government

The Modern Office and Business Continuity

March 7, 2019 by securewebsite

What you need to know to protect your company

The modern office requires that all components of your business environment work together harmoniously to ensure the best use of your IT infrastructure and seamless scalability as your business grows. One of the major components of the modern office is business continuity. This is an imperative piece of a solid IT plan for every company regardless of size or industry.

Business Continuity

When IT professionals discuss business continuity, they are generally referring to a proactive approach of having the right processes and procedures in place to ensure mission-critical functions continue to work properly in the face of a disaster or while a business is recovering from one. When it comes to business, there are many moving parts that still need to continue operating smoothly whether your company experiences a devastating fire or a nasty data breach.

The IT and business statistics are shocking. In the last five years, one in three organizations were hit by a virus or malware attack, according to DataCore, and more than half of companies (54%) experienced downtime that lasted more than eight hours. That’s a full day of work lost! While DataCore shows only 35 percent of outages are caused by natural disasters, 45 percent of outages are operational and another 19 percent are due to human error. These site outages can cost businesses thousands of dollars in lost revenue and restoration costs for every incident. Gartner, Inc., a global research and advisory firm, estimates that only 35 percent of small and medium businesses (SMBs) have a comprehensive business continuity plan and the financial loss for every hour of downtime can reach into the thousands even for SMBs.

Business continuity requires comprehensive planning before tragedy strikes an organization to allow them to overcome long-term challenges that would otherwise stop them in their tracks. With prior planning, business continuity ensures your entire business returns to full functionality as fast as possible following a crisis. That means everything from vital employee records and payroll to stored data access and email.

Think Cybersecurity

One of the first steps in a complete cybersecurity plan is business continuity. To start, you’ll want to ensure your business employs the best technology to combat the latest threats from ransomware and malware to other types of breaches. This means updating protections such as antivirus and firewalls, using multifactor authentication, and engaging your employees in ongoing, meaningful cybersecurity training.

Cybersecurity plans, which are typically handled internally by the chief information security officer (CISO) in larger businesses, should be designed as a living document that can expand and adjust when necessary to meet the changing needs of your business. Small to medium enterprises often don’t have a dedicated CISO so they can outsource this responsibility to organizations like ORAM Corporate Advisors.

Written Information Security Plan

As part of your business continuity plan, you’ll need a written information security plan (WISP), which also happens to be a requirement of many regulatory bodies, especially for businesses who contract or subcontract with the government and financial institutions. While government regulations vary from state to state and with the federal government, in Massachusetts this written document should contain, “certain minimum administrative, technical, and physical safeguards to protect” personal information such as names, driver’s license numbers, social security numbers, and financial account numbers. You’ll need to check with both your state and federal government to determine which regulations impact you as well as any industry-specific regulations. This is another place a CISO or third-party IT vendor can help.

Your WISP should designate an individual responsible for maintaining your IT program. This may be a business owner, CISO, or even a trusted advisor such as ORAM. It will also need to identify any reasonably foreseeable data security risks as well as protect and restrict access to electronic data that may include personal information for your employees and/or clients. This plan should also outline the oversight of third-party service providers and ensure those providers comply with local, state, federal, and industry regulations as well.

Because your business and its processes, risks, and procedures are unique, your WISP will be very specific to your organization. It cannot effectively protect you from culpability in the event of a breach or loss if it doesn’t address the particular risks of your company or if it includes practices that have not been put into practice in your business. Through coordination with your IT team and/or third-party IT vendor, you will need to identify “reasonably foreseeable risks” to ensure your WISP includes the practices your business adheres to.

In addition to IT functionality, your WISP will also address the non-technical operations that will still need to work in a disaster situation to keep your business moving forward. For example, it might address the accounting measures you have in place to keep employees and bills paid and clients invoiced if the worse should happen.

What Crisis Looks Like

Stolen laptops, lost cell phones, and an employee clicking on a phishing email that infects your entire network. These are all crisis that can and often do occur in the business world. Think of all the critical information that can be lost, stolen, or even held ransom. What do you do and who do you talk to? This is where planning ahead and having a WISP helps. It will outline how to respond to a variety of incidents.

Lost your company cell? Your WISP will inform you of who to call to wipe the lost phone and deactivate it before serious damage can be done. Did your organization experience a data breach? Your WISP will have identified a data backup plan so that nothing is completely lost. Has a virus made accessing email impossible? Your WISP will have determined if your email is stored locally, in the cloud, or both to decide how to get it up and running again fast. This thinking ahead with recommendations by your IT team or third-party vendor will help ensure you have continued access to business email which is the lifeblood of most commerce today.

Recovering from Incidents

One of the best things your WISP will do is outline policies and procedures for how to react and recover in a crisis situations. Regardless of the disaster that strikes, your WISP will point you to who to contact and how to react. Part of your WISP will address incident response and crisis management to minimize the impact when things do go awry, as they inevitably do.

Incident response and crisis management involves having the ability to maintain critical business functions during a disaster scenario. It also encompasses having plans in place for a rapid recovery from catastrophic incidents. If your business were to experience a flood, fire, or data breach today, would it be able to recover quickly and efficiently? Business continuity is all about having a plan in place that expects the unexpected and is prepared to handle it.

When it comes to IT and business continuity, the big question is, “How do you operate tomorrow?” If you don’t know the answer, it’s time to get a plan in place starting with an evaluation of the foreseeable risks your organization may face and a WISP to address them. Think of it as an insurance plan that also helps your business with regulatory compliance. When disaster strikes, your business’s IT team, CISO, or third-party IT vendor should have already given you advice. Hopefully, you have followed it. Then you know who you can call when things go wrong so they can tell you how to react to keep your business moving full-steam ahead.

If your company or organization needs assistance with risk assessment, developing a WISP, and planning for business continuity, call the trusted advisors at ORAM today at (617) 933-5060 or visit us online. Our experienced professionals are here to help and we are dedicated to partnering with small businesses to assist them in achieving success.

The Modern Office and End User Support: What it is and how it can help your business

February 21, 2019 by securewebsite

End-user support is an information technology (IT) term that is often used in business yet many people don’t understand what all it entails. Furthermore, business leaders don’t know how end user support can improve the productivity of their company. Here we take a look at what end-user support is and how it can keep your business moving forward.

What is an End User?
First, we must tackle what an end user is. Anyone who uses a particular product or program, typically your employees, is an end user. Think about the desktops, laptops, tablets, software, and even cell phones used by your employees to conduct business and fulfill their duties. They are the end users of your business IT.

Why Might End Users Need Support?
Whenever a new employee is onboarded, they need to be made a user so they can access the hardware, programs, and information within a company so they may perform their work. This means they need to be set up with a company email, account access, file access, and cybersecurity training that is specific to your organization.

In addition, employees will sometimes have trouble using the hardware and programs your business has purchased in order to operate. That can mean a computer with a virus, a laptop attacked by malware, or simply a program missing a necessary patch or update. While your employees may be great at what they do, not everyone is an IT expert. They may need help addressing issues from configuration to spam filtering in their business email.

Whether you have a small company without an IT department of its own or your business is a large one with an IT department is overwhelmed, these issues all must be addressed. When new employees are waiting to be onboarded or existing employees have hit the proverbial IT wall, they cannot work until these issues are resolved. That means downtime and a loss of productivity which negatively impacts your organization’s bottom line. That’s where outsourcing to IT specialists like those at ORAM can really assist your company.

What Does End User Support Look Like?
End-user support is about providing immediate, ongoing assistance whenever your employees need IT help. Think about having all email, account access, and training ready for new employees the minute they walk in the door on their first day. Imagine running into a snag with your email and being able to simply pick up the phone to fix the problem right away. Consider never having to worry about program updates or patches because they are applied automatically before you even get to the office. All of these very real IT issues are covered by end-user support.

The goal of end-user support is to provide businesses with the “modern office.” That means keeping end users productive and moving at all times. The question then becomes how does end-user support keep your business moving? In football terms, end-user support is like a lineman running in front of a running back to keep him protected and clear the path so he can do his job of advancing the ball. End-user support ensures issues with security, network connectivity, and active threats are held at bay. It also ensures your network is as reliable as possible, keeps up with patches, and hardware needs are covered.

With end-user support, your employees will have the tools to be continuously productive with little to no downtime. In addition, you will have the security of knowing those tools are also being used in a responsible, compliant, and efficient manner. Regardless of the size of your business, end-user support can help you manage your ongoing IT needs without sacrificing uptime, connectivity, or cost. Depending on which IT company you work with, your end user support may include:

• Antivirus Management and Support
• Configuration Services
• Hardware and O/S Maintenance
• Performance Monitoring
• Mobile Device Support
• Patch and Update Management
• Onsite Desktop and Laptop Support Services
• Incident Management and Resolution
• Priority Response Level and Problem Management
• Self-Service Knowledge Base
• User Account Administration
• Policy Management
• Email Content and Spam Filtering
• Encryption Services

Who Offers End User Support?
End-user support can be handled internally by your IT employee(s) if you have them and they aren’t completely overwhelmed themselves. The other option is to outsource your IT needs to a company like ORAM Corporate Advisors. Such IT professionals can work in tandem with your existing IT employees or can work in place of hiring your own IT staff.

Without the cost of hiring internal IT staff or additional staff, your network can be secure and running efficiently at all times through end user support. You won’t have to pay for support until you need it and help requests can be managed and resolved quickly and easily. Your business will also have all of the tools it needs to be continuously productive while achieving regulatory compliance.

If you need more information about end-user support, please contact ORAM anytime at (617) 933-5060. We can even schedule a free initial consultation to review your end user support needs. Our IT specialists are always available to answer your questions and help you when your business needs it most.

October is National Cyber Security Awareness Month

October 9, 2018 by securewebsite

A look at cyber awareness and tips for protecting yourself online

Whether you are turning on the television, checking the daily newsfeed online, or reading a magazine, you’re sure to hear about the breach of a major business such as Yahoo, a data leak by the government, or hackers attacking a local school. Over the last two decades, cybersecurity has been legislated to protect consumers, businesses, and the government alike. There’s a need for greater awareness of cyber security and how people can best protect themselves and their businesses. That is the purpose behind National Cyber Security Awareness Month (NCSAM) which has been celebrated every October for the last 15 years.

The History of NCSAM
Developed as a collaborative effort between industry and the U.S. government, the purpose of NCSAM is to ensure every American has the necessary resources to stay safer and more secure online as well as advance awareness of the threats we all face when we log on. Launched in 2003, NCSAM was conceived by the U.S. Department of Homeland Security and the National Cyber Security Alliance.

According to the National Cyber Security Alliance, the goal was to reach as many people and businesses as possible to educate them about cybersecurity. The target audience consists of consumers, small and medium-sized business, corporations, educational institutions and young people across the country.

STOP. THINK. CONNECT.
This year marks the 8^th anniversary of the STOP. THINK. CONNECT.™ campaign used during NCSAM which offers tips and advice for everyone from the daily internet user to business owners.

The message to consumers of every age is clear. We are all warned to stop and think before connecting which means doing things to protect ourselves before we get online. We are warned to “Keep a Clean Machine,” “Protect Your Personal Information,” and “Connect with Care.” But what does all of this really mean?

Keep a Clean Machine
All of your internet-connected devices should be kept free of malware and other infections such as viruses as they can interrupt your connectivity at home and at work as well as spread to others. A dirty machine can also threaten your safety and the safety of others online. This is especially true when it comes to malware that connects your devices to botnets, which are networks of computers controlled by cybercriminals that can steal your information and make money from it.

There are several things you can do to keep a clean machine including:

Use the Latest Software– Ensure you have the newest security software, web browser and operating systems to offer the best defense against known viruses, malware, and other threats.
Automate Updates– Most software programs automatically update to defend against threats. Keep auto updates turned on and turn your computer off each night so updates will occur when you reboot.
Protect Every Device– In addition to computers, be sure to turn on auto updates for all devices including smartphones, laptops, and tablets.
Plug & Scan– External devices such as USBs can harbor viruses and malware. Use security to scan them before using.
Get Rid of Garbage– Delete links, emails, tweets, posts, etc. that look suspicious. These are ways cybercriminals compromise your computer. If it’s not from a trusted source, trash it. Don’t open it.
Hot Spot Smarts– Limit the business you conduct when away from your home or office. Be sure to adjust the security settings on your device to limit who can access it.
Act Fast– If you think your machine is infected, get help fast to remove viruses and malware before they can spread or cause more damage.

Protect Your Personal Information
Each one of us has the responsibility of protecting our personally identifiable information (PII) online. If your personal information ends up in the wrong hands, there could be serious consequences from a breach in your social media or theft from your business to your identity being stolen and your bank account being wiped out.

While you may have worked hard to protect that information, all of us must still assume our personal information has been leaked because hacks happen all of the time. Here are some tips for protecting your PII online from the New York Times:

Use Different Passwords– Across multiple sites from Facebook to your bank account, NEVER use the same password in more than one place. Doing this allows a hacker that gets your password in one place to use it in another. Password managers such as 1Password or LastPass can help you keep track of them all.
Never Your Social- Never use your social security number as a username or password. This is especially true in the face of the recent Equifax breach.
Be Suspicious- Treat everything online with an abundance of suspicion. Hackers send emails, notices, letters, etc. posing as people you know and businesses you solicit to gain information. Contact a business or individual requesting PII online by calling them directly before deleting the email as they may need it to press charges or stop the cybercriminal from targeting others.
Use Stronger Passwords- Sites such as LastPass can help you create unique passwords for each site you visit and save them for you in a protected database. If you create your own, be sure to use uppercase and lowercase letters, numerals, and special characters in each password.
Employ Extra Security- Passwords are not enough. If a site allows you to use secondary or two-factor authentication, enable those features. When you enter your password, you will receive a message with a one-time login code to allow you to finish logging in.

Connect with Care
Many web users are very quick to click whether it be on an email, a link, or an attachment. Slow down and take time to examine what it is you are about to click before you do so. Ensure you know who an email is from before opening it. If you don’t know the sender or aren’t expecting an email, delete it without opening it.

If you receive an email from a person or business you know and the email address looks familiar, feel free to open it. Once open, look at the email itself. Does it sound like it’s from the sender or does it seem odd? If the English is suddenly broken, the business logo is not right or is missing, or something else is off about the email, do not click on any links or attachments. Contact the person or business directly to see if they have sent you something via email.

Use care when connecting to public Wi-Fi. This is especially true if you are conducting business such as banking or shopping online. Use only trusted secure connections when using portable devices outside of the home or office.

Be Web Wise
Personal information about anyone is now easy to find online. This is especially true with the advent and use of social media. That means we all have to be wise when it comes to using the web. The first thing you should know is how your information gets online. Here are some ways you may inadvertently be sharing your personal information:

Posting on social media
“Checking in” through social location sites such as Foursquare
Commenting on blogs or shopping sites
Creating online wish lists online at sites like Amazon or Pinterest
Sharing videos or photos online
Using online games
Giving location data when uploading photos online

If you are on social media, check to see if you can change your privacy settings to limit what others can see about you or who has access to your information. Be sure to read the privacy policy of any company before sharing your information with them to ensure they don’t sell it to third parties. You’ll also want to ensure that your data is backed up at home and at the office in the event of ransomware, other cyber attacks, or even a computer shutdown.

Be a Good Online Citizen
Being a good online citizen involves employing the Golden Rule of treating others online the way you would like to be treated and using common sense. Don’t visit unsecured sites and don’t forward emails from unknown sources to others.

Be aware of how the action of one person can damage an entire online community. For example, one employee surfing unsecured sites through your business network can open the door for malware, viruses, and cybercriminals. Have common expectations in your home and office about what is an acceptable use of the network and what types of sites should be avoided.

Report cybercrime and breaches immediately. These should be reported not only to your internal technology personnel but to law enforcement as well. By reporting such issues, you are helping others avoid becoming victims, too, and stopping cybercriminals in their tracks.

Own Your Online Presence
This means safeguarding your own personal information and activity. For example, data should be treated like money. It should be protected. This means everything from your birthdate and personal address to the names of your children and pets which are often used as passwords. It can be easy for a hacker to get into your accounts with such personal information floating around on the web.

Be careful about who you share information with. For example, you may get “friend” requests from people you don’t know on social media. Simply delete the request. This is not being rude, it’s being prudent. Also, don’t send login information via email. Email can easily be hacked without the proper, updated security in place. If you get a request for information from a business online, call them to see if the request was really from them and provide any data they may need that way.

Lock Down Your Login
One of the main points of the STOP. THINK. CONNECT.™ campaign is to Lock Down Your Login. There are several ways you can ensure your login information stays secure. Here are six tips to get you there:

Protect accounts with strong authentication
Keep security software updated
Avoid phishing by thinking before clicking
Use unique passwords for every site
Protect your mobile devices
Employ trusted security tools

Our Responsibility
Staying safe online and protecting those we are connected with is everyone’s responsibility. Because the world has become so digital, we are more interconnected than ever before. From our desktops to our tablets, phones to laptops, we find ourselves working, playing, learning, and living online. That means all of us has a responsibility to try to stay as safe as possible by adhering to the advice of cyber experts.

National Cyber Security Awareness Month is a chance for us all to become more aware of the threats we face online and ways to protect ourselves and others. For more information, safety tips, and ways to get involved in NCSAM, visit the National Cyber Security Alliance online or contact Oram at (617) 933-5060.