Cyber Security

In 2018 Is Your Business's IT Infrastructure Vulnerable?

Security was one of the top buzzwords for 2017. From ransomware attacks to data leaks, it’s apparent hackers are out there working hard — and consumers are starting to feel far more skeptical of our data management.

NOT Edited

Network and server administrators have to be on their game day in, day out, while criminals just have to find one tiny crack to exploit. Once they do, the lawsuits and expenses to fix the problem could put a medium or small company out of business.

According to Gartner, an IT research firm, 30 percent of Global 2000 companies will have been directly compromised by cybercriminals by 2020. Some large companies are going as far as hiring a Chief Information Security Officer (CISO) to combat this unrelenting enemy.

No matter your company’s size, there is a lot of IT infrastructure to monitor. The very idea of keeping it all secure it daunting. But many cyber attacks exploit unnoticed security vulnerabilities. Yahoo! Has been struck twice, and both times lax security procedures were partly to blame. But there are steps you can (and must) take to stay ahead of the hackers.

Assess Your Infrastructure
Call it an assessment or an audit or a checkup. When was the last time you took stock of your resources and your risks? What about your security measures? Make it a goal to examine every aspect of IT:

  • Make a list of all the data you could lose in an attack and put them in order of importance. Think like a hacker: what would someone want to steal? If they did, how would they do so
  • Make a list of the programs that are run on all your assets.
  • Make sure you have a list of all hardware, including serial numbers and model numbers.
  • WiFi is often a weak link. Check to see if your is vulnerable to a KRACK attack.
  • Note which devices are connected to the network and when.
  • Do employees bring their own devices to work? If so, consider those as well. Are they using public email services (Gmail, Yahoo) in addition to the email programs you have installed?
  • What about team members who travel or are in the field? What devices do they have with them and what can they connect to that might be detrimental if lost?
  • Create a schedule for updating hardware and software, if you don’t already have one. You might have the software in place, but new releases and updates are what keep it secure.
  • Angry employees, contractors, or vendors have been known to cause problems. List those who have access to sensitive information and implement a plan if one of them were to exploit you.

Preventing Human Errors
No human is perfect, and no matter how much you educate your team about phishing scams and secure passwords, someone is going to make a mistake. After all, scammers are always trying to look and sound more real. Some are even spoofing email addresses so it appears to come from someone within your company. Your employees may assume the right protections are in place so that if an email does arrive, it must be legitimate. But human errors are the primary cause of most business cybersecurity attacks. Prevent these problems by:

  • Reinforcing education. You can’t just have the IT talk with everyone once. Schedule regular training about phishing, malware, and more. Make these mandatory.
  • Installing web filtering to block websites known to be malicious. (Browsers can’t protect from all of these.)
  • Requiring regular password changes. Just telling your team to change their passwords and make them strong isn’t enough. Make it mandatory. Either put it on the calendar or set up programs so that employees have no choice.
  • Creating security procedures and following through. Some cyber attacks occur when someone pretending to be an employee asks a “coworker” to help them out. Their urgent problem requires access to networks. Prevent this type of social engineering attack by putting procedures in place and enforcing them.

Along those lines, make sure team members know to lock away papers and not to leave documents in the printer or scanner. A pile of documents with your entire team’s Social Security numbers on it could post just as much a problem as the list in Excel.

No comments
Jeremy WebbIn 2018 Is Your Business's IT Infrastructure Vulnerable?
read more

The How of Business Dealing With Big Data

The business realm is known for its bias toward what gets the job done — systems, technologies, resources. In this regard, big data has been the most revolutionary player in recent years. If you can quantify the large volume of information from internal and external sources, you can predict or solve things.

Big data and Netflix.

Big data got the job done for Netflix with its recommendations based on people’s viewing behaviors. It got the job done for Target with its mailers based on women’s shopping habits. When put to good use, it can help companies make informed decisions.

But sometimes, quantitative data will not be enough to solve organizational problems. Experts like Cathy O’Neill, a mathematician and data scientist, encourage users to not put their faith on it blindly. Before applying it, understand how it can affect your company, industry, and society in general. Here are 4 ways to approach big data that will help shed some light:

Algorithmic audit: data integrity check.

Ensuring the accuracy and consistency of data from recording to retrieval is crucial in computing. However, organizations must look beyond the physical and logical aspects. In her TED Talk, O’Neill spoke about the necessity of a data integrity check in the context of fairness. Data scientists need to interrogate the data. They should account for human biases, according to her.

For example, it is not enough to use big data in the hiring process to narrow down the talent pool. There is a need to question the culture that sorts out and separates the winners and the losers. O’Neill cited the Fox News case in which women would be less likely to make it if the hiring process focused on the historical trends of successful journalists alone.

Quantitative data as performance indicators: an incomplete picture.

Thanks to automation, it has become easier for companies to measure the performance of employees. But there is a downside to this. Think about Amazon’s productivity tracker. The e-commerce giant is notorious for making such an important decision as laying off workers based on hours logged.To put it simply, this method is seen as inhumane.

It also goes to show that big data does not always give businesses the whole picture. In Amazon’s case, one can argue that the company should consider other factors in determining employee value. These include the kind of support they are receiving from immediate supervisors. Communication also plays a role. This Forbes article reported that 92% of highly-engaged employees had someone in the company talk to them about their progress.

Big data, algorithms, and human input: an ideal dynamic.

Today, businesses are either collecting or producing loads and loads of information. Then they are fed to automated software that provides stakeholders with the analytics. This reliance on tools and technologies can make humans complacent.

In another TED Talk, tech ethnographer Tricia Wang reminded her audience that the way they use big data is still their responsibility. The ideal scenario is to have organizations make wiser and more informed decisions. However, Wang added that there is a need to focus on thick data that comprises “precious, unquantifiable insights from actual people.”

Real-world insights: cybersecurity applications.

On a more positive note, algorithms are pretty useful in detecting suspicious activities and potential security risks.  Big data is an appealing target for cyber attackers whose methods have become sophisticated. And what is a better way to protect big data than investigating and analyzing the information breaches that occurred on platforms? Looking into the techs that organizations are actually using the type of protections that you need to put to use in your own company. Like VPN Services, social sign-ons, and biometrics, will provide insights into the movement of the attacks.

Final words.

There is so much more to understand when it comes to big data. But as organizations become more familiar with approaches like automation, deep learning, and artificial intelligence, the human side of the equation should not be cast aside.

As Wang said, “investing in big data is easy, but using it hard.” In the end, everybody hopes their participation in forging a new way of doing things will be worth it. But the determining factor is what the business world do: follow the data blindly or lead it to new heights.

No comments
Jeremy WebbThe How of Business Dealing With Big Data
read more

Changing How Startups See Network Security

Experience is a good teacher. However, you don’t have to wait to get your system hacked before learning a thing or two about the evils of technology. Just because you are only starting up does not mean you are prone from cyber attacks. Think about what happened to startups, some well-funded at that, when they failed to prioritize digital security.

Do not be that startup with the security horror stories to tell. It is better to be the one that learns from others’ mistakes. Here are 5 statements to ponder when it comes to dealing with network, or data and cyber, security:

It starts at home.

Foremost, consider the dual rise of digital workplaces and remote work. Founders can build startups in garages. Their employees can work from the comfort of their rooms. About 50 percent of all firms are home-based, according to the Small Business & Entrepreneurship (SBE) Council.

Security is one important aspect to cover when it comes to this operating from home trend. Home security firm Ooma reports that 74 percent of the 2.9 million annual burglaries occur at residential properties.

Chances are you’ll be using devices that may attract the attention of thieves. Not only laptops and mobile phones can be stolen. The data they contain can also get into the wrong hands. An on-premise security system will deter 60 percent of burglars. So, make sure to get that in place. 

It’s about the approach.

Because of this bootstrapping nature among startups, the budget for online security can get bumped by more important aspects, like marketing. If you are a one-man team and specialize in something other than information technology, the subject of security can also look intimidating.

But here is a tactic: perform risk assessment regularly. Depending on the flow of data and other important matters, you can schedule a scan daily, bi-monthly, or monthly. When you find threats, determine how fast you should act on each. Based on these steps, you can then shop security solutions to mitigate risks. There’s an array of tools to choose from, but you can always make a decision based on your budget and objectives.

It also matters to small firms.

Cyber attacks that make it to the morning or evening news are often large in scale. Specifically, malicious software that are created for extortion purposes, popularly known as ransomware, typically target big firms. But this does not mean small, budding businesses are far removed from this kind of alarming situation.

Any breach of your client data endangers your business. But aside from customer records, your intellectual property, employee records, and business correspondence are also vulnerable. In addition, there is no telling what the hackers will do with the compromised data. Among small firms that experienced cyber attack, 60 percent do not recover and shut down within the next six months.

It pays to pay attention to it from the top down.

You should understand that people can be the cause of cyber security issues. If you have employees, you should train them with regard to the basics of privacy and security. Teach them about connecting with public wifis such as those in cafes and airports.

If you can afford it, installing a credible VPN client on their devices can give you some peace of mind. Protecting your small business from employee negligence is also an integral part of overall security. Of course, having a dedicated IT team is an important investment. If you are not an IT expert yourself, it will be best to make space for a chief technology officer or a tech consultant.

Having the right people in place can help improve your security situation, process, and result. But if this is not yet possible, a little team know-how can go a long way, especially if you are working with a remote staff.

It is an industry concern.

It is never just an individual effort. Actively taking part in startup groups in your area will potentially lead you to a cyber security startup. If not, you can ask for recommendations from within those circles. Other founders understand your need to grasp some concepts before buying into a program or solution.

You may also find firms offering business analytics and consultancy based on industries, to help you contextualize solutions. Use that opportunity to field your questions to the right audience. You can also keep abreast with data protection regulation through your network as well as news and studies.

It may sound like a lot of work, and it is. So think about converting that time you’re scrolling down your Facebook feed aimlessly into checking out your startup groups, looking for cyber security threads, and participating in helpful discussions about the topic.

No comments
Jeremy WebbChanging How Startups See Network Security
read more

We Need To Talk About How Business Is Dealing With Big Data

The business realm is known for its bias toward what gets the job done — systems, technologies, resources. In this regard, big data has been the most revolutionary player in recent years. If you can quantify the large volume of information from internal and external sources, you can predict or solve things.

Big data got the job done for Netflix with its recommendations based on people’s viewing behaviors. It got the job done for Target with its mailers based on women’s shopping habits. When put to good use, it can help companies make informed decisions.

But sometimes, quantitative data will not be enough to solve organizational problems. Experts like Cathy O’Neill, a mathematician and data scientist, encourage users to not put their faith on it blindly. Before applying it, understand how it can affect your company, industry, and society in general. Here are 4 ways to approach big data that will help shed some light:

Algorithmic audit: data integrity check.

Ensuring the accuracy and consistency of data from recording to retrieval is crucial in computing. However, organizations must look beyond the physical and logical aspects. In her TED Talk, O’Neill spoke about the necessity of a data integrity check in the context of fairness. Data scientists need to interrogate the data. They should account for human biases, according to her.

For example, it is not enough to use big data in the hiring process to narrow down the talent pool. There is a need to question the culture that sorts out and separates the winners and the losers. O’Neill cited the Fox News case in which women would be less likely to make it if the hiring process focused on the historical trends of successful journalists alone.

Quantitative data as performance indicators: an incomplete picture.

 Thanks to automation, it has become easier for companies to measure the performance of employees. But there is a downside to this. Think about Amazon’s productivity tracker. The e-commerce giant is notorious for making such an important decision as laying off workers based on hours logged.To put it simply, this method is seen as inhumane.

It also goes to show that big data does not always give businesses the whole picture. In Amazon’s case, one can argue that the company should consider other factors in determining employee value. These include the kind of support they are receiving from immediate supervisors.

Communication also plays a role. This Forbes article reported that 92 percent of highly-engaged employees had someone in the company talk to them about their progress.

Big data, algorithms, and human input: an ideal dynamic.

Today, businesses are either collecting or producing loads and loads of information. Then they are fed to automated software that provides stakeholders with the analytics. This reliance on tools and technologies can make humans complacent. In another TED Talk, tech ethnographer Tricia Wang reminded her audience that the way they use big data is still their responsibility.

The ideal scenario is to have organizations make wiser and more informed decisions. However, Wang added that there is a need to focus on thick data that comprises “precious, unquantifiable insights from actual people”.

Real-world insights: cybersecurity applications.

On a more positive note, algorithms are pretty useful in detecting suspicious activities and potential security risks.  Big data is an appealing target for cyber attackers whose methods have become sophisticated. And what is a better way to protect big data than investigating and analyzing the information breaches that occurred on platforms? Looking into the techs that organizations are actually using, such as VPN Services, social sign-ons, and biometrics, will provide insights into the movement of the attacks.

Final words.

There is so much more to understand when it comes to big data. But as organizations become more familiar with approaches like automation, deep learning, and artificial intelligence, the human side of the equation should not be cast aside.

As Wang said, “investing in big data is easy, but using it hard.” In the end, everybody hopes their participation in forging a new way of doing things will be worth it. But the determining factor is what the business world do: follow the data blindly or lead it to new heights.

No comments
Jeremy WebbWe Need To Talk About How Business Is Dealing With Big Data
read more

What Entrepreneurs Wish They Knew Before Starting a Home-Based Business

Learning from past mistakes is a smart way to make the most out of one’s experiences. But in business, as in life, it is also wise to learn from other people’s mistakes. As a budding entrepreneur, you may be pumped up to start a new chapter in your career.

Before you face the challenges head-on, know what will you be up against. Some can be detrimental to your startup; others can affect you personally. By finding out how others dealt with certain situations, you may be able to devise a better strategy or avoid them altogether.

Here are five lessons to help you begin:

A business plan is not an afterthought

At the very least, you need to know what product or service to offer, how to market it, and how to make money from it. While passion can be a strong driver for a person to pursue entrepreneurship, it has to go hand-in-hand with a profit-making plan.

Perhaps you will develop and design a website or serve healthy dishes on the go. To do what you love, set aside 15 percent. You will need the rest of your time for more technical tasks such as marketing, selling, and fulfilling logistic promises.

Running a business entails a lot of thinking on your feet. Having a plan from the get-go provides you with an anchor to hold on to when it is time to make hard decisions.

The path to leadership can be lonely

Founding a startup can be a lonely journey at first. Although you have family and friends to support you, they will not always understand the challenges you will go through. It will also take time to hire top talents. In other words, you may have no one to share the highs and lows with during the early stages. It is for this reason that some entrepreneurs fall into depression.

Forcing yourself out of isolation is the key. Joining a community of founders in your city can help with the stress and anxiety. Communicating your problems to family and friends well can also make things a bit more bearable.

Work-life balance is a myth

Launching your own business bears the promise of freedom and flexibility. However, a lot of would-be entrepreneurs should be aware of the limitations of their new pursuit. Foremost, there are the limitations in terms of time.

Best Paw Forward owners Dave and Anna France found out the hard way that running a business is a 24/7 job. They provide holiday care for beloved canines. In their first few years, they were bent on answering calls and responding to texts and emails.

Then, they realized that their personal time had been compromised. They learned that discipline and better planning of time should be part of your culture right from the start.

Asking for help is all right

Humbling oneself, accepting that you do not know it all, is often a forgotten virtue. Some self-starters are keen to document the lessons they have learned after trying a thing or two for their business. While confidence makes any endeavor possible, it should not get in the way of seeking help in areas of weakness.

As fashion designer Diane Von Furstenberg said, “Confidence in what you do is crucial, but that does not mean being delusional. You must always face the truth and then combat the obstacles as they appear.” It is also important to deliberately enlist mentors in your journey. They can serve as your internal board directors.

Cybercrime is a real threat

Data breaches are a real threat to home-based businesses. But according to a CNBC/Survey Monkey report, only 2% of owners see it as an issue that is critical to their daily operations.

From this figure, you can infer that millions of small enterprises are still unaware of how vulnerable they are to hackers. This lack of understanding of the security risks and rewards can result to negligence.

For some, the high cost of cyber protection is a huge drawback. Little do entrepreneurs know that devising a plan to mitigate the risks is not just about spending money.

Sometimes, the most practical you can do is securing your apartment WiFi, installing a virtual private network on your devices, and stepping up user authentication during logins.

No comments
Jeremy WebbWhat Entrepreneurs Wish They Knew Before Starting a Home-Based Business
read more

When It Comes to Startup Security, Strategize Like A Chess Master

Protecting your startup from malicious hackers can be similar to protecting your king from the enemy’s attacks in a game of chess. The similarity can begin with the way a chess grandmaster moves nimbly on the board with intent. He or she employs tactics (“short-term calculations to accomplish goals”) and a strategy (a long-term plan) not only to protect the pieces but also to capture the enemy.

If you are a novice founder, include cybersecurity in the list of things you need to establish in your first year. There is no reason to delay dealing with this issue. Avoid making the mistake of ignoring the challenges surrounding it. And make sure you tackle it with the mindset of a top chess player.

Here are 5 ways to help you get started:

Think ahead and plan

A cyberattack can halt your operations not only for days but for good. According to the US National Cyber Security Alliance, 60% of small companies closed within 6 months of a cyber attack.

The demise of Code Spaces, a source code hosting provider, serves now as a classic example. Hackers were able to gain access to its Amazon EC2 control panel and started to ask for a large sum in exchange of recovery.

When Code Spaces did not comply, the attackers deleted most of its data and other resources. The then seven-year-old startup was forced to shut down its services.

So think again. Shopping and setting up the best tools to improve your company’s security do not seem to be as high a priority as UX and product design. But you cannot risk losing your whole business because of a security crisis. Besides, clients today worry about online security as much as they fuss over system lags.

Master the opening, mid, and endgame strategies

Similar to the first, this point is about having a long-term plan regarding your startup security. It is not enough to say, “Okay, let’s try this service and see how it works.” Then you just replace it when it fails. For instance, two computer engineers identified vulnerabilities in 17 Indian startups collectively worth more than $10 billion. They concluded that “almost every startup here has security bugs.” It does not matter if you are one or 6 years old.

So how do you go about this as you are approaching 5, 10, or more years? Even Facebook has established a Bug Bounty Program. Planning to launch a mobile app soon? Set up security parameters early on. Or you will only make yourself more vulnerable than you think.

Be on the offensive and the defensive

In chess as in business, it is important to know who your enemies are. When it comes to cybersecurity, gone are the days when potential enemies would be disorganized and lack sophisticated tools to launch a devastating attack. From the get-go, you should concern yourself with protecting your organization from this kind of threat.

By playing the offensive, you are attempting to understand the plays and approaches of the attackers. You are also setting out to find your own vulnerabilities. Only after being on the offensive will you be able to develop barriers and fight off these malicious hackers.

Concentrate your efforts as an executive

Cybersecurity is a growing area of focus not only for businesses but also for governments. Even international organizations are treating it as a prominent issue. As a startup founder, it is not enough to leave it to the CIO. Take the time to look at online security, its nuances, and the changes surrounding it. Be a driving force, not just a signature on the budget approval form. Give your full support to the tech team members as they constitute an important aspect of your business.

Learn and outgrow yourself

Speaking of support, allocate resources for training your tech team. Encourage your employees to update their knowledge and skills by attending industry conferences and taking crash courses. Your security department should remain solid as hackers also make advances in their attacks. You depend on them as much as you do on the system they are in charge of protecting.

Aside from human resources, invest in infrastructure. Make sure you have the latest tools that will help you beat potential offenders.

Continuity is key in securing your online assets and services.

No comments
Jeremy WebbWhen It Comes to Startup Security, Strategize Like A Chess Master
read more

Top 5 Security Strategies for Home-Based Entrepreneurs from IoT Cyber Threats

The internet brought forth the age of home-based entrepreneurship. Whether you want to sell products online or launch an SaaS startup from scratch, all the resources you need are now accessible through your online browser. But as the world grows more connected through the IoT, enterprises big and small need to be craftier and more resourceful when it comes to cybersecurity.

According to statistics, that 60% of small businesses and startups fail within six months after being targeted by a cyber-attack. This means you should never skimp on security even in the early stages of your venture, especially now that skilled hackers can easily tap into the power of IoT devices to ignite all-out cyber warfare whenever they want.

But how can a startup that’s barely on its feet afford adequate security against the myriad of cyber threats out there? Simple – they need to focus on cost-effective security tools and DIY strategies to protect their data without breaking the bank.

1. Leverage Free DDoS Protection from Cloud Platforms

A DDoS or ‘Distributed Denial of Service’ attack is a major cyber threat wherein hackers attempt to bring a site down and deny service to its legitimate users. They usually leverage a network of infected computers, also known as ‘botnets’, to spam traffic and overload a website’s servers. As a result, you may lose several days’ worth of revenue and suffer a stained brand image for providing a bad experience to your existing customers.

Fortunately, you can easily deploy basic DDoS protection from providers like Cloudflare. Even with the free plan, your online business can have basic protection against cyber-attacks through SSL encryption and page rules. You can even take advantage of the free ‘Content Delivery Network’ or CDN to improve the page loading time for your online audience worldwide.

2. Utilize Encrypted Messaging when Working with Freelancers

Hiring freelancers is one of the fastest ways to mobilize your business plans. However, you need to be extremely careful when exchanging sensitive information online. To keep conversations private, you can use messaging apps with built-in encryption features like Telegram. Alternatively, you can enable encryption features in email clients like Microsoft Outlook.

In case your remote team prefers working in libraries, coffee shops, or any other public place, encourage them to do so via ‘Virtual Private Network’ or VPN. Doing so will prevent hackers from intercepting the information that they send and receive whilst connected to a public WiFi network.  

3. Use Parental Control Tools 

As a home-based entrepreneur, you may think that your children are the least of your worries when it comes to cybersecurity. But under the wrong circumstances, they could be the biggest physical and digital hazards in your home office. Apart from accidental spills and food droppings on important documents, children may also download malware into their devices unknowingly, which can easily spread to other devices in your network as they attempt to transfer files.

One way to childproof your home office and protect your data is to go paperless. For this, you’ll need cloud platforms like Dropbox or the G Suite. When it comes to their online safety, the easiest way to keep them protected is to use a comprehensive parental control software like Norton Family Premier. This will allow you to prohibit access to unsafe and inappropriate web content.

4. Implement DIY Smart Home Security for Physical Break-Ins

Home-based businesses typically employ professional security services to keep their assets safe from cyber criminals. While the initial fees of these services are more than reasonable, they often involve recurring costs that can quickly accumulate over time – from monitoring to the occasional maintenance.

Fortunately, there are now more cost-effective and lightweight platforms that can get the job done. With the help of IoT devices, home-based entrepreneurs can easily build their own smart home security infrastructure to protect against physical break-ins.

Here is an infographic that demonstrates the difference between DIY home security and traditional security services:

Infographic source: Ooma

5. Keeping Multiple Off-Site Backups

In 2014, Code Spaces – a UK-based SaaS startup – closed its doors after being hit by a DDoS attack and having their data on Amazon stolen by a hacker. Although not a lot of startups are prepared for such level of attacks, one of the main reasons why Code Spaces wasn’t able to recover is because they crammed all their backup data in the same location as everything else.

To avoid sharing the same fate, be sure to create multiple offsite backups of your important data. Doing so serves as a failsafe that will help you stay in business even after suffering a cyber-attack. In addition to creating backups to physical drives, you can also save your data through automated services to avoid the hassle of frequently creating backups.

No comments
Jeremy WebbTop 5 Security Strategies for Home-Based Entrepreneurs from IoT Cyber Threats
read more