computer security

Workplace Safety: Online and Physical

/ nancyrubin

Managing safety in the workplace — both in the office as well as online — is becoming a more complicated task by the day. Whether the concern is about hackers coming for your intellectual property, or process ownership during building maintenance, the security of your people is nothing to take for granted. Here are five things any company leader can do to make a greater effort in the name of safety.

Make Sure Everybody Understands What’Be Prepared’ Means

The impression that the world is unsafe and violent has only been amplified by popular media. We have, regrettably, let ourselves fall victim to a false narrative where our collective security is concerned. Nevertheless: it’s clear that when unfortunate events do occur in the world, they can happen just about anyplace.

What does “being prepared” look like for your workplace?If you ask different employees, will they tell you different things? Does everybody have a planned way out of the building or off your campus? It might sound too theoretical to justify spending time on it, but your company should have detailed contingency plans already drawn up for a variety of possible events — be it natural, as in extreme weather events, or something regrettably more man-made.

Perform Intermittent Online Security Audits

Since we’re talking about online and offline security, let’s talk about how business leaders can know, one way or another, whether their employees are practicing good security “hygiene” at work. There are two things you should be doing:

  1. Consider having an outside security company perform penetration testing for your company’s networks. They should be able to help you find any weak points that would-be criminals could exploit purposefully, or undisciplined employees could trigger accidentally.
  2. And when it comes to employees, have your IT team or that same third-party consultant perform or schedule fake phishing attempts for all of your company email addresses. Done correctly, the email will look like a plea for personal information, a reply, or for the user to click a link. Knowing how, and whether, your employees are interacting with emails like these, even fake ones,will tell you something about how at-risk your organization is.

Take Another Look at Your Building and the State of Its Maintenance

With the exception of companies that get started in attics,basements, and garages, most business visionaries take great pride in their immediate surroundings, including their business locations, their employees’accommodations and any environment in which a customer or client might find themselves.

We’re talking about two different things here. The first is curb appeal and “atmosphere.” Your workplace should present itself as a harmonious, well-considered space with tasteful and comfortable furnishings.Someplace employees can feel at home, in other words — since we know (workplaces with objectively pleasing aesthetics) tend to encourage creative free-thought,lower levels of aggression and heightened productivity overall.

But the second part of taking stock of your location and its amenities is a little more serious. It concerns the environment within your building, including its temperature during highs and lows and the quality of air your people are breathing all day. The phrase might sound alarmist, but”Sick Building Syndrome” is very real — and it generally results from poor air circulation in an environment already compromised by end-of-life HVAC systems, dirty duct work and noxious chemicals in furniture and building materials.

Implement BYOD Policies Responsibly

In another return to online safety, so-called “BYOD culture” is worth a look at as another potential threat vector in the well-being of your company and its employees. If the work you perform is conducive to it, you’ve likely already implemented, or plan to explore, BYOD policies. The benefits to company morale and productivity can be significant.When employees can do their work on familiar platforms and using hardware they’re comfortable with, it makes sense that they’d get more done.

The thing is, even if your workflows aren’t necessarily conducive to BYOD culture, your employees and guests might be bringing in smartwatches and other devices that aren’t as obvious. You might even have deployed these and other IoT devices yourself, as part of an internal wellness program. This itself can be a great influence on your organization’s collective health, and consequently your safety and productivity.

You’ve likely heard something about the several recent high-profile data breaches, including several, like Wanna Cry and Petya, which preyed specifically on unsecured and unsiloed IoT devices. Objects like these can be a boon in the workplace for many reasons, but the least you can do,safety-wise, is create a separate internal network for any connected devices you can’t vouch for 100 percent, including for employee BYOD programs as well as guests to your campus who might just want to use some free Wi-Fi.

Know Who’s Accountable and Have a Reporting Process in Place

This final point is a reminder about accountability in the workplace. We’re not talking about pointing fingers — we’re talking about”process ownership” and the idea that anything significant that requires doing deserves a specific appointed person to oversee it. If you do business in a climate where employee or customer safety depends on contacting snow removal companies quickly, you need a chain of command to get this and any other mission-critical safety or productivity concerns taken care of.

And that’s not all, either. When something unexpected happens, whether it’s an accident, damage to company property or infrastructure, bad-faith bookkeeping, or workplace harassment of some kind, your employees deserve some kind of accommodating, anonymizing reporting process for elevating their concerns to their managers or impartial third parties. They shouldn’t be left guessing who to talk to, or what to do if they’ve just been through something upsetting.

You’re going to find that your employees are only too happy to help you keep your company and its work areas safe and sound. But they need to know what’s expected of them and they need to know they have your ear when they have concerns of their own. As usual, it’s about communication.

Bio: Nathan Sykes is the editor of Finding an Outlet, a source for the latest in IT and business news and trends.

A Question Of Trust: Putting Our Faith In Remote Workers

/ nancyrubin

When we’re trying to conserve our business’ productivity, its integrity, not to mention its finances, the modern approach that so many companies look to is the remote working setup. Naturally, it’s a big draw, not just because it’s a way to cut those financial corners, but it’s a way we can hire so many people, and actually, make the most of the limited finances we have. But, with remote working comes a lot of questions, not just in terms of the technicalities, but also, when you’re hiring remote workers or freelancers, this question of trust can arise. Are remote workers to be trusted? And how can we get around this issue?

The Handling Of Sensitive Data

The one basic way we can get around this is to have contracts. Even a freelancer contract carries a legal cache, and it’s the best way for us to cover our bases. Unfortunately, the difficulty of ensuring remote workers and freelancers handle data effectively is all about consistent communication. While there are some technological ways for you to keep on top of this, hiring a virtual server hosting company to do the monitoring, or hiring a dedicated team to monitor the computer components will ensure that you are keeping some sort of watchful eye on your remote employees.

Improving Your Communication With Them

As we can struggle with the idea of control when we have remote workers or freelancers, it’s important to differentiate between the two terms. Remote workers can be hired on a permanent contract, but freelancers are not. So, if you are concerned that the two aren’t mutually exclusive, you have to think about what you want from your employees. In addition to this, if you want freelancers to feel part of the team, you have to make them feel just that. The big anxiety that we can have when it comes to trusting remote workers is that they can leave us in the lurch when there is a deadline looming, and while we don’t want to be let down, if we don’t give them any sort of incentive to keep working for us, such as by minimal communication, then part of us shouldn’t be surprised when they do inevitably jump ship. Improving your communication isn’t about messaging them every 20 minutes or so, it’s giving them that room to breathe but showing them that you have faith in their abilities to complete the task. This is a hard thing for us to come to terms with, especially when we’re trying to keep numerous plates spinning, as well as get to know the new members of the team.

Don’t forget, it’s important that remote workers feel part of the team, even though they are working from home. Remote workers, from a stereotypical perspective, can take liberties, and not do what is asked of them, but if we are to trust remote workers, then we have to have some semblance of honesty in how we communicate. We can trust remote workers, and we should, but maybe it’s more about the fact that we have to come to terms with changing our own managerial styles.

Why You Should Invest in Business Technology

/ nancyrubin

With technological innovations influencing every single part of our lives, there is little doubt left whether it should take its rightful place in the business sphere. Yet, some businesses are still reluctant to invest a considerable portion of their income in technology, and might need a bit of a push. So in order to help you understand why this is not a choice but rather a necessity, here are some essential reasons why you should invest in business technology.

Improved productivity

There is no argument that all businesses are striving towards an improved productivity. And in today’s business world most of it comes from technology. It is no wonder that 81% of business executives in Europe believe AI will impact the overall business functioning in the next four years. And this involves all aspects of business, from manufacturing and distribution to customer support and data entry. According to Forbes, manufacturers will invest $267 billion in IoT by 2020 to improve their product development and manufacturing efforts. This types of automation enabled by the technology will allow for employees to be less burdened by the everyday routine tasks, thus freeing their time and allowing them to focus on resolving more complex issues.

Higher levels of communication quality

The days of fax machines are long gone. Now you can send data and establish communication with just a click of a button on your smartphone. Of course, having a well connected office space is essential for maintaining a higher level of intra-company communication. This is why a lot of businesses turn to trusted providers like Orange for getting company phone networks along with the actual phones.This is just one of the ways to increase and speed up the communication within the company. It is also imperative to acknowledge the value of smartphones, and the effect they have on the speed and quality of communication when it comes to businesses. So it is important to consider investing in both if you want to have clear, undisturbed lines of communication not just with the respected customers but also with your employees.

Better sources of information

Investing in technology can lead to better sources of information when it comes to your customers. This in return leads to improved services and products and increased customer satisfaction which is clearly translated into a higher ROI. For example, big data analytics and real-time data tracking are helping management make informed business decisions. This means that you will be able to provide your customers with products and services tailored to their individual needs, and technology is there to tell you what those needs are. And not only that, it is also important to consider that technology allows companies an unhindered means of communicating with their customers, thus enabling real-time reaction monitoring, which in return can speed up the process of adjusting a certain product or service to the needs of the customers, resulting in a far better response and customer satisfaction.

Better security options

Some might say that the use of technology such as cloud computing and IoT exposes your business to additional treats. But at the same time with the right security plan it can be argued that theses things actually keep your business safe. With cybersecurity being the number one priority, investing in technology related to this aspect of doing business is of absolute priority. This is one aspect that you can’t overlook or put on the back burner, recent statistics have suggested that the average cost of a data breach at a larger firm is £20,000, but  the damage is actually much bigger if you take into consideration the effect a breach can have on customer trust. Now with hackers getting more and more sophisticated, it is important that a company keeps investing in this type of security so as to be able to guarantee the safety of both its data and the data of their customers.

Now, these are just some of the reasons investing in technology is essential for any modern businesses. Apart from increased productivity and communication, the information gathering and data safety present an imperative for any business owner who strives to succeed in this technologically driven business landscape.

Guest Author, Raul Harman, s a B.Sc. in Innovative entrepreneurship and has a lot to say about innovations in all aspects of digital technology and online marketing.  While he’s not enjoying travel, football and great food, you can find him on Technivorz.com.

How To Keep Customer And Client Data Secure

/ nancyrubin

Small business owners will have to collect a lot of client and customer data. If you don’t keep that information secure, there is a chance your company could get into trouble. There is also a chance you might develop an adverse reputation if your brand appears in the newspapers alongside a story about hackers who stole money from consumers bank accounts. So, use the advice from this post.

Use cloud storage services

If you take a moment to check out the infographic at the bottom of this page; you should learn more about data and how you will need to use it in the coming years. Whatever information you collect, make sure you choose the most secure storage solution. That is usually the cloud.

Encrypt all private details

Companies that collect customer names, addresses and bank account details will need to make sure they encrypt all that data the moment they receive it. Failure to do that could mean a hacker breaks into your system and steals everything. That is not something you want to happen.

Hire an IT support specialist

IT support experts know how to test your system for vulnerabilities and then provide some advice designed to counteract the issues. Make sure you hire a professional and use their services if you want to guarantee you’re not missing anything vital.

Use the info from this page to make sure you never fall victim to a hacking attack that will ruin the reputation of your brand. Also, take a look at the infographic to learn more about some of the challenges your business will face in the future.


Graphic by USC Online

The Security Checklist for Online Businesses

/ nancyrubin

Cybersecurity is not just a technology problem. The system is only as strong as its weakest link. To have an effective cybersecurity system, you need a comprehensive security policy for all employees that covers both online and offline behaviour, as well as leaders to instill a security-conscious culture.

One of the most recent scams is the “VP imposter scam,” which is a smaller version of CEO fraud. An employee receives an email from a VP. VP is in a customer meeting offsite, but he needs gift cards purchased immediately. The employee was told to immediately go buy the gift cards and send the VP the photos of the backs of gift cards before the meeting ends. Sounds urgent, so the employee complies. Unfortunately, the VP was an imposter, using a spoofed address from a “look-alike” domain. Once the card back photos were sent, their values are drained, and the imposter cuts contact. The victim employee eventually realized he was scammed when VP didn’t reimburse, triggering an IT investigation.

Technology will not solve this issue, because this is not something a spam or other email filter will catch. This is a targeted phishing message. But a security policy can stop this, and your company needs both to function properly.

What Makes a Good Security Policy?

There are several things that make a good security policy:

  • Make everyone understand the stakes – anyone can be compromised, from CEO on down to the lowliest grunt, including the vendors. A reported booking.com hack was actually phishing messages that compromised partner’s own backend.
  • Define the chain of command clearly – a VP should not be able to order a random employee around, but only his/her direct staff. Attempt to bypass such must be verified.
  • Define clear areas of control for each department – this can range from “regular users should not be able to install new programs, only IT” to “only CFO can edit transactions.”
  • Define risk in each job, and how to manage that risk – different jobs have different risk levels, and that determines how much training and how much technology is needed to manage that risk.
  • Plan for worst-case before it happens – If you are penetrated by a scammer, how do you proceed? This had to be planned properly ahead of time.

For any organization or individual, it is extremely important to keep your data secure from all kinds of different threats, ranging from hackers stealing your passwords to various different forms of viruses that are used to steal copies of your financial information or forcibly display a wide variety of different popups or advertisements or to open specific programs or web pages independently of any form of user input.

One of the most obvious threats that are most neglected is that some people use the most basic and rudimentary forms of security software that only do the most basic things. The more concerning part of this is the fact that many people do not even bother to update their security software to modern standards and just let the software do its job in the background. However, the problem with them doing this lies in the fact that they are neglecting to update their security software in favour of just using the default version without updates which can lead them to be unable to defend against more modern threats as their security software becomes more and more outdated. Let cyber security managed for you by professionals.

In addition to the use of outdated security software, some people have been known to use a form of data transmission that did an extremely poor job of correctly encrypting their data which left the data in question open to be discovered and stolen by almost any hacker who could gain access to that data stream.

This access control, or authorization, limits certain visitors access to certain areas of the website through security checks. Sometimes, however, access control can be broken, granting access to users who do not have clearance to areas of your website containing sensitive information. If this has ever happened with your website, you know the stress and headache it can cause and have wondered how you can better protect yourself. Lucky for you, we’re here to help.

Why Does Broken Access Control Happen?

The first thing we will want to look at when it comes to resolving broken access control is to determine what causes it in the first place. The first place where developers may fail is in an underestimation in what it takes to implement access control that is reliable. To brake access control, all that a hacker needs to do is simply figure out the access control scheme in order to find a way around it. This is often done by a simple request for access to areas of the website that are not permitted. The hacker will then find a flaw in the access control scheme in order to break it. Once they are in, the attacker is able to do a lot of damage such as deleting content or even taking control of your website. As you can see, the effects of broken access control can be detrimental, and it cannot be over-stressing the importance of knowing the best way to resolve broken access control.

How Can I be Sure I am Protected?

So how can you be sure you are protected? First and foremost, you will want to evaluate the access control requirements for your application and make sure that it is well documented in your policy. This policy should contain details such as who has access and what they should be able to see on your website. You will then want to perform numerous tests from multiple accounts to be sure it cannot be bypassed.

Conclusion

Finally, it is always wise to keep an eye out for social engineering techniques being used to threaten your security. These threats are a little less obvious than most, but they are another thing to keep an eye on. These methods are far less technical and more personal as it mostly involves manipulating people into sharing their personal data rather than hacking your systems.

5 Ways Your Security Team Can Help Keep Your Company Safe

/ nancyrubin

Business owners have a lot of responsibilities. This includes responsibilities to customers, employees, business partners, suppliers and the government. One of the most important responsibilities a business owner has is managing security operations. If you ignore security, it can put the well-being of the entire company at risk. Below are five things you should make sure your security team has covered to ensure that your business remains protected.

Secure Your Network

In today’s interconnected world, the biggest threats to businesses aren’t necessarily criminals that show up in person. Today, some of the biggest threats to businesses are hackers, cyber criminals, malware, viruses, Trojans and other cyber security threats. It has been estimated the annual cost of cyber-crime will rise to $2 trillion by 2019. Make cyber security a cornerstone of your security operations for your business.

Screen Your Employees

Your human resources department is actually directly related to security. If you don’t properly screen your employees with criminal background checks during the hiring process, you could hire criminals that are likely reoffend while under your employment. This could mean losing money to theft. It could even mean being sued when customers or other employees are put at risk.

Provide Radio Communications to Security Staff

In regards to securing your physical buildings and grounds, you will need to have security personnel on hand to deal with intruders and other security threats. However, your security personnel will not be able to accomplish much without the ability to efficiently communicate. Companies like Altech Electronics provide radio communications solutions specifically designed for security purposes.

Install Security Cameras

Something else you will need is electronic surveillance of your grounds. Without surveillance camera footage to examine after the fact, it can be very hard to solve or prove crimes. Make sure all significant areas of your grounds and buildings where theft or crime could occur are under video camera surveillance at all times.

Train Employees on Security Procedures

Even employees that are not part of your security staff should be trained on important security procedures. If employees do not know what to do when they come across evidence of a crime taking place, significant mistakes can be made. Employees must also be trained on how to maintain cyber security when dealing with company computer systems.

Overall, maintaining security is one of the most important responsibilities of a business owner. If you ignore security threats, the ramifications can be severe. It can even lead to the end of your business. Make security a priority and make the proper investments to protect your company.

Guest author, Lizzie Weakley is a freelance writer from Columbus, Ohio. She went to college at The Ohio State University where she studied communications. In her free time, she enjoys the outdoors and long walks in the park with her 3-year-old husky Snowball.  @LizzieWeakley

Don’t Dilly Dally About Data

/ nancyrubin

Do I need a cloud server or should I use a hard drive? Is it worth hiring a data management expert? What type of security do I need? What penalties are there for not remaining compliant? These are just some of the questions that are probably swirling around your head when thinking about data issues in your company. You probably think that you have time to ponder these and make the right decisions, but you don’t.

You may not know that nearly one-third of all companies on the market will be exposed to a cybersecurity issue at some point this year. That means if you haven’t already made the right decisions your data could already be vulnerable. You don’t want that, so let’s look at the ways that you can prevent it. You need to make snap decisions here as soon as your business is on the market or even before.

DO Use A Cloud A Server

You have probably been toying with the idea of either hiring or buying a cloud server for your company data. It’s time to stop thinking about it and start doing it. While some people like to point out the security holes in cloud servers, they are nothing compared to hard drives. Someone can hack into your hard drive from their home in minutes if it’s connected to a network. Or, they could just walk into your property and walk out with all your customer data. With a cloud server, it’s far more complicated because then the data is kept off-site.

When you are thinking about cloud servers, do make sure that you research different companies rather than opting for the first one you find online. Quality of service can vary dramatically here.

DON’T Think Your Industry Is Special

It isn’t, and this is a big mistake that business owners are making right now. It is true to say that some companies need to worry more about data than others. For instance, if you work in the medical sector, you need to make sure that you are remaining HIPAA compliant and you can learn more about that on sites like www.nahs.co. But, all companies are held be similar data guidelines and regulations. In Europe, for instance, The GDPR recently came into full force. This impacts every business with ties to Europe, and that brings us to our next point.

DO Hire An Industry Expert

If companies should learn one thing from the new GDPR it’s that data laws can change fast. You can learn more about the GDPR on www.cio.com. While companies were given two years warning here, it still wasn’t long enough for some businesses to get in shape before the strict penalties were imposed. That’s why you should hire a data compliance expert. They can help make sure that you do remain completely compliant and that your business is up to date with changes to the law.

We hope you find this information useful and start making quick decisions on how to protect your business from data issues right now.