The professional services space is filled with important information. Lawyers, accountants, doctors, and many more professionals have access to some of the very most personal information available. For this reason, they are continuously targeted by hackers. Since October is cybersecurity awareness month, we thought we would take a look at modern cybersecurity practices to see which ones were working best for professional services firms.
All that stands between hackers and your accounts’ data, be it personal information or sensitive business info, is a measly string of characters that may (or may not) be complex enough to thwart their attacks. We’re talking about your passwords, and for many businesses, they are the only thing protecting important data. We’ll walk you through how to make sure your passwords are as complex as possible, as well as instruct you on how to implement additional security features to keep your data locked down.
Let me ask you a question… let’s say that you’re about one year from your projected retirement, when a ransomware attack encrypts all of your files. What do you do? Pack it in and retire early? This is precisely the situation that the practitioners of Brookside ENT & Hearing Services of Battle Creek, Michigan, have found themselves in - and it may not be over yet.
Password security is a tricky part of running a business. After all, it’s not just dealing with your own password, but those of the many employees all throughout your organization. In times like this, it’s helpful to provide them with a list of how to make the best passwords possible. Here are a couple of examples for what to do, as well as what you shouldn’t do, when building a proper password.
Now that the holidays have come and gone, you might have a couple of new gadgets in your home or office that connect to the Internet. Depending on what these gadgets are, you might have a serious security issue sitting right in front of you without realizing it. Some devices that don’t normally connect to the Internet--also known as Internet of Things devices (IoT)--aren’t as secure as you’d like them to be, particularly in a business environment.
Network security for small businesses is far from simple. There are countless threats out there that want to see your business fall, and it only takes one to see this come to fruition. Unless you take action now to protect your organization, you risk the future of your business. But what is it that businesses need to protect from, and what measures are out there that can accomplish this feat?
Security is an aspect of running a business that absolutely cannot be ignored, regardless of whether or not you see it as a considerable issue in the near future. The fact remains that your organization will always be at risk unless you take actions to keep it safe today. By taking advantage of some of the latest and greatest security tools on the market, you’ll be able to protect not only from the basic threats, but more advanced ones as well.
Do you find yourself traveling for your business? Be it for a conference, a series of meetings that require your attendance, or some other reason, you may very likely need to spend some time on the road; time that could be spent on tasks your business needs to function. Despite the lack of a traditional workspace, this time spent traveling doesn’t necessarily need to be time wasted. Thanks to the technology of today, you have the ability to remain productive while mobile.
However, you should still be mindful of your security. Cyber threats are present everywhere, and travelers unaware of security best practices can provide a tantalizing road of sitting ducks for attackers to strike. Of particular importance to a traveling business owner is the utilization of a Virtual Private Network (VPN), which allows you to access the company network on public Wi-Fi. It is important that you adhere to following these often ignored best practices, especially while carrying a pathway to the data critical of your business dealings.
Before departing for your trip:
- Be sure your software is fully updated: An important aspect of software updates is the fact that they aid in reducing the vulnerability of your device, especially those that apply to your security solutions. If your mobile solution’s software isn’t fully up to date, you are leaving the critical components of your business vulnerable to potential attack.
- Back up, back up, BACK UP: There’s a reason that best practices dictate that everything you have on your device be backed up before you leave: how often do you misplace your device at home or in the office? The nice thing about that scenario is you have a reasonable chance of finding it again, but on the road the chances of finding it are negligible, never mind the risk of damaging the device itself. It would be a shame to lose all the work you had accomplished on top of misplacing what is likely a company-provided device. Keeping at least your progress up to that point backed up is a simple method of mitigating the risks of traveling with your device.
While you’re travelling or present at your destination:
- Connect with consideration: Public hotspots are rife with risk factors. A favorite method of many hackers is to set up their own Wi-Fi connections that closely mimic the name of an establishment’s actual Wi-Fi network. For example, if you’re staying at the (fictitious) Motel Morris, and when you attempt to link to WiFi you are given the options of MOTEL_MORRIS_GUEST or MOTELMORRIS_FREEWIFI, it may be difficult to determine which is legitimate. As a precaution, always confirm which WiFi to use with someone associated with the establishment. Additionally, if what appears to be an establishment’s Internet connection claims to require a software update, disconnect and inform management at once.
- The more brief, the better: This one is just simple math: the longer you spend connected to the Internet through public Wi-Fi, the longer a hacker has to detect and infiltrate your system. If you aren’t actively engaged in some task, disconnect and log back in when you are again prepared to accomplish something. As irksome as it may be, it’s better than having your device’s security compromised.
- Keep it to yourself, if possible: If at all possible, use your own data plan and create a hotspot to access materials online, especially if financial matters and accounts are concerned. This will make the prospect of infiltration by hackers far less likely.
On a different line of thought, keep it to yourself and never leave your devices (storage solutions included) unsecured or unattended. If leaving your devices in your hotel room, keep them well-secured, just in case.
Just because you are travelling doesn’t mean you can’t be productive while maintaining a reasonable level of data security. With the proper safeguards in place and the application of a few best practices, you can make sure time is not wasted when there is work to be done.
Be sure to check back to our blog for more useful articles about the technology you rely on every day.
Does your SMB have an internal IT department? Chances are that it is a major pain point for your organization, and even if you do have one, it might be bogged down with so much work that mistakes can happen and threats can slip through the cracks. Sometimes the best way to protect your network is to know where and how threats manage to get there in the first place.
At ISC, we call this type of preventative measure “penetration testing.” It’s designed to test your network for any outlets that can be exploited by hackers or other threats that want to do harm to your network systems. This could include testing your workstations for vulnerabilities, ensuring that all of your software and hardware is up to date, and examining any mobile device usage on your network. As such, it’s a critical part of maintaining a safe and healthy network infrastructure.
Penetration Testing Also Means Testing Your End-Users
With network security, one of the often-ignored outlets for a threat infiltration stems from the end-user. If they accidentally hand over credentials, or download a malicious file off the Internet, you could be looking at a virus or malware takeover. In a worst-case scenario, they could walk into a phishing scam and have your entire system encrypted by ransomware. The ransomware could be Cryptowall, and the entire infrastructure could be encrypted with military-grade encryption, forcing you to either pay up or restore a backup.
All of these situations can be avoided if you properly train your employees on how to avoid online threats. Many security best practices are common-sense, but it helps to provide a refresher on how best to approach threats to security. Regularly quiz your employees on what to do if they encounter a potentially dangerous situation, and emphasize the importance of data security in your corporate culture.
Plan for Possible Scenarios
One of the best ways that you can protect your infrastructure is putting together emergency management plans for how to handle specific scenarios. This way, your organization won’t be caught off-guard by unexpected disasters that have the potential to derail your operations. Here are just a few examples of situations you’ll want to prepare for:
- Hacking attacks
- Data loss
- Natural disasters
- Hardware failure
- Other downtime-causing situations
Is your business prepared to handle the burden of network security, and can you protect your network from the many threats that lurk on the Internet? Your business doesn’t have to suffer at the hands of unplanned disasters. To learn how your business can better prepare for the future and keep threats out of your network, reach out to us at 502.292.5097.
You may have heard about the Internet of Things in passing, but do you truly understand the nature of these connected devices, and how they will affect your business in the coming years? The Internet of Things is a major trend that needs to be addressed if your business plans on succeeding in the near future.
Gartner reports that by 2020, there will be approximately 21 billion devices connected to the Internet; an astounding number, and one that your business can’t afford to ignore. These devices could range from fitness devices designed to track vital signs like pulse and heart rate, to connected appliances like refrigerators, thermostats, baby monitors, security cameras, and so much more. The sheer utility that the Internet of Things provides, guarantees that it’s only a matter of time before your office has to deal with several similar devices.
In fact, we’d be surprised to hear that your business doesn’t have at least a few of these devices floating around your network, especially considering how most of them are consumer-targeted, and are perhaps in the possession of your employees. Even something as simple as a smart watch could make its way to your business’s infrastructure, and unless you’re monitoring which devices connect to your network, you’d never know (until something goes wrong, of course).
Perhaps the most dangerous part of Internet of Things devices is the fact that they not only connect to the Internet, but that they are also able to communicate with each other. If these devices share your business’s corporate information with unapproved devices, you could have an unintentional data leak that exposes sensitive data to malicious entities.
In order to counter this potentially disastrous occurrence, it’s important that your business understands how to work mobile devices into your network infrastructure. You can’t just let anyone connect their personal devices to your network. What if one of them were infected with malware, spyware, or other threats with malicious intentions?
With a Bring Your Own Device (BYOD) policy, you can set up rules that govern how users take advantage of Internet of Things devices in the workplace. You should aim to have only approved devices connecting to your company’s network. The goal is to restrict your business’s network to only devices that won’t compromise its integrity. Users should first inquire about the devices they would like to use in the office, and once they’ve been approved by IT, they can begin to use them; but only if they aren’t a threat to productivity or data security.
Furthermore, some mobile devices, like smartphones, can be used while out of the office to stay productive and connected to the workplace. These devices need to be managed so as to protect the integrity of any data stored on them. This includes whitelisting and blacklisting apps, as well as allowing for remote wiping. Doing so effectively allows you to manage risk and take matters into your own hands, should your policies not be enough.
To learn more about how to manage risk with Internet of Things devices and other mobile technology, call us today at 502.292.5097.
Mobile? Grab this Article!