Facebook-f Twitter Linkedin-in

data security

The Modern Office and Security: What you need to know about protecting your business and its data

by

One of the most critical components of the modern office environment for a healthy, scalable business infrastructure is security. It is the cornerstone of your IT for it protects the other components that your company needs to keep thriving and surviving in the modern marketplace. Today’s business security entails much more than just an anti-virus program and requires some pre-planning as well as a regular investment of time.

This blog covers the most important things every business should know about security. Additionally, it includes what business leaders should consider to best protect their organization, data, and clientele. As you will see, having the right security in place can make the difference between growing your business and shutting its doors permanently.

Secured Access

Every business should have secured access in place for both internal and external users on its network. As a modern company, both internal and external users will be accessing your data whether its email or highly-sensitive information not meant for prying eyes. This is important because data falling into the wrong hands can cost your business its reputation, revenue, and even its livelihood.

According to the 2018 Data Breach Investigations Report by Verizon, 73 percent of breaches were perpetrated by outsiders. This means your business data needs to be protected as much as possible and that external access to your network should be limited and monitored at all times. Hackers are always looking for a way to infiltrate networks. Phishing, ransomware, and malware were among the top means used by nefarious outsiders to access business networks in 2018. Of those breaches studied, 90 percent were motivated by monetary gain or strategic advantage (i.e. business espionage).

While you may believe that your business is too small for anyone to care about hacking its data, think again. A report by USA Today shows 61 percent of cyberattacks are aimed at small and medium-sized businesses. The same piece reported that a whopping 60 percent of small businesses close their doors for good within six months of an attack so it’s clear why security is so imperative to business survival in our modern society.

Though most breaches occur due to external sources, insiders can be just as dangerous to your business. Whether due to simple user error or something more insidious such as a disgruntled employee or cyber espionage, the aforementioned Verizon report concluded that 28 percent of breaches involved internal actors. Of those breaches, 12 percent involved privilege misuse. That’s why we always recommend implementing the practice of least privilege. This means allowing access to data only to those who require it to fulfil their job duties.

Email Security

Email is the bread and butter of communication for most modern offices. The use of email for both internal and external communications is a necessity for today’s businesses so securing it effectively is imperative. The issue is that it is also a major point of entry for many attacks.

A blog by CSO from IDG shows that 92 percent of malware is delivered by email. In addition, the blog stated that the average ransomware attack (which often occurs via email) costs a company $5 million. The same blog also stated that phishing attacks is one of the most common methods of email malware infection.

There is email and network scanning software available to help protect your business. At ORAM Corporate Advisors, we recommend Mimecast for email protection. It is a terrific solution to help organizations prevent email-borne ransomware as well as protect against the associated downtime and data loss such attacks can cause. ORAM recommends Mimecast because it “safeguards employee communication and reduces risk with targeted protection, data leak prevention, and enforced security controls.”

Mimecast, which I mentioned above for email and network scanning, is also an excellent solution for data loss prevention. Its data loss prevention solution scans all emails and file attachments and identifies potential leaks using flexible polices based on keywords, file hashes, pattern matching, and dictionaries.

Another piece of modern technology you’ll want to have in place is multi-factor authentication. Multi-factor authentication is a security system that requires more than one method of authentication to verify a user’s identity. This can range from requiring passwords that must periodically be changed by legitimate users to requiring a one-time PIN provided via smartphone for access. It adds an extra step for employees to access your network but it will help ensure your business’ data security.

In addition to software, we also recommend that employee training become a regular event. Every business should offer employee training during the onboarding process and at regular intervals throughout the year (every six months) to every employee. They should be trained not to click on email attachments or to follow links in emails from unknown or untrusted sources. Employees should also be taught to verify emails with links and attachments with a trusted source before opening them if something comes into their email that they weren’t expecting. While this training can take some time, it can prevent a costly breach later on.

Manage Your Network

While securing access to your network is important, managing your network is even more imperative to keep business operations running smoothly. Your network houses your most critical data while supporting the daily workflow and processes of your business. That means maximizing uptime, optimizing network capacity and utilization, and ensuring its protection.

There are a great deal of pieces that comprise your network and all of them need to be addressed on an ongoing, regular basis. Start with a network technology assessment and auditing. This will tell you where your network is in terms of optimization and data security. By assessing where your network is now and taking a full audit, you will be able to tell where your strengths and weaknesses are to tweak it to work at full capacity for your business needs.

In addition to regular assessments and audits of your network, you will need to plan ahead for storage, disaster recovery, business continuity, and more. Here are some of the things that go into managing a business network:

  • Email Continuity
  • IT Asset Tracking and Reporting
  • High Availability Services
  • Cloud Solutions
  • Network Design, Implementation, and Support
  • Data Assessment, Analysis and Recovery
  • Security and Monitoring Services
  • Workflow Assessment and Optimization

Up-To-Date Security

Your business should also have up-to-date technology security in place. You will want to ensure that your company has installed intrusion prevention software on all of its data networks to keep hackers from getting their hands on your information. You can check to ensure you have such software in place during the audit process.

The intrusion prevention system we use at ORAM is Cisco hardware that scans on a network level. It scans everything going into and out of your network to ensure that your network traffic is safe. This could catch someone maliciously trying to access your internal network, bad email attachments, and other threats.

In addition, you will want to put together policies for your employees that protect your business. Ensure you have a solid computer use and data loss prevention policy in place so employees know exactly when and for what purposes they can use their company devices. Make it clear what sites they should not visit and what the repercussions are for visiting non-work related sites on business devices.

You’ll also want to have a password policy in place so employees are not using the same passwords for multiple accounts or old passwords that could leave them at risk of being hacked. Passwords also need to be strong so encourage your employees to develop passwords that use letters (both lowercase and capital), numerals, and special characters. There is even software available to prompt your employees to change or update their passwords over time. You may even offer your employees a password manager so they can easily recall their passwords.

Many enterprise businesses are also moving to the cloud. Not only does this allow for greater flexibility for your employees, but it can offer greater data security. When you save both to your local network and the cloud, you have your data backed up. This is ideal in the event of a disaster and will get your business up and running again with less downtime or the worry that valuable information can’t be recovered.

Don’t Forget Your Physical Security

Remember that all data is not digital. Whether you have data files stored in locked filing cabinets or your HR employees are printing personally identifiable information (PII) during tax season, the physical security of your business is just as important as its digital security. You don’t want someone walking out with printed files or sifting through your garbage to steal information.

ORAM recommends that all businesses have a clean desk policy. This means requiring that all employees keep their desk clear of papers, notes, and other information that could lead to a breach or loss of information if it were to fall into the wrong hands. When they are not as their desk, employees should have a clean desk since everything should be put away, hopefully under lock and key.

Businesses should also limit physical access to certain areas such as file storage areas, server rooms, and other places where information is stored. If an employee doesn’t require that access to do their job on a regular basis, they shouldn’t have access. Such areas should be locked with limited persons possessing keys for access. We also recommend adding video cameras at data rich entry points to protect against a physical breach. This small addition will let administrators know who accessed the area(s) and when they did so which will help in an investigation.

Finally, you’ll want to ensure that all data is properly disposed of. Shred all hard copies before tossing paper information and consider hiring a disposal company that handles this type of waste. Don’t leave such waste out on the curb for anyone to take. Ensure the company will come in to gather paper for disposal. In addition, make sure that valuable paper data isn’t thrown into the recycle bin but is shredded before being thrown out. When it comes to cyber espionage, dumpster diving isn’t unheard of.

Have a Plan

Every business should also have a written information security plan (WISP) in place. It should include everything from regular IT audits to employee training. There are many mistakes that businesses make when it comes to backup that are completely preventable. Your WISP will outline effective administrative, technical, and physical safeguards specific to your organization to help prevent such mistakes. It will also define security measures for your business, protect against anticipated security threats, and unauthorized access. The WISP for your business will put safeguards into place to protect your data. It will also help you and your employees know exactly what to do and who to contact if disaster strikes.

If you need help with securing your modern office or want more information about building stronger security for your business, contact ORAM today at (617) 933-5060. Our experts are always here to assist you in bettering your business and data security.

Budgeting for Technology in the New Year

by

How to squeeze the most out of your IT and save your business money

With the New Year in full swing you’re probably preparing to implement your updated information technology (IT) plan. As a business owner or leader, you probably have many questions such as, “How much should my business budget?” You may also be wondering if you’re making the most of the IT you already have in place. In this blog, we break down what every business should be budgeting at the very least as well steps for ensuring your business has the technology it needs and that your network is as secure as possible.

Cloud Computing
If your business has not yet migrated to the cloud for your email and other services, now is the time to do so. There are several reasons it is best for businesses to move to the cloud. From saving money to better data security, cloud computing offers a ton of benefits to modern businesses.

To begin, establishing and maintaining your own data storage is expensive. Not only do you need to purchase the right hardware and software, but you have to hire people to install it and set it up. Cloud computing allows you to pay for just the services you use and can reduce your IT costs. It is so affordable that is was estimated in research by McAfee that nearly one-third of worldwide enterprises would be using software-as-a-service (SaaS) by the end of 2018. Cloud providers typically charge based on the features you choose, storage used, and number of users. Most also charge for time and memory space. This means you get to select the package that best suits your IT budget.

Cloud computing also allows you both flexibility and scalability. Cloud computing lets your employees work from anywhere they have internet access through virtualization. Giving employees the option to work remotely means you can cut the number of workspaces at the office further reducing your costs. In addition, scaling Cloud computing services is a cinch. You don’t have to spend a ton of money on new servers, storage, and licenses as your business grows. With the cloud, you just sign up for additional storage space or features as your business needs them.

If you store your own data, a breach or disaster such as a fire could devastate your business’s valuable information. With the cloud, your data will always be available as long as users have internet access. Many businesses use the cloud specifically for backup and disaster recovery for this very reason.

Data security is also a top priority in this day and age of hacks, breaches, and ransomware. Email is the lifeblood of most businesses to ensuring it is secure should be a top priority. Storing data and using email on the cloud is often more secure than storing it or hosting on physical servers and data centers in your office. Laptops and desktops can be stolen as can other hardware. Data on the cloud can be deleted remotely or moved to a different account and hackers face a greater challenge in breaching cloud platforms so your data is simply more secure. As a matter of fact, 85 percent of enterprises keep sensitive data in the cloud according to Vormetric.

Finally, cloud computing is one of the most effective ways to promote collaboration and it gives you a wide variety of service options to choose from. Your employees will be able to easily share data, collaborate on projects, and provide updates in real time from the field. Time wasted on repetitive tasks such as data entry are no longer an issue and you get to choose the services your business really needs whether it is abundant storage or software from a wide range of providers.

Leveraging Your Existing IT
Hardware and software can be hugely expensive investments for many businesses. Your business needs to get the most out of every bit of IT it has invested in. For example, you may already be using Office 365 for email but is your business using it for file sharing or collaboration between teams? A network assessment and IT audit can tell you where you have room for improvement, opportunities for growth, and options for cost savings.

A study by Bank of America in 2017 revealed small business owners found the greatest barrier to achieving a balance between work and their personal life involved administrative tasks. Perhaps you have software that can help you automate administrative tasks to help your business free up time. For example, Intuit’s QuickBooks Self-Employed software has an expense management system built right into it. An independent IT auditor can show you how to best use what you already have to meet your organization’s needs without spending more money unnecessarily.

Hardware Replacement
Most businesses cannot afford to replace their desktops and laptops all at once. This is especially true when the average lifespan of a desktop today is between three and five years according to a piece by Chron, an online news source.

“Of course, this number is just a generalization and a number of factors play into lifespan, ranging from the computer’s quality, care, and room for upgrades,” according to the blog, “What is the Life Span of the Average PC?” “For small business owners, every new computer is an expense and an investment, one whose worth over time largely depends on how you use it and care for it.”

Laptops are also a typical expense for most businesses. According to a blog by TechGuided, the lifespan of a laptop will depend on the quality of the product you purchase, how often it is used, and how it is maintained. “A mid-range laptop should probably last around four to five years, though, give or take a year or two depending on how you use it,” advises the piece.

To make such updating of your IT more affordable, we recommend making replacements in quarterly cycles rather than all at once. Your IT personnel or your IT auditor can make recommendations as to which hardware needs to be replaced immediately, which can hold off for a few months, and which pieces still have a good life ahead of them. Based on these recommendations, you can schedule a plan for cycling out old hardware each quarter on a regular basis. This serves to level out your IT spending rather than investing a ton of money all at once.

According to an article by Business.org, businesses should “expect to pay between $400 for a basic model with limited storage space to $3,500 for a top of the line desktop with a large hard drive. Desktops also range in price based on operating system as well. For example, models that run Windows may be less expensive than Apple models. Apple desktops vary in cost from $1,500-$3,500, depending on which features you need.”

The same piece also stated that laptops “range from $300 for the most basic models to $3,000 for high-speed models with large storage capacity. Similar to desktops, laptops also vary in cost depending on which operating system you prefer. Apple laptops tend to fall towards the middle of the price scale, ranging in cost from $1,000 to $2,500. Laptops that run Windows have a wider price range, and cost depends mostly on features and brand.”

The Latest Software
In addition to hardware, businesses will also need to consider the software they are using. When you purchase software, it is licensed to your business and may have an end date to your user agreement. Additionally, software changes over time and there may be upgrades that could benefit your company or even new software that is better than what you have.

This is where the IT audit can once again assist your business with saving money. Your IT auditor can evaluate your existing needs versus the software you have in place. They can determine if you have the latest software or if the software you have simply needs to be patched or updated. A real IT expert can educate you about software to help you achieve your business goals while saving you money. Based on their recommendations, you can choose to either use what you already have or purchase better software to save your business money over the long term.

Email Security
As we mentioned before, email is as critical to business continuity as breathing is to life. That means you need to have quality security for your email. Software such as Microsoft Office 365 and other programs can scan for threats, identify phishing attempts, and filter spam. Programs such as Mimecast offer many of the same advantages and can also aid employees when it comes to identifying websites as safe or unsafe to visit based on URL reputation. Anti-virus, anti-spam, and firewall software are also good to include in your IT plan.

The cost of software will vary by brand and product. For example, a one-year subscription to Office 365 Unlimited Professional is just $99.00 online. That cost covers up to five desktops, five tablets, and five mobile devices such as smartphones. There are also monthly subscriptions to Office 365 Business for as little as $8.25 a month. What you spend will ultimately depend on what software you purchase or subscribe to, how many devices you need to cover, and for what length of time.

Technology Awareness Program
All of the hardware and software in the world won’t protect your business if your employees are not technology savvy. Any IT expert will tell you that regularly-scheduled, ongoing employee education is the cornerstone of securing your business data. This is something that every business should budget for because it’s your employees that can make or break your business.

The cost of security awareness and end-user training will, again, vary from business to business. This is because most companies that handle Technology Awareness Training programs, such as Oram Corporate Advisors, base their rate on how many people are being trained, how in depth the training will be, and how frequently you host trainings. Ideally though, businesses should train every new employee as part of their onboarding process with all-staff training every six months to keep employees updated on the latest threats and how to avoid or combat them. This investment in training will pay off in dividends as each employee becomes more aware of the threats they face and their role in protecting your business.

At the end of the day, how much your business should budget for technology this year will depend on a variety of factors from how you store your data to what hardware and software you have as well as your business goals. If you would like more information about IT asset management, network assessments and IT auditing, or other IT support services, please contact Oram at (617) 933-5060 or visit us online. We can even schedule a free technology assessment to get your business started off on the right foot in 2019.

Major components of a solid cybersecurity plan for businesses

by

It happens every day. Businesses of all sizes experience data breaches which can lead to the loss of proprietary or private client data, damage a company’s reputation, or even unleash lawsuits. The consequences can be so damaging, in fact, that an organization may face closure as a result.

In addition to the aforementioned concerns, small to medium-sized businesses face additional challenges that larger businesses often don’t; a lack of IT personnel, funding for strong IT, and knowledge for developing a cybersecurity plan, for example. With that said, there are several major components every business owner and leader should consider when creating a solid cybersecurity plan that will serve to best protect their organization.

IT Audit
The first step in creating a cybersecurity plan for your business is to conduct an IT audit. An IT audit is when your company’s information technology (IT) infrastructure, policies, and operations are examined and evaluated for security purposes and to see if they measure up to best practices. This will help determine where your security is strong and where it needs improvement.

Information technology audits allow businesses of all sizes to determine if the controls (hardware, software, practices, and policies) they have in place protect the company’s assets, ensure the integrity of data, and align with the organization’s overall goals. These audits are typically conducted by IT auditors who examine the physical security of your business in addition to the security of your information systems ranging from financial controls to your company’s overall business policies.

Some IT organizations such as Oram Corporate Advisors offer free technology assessments to get you started. These free technology assessments can assist in strategically evaluating whether your IT infrastructure is ready to grow, identify areas of opportunity for improvement, and can “red flag” areas that require deeper analysis and adjustments. Just remember that all technology assessments are not created equal and you often get what you pay for.

When it comes to IT audits, they can be expensive, but businesses need to have them to secure their organizational data, assure clients that their information is safe, and to protect their reputation. Additionally, many industries are now required by their state and/or federal government to participate in regular audits among other IT regulations. Be sure to check with your state and federal government to determine if your business is affected by such IT regulations. Your IT auditor should be able to answer these questions for you as well and assist your business with regulatory compliance requirements.

The cost of an IT audit can be prohibitive for many small to medium businesses. As a matter of fact, they can run into the thousands depending on how much work has to be completed to conduct the audit. Fees are typically charged on an hourly basis and can range from IT company to IT company. Most IT auditors should be willing to give you a free estimate, however, so you know what your investment will be.

Employee Training
The next step in developing a solid cybersecurity plan for your business is to train your employees. After all, your employees can be your strongest line of defense or your weakest link. Information technology best practices require regular IT training for all employees.

Every employee should know certain IT rules such as not opening emails or attachments from unknown or untrusted sources. Phishing scams are one of the most common ways hackers attempt to infiltrate business networks using email. Other items employees should be trained on include spear-phishing, executive whaling, and malware. Training should also include specific company IT policies and procedures that support better data security. Employees should also be trained in a myriad of other topics such as the proper disposal of confidential data (both digital and hard copy), how to handle requests for information, and how to report a suspected breach.

A blog by Forbes magazine online offers small and medium businesses five tips on how to train employees. While these are general training guidelines for any type of employee education, they can also be applied to IT training. In addition to hosting your own educational meetings, most IT companies offer employee training for best IT practices as well. The cost for such training will depend on which company you hire, how frequently you wish to schedule training, and how many employees you have.

Your WISP
The third component of your business cybersecurity plan should be your written information security plan or WISP. This encompasses many items and includes several steps in and of itself. You will need to sit down with an IT specialist and outline a WISP that is specific to your business and the information it holds. Your WISP will need to include the following at a minimum:

Objective– Outlines your WISP including the creation of effective administrative, technical, and physical safeguards for the protection of personal and proprietary information.

Purpose– Outlines what your WISP will do such as ensuring the security and confidentiality of personal information, protect against any anticipated security threats, and protect against unauthorized access or use of information.

Scope– In formulation and implementing your WISP, outline the scope of the plan including reasonably foreseeable internal and external risks, the potential and likelihood of damage caused by such risks, evaluate the sufficiency of your existing IT policies, and design and implement a WISP that puts safeguards into place to protect data. In addition, regular monitoring of the effectiveness of those safeguards should also be included.

Data Security Coordinator– Designate a data security coordinator in your WISP that will implement, supervise, and maintain your written plan. They will head the initial implementation of your plan, train employees, and regularly test the safeguards outlined in the WISP. The security coordinator will also evaluate the ability of each third-party service provider to supply appropriate security measures for information to which they have access. They will also review the scope of the security measures in the WISP and conduct annual training for all employees including the owners, managers, and independent contractors as well as temporary employees who have access to personal information.

Internal Risks– Identify probable internal risks to security, confidentiality, and/or integrity of electronic, paper, or other records containing personal or proprietary information. Also evaluate how to limit such risks and implement necessary measures for reducing them.

External Risks– Identify probable external risks to security, confidentiality, and/or integrity of electronic, paper, or other records containing personal or proprietary information. Also evaluate how to limit such risks and implement necessary measures for reducing them.

Implement Your Plan
Implementing your business’s cybersecurity plan is the next step. This includes adding data security features you have opted to employ in addition to making employee training a reality, integrating new software such as updated anti-virus and/or firewall programs on your network, and updating patches to existing software.
Other layers of your cybersecurity plan should include:

Social Media Education– Hackers can find personal information online from social media sites such as Facebook, Instagram, and LinkedIn that they can use to manipulate employees of companies, getting them to disclose personal or sensitive information. Train employees about social media best practices as well as the use of different passwords for each site, software, or application they use. Emphasize your company’s security protocols as well as IT best practices such as the use of least privilege.

Let’s Get Physical, Security– While you may think your building is secure enough to protect your sensitive data, good hackers know how to penetrate this type of security. Be sure not to leave computers exposed and destroy all hard drives using professional services. Physical security breaches can be avoided by encrypting hard drives, leveraging cloud backups, and enclosing hardware ports exposed to the public. Employing theft recovery software, checking door locks and cameras, and properly disposing of shredded paper also help.

Wi-Fi Protection– Wireless internet can also pose a threat. Wi-Fi signals can extend beyond office walls. A bad actor can connect to your signal from far away and infiltrate your network where they can steal files containing proprietary or personal information. Businesses should employ WPA2 (Wi-Fi Protected Access 2) protocols as they are safer than the old WEP (Wired Equivalency Privacy) or WPA (Wi-Fi Protected Access) protocols. Ensure your router has a strong, unique password that is not easily guessed.

Password Protocols– Passwords should be changed often and kept private. Train employees on this and teach them that the strongest passwords include uppercase and lowercase letters, numerals, and special characters. Additionally, passwords need to be different across all accounts. The best way to remember passwords is to use a password manager. There are some free password managers available but the most secure ones typically charge a small annual or monthly fee. Most also allow businesses to sign up for a membership that covers all employees.

Two-Factor Authentication– Even with difficult, unique passwords on every account, seasoned hackers can often penetrate security. As a backup, it’s best to employ multifactor authentication wherever possible. Most large companies use it including Apple, Google, and Dropbox. Using a mobile number and/or email account, multi-factor authentication provides an added level of security. Your business can also implement it with other applications and services as well. New technology such as facial recognition, fingerprints, and/or ultrasonic sounds are on the near horizon and companies should prepare to employ more secure technologies as soon as they are commercially available.

Email Security– This is the most necessary asset for your business to protect. Once in your email, hackers can reset passwords and wreak all types of havoc so be sure to prioritize protecting company email. Never click links in emails or attachments from untrusted or unknown sources as these could take you to a phishing site that looks like a real website. Using Google Gmail and Google Apps is recommended given they have the best spam, virus, and phishing protections available in addition to multifactor authentication already built in.

Anti-Virus– Keep your anti-virus updated at all times. While this helps protect your email and other sensitive information, new malicious viruses are always being created. That means anti-virus companies are always updating their software to address the threats on their “blacklists.” Consider using a service that employs a “whitelist,” which only allows software and programs that are pre-approved to be downloaded adding extra security to your network.

If you need assistance with conducting an IT audit, crafting an IT plan or WISP, or implementing your plan, contact Oram Corporate Advisors today at (617) 933-5060. You can also reach out to us online. Our professionals are always here to support your business with superior IT and IT services.

Is your data safe?

by

The basics of data protection from monitoring to backup and recovery

You’re at work getting things done when it happens. Your computer crashes and everything you were working on is gone. How long does it take to recover that data before you can get back to work? Or can it even be recovered at all?

Data is what keeps business moving which makes this scenario incredibly scary yet it is repeated day after day, year after year. Despite the fact that data is a business’s most valuable asset, this disaster situation and others like it keep playing out. That’s where proper data monitoring, backup, and recovery come in to help modern business.

Data Monitoring
A crucial component of business is to have data monitoring in place. This allows your data to be regularly checked against quality control rules to ensure data meets or exceeds established standards for formatting, consistency, and usage. With data monitoring, data is quality checked as it is created and used.

How It Works
Every piece of information serves a purpose. Data monitoring is a proactive approach to checking and evaluating data to certify that it meets quality standards and achieves its purpose. Businesses and organizations establish data quality metrics or criteria that are tied directly to its goals and objectives. Once the quality guidelines are established, monitoring allows data to be checked over time, allowing informed improvements to be made in data systems. It also allows companies to best use the data they have available.

Each time data is created or accessed, the data monitoring software kicks in to measure and track information. Such software uses dashboards, alerts, and reports so you can watch what is happening with valuable data. Some of the attributes many organizations monitor data for include:

• Completeness
• Uniformity
• Accuracy
• Uniqueness

With such monitoring, problems with inaccuracies and unusual data behaviors can be detected immediately. If there are data quality issues, an administrator is sent an alert with information about the problems detected. This allows system administrators to check the data and prevent issues before they can become a real problem. It also lets business leaders determine where to focus data quality initiatives.

Additionally, data monitoring can save time and money by making it easier to change quality regulations to adapt to the company’s changing needs. With consistent data monitoring, businesses can also implement new initiatives regarding data without a preparation phase as well. That means fresh data initiatives can be put into place immediately with no wait time.

Backup Monitoring
The next step to the best in information management is data backup. This is where files and folders containing important business data are copied and/or archived so they can be restored in the event of a data loss. Recall the scenario at the beginning of this piece where your computer shut down. Without backup monitoring, you may have lost your work permanently.

Data loss can occur for a number of reasons from computer viruses and breaches to flood or file corruption. With a data monitoring system in place, you’ll be able to replace your lost data, thanks to backup services that occur automatically without any further thought from you or your staff.

While you may already have a backup in place, a single system is not enough should a failure occur. Additional backup systems are necessary in case of natural or man-made disasters or even to keep you covered in the event of data corruption in your original backup. Other reasons for employing a data backup system include:

• Tax Audits
• Client and Investor Relations
• Archiving
• Competitive Advantage
• Improved Productivity and Processes
• Peace of Mind

Data Recovery
Whether natural or man-made, disasters happen. From floods and breaches to ransomware and file corruption, all organizations need a plan in place to recover their data.

Just a few days ago, Anchorage, Ala., suffered an earthquake that hit 7.0 on the Richter scale. Such a major earthquake can cause serious damage including the loss of data. This is just one example of where disaster recovery can come in handy.

In addition to such natural disasters, the number of breaches each year continues to climb. In the first half of this year, breaches have led to 4.5 billion records being comprised, according to the latest findings of the Breach Level Index.

Thanks to data backup software, today’s businesses are able to overcome the loss of important or proprietary information. In the event of an emergency, system administrators can quickly recover from such data loss. Rather than a permanent loss of information, businesses can experience a short-term, temporary loss that can be rectified in a short time. With the right backups in place, data recovery allows you to retrieve everything from documents in Word or Excel to images and video.

If you would like more information about data monitoring, backup, or recovery software and services, contact Oram online or call us directly at (617) 933-5060. Our experts are here to help your business ensure continuity in the event of a breach or disaster.

Ransomware: A Guide for Protecting Todays Businesses

by

Ransomware has become one of the top threats to businesses in today’s global and digital society. It has become such a danger in fact that a late 2017 report from Cybersecurity Ventures predicted that the global cost of cybercrime would reach $6 trillion by 2021 with ransomware playing a major role in that total. Furthermore, Cisco’s 2017 Annual Cybersecurity Report showed ransomware is increasing by 350 percent each year and a business falls victim to a ransomware attack every 40 seconds. Last year’s worldwide attack in May 2017 of the WannaCry ransomware caused complete and utter chaos around the globe and begged the question of what’s next.

So what is a business owner to do? For starters, you must know what you’re up against. Next, there are steps for preventing the threat from opening the door to your business. Here’s your guide to ransomware and how to stop it before it stops your business.

What Ransomware Is
Ransomware is a malicious malware that targets the private files of your business. While malware can cause some annoying problems or create more malicious issues such as reformatting a disk or deleting files, ransomware is different. Ransomware is a malware that infects computers and restricts access to files, stopping businesses in their tracks.

When you run into ransomware, you will know it because it will notify a system’s user that it has been attacked. The notification will come after the damage has been done and your information is already encrypted. A cybercriminal will use the ransomware to demand a ransom, typically money or cryptocurrency, in exchange for the safe return of files. If the funds are not paid, the cybercriminal responsible may delete or publish your private business files. If you do pay, you may still not get your data back anyway as the hacker responsible can simply take the money and run.

Like a virus that can attack the body, ransomware can attack an entire network. And like viruses, ransomware can morph and adapt from the way they spread to the way they encrypt data. This means a business must approach protection on a multitude of fronts and be ready to adapt to new protections as they are developed.

Means of Protection
Your IT provider should offer you protection through at least six areas. By securing a variety of entryways and providing layers of protection, your business will be safer from all threats including ransomware. At Oram, we take a six-step approach to protecting our clients against ransomware and other cyber threats.

Patching
The most basic layer of security is to monitor and patch all computers and applications on an ongoing basis. We address all known operating system security vulnerabilities with the latest patches. This measure is the first step in protecting your operating system particularly when a flaw has been uncovered. Your company’s outside business IT partner or in-house professionals should be providing the latest patches to ensure your operating systems are running at peak performance while ensuring any system vulnerabilities are addressed.

Anti-Virus and Network Monitoring
Businesses are being targeted every day through a plethora of avenues: email, ad networks, mobile applications, etc. This is why the second part of a best-in-class security network employs both anti-virus and network monitoring. These two pieces of the security puzzle examine all traffic on your business network and all files. The anti-virus employs a filter to protect them from all known threats. Your anti-virus should be updated regularly in order to identify the latest viral threats.

Backup and Disaster Recovery
One of the things cybercriminals bank on is that your business didn’t think ahead in terms of implementing backup and disaster recovery. That’s why this step is a must, especially where ransomware is concerned. There can sometimes be gaps between when a threat is introduced to your network and remediation of the full system.

To ensure that your data is safe, it’s best to have a full system backup in place to protect your back-office systems. This will enable your business to stay on top of things if and when an attack occurs and it provides a recovery option for unknown threats. In the event of a catastrophic failure or a ransomware attack, a good backup can get your business back online fast.

Endpoint Backup
Though backup and disaster recovery provides a layer of protection for your back-office systems, businesses should also have backup and recovery of data for all devices. Devices such as laptops and tablets create, share, and store business data. Should a device become lost or a cybercriminal capture your proprietary data and sensitive information from these devices, your business will still be covered. This can have a significant impact on your business productivity and profitability. Your endpoint program should offer real-time data backup on such endpoint devices to prevent the compromise of business-critical information and keep your organization moving full-steam ahead.

Secure File Sync and Share
In today’s global society, being able to work remotely, collaboratively, and securely from any device anywhere is a modern business necessity. With the proper software in place, your employees can securely collaborate from any location on any device including their smartphones and tablets. Such a system can allow you to grant access and editing controls for specific documents including those in Word, Excel, and PowerPoint. Such software also allows you to recover documents employees may have accidentally deleted or that have been lost due to malicious activity.

Education and Awareness
One of the best steps you can take in protecting your business against ransomware or other digital threats is to educate and train your employees. With proper cybersecurity awareness training, you can turn your employees into your most important layer of defense. They should be trained and provided with educational materials about cybersecurity risks, new ransomware strains, and the best practices for spotting phishing attempts, suspicious emails, and other security risks. Additionally, they should be provided a simple and quick way to report any suspicious activity. By empowering your employees with such training, they can become proactive in the fight against cyber threats to your business.

Small ransoms are just the beginning of the ransomware threat and it is only expected to get increasingly worse. This is why it is so imperative for businesses to stay ahead of cybercriminals when it comes to security. While such protection may seem overwhelming, it’s nothing when compared with the downtime, stress, and financial cost of dealing with a ransomware attack. If you need assistance in protecting your business against ransomware, contact Oram Corporate Advisors today for a free consultation at (617) 933-5060.