clients

Saying Farewell to Windows 7: Why It’s Time to Move On to an Updated Product

July 20, 2019 by securewebsite

In the Fall of 2018, Microsoft announced that its Windows 7 product would experience its end of life as of January 14, 2020. This will have major implications for businesses as Microsoft will stop providing free Windows 7 support such as security updates. That means business leaders will have to choose between paying Microsoft an annual fee per device for updates and support to maintain Windows 7 or businesses will have to move on to an updated product such as Windows 10. This blog outlines what the end of life for Windows 7 will look like for the consumer, what your options are, and what the experts at ORAM recommend.

End of Life

Just as the human body runs out of steam and becomes too old or sick to continue to function properly, the same is true of technology. Newer, safer, better versions become available so the old technology typically goes the way of the Dodo. This is due to the fact that software manufacturers don’t have the manpower to continue to produce updates and provide support for older products as newer versions become available.

According to a June 2019 update for the Windows Lifecycle Fact Sheet, “Every Windows product has a lifecycle. The lifecycle begins when a product is released and ends when it’s no longer supported. Knowing key dates in this lifecycle helps you make informed decisions about when to update, upgrade or make other changes to your software.”

Extended Support Updates

While the end of life for Windows 7 is set for January 14, 2020, businesses not yet ready to make the switch to a newer version of Windows can opt-in for Extended Support Updates (ESUs). Businesses should be prepared as this extended support is expensive, especially for businesses that have numerous computers, and the cost will continue to increase over time.

For example, the first year of ESUs (January 2020 to January 2021) will cost $25 per device for Windows Enterprise and $50 per device for Windows 7 Pro. The second year of ESUs (January 2021 to January 2022), this cost will double and, by year three, it will double again.

In addition to the extraordinary cost for ESUs, the older versions of Windows won’t have the same capabilities on some newer devices which, again, limits its use.

“Prior versions of Windows, including Windows 7 and Windows 8.1, have limited support when running on new processors and chipsets from manufacturers like Intel, AMD, NVidia, and Qualcomm,” according to Microsoft. “A device may not be able to run prior versions of Windows if the device hardware is incompatible, lacks current drivers, or is otherwise outside the original equipment manufacturer’s (OEM) support period.”

Microsoft makes it clear on its site that, “If you continue to use Windows 7 after support has ended, your PC will still work, but it may become more vulnerable to security risks and viruses. Your PC will continue to start and run, but Microsoft will no longer provide the following support for your business (unless you pay the extra annual fee per device): No technical support, no software updates, no security updates.”

What it all boils down to is that without the continued support for Windows 7, businesses are putting themselves at a much higher risk of experiencing a breach or data loss.

It’s Time to Upgrade

In order to avoid security risks and viruses, Microsoft recommends that you upgrade to Windows 10. At ORAM, we agree with Microsoft’s recommendation that it’s time for businesses to make the move to an updated software such as Windows 10. Not only does keeping Windows 7 put your business at a higher security risk, which may put you out of regulatory compliance in some cases, but the cost of ESUs is prohibitive for most businesses and will likely cost your business more money in the long run than it would to upgrade, depending on your individual circumstances.

The software system of Microsoft 7 is very dated. It’s been out for 10 years now and Microsoft can’t maintain so many operating systems. To stay on the cutting edge of technology and save money, it behooves business leaders to upgrade their software.

Hardware Upgrades

In addition to software, now is the time to also take a good look at your business hardware. We recommend new hardware every three to four years to keep up with manufacturer warranties. We want to make sure our clients have hardware that is up to speed, can be effectively managed and is warranted by the manufacturer.

For machines more than a year old, ORAM recommends a hardware upgrade. The reason for this is that there is more activity happening online than there was just three years ago. This means consumers, the clients your business serves, use the latest technology and expect your business is doing the same. For example, voice recognition technology has made huge leaps and bounds in just the last couple of years and consumers are using it more every day.

If you make the move to upgrade your software without upgrading your hardware there are many steps to making the change. This can be costly in terms of IT hours and services. For starters, you’ll need to remove all information from your computer, install the new operating system, reinstall all applications, and then bring your data back over. The cost of that can be quite prohibitive as it can take three to four hours per device to make these updates to older hardware.

Installing new hardware with the new software already on board is more cost effective. It allows you to simply upload the apps you want and add your data. You’re all set to move ahead from there and it takes much less time. Of course, for ORAM clients on managed services contracts, installing new hardware and migrating data is part of our monthly services.

Beat the Rush

At ORAM, we recommend that our clients start getting ahead of replacements and upgrades now as hardware may end up on backorder depending on the increase in demand as we approach the end of life deadline. Additionally, you can expect that the cost of new hardware and software may even increase the closer we get to January. Also, you’ll want to schedule your managed services provider to perform updates and the swapping of hardware as soon as possible before they get completely booked.

For more information about end of life for Windows 7, software and hardware upgrades, or managed services, please contact ORAM Corporate Advisors now at (617) 933-5060 or visit us online.

The Modern Office and Connectivity: Why Access to IT Drives Today’s Businesses

June 13, 2019 by securewebsite

As we discuss what makes the modern office function fluidly, we cannot overlook the importance of connectivity. While the end user sees only a portion of internet technology (IT) that actually exists, the fact of the matter is that IT is the driving force behind today’s modern business. Not only does connectivity allow employees the access they need for top productivity, but it provides clients, customers, and business partners the doorway to the information they require as well.

Connectivity is all about how every one of us gets the information we need every day from email to secure remote access. When it comes to getting your end users access to corporate information securely and consistently, connectivity is key. It is connectivity that allows us to perform the normal, day-to-day operations of our business effectively and efficiently.

Email Access & Connectivity

Email access is a necessity in the modern business world whether you are working on your desktop at the office, your iPad on the subway, or your laptop at home. Connectivity allows businesses to provide every employee unified email access. With the latest IT, your business can provide fully synchronized connectivity across all devices at all times with all employee contacts, calendars, and email.

In today’s modern office, your workforce can access email from their smartphones, smart watches, tablets, laptops, and desktops with certainty. This means higher levels of productivity, ease of use for the end user (i.e. every employee), and flexibility, all protected with the level of security your business requires.

Not only is email access important for your employees but consider your business partners, subcontractors, and consumers. There are many people clamoring to communicate with your business on a daily basis and email is the lifeline of much of that communication. Without the right connectivity, your business partners may not be able to close the deal without immediate access to all team players; service providers won’t be able to access what they need to get your job done; and consumers may become so frustrated that they seek out other businesses that are connected to fulfill their needs.

File Access

Connectivity allows the modern office to have secure access to a variety of systems. For example, you can provide your employees with secure access through a virtual private network (VPN). Connectivity also gives them access to files through cloud-based systems such as OneDrive, SharePoint, Box.com, or Dropbox to name a few.

In many industries, businesses also require the ability to share access to information with organizational partners. When you need to share proprietary information securely with subcontractors and other business partners, which is the case in many industries, connectivity is there to achieve your goal. The right connectivity also allows this to be done so securely.

Meeting Customer Expectations

The modern consumer is incredibly tech savvy and they expect businesses to be the same. This means every business from the small mom and pop to the multinational corporation are expected to provide the same level of connectivity. No longer does the work day run 9 to 5. Customers want access to businesses around the clock and they have the voice to demand it.

The 2018 Deloitte GLOBAL Human Capital Trends report shows important changes facing business leaders worldwide. One of those is in the strength consumers now have, making business connectivity more important than ever. Deloitte’s global survey of more than 11,000 business and human resource leaders shows the “shift in power to the individual is being propelled by today’s hyper-connected world, which enables people to track information about companies and their products, express their opinions to a wide audience, and sign onto social movements, globally and in real time.”

Today’s consumers want to be able to connect with businesses instantly, get answers quickly, shop, and more, both day and night. Customers want to connect with your business on all levels. What’s more, they expect your business to provide that connectivity for them on any device they choose to use.

In order to retain clients and customers, connectivity is an absolute necessity, especially in industries such as retail, education, and finance. Not only will you need the right hardware and software to meet customer demands, you’ll also need business processes and the network infrastructure in place to implement connectivity. Connectivity can be achieved affordably allowing every business to draw in new customers, meet their expectations, and retain them.

The Future is Now

There was a time when businesses simply needed a website, telephone number, and/or email address for people to reach out to them. That is no longer the case. Mobile technology has exploded which has led to the need for businesses to be available 24 hours a day. With the “always on” mentality of the modern business world and the drive to meet customer expectations, connectivity has become the right hand of business. Now is the time to ensure your connectivity is up to par as the future has arrived.

What You’ll Need

In order to meet the connectivity expectations of employees, business partners, and consumers, you will need to implement several elements of connectivity. Begin by looking at your hardware. Are your computers, servers, modems, printers and other hardware up to date? If not, or if they are nearing their end of life, don’t wait to upgrade otherwise you may find your business falling behind the times and that can lead to a loss of customers and revenue.

You’ll also need to look at your software. This is a banner year for software changes. Several companies such as Microsoft will be allowing software programs to pass into their end of life cycle over the next few months. This means companies will be issuing new software programs to replace the old. Be ready in advance for changes because if not, your business could be at risk for breaches since updates to old software will stop being issued. Up-to-date software is a prime element of strong connectivity.

Cloud applications are also imperative for effective connectivity. A cloud application is a type of software program where local components such as your existing hardware and software function cohesively with cloud-based programs. This means your business will have to rely, at least to some extent, on remote servers and the internet. This piece of connectivity can make file sharing like that mentioned above simple.

Mobile apps are also becoming mainstream for modern businesses as well. Whether you are a retailer hoping to capture consumers online and allow them to shop anytime or you are a financial institution that wants to promote e-trading directly through your clients’ mobile devices, you can have an app constructed for your business. Whatever your need is to reach your target customer and keep them engaged, there’s an app for that. Many third-party service providers such as ORAM offer mobile app development for businesses at surprisingly affordable rates.

Social media is another piece of the connectivity puzzle that many businesses fail to recognize or utilize to its full potential. Modern businesses introduce their brand, express their values, and cultivate higher sales through the use of social media from Facebook to Twitter and LinkedIn to YouTube. Such social media platforms offer businesses the opportunity to connect with consumers, praise hard-working employees, tout their products and services, boost their brand recognition, and so much more.

Changing Connectivity

Just as your business plan is a living document, your connectivity will need to grow and adapt to the demands of your business and the outside world. Connectivity is never static and your business will have to be ready to change with the times. For example, even small businesses are realizing that they have substantial bandwidth requirements to meet their connectivity needs. Standard broadband is becoming a limitation with today’s high-speed world.

You may also find that you need to revisit your software licensing or usable hardware to facilitate the growth and speed your business requires. After all, the plan is to grow your business which means more hardware, software, and connectivity. The expectation is that the demands of connectivity will only continue to grow and morph as technology changes and continues to expand.

Competing in a Competitive Marketplace

When it comes to business, competition can be fierce whether you are aiming to garner more clients, increase sales, or hire an effective workforce. You need to ensure your connectivity is in top condition to achieve your business goals regardless of what they may be. The truth is that all businesses require connectivity to gain and maintain a competitive advantage in today’s marketplace. Furthermore, it will allow you to raise awareness of your brand, provide you further reach, and allow your employees to achieve more.

If you want to learn more about how to improve your business connectivity, modernize your office, or talk about your business IT needs, contact ORAM at (617) 933-5060. You can also connect with us online.

Bring Your Own Device vs. Enterprise Devices

April 20, 2019 by securewebsite

Why Businesses Should Make the Investment for Employees

Mobility has become a major asset for modern businesses. It gives companies an edge when employees can work from anywhere with remote access on any device ranging from a cell phone, tablet, smartwatch, or laptop. Mobile technology has enabled unsurpassed flexibility in the workplace the likes of which the world has never seen before.

But as Spiderman’s Uncle Ben said, “With great power comes great responsibility.” When it comes to mobile devices, many business leaders wonder which is better: Allowing employees to bring their own devices to work or dropping the money to provide enterprise devices to all employees.

The Advancement of Technology

The development of the smartphone has shifted the way people communicate on a daily basis. In a recent survey conducted by Zinwave, “Over 85 percent of respondents, which included more than 1,000 office workers within the United States, utilize their cell phones on a weekly basis, at a minimum, for external communications, and usage was only slightly lower for internal communications.”

Not only do modern workers use their phones for voice capabilities (i.e. phone calls), but they use email through their phones as a prime form of communication. The aforementioned Zinwave study found email was the preferred means of external and internal communication for people while they are at work.

The ability to access the internet, company information, and messaging services (text) has made smartphones and tablets a necessity when it comes to productivity in modern business. “For example, 65 percent of industrial and 62 percent of healthcare workers utilize work-related data daily for a variety of applications,” according to Zinwave.

Technology has removed boundaries, improved flexibility, and enhanced communications with lower overhead costs. It can be tailored to the user experience and specific needs of any business. Mobile technology has even allowed organizations to increase their revenue potential.

“In our information-rich society, there are two critical types of interactions that must be fostered: employee empowerment and customer engagement,” according to the blog “6 Ways Mobility Can Transform the Workplace” by iOffice. “For many, mobility has become the backbone of their interactive strategy.”

The BYOD Market

According to an online article at GlobeNewswire, the U.S. BYOD market size was $30 billion in 2014 and is expected to grow 15 percent by 2022.

“Declining hardware prices, increasing mobile user workforce, and high smartphone penetration are the factors responsible for increasing BYOD market share across the region,” according to the article, which sourced BYOD research by Global Market Insights. “Increasing personal technology along with IT consumerization is also expected to boost the industry.”

While the popularity and benefits of mobile devices speak for themselves, business leaders must consider whether to allow BYOD or provide the devices for employees. Traditionally, BYOD was a highly accepted practice. Recently, there has been a move to corporate owned, personally enabled devices (COPE), the practice of organizations providing employees with mobile devices due to concerns over security, IT compatibility, and legal issues over user privacy versus company control.

At ORAM Corporate Advisors, our recommendation for mobile device management is that every employee should have a corporate-owned device. With an enterprise device, you can manage all of the security, firmware upgrades, software applications, and tracking your employees require to do their job. Additionally, COPE offers many other benefits.

Providing Mobile Devices

When your business owns the line of service for its devices, it has more control. You get to select the devices you prefer your employees to use rather than paying for and having the headache of supporting all device types. Additionally, you get to keep your devices up to date so you aren’t forced to make your network support older devices.

Protecting Your Assets

A study from Wall Street Journal Custom Studios commissioned by Symantec, showed “79 percent of employees admit to engaging in risky behaviors- intentionally or unintentionally- that place corporate data at risk” and “48 percent of employees don’t think about security risks when transferring files or sharing documents over cloud-based services.”

With corporate devices, you’re protecting your business assets. If your business owns the devices employees use, you’re able to wipe them in case they are stolen or lost somehow. This can be done remotely and quickly for theft or loss to prevent personally identifiable information (PII), trade secrets, or other secret data from falling into the wrong hands.

If a device such as a smartphone is owned by the company, you can simply call the phone carrier and wipe the phone’s memory. You request this by stating, “I need access to X, Y, Z employee’s phone. Here are the records that we are authorized to do so.” If the phone is a BYOD that’s accessing the corporate information, your business doesn’t have that same ability. The employee owns access to the account and the functions of that device.

Easy Access & Support

The same is true of the ability to access data easily. This is important when every minute counts in business. Take a smartphone for example. If there are any files, emails, or different communications downloaded to a phone on a corporate account, you’re able to search and query that device on demand. This is an improvement over waiting for an employee to submit paperwork at the end of the month in their call log when you need information immediately.

In addition, employees who use COPE devices have support from your IT department. Employees’ personal devices may not be compatible with your business network which could cause functionality issues. With corporate-owned devices, employees can simply contact IT for assistance.

Regulatory Compliance

COPE devices allow a company to reduce their exposure to security risk as well as legal and human resource issues. With tighter control through COPE devices, your business can implement the security measures it needs to keep its data and network safe. Furthermore, litigation resulting from breaches, loss of data, and regulation non-compliance is reduced.

In a highly-regulated industry such as finance, your business will need to be able to report such instances of loss or theft against that device to regulatory agencies such as the Securities and Exchange Commission. This is especially important should your business be audited or examined by such an entity.

The Money Factor

You may be thinking that providing mobile devices such as phones, tablets, and laptops to your employees is not cost effective, but the fact is that it can be. First, consider that many organizations provide a stipend for employees who bring their own devices. That stipend in and of itself is a cost. If you’re going to have the cost regardless, you should have the control as well.

Group mobile plans are getting less expensive for businesses of all sizes and can be written off as a business expense on taxes at the end of each year. In addition, when it comes to tablets, laptops, and other mobile devices, organizations buy in bulk to get a better price which benefits both the business and the employee. Another option for reducing the cost is to set up a cost-sharing option for both the device and its use with your employees.

Finally, when it comes to keeping your business secure to avoid regulatory penalties for non-compliance, the potential for lost revenue, and easy access to data, the investment up front is worth the return. That sense of security is priceless for most business leaders who wish to avoid potential breaches, lost revenue, and issues that can be caused by disgruntled employees.

The Employee Factor

Consider your best salesperson. If they use their personal devices to access your business information such as sales logs, client contacts, and invoices, they have information that could potentially damage your business financially if they were to leave.

In addition, your salesperson likely gives your clients that personal mobile number so they can contact them if they need anything. If your salesperson were to leave the company, your clients would still call that salesperson who can then easily take your customers to their new company with them. This means a loss of revenue for your business.

Should an employee leave, your business gets to keep the phone number. This means their clients will still be contacting one of your employees at your business through the same phone number. This reduces the odds of lost revenue for your company.

Create Policy & Enforce It

Every business, especially those in highly-regulated industries, should create policies regarding BYOD. This is true regardless of whether you allow BYOD or employ COPE devices in your business. You need a very secure policy and the correct mobile device management in place. In addition, your policy should outline that only legitimate work will be conducted on these devices.

If you need assistance with BYOD or COPE devices, creating policy, or mobile device management, contact ORAM today at (617) 933-5060. Our IT and security experts are always here to help your business grow smart while reducing its risks

The Biggest Backup Mistakes Businesses Make

March 22, 2019 by securewebsite

Companies rely heavily on technology for their day-to-day operations – from customer service and ordering to manufacturing and accounting. Consider the technology, from hardware to software, your business uses to keep it moving forward every day. Now imagine what would happen if something went wrong and it stopped working. Whether a virus has paralyzed your operating system or a hacker has infiltrated your network, could you recover quickly to keep your business functioning? How will you recover lost data files crucial to your daily operations?

Disaster scenarios are not anomalies. Unfortunately, it happens on a regular basis and can have serious implications for businesses. This is why backup is so imperative to today’s business operations. While you may be thinking that you’re covered because your business has data backup, you might be surprised to know that this may not be functioning the way you think it is. There are several mistakes modern organizations make when it comes to data backup that every business owner should know about how to stay on top of their business backup.

Know What You Need

According to a piece in Small Business Trends online, more than half (58 percent) of small businesses are not prepared for a data loss. The article goes on to show that 140,000 hard drives fail in the U.S. each week. That’s right. Each week. Furthermore, it states that 60 percent of small to medium businesses that lose their data shut down within six months of the loss.

“On average, small companies lost over $100,000 per ransomware incident due to downtime,” according to an online article by CNN Business. “For one in six organizations, these attacks caused 25 hours or more of downtime.”

Businesses need to understand the massive impact system failures, regardless of the cause, can have on their operations. One of the first things business leaders should do to properly prepare their backup and disaster recovery (BDR) plan is ask themselves the following questions:

What data is mission critical to my business? Consider customer records, inventory, accounting, etc.
Where is that data stored, which systems run those applications, and how is it currently being backed up? Think about where business critical data is being stored, how often it is being backed up, and if your company regularly tests its backup systems.
How much data can my business afford to lose and how much downtime can it handle without long-term consequences? The answer to this question is your recovery time objective (RTO). How long can your business go without being able to process sales, manufacture products, provide services, pay employees, invoice clients, etc.? How quickly do you need to be able to rebound from such a disaster to prevent a loss of revenue, clients, and reputation?

The answers to these questions will help you outline the backup and disaster recovery needs specific to your business. Your IT manager should be able to answer all of these questions. If you don’t have an internal IT manager, a professional third-party IT vendor such as ORAM Corporate Advisors can help you formulate and implement a BDR plan that works for your business.

Cover Your Cloud

Another big mistake people make is not backing up what they have stored on the Cloud. The Cloud is not just some empty space where things are stored. It is actually a third-party storage option. In other words, instead of storing things on your own server, your things get stored on someone else’s server.

You need to ensure that you don’t forget to back up your Cloud email, storage, and files. I would not trust a third party to maintain that data for me. At ORAM, we recommend Backupify as a terrific back up option for everything you have on the Cloud.

Though you have stored all of this information on the Cloud, backing up that data is important for a variety of reasons. First, you may need to back up that information to meet industry standards or government regulations. You also want to be prepared in the event your business is attacked by a virus, ransomware, or other hack. Additionally, there are disasters that can unfold such as earthquakes, hurricanes, fires, and others that are beyond your control that can negatively impact your data. Internal threats such as disgruntled employees can compromise data that is imperative to your business as well by simply deleting it. Backing up your software as a service (SaaS) avoids, or at least reduces, the impact of such devastating crises.

Testing, Testing, Testing

One of the biggest backup mistakes people make is not testing their backup systems. Businesses will install applications or programs and let them go to work. They fail to define what exactly is being backed up and then they never test it.

For example, consider some of the online services businesses use such as Carbonite. Back in the day, Carbonite didn’t back up their QuickBooks files. People would install the software on their computers and think everything was backed up but, lo and behold, it wasn’t. Databases, like QuickBooks, were not getting backed up because the file was constantly in use by other software, therefore, they weren’t able to take a snapshot to back it up.

To date, some backup programs like Carbonite don’t backup everything you may need to have restored in the event of a disaster scenario. While some software is very good at backing up common files such as documents, photos, and spreadsheets, they can fail to backup less-common file types such as secondary files or files larger than 4GB. When it comes to backup, this could put a real damper on your business operations should the worst happen.

Backup testing should be fully automated so as not to pull human resources away from your business operations. The automated system should test backup and restoration services for the following:

Virtual Machines
Applications
Databases
Individual Files

Ideally, your automated backup testing should occur each time your system is completely backed up though this rarely happens. Backup testing should happen on a regular basis not only to ensure that backup is happening as it should but also that it can handle the additional data your company is creating as your business expands.

Additionally, testing should do more than just check that your data is being backed up. It should also test your recovery so you have information about the length of time you can expect to be down if your system is struck by disaster. This allows you to be specific with your clients, partners, and others about when they can expect your systems to be functional again rather than giving an arbitrary message that your system will be up and running again “soon.”

Backup Everything You Need

Another thing I would say is a backup mistake people make is not taking a full snapshot of their environment. As an example, for a long time people did file-based backup. They simply backed up the files on their computer. In reality, you don’t want to backup just the files on the computer.

Using an old-school analogy, you want to put the tape in the VCR and hit play. That’s what we call a snapshot. We say, “Ok. This device has failed. Let’s do a restore to a point in time and then we can just go from there.”

In the era of ransomware, crypto viruses, and other threats to business operations and data, you want your business to be able to be back up and running as fast as possible. Whether it’s a server or a computer, you need to be able to hit that VCR play button for a certain point in time. This allows the business or the person to move forward as fast as possible.

This environmental snapshot is important. Statistics from World Backup Day, which occurs on March 31 each year, shows one in 10 computers is infected with viruses each month yet 30 percent of people have never backed up their data. This statistic alone demonstrates the importance of having automated backup software such as Mozy working on a regular basis to protect your business.

How can these mistakes be avoided?

The best way to avoid these common business backup mistakes is to ensure you have proper procedures in place that meet the specific requirements of your business and that they are functioning properly. Confirm that your business network is backing up weekly and consistently test a full restore of your systems to ensure that everything is backing up, so you never have to worry. Check to ensure that your data is not only being backed up regularly and backing up everything, but be sure that your recovery plans are functioning smoothly as well.

Be sure to do your homework when looking for the best backup and recovery plan for your business. PC Magazine put together a piece in January, “The Best Cloud Backup Services for Businesses for 2019” with a full chart of backup software options in the Cloud. The chart compares various software with ratings for everything from price to encryption in transit and regulatory compliance.

Check with your internal IT manager or consult with a third-party IT vendor such as ORAM Corporate Advisors to make sure you have the right processes and procedures in place. This third-party consultant can also help you with regular testing to make sure your network is backing up as it should and that your recovery system is also functioning effectively and efficiently. They can make software recommendations based on the unique needs of your business. For many businesses across several industries, such testing can also achieve regulatory compliance requirements as well.

If you have questions about developing a backup and disaster recovery plan, implementing it, or for testing, please call the experts at ORAM at (617) 933-5060 or contact us online. Schedule your free initial consultation today to achieve your IT goals within your budget.

The Dark Web: What it is, how it impacts your organization, and ways to protect your business

October 19, 2018 by securewebsite

The Dark Web sounds like the name of Hollywood’s latest horror movie. In reality, it is something much scarier. It can rob your business, negatively impact employees, and shutter companies.
While you can’t see it, the Dark Web is a huge threat to the stability and continuity of business. Knowing what it is and why it is threatening is the first step to protecting what you have built with hard work and dedication. Here is what you need to know about the Dark Web, why it’s so dangerous, and ways to best protect your organization.

What is the Dark Web?
The Dark Web is the shady side of the World Wide Web. Digital communities on the Dark Web are accessible with special software that allows users and those operating dark websites to remain anonymous and untraceable. While it offers some legitimate uses, it is estimated that more than 50 percent of all sites on the Dark Web are employed in criminal activities. This can mean everything from the theft of digital credentials to their disclosure through sale.

Your Credentials
Digital credentials such as usernames and passwords keep you and your employees connected to critical business applications, email, and other online services. Criminals know that if they can get those credentials, they can access everything from your business’s list of clients to your trade secrets and funds. This means digital credentials are some of the most valuable pieces of information floating around the Dark Web.

Credential Theft
Criminals steal credentials from login information for social media platforms such as Facebook to dates of birth and credit card numbers. The problem is that many individuals and companies often fail to realize their credentials have been stolen until it’s too late.

In more than 75 percent of cases, it is law enforcement or another third-party that notifies a victim that something is amiss. By then, it’s usually too late to prevent data theft or a serious breach that could stop your company in its tracks, lead to a loss of customers, or even bankrupt your business.

Human Resources and Payroll
Your business relies on its human resources and payroll department(s) but these valuable individuals are some of the biggest risks to your organization’s digital security. When they utilize their work email to access websites and programs such as ADP, Paychex, and Ceridian, it can open the door for criminals who have stolen their credentials.

Cybercriminals can use their stolen information to heist the personally identifiable information (PII) of other employees, access payroll information, and even steal from the company coffers. Such breaches can also lead to other criminal activity such as the identity theft of employees or customers.

Client Relations Management
The client relations management (CRM) tool your business uses allows you to communicate seamlessly with your customers. This is great for your business and it’s great for cybercriminals, too.
Pretend for a moment that you have used the same password for your eBay account as you do for your business’s HubSpot. If a hacker steals your eBay credentials, they can access your business’s HubSpot. They can now send an email to your clients pretending to be you. The hacker can ask your clients for anything they want from money to their PII. This can ruin your name and reputation with your clients and within your industry as well as that of your company.

Communications
Another risk lays in your company’s communications from Verizon to Adobe and T-Mobile. For example, if someone wants to hack your AT&T account, they may be able to reveal your payment information from a bank account or credit card. Now they have access to your accounts and can steal money from you and/or your business. Using your mobile number, they can also spoof text messages, reset your bank account password, and access your cash as well as other websites, social media platforms, and other apps you utilize.

Business tools such as email services can also become hacked with the theft of employee credentials. Whether your company uses Gmail, Yahoo, or Office365, these are all hackable. Once someone has access, they can send spoofed emails to clients pretending to be you or an employee asking for more information or even money.

Collaboration
While collaboration among employees, contractors, and vendors is typically considered a positive attribute in business, it can also put your organization at risk. Many individuals and businesses today use Dropbox as a great method of file sharing and collaboration. Such files often contain a plethora of valuable information including trade secrets, PII, and client data. A hacker can use this information to spoof emails, gather data from clients, and target them as their next victims.

Travel Services
If your business employs a travel service to help them get from point A to point B, this can be another security risk. Companies such as Expedia, Travelocity, and Orbitz typically store your credit card information along with other PII that can be devastating in the event they are breached.

Be sure to employ different login credentials for each of these websites to best protect yourself and your business. Use multi-factor authentication if it is offered and don’t store your billing information with these sites if given this as an option.

E-Commerce
Whether your company orders office supplies online from Staples/Office Depot or your business sells products through Amazon/eBay, this is yet another area of risk. Again, stolen credentials can allow for the theft of PII and access to financial information that can drain your bank account before you realize what has happened.

Banking & Finance
Programs such as QuickBooks or Freshdesk or banking apps from financial organizations such as Bank of America or Wells Fargo can also lead to problems when it comes to credentials. If a hacker steals access to your bank accounts, credit cards, or financial programs, it can be truly devastating for your business.

Imagine having all of your accounts wiped out. How will you pay your employees, cover your business mortgage, or pay out contractors? Once the money is gone, the likelihood you will ever see it again is minimal, as hackers can be very difficult to trace and, even if you do get it back, how will you cover your business expenses in the meantime?

Social Media
If your employees or business are on social media, which most are, this can put your business at higher risk for a breach. Pages on social media can be easily spoofed or copied. A cybercriminal can invite your friends and followers, steal their information, and worse. This can ruin your reputation whether the hacker takes an unpopular political stand on the false page or accesses more people to victimize through spoofing of their personal or business pages.

Other Employee Risks
In addition to the threat of employees having their work credentials stolen, their personal credentials can also put your business at risk if they end up in the wrong hands. For example, if an employee uses their LinkedIn credentials such as their username and password for work in QuickBooks, they can expose your company to a breach. Employees should be trained to use unique usernames and passwords for each program, app, and website they use. This is true not just for work but also for their private internet use as well.

While it can be cumbersome to keep track of different usernames and passwords for each website or app they use, there are password management tools such as MyGlue or LastPass that can keep track of them all. While some of these password management programs are free, some do have a minimal cost associated with them. Remember, you get what you pay for in business. Some of the free apps are poorly encrypted locally on your own device so if you get hacked, the bad guys will still have access to your information. We advise working with a larger company so you know they have the manpower and ability to keep your information safe and secure.

Users often have the same password for multiple services such as network logons, social media, and online stores. This greatly increases the potential for a breach. Train and retrain your employees on cybersecurity. It is worth the investment as is paying a small annual fee for a secure password management tool. Consider this well spent money as an operating expense just as you do with your marketing budget.

Combating the Dark Web
At Oram, our experts are able to search the Dark Web so you don’t have to. Using Dark Web ID from ID Agent, our experts search for your personally identifiable Information (PII) on the Dark Web to determine if you are at risk of experiencing a breach. This gives you time to protect your information, notify your bank or lender, and change passwords before you experience a breach.

How Dark Web ID Works
Dark Web ID is a commercial solution to detecting compromised credentials in real time on the Dark Web. It offers the same advanced credential monitoring capabilities that are employed by Fortune 500 companies. This specially designed software connects to multiple Dark Web services including Tor, I2P, and Freenet where it searches for compromised credentials. With this proprietary software, you don’t have to expose your own software, hardware, or network to these high-risk services directly.

By searching the most secretive and covert corners of the internet, Dark Web ID locates compromised credentials associated with your business, contractors, and personnel. If we find credentials that compromise your company, we notify you immediately BEFORE you become the victim of identity theft, data loss, or a breach. The real-time awareness of compromised credentials Dark Web ID provides means you will know if your PII has been stolen so you can safeguard both your personal and business assets before it’s too late.

Be Prepared
The more information you have, the more valuable it is and the more prepared you can be. We employ extensive logging and reporting capabilities that allow us to track your credentials and the credentials of your employees on the Dark Web. As a result, we can triage incidents quickly and create effective policies and procedures to reduce the risk to your business.

How It Helps Businesses
We use the Dark Web ID as a tool to identify compromises throughout your organization that could put your company at risk for a data loss or major breach. With this software, we are able to monitor the Dark Web 24 hours a day, seven days a week, 365 days a year. It is so effective, it reports more than 80,000 compromised emails daily. In addition to email, the program searches and monitors the following platforms frequented by cybercriminals:

• Hidden chat rooms
• Private websites
• Peer-to-peer networks
• Internet relay chat (IRC) channels
• Social media platforms
• Black market sites
• 640,000+ botnets

Predictable Patterns
While it is good practice to be prepared for a breach, it’s even better to have a warning that one could be coming. Using Dark Web ID, we can identify industry patterns. If we see that your industry is starting to come under attack, we can share that intelligence with you to best protect your employees, your business, and your consultants.

Prevention is the Best Medicine
While a network attack may be inevitable, they can be made less destructive and costly. With proactive monitoring of stolen and compromised credentials, you can be alerted to prevent losses before they happen. With alerts that tell you when your credentials have been stolen, you can respond immediately to prevent a breach.

By employing monitoring services and software such as Dark Web ID, your company can move toward compliance with data breach and privacy laws. Our experts can even help you develop and implement a data breach response plan.

If you would like more information about the Dark Web, Dark Web ID, or reducing cyber risks to your business, please call Oram today at (617) 933-5060 or visit us online.