network

The Modern Office: Why a Strong IT Foundation Should Be the Basis of Your Business

August 27, 2019 by securewebsite

Business builds itself from the ground up. Your business internet technology (IT) is no different, which is why your foundation is so critical. The modern office revolves around having strong IT in place. From communications to automated business processes and protecting valuable company data, your foundation is imperative to your organization’s ability to not only thrive but survive.

Without a strong foundation, your business risks everything: Being hacked; watching valuable data be stolen, held ransom, or destroyed; and experiencing crippling downtimes when systems fail to function properly, costing your organization money every minute your employees can’t function. A strong foundation will help protect your company from experiencing such destructive problems and allow it to keep functioning smoothly even through inevitable IT bumps in the road.

What is Foundation in IT Terms?

At ORAM Corporate Advisors, we view the foundation as the nuts and bolts of your operation. We consider that to be your firewall, your switches, and your wireless access points. This is the core of your network. These are the things that have to be 100 percent reliable all the time and what literally makes the world go round for your business.

Firewalls as a Gateway

The gateway in and out of your network is your firewall. When it comes to the network security of the modern office, the firewall is your first and best line of defense. It monitors and controls both incoming and outgoing traffic on your network based on the security rules set for it. What rules are employed depends on how your company operates, the security it requires, and industry regulations. The best firewalls are “smart firewalls” which are capable of configuring, monitoring, and managing network traffic on the fly.

An average firewall is a hardware device or even a software program that is a barrier, a wall, between your systems and network and the internet. Its purpose is to limit unnecessary communication between your computer network and the internet.

Smart firewalls offer much to your business in terms of additional protections. Today’s modern office should employ smart firewalls as they include:

Antivirus, Antimalware, and Limited Spam Filtering
Deep Packet and Stateful Inspection
Packet, Adjustable Content, and “Default to Now” Traffic Filtering

The IT experts at ORAM can configure your smart firewall to maximize its protective benefits for the specific needs of your business. This ensures there are no gaps or vulnerabilities in your security settings that could allow a hacker to infiltrate your business system. We also take the time to keep your firewall current and patched.

Switches: Your Business Connection

Network switches are another important piece of your modern office network. This is the link, if you will, that connects devices on your network. It’s the switches that receive, process, and forward data moving in and out of your network so that it arrives at its proper destination.

The most common switch among business networks is one that handles Ethernet traffic. That is to say, the switches that connect your business to the internet. Without such switches, your business would become a proverbial island and your business data from email to invoicing may not function properly.

In addition to traditional managed switches, “smart switches” are an evolving option that can offer some management and security. They can be cost-effectively used in large networks as a supplement to managed switches or can be included as the main infrastructure in smaller networks. Smart switches can allow your business to segment its network into workgroups by creating a virtual local area network (VLAN).

Wireless Access Points

Wireless local area networks, or WLAN, are created by using a wireless access point device. These WLANs are typically found everywhere from homes and restaurants to modern offices and large buildings. They provide wireless access to the network for devices such as laptops, printers, and cell phones in a designated area such as your office. This enables your employees and customers to stay connected on a secure wireless network that is isolated from the core network in your office. You can also open or limit wireless guest access to specific applications or times of the day.

Recommended Foundation Hardware

The foundation of the modern office is also cloud-based. This allows you to know more about what your end users are doing and how traffic is flowing. Traditionally, you’d have to look back through logs and that is a time-consuming process. The modern office can’t afford to sit idle while the IT staff sifts back through logs to determine where things went wrong. Smart firewalls, switches, and access points provide real-time information through cloud-based systems that allow us to make the best decisions with up-to-date information.

At ORAM Corporate Advisors, we recommend using Cisco Meraki for all of those devices because it’s one of the most reliable cloud-based systems to date for business networks. This is important because it is the foundation of your business. User management, connectivity, and the like don’t matter if you and your employees can’t even access the internet.

Without a strong foundation, your business floor will drop out from beneath you. Commerce, trade, and services for your organization will come to a screeching halt without a strong foundation. Though integrating a strong network can be costly, it is the most important investment you will make to keep your business moving forward.

Ensuring a Strong Foundation

There are several key components to developing and maintaining a strong IT foundation in the modern office. Those include the following:

Make sure your firewall(s), switches, and wireless access points are current, up-to-date, and are running the latest firmware.
The hardware needs to be current as well. Is it still being supported and warrantied by the manufacturer?
Can your network handle your current business needs and still allow room for growth?

For everything you do or that your employees do, your foundation is key. By ensuring that you have the major components from your firewalls to switches and wireless access points in order, you can keep your business moving forward smoothly at all times. If you need assistance with building or bettering your business foundation, contact ORAM online or call us today at (617) 933-5060.

The Modern Office and Connectivity: Why Access to IT Drives Today’s Businesses

June 13, 2019 by securewebsite

As we discuss what makes the modern office function fluidly, we cannot overlook the importance of connectivity. While the end user sees only a portion of internet technology (IT) that actually exists, the fact of the matter is that IT is the driving force behind today’s modern business. Not only does connectivity allow employees the access they need for top productivity, but it provides clients, customers, and business partners the doorway to the information they require as well.

Connectivity is all about how every one of us gets the information we need every day from email to secure remote access. When it comes to getting your end users access to corporate information securely and consistently, connectivity is key. It is connectivity that allows us to perform the normal, day-to-day operations of our business effectively and efficiently.

Email Access & Connectivity

Email access is a necessity in the modern business world whether you are working on your desktop at the office, your iPad on the subway, or your laptop at home. Connectivity allows businesses to provide every employee unified email access. With the latest IT, your business can provide fully synchronized connectivity across all devices at all times with all employee contacts, calendars, and email.

In today’s modern office, your workforce can access email from their smartphones, smart watches, tablets, laptops, and desktops with certainty. This means higher levels of productivity, ease of use for the end user (i.e. every employee), and flexibility, all protected with the level of security your business requires.

Not only is email access important for your employees but consider your business partners, subcontractors, and consumers. There are many people clamoring to communicate with your business on a daily basis and email is the lifeline of much of that communication. Without the right connectivity, your business partners may not be able to close the deal without immediate access to all team players; service providers won’t be able to access what they need to get your job done; and consumers may become so frustrated that they seek out other businesses that are connected to fulfill their needs.

File Access

Connectivity allows the modern office to have secure access to a variety of systems. For example, you can provide your employees with secure access through a virtual private network (VPN). Connectivity also gives them access to files through cloud-based systems such as OneDrive, SharePoint, Box.com, or Dropbox to name a few.

In many industries, businesses also require the ability to share access to information with organizational partners. When you need to share proprietary information securely with subcontractors and other business partners, which is the case in many industries, connectivity is there to achieve your goal. The right connectivity also allows this to be done so securely.

Meeting Customer Expectations

The modern consumer is incredibly tech savvy and they expect businesses to be the same. This means every business from the small mom and pop to the multinational corporation are expected to provide the same level of connectivity. No longer does the work day run 9 to 5. Customers want access to businesses around the clock and they have the voice to demand it.

The 2018 Deloitte GLOBAL Human Capital Trends report shows important changes facing business leaders worldwide. One of those is in the strength consumers now have, making business connectivity more important than ever. Deloitte’s global survey of more than 11,000 business and human resource leaders shows the “shift in power to the individual is being propelled by today’s hyper-connected world, which enables people to track information about companies and their products, express their opinions to a wide audience, and sign onto social movements, globally and in real time.”

Today’s consumers want to be able to connect with businesses instantly, get answers quickly, shop, and more, both day and night. Customers want to connect with your business on all levels. What’s more, they expect your business to provide that connectivity for them on any device they choose to use.

In order to retain clients and customers, connectivity is an absolute necessity, especially in industries such as retail, education, and finance. Not only will you need the right hardware and software to meet customer demands, you’ll also need business processes and the network infrastructure in place to implement connectivity. Connectivity can be achieved affordably allowing every business to draw in new customers, meet their expectations, and retain them.

The Future is Now

There was a time when businesses simply needed a website, telephone number, and/or email address for people to reach out to them. That is no longer the case. Mobile technology has exploded which has led to the need for businesses to be available 24 hours a day. With the “always on” mentality of the modern business world and the drive to meet customer expectations, connectivity has become the right hand of business. Now is the time to ensure your connectivity is up to par as the future has arrived.

What You’ll Need

In order to meet the connectivity expectations of employees, business partners, and consumers, you will need to implement several elements of connectivity. Begin by looking at your hardware. Are your computers, servers, modems, printers and other hardware up to date? If not, or if they are nearing their end of life, don’t wait to upgrade otherwise you may find your business falling behind the times and that can lead to a loss of customers and revenue.

You’ll also need to look at your software. This is a banner year for software changes. Several companies such as Microsoft will be allowing software programs to pass into their end of life cycle over the next few months. This means companies will be issuing new software programs to replace the old. Be ready in advance for changes because if not, your business could be at risk for breaches since updates to old software will stop being issued. Up-to-date software is a prime element of strong connectivity.

Cloud applications are also imperative for effective connectivity. A cloud application is a type of software program where local components such as your existing hardware and software function cohesively with cloud-based programs. This means your business will have to rely, at least to some extent, on remote servers and the internet. This piece of connectivity can make file sharing like that mentioned above simple.

Mobile apps are also becoming mainstream for modern businesses as well. Whether you are a retailer hoping to capture consumers online and allow them to shop anytime or you are a financial institution that wants to promote e-trading directly through your clients’ mobile devices, you can have an app constructed for your business. Whatever your need is to reach your target customer and keep them engaged, there’s an app for that. Many third-party service providers such as ORAM offer mobile app development for businesses at surprisingly affordable rates.

Social media is another piece of the connectivity puzzle that many businesses fail to recognize or utilize to its full potential. Modern businesses introduce their brand, express their values, and cultivate higher sales through the use of social media from Facebook to Twitter and LinkedIn to YouTube. Such social media platforms offer businesses the opportunity to connect with consumers, praise hard-working employees, tout their products and services, boost their brand recognition, and so much more.

Changing Connectivity

Just as your business plan is a living document, your connectivity will need to grow and adapt to the demands of your business and the outside world. Connectivity is never static and your business will have to be ready to change with the times. For example, even small businesses are realizing that they have substantial bandwidth requirements to meet their connectivity needs. Standard broadband is becoming a limitation with today’s high-speed world.

You may also find that you need to revisit your software licensing or usable hardware to facilitate the growth and speed your business requires. After all, the plan is to grow your business which means more hardware, software, and connectivity. The expectation is that the demands of connectivity will only continue to grow and morph as technology changes and continues to expand.

Competing in a Competitive Marketplace

When it comes to business, competition can be fierce whether you are aiming to garner more clients, increase sales, or hire an effective workforce. You need to ensure your connectivity is in top condition to achieve your business goals regardless of what they may be. The truth is that all businesses require connectivity to gain and maintain a competitive advantage in today’s marketplace. Furthermore, it will allow you to raise awareness of your brand, provide you further reach, and allow your employees to achieve more.

If you want to learn more about how to improve your business connectivity, modernize your office, or talk about your business IT needs, contact ORAM at (617) 933-5060. You can also connect with us online.

Bring Your Own Device vs. Enterprise Devices

April 20, 2019 by securewebsite

Why Businesses Should Make the Investment for Employees

Mobility has become a major asset for modern businesses. It gives companies an edge when employees can work from anywhere with remote access on any device ranging from a cell phone, tablet, smartwatch, or laptop. Mobile technology has enabled unsurpassed flexibility in the workplace the likes of which the world has never seen before.

But as Spiderman’s Uncle Ben said, “With great power comes great responsibility.” When it comes to mobile devices, many business leaders wonder which is better: Allowing employees to bring their own devices to work or dropping the money to provide enterprise devices to all employees.

The Advancement of Technology

The development of the smartphone has shifted the way people communicate on a daily basis. In a recent survey conducted by Zinwave, “Over 85 percent of respondents, which included more than 1,000 office workers within the United States, utilize their cell phones on a weekly basis, at a minimum, for external communications, and usage was only slightly lower for internal communications.”

Not only do modern workers use their phones for voice capabilities (i.e. phone calls), but they use email through their phones as a prime form of communication. The aforementioned Zinwave study found email was the preferred means of external and internal communication for people while they are at work.

The ability to access the internet, company information, and messaging services (text) has made smartphones and tablets a necessity when it comes to productivity in modern business. “For example, 65 percent of industrial and 62 percent of healthcare workers utilize work-related data daily for a variety of applications,” according to Zinwave.

Technology has removed boundaries, improved flexibility, and enhanced communications with lower overhead costs. It can be tailored to the user experience and specific needs of any business. Mobile technology has even allowed organizations to increase their revenue potential.

“In our information-rich society, there are two critical types of interactions that must be fostered: employee empowerment and customer engagement,” according to the blog “6 Ways Mobility Can Transform the Workplace” by iOffice. “For many, mobility has become the backbone of their interactive strategy.”

The BYOD Market

According to an online article at GlobeNewswire, the U.S. BYOD market size was $30 billion in 2014 and is expected to grow 15 percent by 2022.

“Declining hardware prices, increasing mobile user workforce, and high smartphone penetration are the factors responsible for increasing BYOD market share across the region,” according to the article, which sourced BYOD research by Global Market Insights. “Increasing personal technology along with IT consumerization is also expected to boost the industry.”

While the popularity and benefits of mobile devices speak for themselves, business leaders must consider whether to allow BYOD or provide the devices for employees. Traditionally, BYOD was a highly accepted practice. Recently, there has been a move to corporate owned, personally enabled devices (COPE), the practice of organizations providing employees with mobile devices due to concerns over security, IT compatibility, and legal issues over user privacy versus company control.

At ORAM Corporate Advisors, our recommendation for mobile device management is that every employee should have a corporate-owned device. With an enterprise device, you can manage all of the security, firmware upgrades, software applications, and tracking your employees require to do their job. Additionally, COPE offers many other benefits.

Providing Mobile Devices

When your business owns the line of service for its devices, it has more control. You get to select the devices you prefer your employees to use rather than paying for and having the headache of supporting all device types. Additionally, you get to keep your devices up to date so you aren’t forced to make your network support older devices.

Protecting Your Assets

A study from Wall Street Journal Custom Studios commissioned by Symantec, showed “79 percent of employees admit to engaging in risky behaviors- intentionally or unintentionally- that place corporate data at risk” and “48 percent of employees don’t think about security risks when transferring files or sharing documents over cloud-based services.”

With corporate devices, you’re protecting your business assets. If your business owns the devices employees use, you’re able to wipe them in case they are stolen or lost somehow. This can be done remotely and quickly for theft or loss to prevent personally identifiable information (PII), trade secrets, or other secret data from falling into the wrong hands.

If a device such as a smartphone is owned by the company, you can simply call the phone carrier and wipe the phone’s memory. You request this by stating, “I need access to X, Y, Z employee’s phone. Here are the records that we are authorized to do so.” If the phone is a BYOD that’s accessing the corporate information, your business doesn’t have that same ability. The employee owns access to the account and the functions of that device.

Easy Access & Support

The same is true of the ability to access data easily. This is important when every minute counts in business. Take a smartphone for example. If there are any files, emails, or different communications downloaded to a phone on a corporate account, you’re able to search and query that device on demand. This is an improvement over waiting for an employee to submit paperwork at the end of the month in their call log when you need information immediately.

In addition, employees who use COPE devices have support from your IT department. Employees’ personal devices may not be compatible with your business network which could cause functionality issues. With corporate-owned devices, employees can simply contact IT for assistance.

Regulatory Compliance

COPE devices allow a company to reduce their exposure to security risk as well as legal and human resource issues. With tighter control through COPE devices, your business can implement the security measures it needs to keep its data and network safe. Furthermore, litigation resulting from breaches, loss of data, and regulation non-compliance is reduced.

In a highly-regulated industry such as finance, your business will need to be able to report such instances of loss or theft against that device to regulatory agencies such as the Securities and Exchange Commission. This is especially important should your business be audited or examined by such an entity.

The Money Factor

You may be thinking that providing mobile devices such as phones, tablets, and laptops to your employees is not cost effective, but the fact is that it can be. First, consider that many organizations provide a stipend for employees who bring their own devices. That stipend in and of itself is a cost. If you’re going to have the cost regardless, you should have the control as well.

Group mobile plans are getting less expensive for businesses of all sizes and can be written off as a business expense on taxes at the end of each year. In addition, when it comes to tablets, laptops, and other mobile devices, organizations buy in bulk to get a better price which benefits both the business and the employee. Another option for reducing the cost is to set up a cost-sharing option for both the device and its use with your employees.

Finally, when it comes to keeping your business secure to avoid regulatory penalties for non-compliance, the potential for lost revenue, and easy access to data, the investment up front is worth the return. That sense of security is priceless for most business leaders who wish to avoid potential breaches, lost revenue, and issues that can be caused by disgruntled employees.

The Employee Factor

Consider your best salesperson. If they use their personal devices to access your business information such as sales logs, client contacts, and invoices, they have information that could potentially damage your business financially if they were to leave.

In addition, your salesperson likely gives your clients that personal mobile number so they can contact them if they need anything. If your salesperson were to leave the company, your clients would still call that salesperson who can then easily take your customers to their new company with them. This means a loss of revenue for your business.

Should an employee leave, your business gets to keep the phone number. This means their clients will still be contacting one of your employees at your business through the same phone number. This reduces the odds of lost revenue for your company.

Create Policy & Enforce It

Every business, especially those in highly-regulated industries, should create policies regarding BYOD. This is true regardless of whether you allow BYOD or employ COPE devices in your business. You need a very secure policy and the correct mobile device management in place. In addition, your policy should outline that only legitimate work will be conducted on these devices.

If you need assistance with BYOD or COPE devices, creating policy, or mobile device management, contact ORAM today at (617) 933-5060. Our IT and security experts are always here to help your business grow smart while reducing its risks

The Modern Office and Security: What you need to know about protecting your business and its data

April 16, 2019 by securewebsite

One of the most critical components of the modern office environment for a healthy, scalable business infrastructure is security. It is the cornerstone of your IT for it protects the other components that your company needs to keep thriving and surviving in the modern marketplace. Today’s business security entails much more than just an anti-virus program and requires some pre-planning as well as a regular investment of time.

This blog covers the most important things every business should know about security. Additionally, it includes what business leaders should consider to best protect their organization, data, and clientele. As you will see, having the right security in place can make the difference between growing your business and shutting its doors permanently.

Secured Access

Every business should have secured access in place for both internal and external users on its network. As a modern company, both internal and external users will be accessing your data whether its email or highly-sensitive information not meant for prying eyes. This is important because data falling into the wrong hands can cost your business its reputation, revenue, and even its livelihood.

According to the 2018 Data Breach Investigations Report by Verizon, 73 percent of breaches were perpetrated by outsiders. This means your business data needs to be protected as much as possible and that external access to your network should be limited and monitored at all times. Hackers are always looking for a way to infiltrate networks. Phishing, ransomware, and malware were among the top means used by nefarious outsiders to access business networks in 2018. Of those breaches studied, 90 percent were motivated by monetary gain or strategic advantage (i.e. business espionage).

While you may believe that your business is too small for anyone to care about hacking its data, think again. A report by USA Today shows 61 percent of cyberattacks are aimed at small and medium-sized businesses. The same piece reported that a whopping 60 percent of small businesses close their doors for good within six months of an attack so it’s clear why security is so imperative to business survival in our modern society.

Though most breaches occur due to external sources, insiders can be just as dangerous to your business. Whether due to simple user error or something more insidious such as a disgruntled employee or cyber espionage, the aforementioned Verizon report concluded that 28 percent of breaches involved internal actors. Of those breaches, 12 percent involved privilege misuse. That’s why we always recommend implementing the practice of least privilege. This means allowing access to data only to those who require it to fulfil their job duties.

Email Security

Email is the bread and butter of communication for most modern offices. The use of email for both internal and external communications is a necessity for today’s businesses so securing it effectively is imperative. The issue is that it is also a major point of entry for many attacks.

A blog by CSO from IDG shows that 92 percent of malware is delivered by email. In addition, the blog stated that the average ransomware attack (which often occurs via email) costs a company $5 million. The same blog also stated that phishing attacks is one of the most common methods of email malware infection.

There is email and network scanning software available to help protect your business. At ORAM Corporate Advisors, we recommend Mimecast for email protection. It is a terrific solution to help organizations prevent email-borne ransomware as well as protect against the associated downtime and data loss such attacks can cause. ORAM recommends Mimecast because it “safeguards employee communication and reduces risk with targeted protection, data leak prevention, and enforced security controls.”

Mimecast, which I mentioned above for email and network scanning, is also an excellent solution for data loss prevention. Its data loss prevention solution scans all emails and file attachments and identifies potential leaks using flexible polices based on keywords, file hashes, pattern matching, and dictionaries.

Another piece of modern technology you’ll want to have in place is multi-factor authentication. Multi-factor authentication is a security system that requires more than one method of authentication to verify a user’s identity. This can range from requiring passwords that must periodically be changed by legitimate users to requiring a one-time PIN provided via smartphone for access. It adds an extra step for employees to access your network but it will help ensure your business’ data security.

In addition to software, we also recommend that employee training become a regular event. Every business should offer employee training during the onboarding process and at regular intervals throughout the year (every six months) to every employee. They should be trained not to click on email attachments or to follow links in emails from unknown or untrusted sources. Employees should also be taught to verify emails with links and attachments with a trusted source before opening them if something comes into their email that they weren’t expecting. While this training can take some time, it can prevent a costly breach later on.

Manage Your Network

While securing access to your network is important, managing your network is even more imperative to keep business operations running smoothly. Your network houses your most critical data while supporting the daily workflow and processes of your business. That means maximizing uptime, optimizing network capacity and utilization, and ensuring its protection.

There are a great deal of pieces that comprise your network and all of them need to be addressed on an ongoing, regular basis. Start with a network technology assessment and auditing. This will tell you where your network is in terms of optimization and data security. By assessing where your network is now and taking a full audit, you will be able to tell where your strengths and weaknesses are to tweak it to work at full capacity for your business needs.

In addition to regular assessments and audits of your network, you will need to plan ahead for storage, disaster recovery, business continuity, and more. Here are some of the things that go into managing a business network:

Email Continuity
IT Asset Tracking and Reporting
High Availability Services
Cloud Solutions
Network Design, Implementation, and Support
Data Assessment, Analysis and Recovery
Security and Monitoring Services
Workflow Assessment and Optimization

Up-To-Date Security

Your business should also have up-to-date technology security in place. You will want to ensure that your company has installed intrusion prevention software on all of its data networks to keep hackers from getting their hands on your information. You can check to ensure you have such software in place during the audit process.

The intrusion prevention system we use at ORAM is Cisco hardware that scans on a network level. It scans everything going into and out of your network to ensure that your network traffic is safe. This could catch someone maliciously trying to access your internal network, bad email attachments, and other threats.

In addition, you will want to put together policies for your employees that protect your business. Ensure you have a solid computer use and data loss prevention policy in place so employees know exactly when and for what purposes they can use their company devices. Make it clear what sites they should not visit and what the repercussions are for visiting non-work related sites on business devices.

You’ll also want to have a password policy in place so employees are not using the same passwords for multiple accounts or old passwords that could leave them at risk of being hacked. Passwords also need to be strong so encourage your employees to develop passwords that use letters (both lowercase and capital), numerals, and special characters. There is even software available to prompt your employees to change or update their passwords over time. You may even offer your employees a password manager so they can easily recall their passwords.

Many enterprise businesses are also moving to the cloud. Not only does this allow for greater flexibility for your employees, but it can offer greater data security. When you save both to your local network and the cloud, you have your data backed up. This is ideal in the event of a disaster and will get your business up and running again with less downtime or the worry that valuable information can’t be recovered.

Don’t Forget Your Physical Security

Remember that all data is not digital. Whether you have data files stored in locked filing cabinets or your HR employees are printing personally identifiable information (PII) during tax season, the physical security of your business is just as important as its digital security. You don’t want someone walking out with printed files or sifting through your garbage to steal information.

ORAM recommends that all businesses have a clean desk policy. This means requiring that all employees keep their desk clear of papers, notes, and other information that could lead to a breach or loss of information if it were to fall into the wrong hands. When they are not as their desk, employees should have a clean desk since everything should be put away, hopefully under lock and key.

Businesses should also limit physical access to certain areas such as file storage areas, server rooms, and other places where information is stored. If an employee doesn’t require that access to do their job on a regular basis, they shouldn’t have access. Such areas should be locked with limited persons possessing keys for access. We also recommend adding video cameras at data rich entry points to protect against a physical breach. This small addition will let administrators know who accessed the area(s) and when they did so which will help in an investigation.

Finally, you’ll want to ensure that all data is properly disposed of. Shred all hard copies before tossing paper information and consider hiring a disposal company that handles this type of waste. Don’t leave such waste out on the curb for anyone to take. Ensure the company will come in to gather paper for disposal. In addition, make sure that valuable paper data isn’t thrown into the recycle bin but is shredded before being thrown out. When it comes to cyber espionage, dumpster diving isn’t unheard of.

Have a Plan

Every business should also have a written information security plan (WISP) in place. It should include everything from regular IT audits to employee training. There are many mistakes that businesses make when it comes to backup that are completely preventable. Your WISP will outline effective administrative, technical, and physical safeguards specific to your organization to help prevent such mistakes. It will also define security measures for your business, protect against anticipated security threats, and unauthorized access. The WISP for your business will put safeguards into place to protect your data. It will also help you and your employees know exactly what to do and who to contact if disaster strikes.

If you need help with securing your modern office or want more information about building stronger security for your business, contact ORAM today at (617) 933-5060. Our experts are always here to assist you in bettering your business and data security.

IT Tips for Today’s Tax Professionals

April 2, 2019 by securewebsite

With tax day just two weeks away, many people may have their minds set on getting their taxes filed fast if they haven’t done so already. Tax professionals always find themselves swamped from February to May with businesses and individuals alike trying to finish up their taxes for the previous year. As a result, information technology (IT) may not be on the top of your mind as a tax professional but it should be.

With all of the personally identifiable information (PII) tax professionals work with on a daily basis from birthdates to social security numbers, IT security is a must to prevent breaches and data loss. Here are some top tips to keep your tax business and your clients safe.

Don’t Get Phished

Phishing emails are one of the most common ways hackers target businesses through email according to the Internet Security Threat Report Volume 24 by Symantec. “Employees of smaller organizations were more likely to be hit by email threats- including spam, phishing, and email malware- than those in large organizations,” according to the report.

Learn how to recognize phishing emails and train your employees to do so as well. Emails from unknown sources, especially those coming from someone pretending to be the Internal Revenue Service (IRS), e-Services, a tax software provider, or cloud storage provider should be deleted. Be sure to never open any link or attachments in suspicious emails as this is how the bad guys access your email and network. Note that the IRS never initiates initial contact through email with tax professionals regarding returns, refunds, requests for PII or other sensitive data.

The Symantec report does offer some good news in that “Phishing levels declined, dropping from 1 in 2,995 emails in 2017, to 1 in 3,207 emails in 2018.” This may be the result of better training and anti-phishing software. Be sure to keep your employees trained so your business isn’t phished.

Draft Your Data Plan

Every business, especially those in industries that are highly regulated or those that are often targeted due to the sensitive information they handle, should create a data security plan. When it comes to tax professionals, your security plan should use IRS Publication 4557, which addresses the proper safeguarding of taxpayer data. You will also want to look at Small Business Information Security- The Fundamentals developed by the National Institute of Standards and Technology, a non-regulatory federal agency charged with promoting U.S. innovation and industrial competitiveness.

These standards outlined in these publications will help you develop a data security plan that meets rigorous standards and the individual needs of your tax business. If you need assistance developing a data security plan, third-party vendors such as ORAM Corporate Advisors can handle this for you through an IT assessment.

Security Software

You’ll need to review the internal controls your business has in place to protect its data. Start with installing anti-malware and anti-virus software if you haven’t already done so, or if you have, you may want to update the software you have in place. This will need to be done on all of the devices used for business from laptops and desktops to routers and tablets. Don’t forget about your phones as well. Be sure to keep your security software set to automatically update as software companies push out updates and patches regularly.

Powerhouse Passwords

Be sure to use passwords that are powerful. Use a mix of at least 8 or more upper and lowercase characters, numerals, and signs in your passwords. Ensure your passwords are strong and unique for each different login you have. While this might seem overwhelming, there are a number of password managers available that can help you keep them all straight.

You will also want to password protect every wireless device in case of loss or theft. Use a phrase or words that are easily remembered and periodically change your passwords. Finally, never use old passwords and use multi-factor authentication wherever possible. Be sure to train your employees on these password best practices as well.

A Prescription for Encryption

In addition to strong password protections, one of the best ways to secure data in your tax business is to encrypt sensitive files and/or emails. In a worldwide survey of businesses by Statista, encryption was “employed extensively” by 63 percent of enterprises in 2018. Another 24 percent of businesses survey by Statista said encryption was partially deployed in their company databases. There are many types of encryption software to choose from. At ORAM, we recommend Mimecast for email encryption. For full-drive encryption, ORAM recommends eSet Endpoint Encryption so you can encrypt your sensitive files when they are in storage.

Back It Up

Be sure to back up all of your sensitive data to protect your business in the event of a disaster scenario. Ransomware is rampant, viruses can infect your network, and natural disasters such as fires and hurricanes can wipe out your data. To ensure that you always have access, have a backup plan in place and know exactly what you are backing up and to where. See ORAM’s blog on “The Biggest Backup Mistakes Businesses Make” to learn what to avoid.

Proper Disposal

Make sure that when you dispose of data, it’s being done so properly. Whether you are super shredding hard copies of data or replacing old computers, be cognizant of how you do it. All of your old computer hard drives should be wiped clean or destroyed before you dispose of them. This is also true of printers which can also store sensitive data.

Limit Access

Limit access to taxpayer data to only those employees who require it to fulfill their job duties. This is meant to protect both your client data as well as your own business. While many breaches happen due to outside sources, internal threats are still an issue in organizations around the world.

As a matter of fact, an online article from Security Intelligence reported that insider threats account for nearly 75 percent of security breaches. Disgruntled employees, those recently let go, and others may be ready to turn on your business to make a buck or out of spite. In the IT world, this limited access is known as the practice of least privilege. Be sure to employ it to protect your business from insider threats.

Check Your IRS e-Service Account

Be sure to check in on your businesses IRS e-Service account on a weekly basis. This allows you to ensure that the number of returns your business has filed with its EFIN is correct. If there are any discrepancies with the number of returns filed, contact the IRS immediately. Additionally, you will want to report any data theft or loss immediately. You will need to determine the appropriate IRS Stakeholder Liaison with whom to report the loss.

Keep In Contact

Stay in contact with the IRS and keep abreast of new developments though a subscription to the e-News for Tax Professionals, the latest national and local IRS news. QuickAlerts sends important messages, within seconds, to keep you up to date on the events that affect authorized IRS e-file providers like you. You can also keep in contact with the IRS through various social media as an authorized IRS e-file provider.

The IRS also has a Data Security Resource Guide for Tax Professionals that details the signs of data theft, teaches you how to report data theft to the IRS, and provides a number of data theft links. We recommend all tax professionals download the guide and read through it so you are prepared for a worst case scenario. This way you won’t be struggling for resources when you’re already under stress.

If you need more assistance securing the data of your tax business, please contact ORAM today at (617) 933-5060 or visit us online. We are happy to schedule a free initial consultation to get your tax business on the road to better security fast.

The Biggest Backup Mistakes Businesses Make

March 22, 2019 by securewebsite

Companies rely heavily on technology for their day-to-day operations – from customer service and ordering to manufacturing and accounting. Consider the technology, from hardware to software, your business uses to keep it moving forward every day. Now imagine what would happen if something went wrong and it stopped working. Whether a virus has paralyzed your operating system or a hacker has infiltrated your network, could you recover quickly to keep your business functioning? How will you recover lost data files crucial to your daily operations?

Disaster scenarios are not anomalies. Unfortunately, it happens on a regular basis and can have serious implications for businesses. This is why backup is so imperative to today’s business operations. While you may be thinking that you’re covered because your business has data backup, you might be surprised to know that this may not be functioning the way you think it is. There are several mistakes modern organizations make when it comes to data backup that every business owner should know about how to stay on top of their business backup.

Know What You Need

According to a piece in Small Business Trends online, more than half (58 percent) of small businesses are not prepared for a data loss. The article goes on to show that 140,000 hard drives fail in the U.S. each week. That’s right. Each week. Furthermore, it states that 60 percent of small to medium businesses that lose their data shut down within six months of the loss.

“On average, small companies lost over $100,000 per ransomware incident due to downtime,” according to an online article by CNN Business. “For one in six organizations, these attacks caused 25 hours or more of downtime.”

Businesses need to understand the massive impact system failures, regardless of the cause, can have on their operations. One of the first things business leaders should do to properly prepare their backup and disaster recovery (BDR) plan is ask themselves the following questions:

What data is mission critical to my business? Consider customer records, inventory, accounting, etc.
Where is that data stored, which systems run those applications, and how is it currently being backed up? Think about where business critical data is being stored, how often it is being backed up, and if your company regularly tests its backup systems.
How much data can my business afford to lose and how much downtime can it handle without long-term consequences? The answer to this question is your recovery time objective (RTO). How long can your business go without being able to process sales, manufacture products, provide services, pay employees, invoice clients, etc.? How quickly do you need to be able to rebound from such a disaster to prevent a loss of revenue, clients, and reputation?

The answers to these questions will help you outline the backup and disaster recovery needs specific to your business. Your IT manager should be able to answer all of these questions. If you don’t have an internal IT manager, a professional third-party IT vendor such as ORAM Corporate Advisors can help you formulate and implement a BDR plan that works for your business.

Cover Your Cloud

Another big mistake people make is not backing up what they have stored on the Cloud. The Cloud is not just some empty space where things are stored. It is actually a third-party storage option. In other words, instead of storing things on your own server, your things get stored on someone else’s server.

You need to ensure that you don’t forget to back up your Cloud email, storage, and files. I would not trust a third party to maintain that data for me. At ORAM, we recommend Backupify as a terrific back up option for everything you have on the Cloud.

Though you have stored all of this information on the Cloud, backing up that data is important for a variety of reasons. First, you may need to back up that information to meet industry standards or government regulations. You also want to be prepared in the event your business is attacked by a virus, ransomware, or other hack. Additionally, there are disasters that can unfold such as earthquakes, hurricanes, fires, and others that are beyond your control that can negatively impact your data. Internal threats such as disgruntled employees can compromise data that is imperative to your business as well by simply deleting it. Backing up your software as a service (SaaS) avoids, or at least reduces, the impact of such devastating crises.

Testing, Testing, Testing

One of the biggest backup mistakes people make is not testing their backup systems. Businesses will install applications or programs and let them go to work. They fail to define what exactly is being backed up and then they never test it.

For example, consider some of the online services businesses use such as Carbonite. Back in the day, Carbonite didn’t back up their QuickBooks files. People would install the software on their computers and think everything was backed up but, lo and behold, it wasn’t. Databases, like QuickBooks, were not getting backed up because the file was constantly in use by other software, therefore, they weren’t able to take a snapshot to back it up.

To date, some backup programs like Carbonite don’t backup everything you may need to have restored in the event of a disaster scenario. While some software is very good at backing up common files such as documents, photos, and spreadsheets, they can fail to backup less-common file types such as secondary files or files larger than 4GB. When it comes to backup, this could put a real damper on your business operations should the worst happen.

Backup testing should be fully automated so as not to pull human resources away from your business operations. The automated system should test backup and restoration services for the following:

Virtual Machines
Applications
Databases
Individual Files

Ideally, your automated backup testing should occur each time your system is completely backed up though this rarely happens. Backup testing should happen on a regular basis not only to ensure that backup is happening as it should but also that it can handle the additional data your company is creating as your business expands.

Additionally, testing should do more than just check that your data is being backed up. It should also test your recovery so you have information about the length of time you can expect to be down if your system is struck by disaster. This allows you to be specific with your clients, partners, and others about when they can expect your systems to be functional again rather than giving an arbitrary message that your system will be up and running again “soon.”

Backup Everything You Need

Another thing I would say is a backup mistake people make is not taking a full snapshot of their environment. As an example, for a long time people did file-based backup. They simply backed up the files on their computer. In reality, you don’t want to backup just the files on the computer.

Using an old-school analogy, you want to put the tape in the VCR and hit play. That’s what we call a snapshot. We say, “Ok. This device has failed. Let’s do a restore to a point in time and then we can just go from there.”

In the era of ransomware, crypto viruses, and other threats to business operations and data, you want your business to be able to be back up and running as fast as possible. Whether it’s a server or a computer, you need to be able to hit that VCR play button for a certain point in time. This allows the business or the person to move forward as fast as possible.

This environmental snapshot is important. Statistics from World Backup Day, which occurs on March 31 each year, shows one in 10 computers is infected with viruses each month yet 30 percent of people have never backed up their data. This statistic alone demonstrates the importance of having automated backup software such as Mozy working on a regular basis to protect your business.

How can these mistakes be avoided?

The best way to avoid these common business backup mistakes is to ensure you have proper procedures in place that meet the specific requirements of your business and that they are functioning properly. Confirm that your business network is backing up weekly and consistently test a full restore of your systems to ensure that everything is backing up, so you never have to worry. Check to ensure that your data is not only being backed up regularly and backing up everything, but be sure that your recovery plans are functioning smoothly as well.

Be sure to do your homework when looking for the best backup and recovery plan for your business. PC Magazine put together a piece in January, “The Best Cloud Backup Services for Businesses for 2019” with a full chart of backup software options in the Cloud. The chart compares various software with ratings for everything from price to encryption in transit and regulatory compliance.

Check with your internal IT manager or consult with a third-party IT vendor such as ORAM Corporate Advisors to make sure you have the right processes and procedures in place. This third-party consultant can also help you with regular testing to make sure your network is backing up as it should and that your recovery system is also functioning effectively and efficiently. They can make software recommendations based on the unique needs of your business. For many businesses across several industries, such testing can also achieve regulatory compliance requirements as well.

If you have questions about developing a backup and disaster recovery plan, implementing it, or for testing, please call the experts at ORAM at (617) 933-5060 or contact us online. Schedule your free initial consultation today to achieve your IT goals within your budget.