security

Workplace Safety: Online and Physical

/ nancyrubin / Leave a comment

Managing safety in the workplace — both in the office as well as online — is becoming a more complicated task by the day. Whether the concern is about hackers coming for your intellectual property, or process ownership during building maintenance, the security of your people is nothing to take for granted. Here are five things any company leader can do to make a greater effort in the name of safety.

Make Sure Everybody Understands What’Be Prepared’ Means

The impression that the world is unsafe and violent has only been amplified by popular media. We have, regrettably, let ourselves fall victim to a false narrative where our collective security is concerned. Nevertheless: it’s clear that when unfortunate events do occur in the world, they can happen just about anyplace.

What does “being prepared” look like for your workplace?If you ask different employees, will they tell you different things? Does everybody have a planned way out of the building or off your campus? It might sound too theoretical to justify spending time on it, but your company should have detailed contingency plans already drawn up for a variety of possible events — be it natural, as in extreme weather events, or something regrettably more man-made.

Perform Intermittent Online Security Audits

Since we’re talking about online and offline security, let’s talk about how business leaders can know, one way or another, whether their employees are practicing good security “hygiene” at work. There are two things you should be doing:

  1. Consider having an outside security company perform penetration testing for your company’s networks. They should be able to help you find any weak points that would-be criminals could exploit purposefully, or undisciplined employees could trigger accidentally.
  2. And when it comes to employees, have your IT team or that same third-party consultant perform or schedule fake phishing attempts for all of your company email addresses. Done correctly, the email will look like a plea for personal information, a reply, or for the user to click a link. Knowing how, and whether, your employees are interacting with emails like these, even fake ones,will tell you something about how at-risk your organization is.

Take Another Look at Your Building and the State of Its Maintenance

With the exception of companies that get started in attics,basements, and garages, most business visionaries take great pride in their immediate surroundings, including their business locations, their employees’accommodations and any environment in which a customer or client might find themselves.

We’re talking about two different things here. The first is curb appeal and “atmosphere.” Your workplace should present itself as a harmonious, well-considered space with tasteful and comfortable furnishings.Someplace employees can feel at home, in other words — since we know (workplaces with objectively pleasing aesthetics) tend to encourage creative free-thought,lower levels of aggression and heightened productivity overall.

But the second part of taking stock of your location and its amenities is a little more serious. It concerns the environment within your building, including its temperature during highs and lows and the quality of air your people are breathing all day. The phrase might sound alarmist, but”Sick Building Syndrome” is very real — and it generally results from poor air circulation in an environment already compromised by end-of-life HVAC systems, dirty duct work and noxious chemicals in furniture and building materials.

Implement BYOD Policies Responsibly

In another return to online safety, so-called “BYOD culture” is worth a look at as another potential threat vector in the well-being of your company and its employees. If the work you perform is conducive to it, you’ve likely already implemented, or plan to explore, BYOD policies. The benefits to company morale and productivity can be significant.When employees can do their work on familiar platforms and using hardware they’re comfortable with, it makes sense that they’d get more done.

The thing is, even if your workflows aren’t necessarily conducive to BYOD culture, your employees and guests might be bringing in smartwatches and other devices that aren’t as obvious. You might even have deployed these and other IoT devices yourself, as part of an internal wellness program. This itself can be a great influence on your organization’s collective health, and consequently your safety and productivity.

You’ve likely heard something about the several recent high-profile data breaches, including several, like Wanna Cry and Petya, which preyed specifically on unsecured and unsiloed IoT devices. Objects like these can be a boon in the workplace for many reasons, but the least you can do,safety-wise, is create a separate internal network for any connected devices you can’t vouch for 100 percent, including for employee BYOD programs as well as guests to your campus who might just want to use some free Wi-Fi.

Know Who’s Accountable and Have a Reporting Process in Place

This final point is a reminder about accountability in the workplace. We’re not talking about pointing fingers — we’re talking about”process ownership” and the idea that anything significant that requires doing deserves a specific appointed person to oversee it. If you do business in a climate where employee or customer safety depends on contacting snow removal companies quickly, you need a chain of command to get this and any other mission-critical safety or productivity concerns taken care of.

And that’s not all, either. When something unexpected happens, whether it’s an accident, damage to company property or infrastructure, bad-faith bookkeeping, or workplace harassment of some kind, your employees deserve some kind of accommodating, anonymizing reporting process for elevating their concerns to their managers or impartial third parties. They shouldn’t be left guessing who to talk to, or what to do if they’ve just been through something upsetting.

You’re going to find that your employees are only too happy to help you keep your company and its work areas safe and sound. But they need to know what’s expected of them and they need to know they have your ear when they have concerns of their own. As usual, it’s about communication.

Bio: Nathan Sykes is the editor of Finding an Outlet, a source for the latest in IT and business news and trends.

A Question Of Trust: Putting Our Faith In Remote Workers

/ nancyrubin

When we’re trying to conserve our business’ productivity, its integrity, not to mention its finances, the modern approach that so many companies look to is the remote working setup. Naturally, it’s a big draw, not just because it’s a way to cut those financial corners, but it’s a way we can hire so many people, and actually, make the most of the limited finances we have. But, with remote working comes a lot of questions, not just in terms of the technicalities, but also, when you’re hiring remote workers or freelancers, this question of trust can arise. Are remote workers to be trusted? And how can we get around this issue?

The Handling Of Sensitive Data

The one basic way we can get around this is to have contracts. Even a freelancer contract carries a legal cache, and it’s the best way for us to cover our bases. Unfortunately, the difficulty of ensuring remote workers and freelancers handle data effectively is all about consistent communication. While there are some technological ways for you to keep on top of this, hiring a virtual server hosting company to do the monitoring, or hiring a dedicated team to monitor the computer components will ensure that you are keeping some sort of watchful eye on your remote employees.

Improving Your Communication With Them

As we can struggle with the idea of control when we have remote workers or freelancers, it’s important to differentiate between the two terms. Remote workers can be hired on a permanent contract, but freelancers are not. So, if you are concerned that the two aren’t mutually exclusive, you have to think about what you want from your employees. In addition to this, if you want freelancers to feel part of the team, you have to make them feel just that. The big anxiety that we can have when it comes to trusting remote workers is that they can leave us in the lurch when there is a deadline looming, and while we don’t want to be let down, if we don’t give them any sort of incentive to keep working for us, such as by minimal communication, then part of us shouldn’t be surprised when they do inevitably jump ship. Improving your communication isn’t about messaging them every 20 minutes or so, it’s giving them that room to breathe but showing them that you have faith in their abilities to complete the task. This is a hard thing for us to come to terms with, especially when we’re trying to keep numerous plates spinning, as well as get to know the new members of the team.

Don’t forget, it’s important that remote workers feel part of the team, even though they are working from home. Remote workers, from a stereotypical perspective, can take liberties, and not do what is asked of them, but if we are to trust remote workers, then we have to have some semblance of honesty in how we communicate. We can trust remote workers, and we should, but maybe it’s more about the fact that we have to come to terms with changing our own managerial styles.

Why You Should Invest in Business Technology

/ nancyrubin

With technological innovations influencing every single part of our lives, there is little doubt left whether it should take its rightful place in the business sphere. Yet, some businesses are still reluctant to invest a considerable portion of their income in technology, and might need a bit of a push. So in order to help you understand why this is not a choice but rather a necessity, here are some essential reasons why you should invest in business technology.

Improved productivity

There is no argument that all businesses are striving towards an improved productivity. And in today’s business world most of it comes from technology. It is no wonder that 81% of business executives in Europe believe AI will impact the overall business functioning in the next four years. And this involves all aspects of business, from manufacturing and distribution to customer support and data entry. According to Forbes, manufacturers will invest $267 billion in IoT by 2020 to improve their product development and manufacturing efforts. This types of automation enabled by the technology will allow for employees to be less burdened by the everyday routine tasks, thus freeing their time and allowing them to focus on resolving more complex issues.

Higher levels of communication quality

The days of fax machines are long gone. Now you can send data and establish communication with just a click of a button on your smartphone. Of course, having a well connected office space is essential for maintaining a higher level of intra-company communication. This is why a lot of businesses turn to trusted providers like Orange for getting company phone networks along with the actual phones.This is just one of the ways to increase and speed up the communication within the company. It is also imperative to acknowledge the value of smartphones, and the effect they have on the speed and quality of communication when it comes to businesses. So it is important to consider investing in both if you want to have clear, undisturbed lines of communication not just with the respected customers but also with your employees.

Better sources of information

Investing in technology can lead to better sources of information when it comes to your customers. This in return leads to improved services and products and increased customer satisfaction which is clearly translated into a higher ROI. For example, big data analytics and real-time data tracking are helping management make informed business decisions. This means that you will be able to provide your customers with products and services tailored to their individual needs, and technology is there to tell you what those needs are. And not only that, it is also important to consider that technology allows companies an unhindered means of communicating with their customers, thus enabling real-time reaction monitoring, which in return can speed up the process of adjusting a certain product or service to the needs of the customers, resulting in a far better response and customer satisfaction.

Better security options

Some might say that the use of technology such as cloud computing and IoT exposes your business to additional treats. But at the same time with the right security plan it can be argued that theses things actually keep your business safe. With cybersecurity being the number one priority, investing in technology related to this aspect of doing business is of absolute priority. This is one aspect that you can’t overlook or put on the back burner, recent statistics have suggested that the average cost of a data breach at a larger firm is £20,000, but  the damage is actually much bigger if you take into consideration the effect a breach can have on customer trust. Now with hackers getting more and more sophisticated, it is important that a company keeps investing in this type of security so as to be able to guarantee the safety of both its data and the data of their customers.

Now, these are just some of the reasons investing in technology is essential for any modern businesses. Apart from increased productivity and communication, the information gathering and data safety present an imperative for any business owner who strives to succeed in this technologically driven business landscape.

Guest Author, Raul Harman, s a B.Sc. in Innovative entrepreneurship and has a lot to say about innovations in all aspects of digital technology and online marketing.  While he’s not enjoying travel, football and great food, you can find him on Technivorz.com.

The Security Checklist for Online Businesses

/ nancyrubin

Cybersecurity is not just a technology problem. The system is only as strong as its weakest link. To have an effective cybersecurity system, you need a comprehensive security policy for all employees that covers both online and offline behaviour, as well as leaders to instill a security-conscious culture.

One of the most recent scams is the “VP imposter scam,” which is a smaller version of CEO fraud. An employee receives an email from a VP. VP is in a customer meeting offsite, but he needs gift cards purchased immediately. The employee was told to immediately go buy the gift cards and send the VP the photos of the backs of gift cards before the meeting ends. Sounds urgent, so the employee complies. Unfortunately, the VP was an imposter, using a spoofed address from a “look-alike” domain. Once the card back photos were sent, their values are drained, and the imposter cuts contact. The victim employee eventually realized he was scammed when VP didn’t reimburse, triggering an IT investigation.

Technology will not solve this issue, because this is not something a spam or other email filter will catch. This is a targeted phishing message. But a security policy can stop this, and your company needs both to function properly.

What Makes a Good Security Policy?

There are several things that make a good security policy:

  • Make everyone understand the stakes – anyone can be compromised, from CEO on down to the lowliest grunt, including the vendors. A reported booking.com hack was actually phishing messages that compromised partner’s own backend.
  • Define the chain of command clearly – a VP should not be able to order a random employee around, but only his/her direct staff. Attempt to bypass such must be verified.
  • Define clear areas of control for each department – this can range from “regular users should not be able to install new programs, only IT” to “only CFO can edit transactions.”
  • Define risk in each job, and how to manage that risk – different jobs have different risk levels, and that determines how much training and how much technology is needed to manage that risk.
  • Plan for worst-case before it happens – If you are penetrated by a scammer, how do you proceed? This had to be planned properly ahead of time.

For any organization or individual, it is extremely important to keep your data secure from all kinds of different threats, ranging from hackers stealing your passwords to various different forms of viruses that are used to steal copies of your financial information or forcibly display a wide variety of different popups or advertisements or to open specific programs or web pages independently of any form of user input.

One of the most obvious threats that are most neglected is that some people use the most basic and rudimentary forms of security software that only do the most basic things. The more concerning part of this is the fact that many people do not even bother to update their security software to modern standards and just let the software do its job in the background. However, the problem with them doing this lies in the fact that they are neglecting to update their security software in favour of just using the default version without updates which can lead them to be unable to defend against more modern threats as their security software becomes more and more outdated. Let cyber security managed for you by professionals.

In addition to the use of outdated security software, some people have been known to use a form of data transmission that did an extremely poor job of correctly encrypting their data which left the data in question open to be discovered and stolen by almost any hacker who could gain access to that data stream.

This access control, or authorization, limits certain visitors access to certain areas of the website through security checks. Sometimes, however, access control can be broken, granting access to users who do not have clearance to areas of your website containing sensitive information. If this has ever happened with your website, you know the stress and headache it can cause and have wondered how you can better protect yourself. Lucky for you, we’re here to help.

Why Does Broken Access Control Happen?

The first thing we will want to look at when it comes to resolving broken access control is to determine what causes it in the first place. The first place where developers may fail is in an underestimation in what it takes to implement access control that is reliable. To brake access control, all that a hacker needs to do is simply figure out the access control scheme in order to find a way around it. This is often done by a simple request for access to areas of the website that are not permitted. The hacker will then find a flaw in the access control scheme in order to break it. Once they are in, the attacker is able to do a lot of damage such as deleting content or even taking control of your website. As you can see, the effects of broken access control can be detrimental, and it cannot be over-stressing the importance of knowing the best way to resolve broken access control.

How Can I be Sure I am Protected?

So how can you be sure you are protected? First and foremost, you will want to evaluate the access control requirements for your application and make sure that it is well documented in your policy. This policy should contain details such as who has access and what they should be able to see on your website. You will then want to perform numerous tests from multiple accounts to be sure it cannot be bypassed.

Conclusion

Finally, it is always wise to keep an eye out for social engineering techniques being used to threaten your security. These threats are a little less obvious than most, but they are another thing to keep an eye on. These methods are far less technical and more personal as it mostly involves manipulating people into sharing their personal data rather than hacking your systems.

5 Ways Your Security Team Can Help Keep Your Company Safe

/ nancyrubin

Business owners have a lot of responsibilities. This includes responsibilities to customers, employees, business partners, suppliers and the government. One of the most important responsibilities a business owner has is managing security operations. If you ignore security, it can put the well-being of the entire company at risk. Below are five things you should make sure your security team has covered to ensure that your business remains protected.

Secure Your Network

In today’s interconnected world, the biggest threats to businesses aren’t necessarily criminals that show up in person. Today, some of the biggest threats to businesses are hackers, cyber criminals, malware, viruses, Trojans and other cyber security threats. It has been estimated the annual cost of cyber-crime will rise to $2 trillion by 2019. Make cyber security a cornerstone of your security operations for your business.

Screen Your Employees

Your human resources department is actually directly related to security. If you don’t properly screen your employees with criminal background checks during the hiring process, you could hire criminals that are likely reoffend while under your employment. This could mean losing money to theft. It could even mean being sued when customers or other employees are put at risk.

Provide Radio Communications to Security Staff

In regards to securing your physical buildings and grounds, you will need to have security personnel on hand to deal with intruders and other security threats. However, your security personnel will not be able to accomplish much without the ability to efficiently communicate. Companies like Altech Electronics provide radio communications solutions specifically designed for security purposes.

Install Security Cameras

Something else you will need is electronic surveillance of your grounds. Without surveillance camera footage to examine after the fact, it can be very hard to solve or prove crimes. Make sure all significant areas of your grounds and buildings where theft or crime could occur are under video camera surveillance at all times.

Train Employees on Security Procedures

Even employees that are not part of your security staff should be trained on important security procedures. If employees do not know what to do when they come across evidence of a crime taking place, significant mistakes can be made. Employees must also be trained on how to maintain cyber security when dealing with company computer systems.

Overall, maintaining security is one of the most important responsibilities of a business owner. If you ignore security threats, the ramifications can be severe. It can even lead to the end of your business. Make security a priority and make the proper investments to protect your company.

Guest author, Lizzie Weakley is a freelance writer from Columbus, Ohio. She went to college at The Ohio State University where she studied communications. In her free time, she enjoys the outdoors and long walks in the park with her 3-year-old husky Snowball.  @LizzieWeakley

If You Rely On IT, You Must Know The Risks

/ nancyrubin

Your IT systems can play a crucial role in helping improve productivity, make complicated processes much easier, and streamline workflow. However, the more you rely on it, the more you expand your network of devices and software, the more of a risk it can become. Rather than arguing that you should scale down your tech reliance, instead, we are going to look at how you ensure you cope with that growing reliance and stay protected.

 

Are you protected?

Every business owner, big or small, should be aware of the real security risks related to their tech. From antivirus software to ethical hacking, you need to consider what data is available on your systems and just how much of a risk it can be if that data falls into the wrong hands. The riskier it is, the more you should invest in protecting it. Studies have shown that the majority of businesses that suffer a major data breach tend to close their doors within two years, and if you lose customer data, especially financial data, you could be legally liable for their losses too.

What happens when the light goes out?

What percentage of your employees’ working day involves them using the computer as their main resource? There’s a good chance it’s more than 50%. In that case, does that mean they are 50% less productive when the power or internet goes out? Your business can suffer a huge blow due to downtime. Finding backup power sources scaled to the number of devices you need, as well as alternative internet connections such as accessible Wi-Fi dongles is essential if you don’t want that downtime to shut you down entirely.

itrisks2

Pic Link

How do you cope with disaster?

Sometimes, a sudden event can do more than prompt downtime. A breach or a power surge can not only shut down your tech, but it can lose you significant portions of data, as well. Besides finding and preventing the risk of such disasters, strategic IT consulting can help you put a disaster recovery system in place. Such systems can help you get powered on and online much quicker, as well as ensuring that you have the data you need backed up so you are never at risk of truly losing everything.

Are you underutilizing it?

Finally, if you are scaling your tech reliance, you should also scale what you get in return for it. For instance, think about the data your systems produce. These can provide essential insights into the productivity of the team, the efficiency of your tech, and much more. Big Data consultants can help you find these insights and provide the answers to questions such as how to make your team more engaged and how to increase end-user adoption of new software, amongst many other things.

There are risks involved in relying more heavily on any one resource within the business. The more you rely on it, the more of a potential weakness it becomes. Ensure you give those weaknesses the time and thought they deserve and safeguard your business.

How Well Do Your Know Your Computers?

/ nancyrubin

Computers are fantastic inventions that have enabled us to be incredibly productive at work and at home. However, computers are still a mystery to many people and it’s understandable considering how complicated they are and how many parts they involve. However, we believe that it’s important to understand how your computer works, what it’s capable of and how you can make the most of them.

So whether you’re moving into a new office and equipping it with new computers, or if you just want to learn more about the technology that you use in your business, we’ve prepared a thorough article that will teach you everything you need to know.

A rough understanding helps you cut future costs when purchasing hardware

As with many other industries, it’s important to have a rough understanding of something before you make investments in it. If you understand how computers work and the value of the parts, then you can easily cut future costs by purchasing second-hand or refurbished hardware instead of brand-new from manufacturers. With this rough understanding of computers (a simple course) you’ll be able to make some huge savings. 

Equipping your employees with the right tools will help their productivity

How much do you know about your computers and their costs? Do you know how satisfied your employees are with them? If you want to equip your employees with the right hardware and tools, then it pays to have a deeper understanding of the tools they use, the software they require and so on.

Computer slowdowns and errors are a common cause of low productivity

You may have experienced crashes and slowdowns in the past with your computer systems, but had no idea how to deal with them. By learning about computers and their errors, you could easily fix common problems without having to call out an engineer or tech specialist. If your business suffers from computer slowdowns and errors then you’ll likely experience staff lazing around and nothing productive. With just a bit of experience, you can easily fix any common errors before they have a chance to become annoying and ultimately slow down your business.

Software can do more than you might initially think 

If you have a large number of computers in your workplace then you might be considering managed IT support to help you look after your computers. This is to help you keep your software updated, to ensure that your programs are installed properly and to also inform you on how you can use different types of software to help you grow your business.

Conclusion 

Computers are an integral part of any business, but it’s also important to understand how they’re used, how they work and also what they’re capable of.