have access to larger firms. They can provide a “digital backdoor” to the firms they sell to.
 
You need to work closely with all of your vendors to ensure that they are as serious about protecting their systems as you are. If you share digital information with your subcontractors, you open a very wide door for any of their vulnerabilities.
 
And this doesn’t just apply to the manufacturing sector. Medical offices share data, for instance. Consider talking to a security expert to address your vulnerability to a security breach via the very vendors you rely upon. You need to expect as much focus on security from them as you do from yourself.
Security and your sub-contractors

Cyber Crime and Security for SMBs

 
 
Did you know the illicit trading of personal data was worth $3.88 billion last year? Cybercrime is a growing industry known for its innovation. It goes far beyond the image many of us have of some hacker kid in his basement. Many who engage in this activity are professionals and work in large teams. Some may even be sponsored by governments. If you follow the news, you can find large corporations and even government agencies who have fallen prey to hackers and had massive amounts of data compromised. Unfortunately, this has led smaller firms to feel they fly below the radar. In fact, the opposite is true. Small businesses-especially those in regulated areas such as medical, financial, and legal services-need to be hyper vigilant about security. The cybercriminals’ professional efforts will outdo your amateur efforts at security.
 
As a small business, you are vulnerable for two reasons. First, serious hackers see small business as entrances into larger entities. Small firms that have any interaction with larger firms, perhaps as a subcontractor, can be easy targets for professional criminals. Second, the clients or customers of small firms are shown to be less forgiving of data compromises that occur in small businesses.
 
Security now goes beyond buying an antivirus program online. You should seek professional advice setting up security policies and business continuity plans, or testing these policies on a routine basis. A professional can spot vulnerabilities and prevent breaches before they occur.
Cyber Crime and Security for SMBs

Government regulations

  
 
Any business that stores customer payment information must comply with a number of state and federal regulations. The legal, healthcare, and financial sectors have a number of laws tailored specifically for them (such as HIPAA or CISPA). If you run almost any kind of professional practice or agency you probably have very specific data security requirements. Running afoul of these regulations puts you at risk for legal action and probably means that you have bad security in place.
 
As a professional, your focus needs to be on your clients and running your firm. Regulatory requirements to ensure data security can be complex and include rigorous testing requirements. Ensuring compliance with the regulations can be a serious distraction for you and take you into territory where your experience is limited.
 
One of the best solutions is to work with a third party who has strong credentials in the area of regulatory compliance and data security. When you are working with a third party to set up security or data storage, make sure that they have experience working in your industry. Finding a service provider with experience in your profession can give you peace of mind knowing that you can focus on running your business without the distraction of ongoing technology concerns.
Government regulations

Cybersecurity 101: You are the problem – Seriously simple steps you already know, but you don’t do

 

Look, we’ve all been there.  Complaining about all the security policy rules and how they waste your time.  Frustrated at all the passwords we have to remember.  And just when we do, ‘they’ force us to change them.  Demanding that we make them more complicated. Stronger.  Longer. Random..er.  It’s like, why even bother with new technology?  The technology that is supposed to make us more productive is making us LESS productive.  I’m sorry, but I have some news for you.  You are the problem…or at least part of the problem.  I know that sounds like bad news, but really it’s good news.  Because you can fix you.  Psychologist Henry Cloud says, “You can’t fix a problem that’s not in the room.”  So once we are all ready to admit that we are the problem, now we can start building a solution, practicing new disciplines and forming new habits.

Here are just a few security habits that you need to stop or start doing.

  1. Your password is not secure.  I can’t tell you how many times I’ve had clients give me the puppy dog eyes regarding how simple their password is.  They know it.  I know it.  We all know it. But for those that don’t, here it goes.  Sorry, your company name with a few random numbers is not secure.  No, your favorite season and the current year is no better.   While we are at it, STOP using a word from the alphabet unless you are going to use a passphrase.  What’s a passphrase?  A passphrase is a way to make you password longer while avoiding a string of random letters, characters and numbers that are impossible to memorize.  Length of passwords matter.  Hacker @TinkerSec tweeted the other day that “8 character passwords are dead.”  They said, “…we can go through the entire keyspace (upper,lower,number,symbol 95^8) of all 8 character passwords in ~5 hours (hashtype NTLM).”  That means that no matter what your password is, if it’s 8 characters, you can be hacked in 5 hours or less.  So the new norm is going to have to be longer.  I’m seeing companies starting to enforce 15 character passwords.  How is someone supposed to remember a highly complicated 15 character password?  START using Passphrases.  The fact is that the passphrase “My father wears sneakers in the pool 1” is more secure than the password “a#IKlfpao76ee” let alone “Snowball2017”.  It’s also easier to remember.  One catch is that not all systems allow this, so it is not a silver bullet.  Which means at the end of the day, it may be unavoidable for you to START using a password manager. A password manager is an app that will securely store your passwords so you can STOP using post it notes.  LastPass is a good one that I use.  There is a free version for consumers, so now you are without excuse.  All of your super complex passwords and passphrases locked tight and at your fingertips.  When I introduced LastPass to my wife, it changed her life.  In fact, she said, “Using a password manager like LastPass has removed my anxiety of passwords.  I can generate a complex password and easily copy and paste when I need to use them.”
  2. Why just one when you can do two?  I won’t spend a lot of time on this one because it is a similar concept to the first one.  STOP using only a password, and START using multiple forms of authication.  It’s called multi-factor authentication, which basically means that you need two or more separate ways to authenticate your yourself.  The concept is simple.  You will be more secure if authentication requires 2 of the following 3 items: Something you know, something you have or something you are.  Your password is something you know, and hackers have gotten quite good and compromising that.  Something you have would be like a key card, or a phone running the google authenticator app.  Something you are involves biometrics like a fingerprint scanner or something.  Using MFA is getting easier and easier to do, and it will provide much more security.
  3. You have voices in your head, use them.  My mom used to say that, “If it makes your nose wrinkle, pay attention.”   As I have stated, you know what is secure.  You know when an email looks ‘phishy’.  There is a voice deep inside all of us that understands many of these concepts,  but disciplining ourselves to listen to it and take action (or forego taking action) can be challenging.  If something doesn’t seem right, ask someone.  STOP trusting everything.  I have heard it said that you should ‘trust, but verify’.  If you get an email that looks out of the ordinary from someone, take a couple minutes to call and check.  Let them know that it looked suspicious.  For example, “Hi Bob, I got an email from you that only contained a link to a website and nothing else.  It looked suspicious, and I was going to delete it but wanted to check with you first.”  Even if it is a legit email, you are still helping the situation by letting that person know that something they did caused suspicion which might cause them to change behavior and write a little personal note with the link the next time they forward you the latest cat video.  START listening to the voices in your head.  The voices are often smarter than you think.

These tips will help get you started on the journey ahead.  So that hopefully you can STOP adding to the problem, and START becoming part of the solution.

Cybersecurity 101: You are the problem – Seriously simple steps you already know, but you don’t do