IT Support Blog for Small Business Owners

Scott Persechino

Recent Posts

Data Security Breaches: Not just a Big Business Threat.

Posted by Scott Persechino on Mon, Feb 17, 2014

data security breach resized 600If a big company like Target or Neiman Marcus can suffer a Data Security Breach, it can certainly happen to your small company. In fact, it’s probably more likely to happen. And though no business, big or small, is ever guaranteed to be completely protected from a data security breach, if a company does not take the proper proactive security steps, it will almost definitely happen.

After millions of shoppers fell victim to massive data breaches at Target and Neiman Marcus, investigations revealed that the mastermind behind the malware used in the attacks was a 17-year-old boy. For reference, malware is destructive computer software that interferes with normal computer functions, or sends personal data about users to unauthorized parties over the Internet. That is exactly what happened in these two breaches. Investigators have revealed that the teen allegedly created the malware last March, and started selling it to an unreported number of cyberhackers in Eastern Europe. The teen is from the Ukraine, and authorities believe the malware leveraged in these breaches was used by hackers in Russia. Up to 110 million Target shoppers had much of their personal information like credit card numbers, PINs, and even personal addresses compromised because of the breach. Can you imagine how your customers would react if they were victimized like this because of a network security breach at your company?

Companies, regardless of size, rely on critical business data to succeed and flourish. Based on a recent study, more than 78% of organizations have suffered from at least one data breach over the past two years.  Your company may face considerable financial liabilities if it loses sensitive data. Even worse is the damage to your reputation, especially since most consumers say they would entirely stop dealing with an organization in the event of a security breach. Even small businesses with antivirus solutions in place are prime cybercrime targets.

Three surprising ways that small companies are more likely to suffer a worse data breach:

  1. Small business data breaches are more likely to go unnoticed. Target's data breach was first spotted by tech journalists and security firms who noticed that hackers were trying to sell a large amount of stolen data on underground websites. The massive amount of stolen credit card information alerted journalists that something was going on. However, when a small business is hacked, it will most likely go unnoticed by these watchdog groups. Hackers will glean less information, and so no one hack will lead to noticeable changes in data black markets.
  2. Media attention protects large businesses, but not small ones. Hackers often wait to use stolen data from data breaches at large companies, but they might not be so shy with small business breaches. When a company like Target is hacked, rather than going on a spending spree, identity thieves delay using stolen credit cards until the fuss dies down and consumers and credit monitoring services stop watching their accounts so closely. Small businesses are more likely to be hit immediately and harder with identity theft because hackers know there isn't the same scrutiny.
  3. Small businesses are underinsured. Many large businesses have Cyber Liability Insurance, which covers them when they are hacked. This policy pays for the credit monitoring services that are currently protecting Target's customers. By contrast, small business owners very rarely are carrying this type of coverage.

Three Myths and Facts the Small Business Owner should be aware of:

MYTH #1: My business is too small to be a target.
FACT: Size does not matter. Believing you are not susceptible to a breach, combined with the vast amount of data your business holds, potential employee negligence, and a lack of a dedicated IT staff makes your business a prime target for attackers. In fact, the majority of small businesses agree they can’t do enough to protect their data using the measures and technologies they currently have in place.

Cyber criminals do not discriminate. As long as they can gain profit and find anything lucrative to exploit, they will. Understanding the threats your business faces, their potential impact, and the regulations you need to follow is really the least any business owner should be doing.

MYTH #2: The antivirus I have is good enough.
FACT: Traditional antivirus software is not a cure-all. An advanced persistent cyber threat can manage to stay undetected in a network or system for a long period while progressing toward its goal—usually to steal data. An advanced persistent cyber threat’s ability to bypass blacklisting allows it to move within the network without detection and steal corporate passwords in order to gain access to other systems.

Since attackers consider small businesses prime targets, relying on traditional security technologies can also put you at risk for a customized malware attack in which hackers identify their victims and purposefully infect the user's computer to steal data. Customized malware attacks account for most data breaches and the chances of a data breach are higher when businesses believe that their traditional antivirus is enough to protect their assets, particularly against customized attacks.

MYTH #3: I can trust my employees and don’t have to worry about enforcing data security policies.
FACT: A company’s greatest asset—its employees—can also be its weakest link. The top reasons cited for data loss were employees’ tendency to open attachments or click links embedded in spam, to leave their systems unattended, to change their passwords too infrequently, and to visit restricted sites. This negligence puts critical business data at risk from data-stealing cybercriminals and malicious insiders. Research shows that 56% of employees frequently store sensitive data on their laptops, smartphones, tablets, and other mobile devices. This means there is more than a 50% chance that confidential information can land in the wrong hands should they lose these devices.

What you can do about it:

Start with these IT security best practices:
• Secure, encrypt, and password protect sensitive customer and employee data.
• Set rules for your employees; don’t let Social Networking compromise your data.
• Dispose of sensitive documents completely and securely.
• Limit access to sensitive data.
• Ensure that all software and systems are updated as needed.
• Put up firewalls to block hackers.
• Establish secure remote access protocol.
• Establish and adhere to a privacy policy.

The bottom line:

Patch the holes in your organization’s walls. Identify which information is critical, who could and should be able to access it, then investigate the best ways to protect it with the aid of a trusted IT advisor or your Managed Service Provider. Like holes or cracks in walls, areas where your company data is most vulnerable can cause your security perimeter to crumble.  ANP is offering a free IT Webinar for business owners this month regarding how to secure your company data. Register by clicking on the button below:

FREE IT Webinar Your Data is Under Attack Stop Data Theft Click Here to Register

Topics: data security, IT security, network security, data security breaches

Dreaded Deadlines April 15 “Taxes” and April 8 “End of XP IT Support”

Posted by Scott Persechino on Sun, Jan 19, 2014

no xp support resized 600The deadline we are typically concerned about in April is the 15th – Tax Day.  Here in calendar year 2014, business owners, IT personnel, and IT outsourcers are also preoccupied with another deadline, this one on April 8th – the end of Microsoft XP Support.  If you have not already heard, on April 8th, 2014, Microsoft will officially end Windows XP operating system’s life cycle. Microsoft has stated that it will no longer sell or support Windows XP and Office 2003.

There will be no automatic fixes, updates, free assisted online technical support, or security updates.  And if the statistics are anywhere near correct, experts are stating that for businesses with 5-250 employees, only 55% of them know about the end of XP, and 70% have no idea what migrating off XP will involve, or how it will impact their business!  This is pretty scary stuff—today is January 19th!  How many employees are in your company?  Do you have a plan?  If not, please take this situation seriously, because if any of your computers are still running XP, your business could be negatively impacted, with some very serious consequences.  Consider the following items and the potential impact to your business:   

  • Security Risks: Without question, XP security vulnerabilities present the greatest threat to your business. Without the security enhancements provided by an updated XP operating system, all of your business data and personal information are subject to harmful viruses and spy ware.  On April 9th, hackers will very likely have more information about vulnerabilities in Windows XP than the IT folks who are trying to protect the computers still running this operating system.  In fact, there is a strong likelihood that malicious viruses will be unleashed on XPs on April 9th, leaving unprotected computers “dead in the water.”  Viruses will very likely be spreading quickly over the Internet, and potentially onto your internal network, to any PCs still operating on XP.  Please don’t be that business owner consumed with thinking about a virus spreading through all the computers that keep your business running. Take proactive steps with your IT provider instead, and “Be Off Microsoft XP.”
  • Compliance Issues: For many businesses, continuing to operate XP could result in compliance issues leading to the suspension of certifications, and potential public notifications of an organization’s inability to securely maintain its systems and customer information.  Think about what is happening to Target and Neiman Marcus currently. Do you want to run the risk of compliance problems placing your business in legal peril and seriously damaging its reputation?  Your business has only one reputation. Don’t run the risk of tainting it by ignoring the XP issue.
  • Upgrade Expenses: As a business owner trying to control costs, are you concerned that an upgrade will be too expensive? If so, please reconsider. Some experts are viewing businesses that continue to run XP as irresponsible, and a serious liability. There is no doubt that problems are going to arise, and they may end up costing your business significantly more than the prudent XP upgrade, not to mention the potential downtime of your operation.
  • Custom Support Available for a Price: Many business owners are in denial about the end of XP, hearing that support will actually remain available after April 8, 2014.  True…but beware, as that support will be very expensive, and the reality is that it will be only a temporary band-aid.  Please don’t ignore this situation. This is not going to be another Y2K “non-event.” This one is real, and it will bite you if you don’t take action.

The interesting thing is that the “XP Lack of Support” also opens up other questions and opportunities for discussion.  Microsoft is assuming their XP customers will migrate to Windows 7 or 8.  Well, is this the time for your business to look more seriously at Apple MACs?  How about Linux?  Or do you do away with all of this, and move entirely towards tablets? 

All of these options come with a list of your standard “pros” and “cons.” It’s never easy.  All of these options are viable depending on your circumstances. Now is the time to be talking seriously to your IT provider about this important decision. You can file for an extension if you cannot meet the April 15th Tax Day deadline. There is no such option available for the XP deadline of April 8th.   Please take action now. ”Get Off Microsoft XP.” would you like to learn more? Register for our 30 minute webinar held this week to educate business owners on what the risks are and what your options are.

 

Register For The Webinar Today!

Topics: End of support for windows XP, Windows XP, End of Windows XP Support, End of 2003 support, Security threats facing small businesses

How does a Business Owner Insure IT Security with Employees?

Posted by Scott Persechino on Sun, Dec 22, 2013

IT SecurityHaving worked in the technology field for many years, I’ve developed a certain perspective regarding the security of technology devices in my office and in my home…and frankly, I’m not sure if it’s “healthy” or “unhealthy”.  Here in my office, if I take a look at the devices connected around me, I see a computer with connections to internal resources as well as external Internet- and cloud-based resources; I see a little USB drive hanging off my computer; I see a smart phone with all sorts of applications loaded on it; I see an IP-based phone, with voice mail, and all sorts of other capabilities.  At home, I have a cable modem, a little wireless router, a few cable boxes, telephones with voice mail service, and a couple of smart appliances.  Although all of these devices are either essential for me to be able to do my job…or help make my time at home be more convenient and enjoyable, I can’t help but think they all have one thing in common…and that is all of these devices can be hacked!

The simple truth is that if you can plug it in, or connect it to a “network”, your device, no matter what it is, can be taken over by someone else. And the truth is that someone doesn’t have to be an experienced hacker to do some serious damage…either on purpose or by accident.

Frankly, I’m a minimalist when it comes to technology…I want to turn things on and have them work.  I don’t need every fancy attribute, but I expect that my equipment will work, and I don’t need any hassles with hackers.  Part of what makes new technology so exciting is that, unlike the old days, it works right out of the box. Now any “non-techie” can download just about any application very easily, and it just works.  However, with this “tech world” being more accessible, it also becomes more problematic…and the hackers love it!

Take a look at a quick list of devices that “experts” think will be vulnerable over the next few years as the Internet of Things becomes more widespread.  Here are the pretty obvious items: smart phones; smart watches; office computers; tablets; home computers; the cloud (services, storage, software); ATMs at banks; printers; GPS devices; Wi-Fi routers; web cams; thumb and portable USB drives; cable box or DVR; voice mail (especially those with a global call-in numbers that don’t lock out after successive failed attempts)

But how about these “less obvious” items…these might be the “hack-able” devices of the future: power strips (today, they can be infected with malware); power cords for your devices (software code can be implanted now); luggage trackers (such as the Trakdot); connected glasses (Google Glass); gaming consoles: PS3, Kinect, Nintendo; refrigerators (such as Samsung); cars with computer operating systems; smart pens (like the Livescribe); gesture control devices (such as the Leap); cameras; smart alarm clocks; coffee makers; key fobs; light switches; moisture sensors; traffic lights (MIRT transmitters can change lights to green in two to three seconds); highway signs that spell out text  And I didn’t even mention medical devices, which are frighteningly exposed to hackers.

The proliferation of all this technology creates a constant need to keep devices updated and secure. For small- to medium-sized business owners in particular, where your internal IT support may be minimal and less-experienced at best, you are uniquely vulnerable.  Experts believe the most vulnerable device in any American house is the cable box, because it is so rarely updated.  However, if a hacker takes out your cable box, the damage is pretty well contained…hopefully.  Yet, if a hacker takes out your company’s server, or critical workstations are compromised, it could bring your company to its knees, and potentially put you out of business.

If what I’m saying makes you uneasy, you’re not alone. So how should we think about our constant vulnerability? Whether it’s “healthy or unhealthy”, I make a daily assumption that everything I do is hack-able.  I have an awareness of potential vulnerabilities, and I’m trying to develop an evolving set of street smarts…all business owners should as well.

For example, when you’re traveling and working on the road, consider carrying your own Wi-Fi hotspot. You can use a secure virtual private network (VPN) to send and receive email, and to access content that you have stored in the cloud. (Truth be told, that network can be hacked too, but at least your IT person or your managed services provider can watch the logs of what information is coming and going, and attempt to fight off intruders.)

Another good rule of thumb is to keep your network cloaked, meaning, don’t name it “Joe’s Hotspot”, if your name is Joe Smith.  As a managed service provider who performs regular network assessments for prospects, we routinely look at networks, and are astonished to see how many people use their own names or the names of their companies in their naming conventions. One approach is to change the names of all your devices to your mobile phone number. That way, if your laptop is lost or stolen for example, someone will see a phone number rather than your name, and perhaps there will be less of an incentive to poke around your machine to see what’s there.

Another idea is to use passwords that are easy to remember, but difficult to crack. Experts say you’re best off with a long phrase that also includes numbers and at least one capital letter. For example, something like “Iwant99pizzasand12sodasfordinnertonight” is actually more secure than “Gx1U2y,” because the algorithms that are used to crack passwords have to process many more computations when the password is longer.  Speaking of passwords, as much of a pain as it is, please change them regularly…weekly is recommended. It should go without saying that each one of your networks and devices should have a different password. When was the last time you changed yours?  Since I know you’re wondering: there is no workaround for this and no way to short-cut the management of your own passwords.  Again, another function you could look to your managed services provider for assistance.

Another good rule is to turn off your peripherals when they’re not in use, including printers.  Same goes for nonessentials on your network, such as additional computers, game consoles, and the like. The more things you have plugged in, the more opportunities there are for penetration. Be cognizant of who’s plugging “what” into your network. An innocent-looking thumb drive can destroy your computer within seconds…scary.

The good “healthy” news is that the “tech world” is open to all, offering fantastic business opportunities “in the office”…not to mention that it teach kids how to use and control the many devices that are undeniably tied to their futures “at home”.  The truth is that open networks are vital to innovation…however, the “unhealthy” truth is that they aren’t totally secure…and probably never will be…

It is incumbent upon a business owner to insure himself that as his company data is proliferated over smart phones, home networks, everything remains secure! ANP can help you evaluate if in fact you have everything secured, what happens when an employees laptop or smart phone is stolen; can your company wipe off the data? ANP can help, check out our free network assessment below.

 Request A Free Network Assessment

Topics: IT Technology, IT security, Business Owners, Virtual Private network, home network, security of your company

Subscribe By Entering Your Email

Follow ANP



Latest ANP Blogs

Browse by Category