Oram Corporate Advisors

The Necessity of Dark Web Monitoring

September 16, 2019 by securewebsite

Protect your identity and business with a consistent watchdog service

We’ve all read about the constant barrage of cyberattacks on businesses and the nightmare that comes from having your personal identity stolen. There are ways to reduce the odds that your business will suffer such an attack or that your personal information will be hacked. One of the best methods for protecting both your business and your identity as well as that of your family is consistent monitoring of the Dark Web.

What Is the Dark Web?

The Dark Web is just what it sounds like. It’s the shady side of the internet. The Dark Web lays in a sub layer of the internet known at the “Deep Web.” This is a place hidden from conventional search engines where criminals often roam searching for their next victim.

Believe it or not, common search engines including Google, Bing, and Yahoo simply scratch the surface of what is actually available online. Such search engines hunt just .04 percent of the indexed internet. The other 99.96 percent of the web consists of databases, private academic and government networks, and the Dark Web, according to ID Agent, which provides comprehensive threat intelligence and identity monitoring solutions for both individuals and businesses through ORAM Corporate Advisors.

What Threat Does the Dark Web Pose?

Not only is the Dark Web a place that threatens your personal identity but it can endanger your business as well. This is a place where the signature pieces of your personal identity (name, date of birth, stolen passwords, and even social security numbers) can be sold daily to the highest bidder. Everything from your credentials such as email logins, passwords, and usernames can be found there.

With such personal information, criminals can hack your email, your bank accounts, and more. They can open new credit card accounts in your name without your knowledge and rack up untold sums of debt before you’re even aware there’s a problem. The threat of personal identity theft can extend beyond you as well to other family members such as your spouse, your children, and your parents.

The loss of such personal information can be devastating to your business, too. Critical business information such as business applications, email, and other online services can be penetrated with your personal information. Logins and passwords can be changed, business information can be accessed and stolen, and your organization can be brought to a complete halt with the personally identifiable information (PII) bad actors are hocking on the Dark Web. Read the ORAM blog “The Dark Web: What It Is, How It Impacts Your Organization, and Ways to Protect Your Business” for more detailed information about the severity of the threat your business faces as a result of the Dark Web.

Protecting Yourself, Your Family, and Your Business

The most effective way of protecting your PII, your family members’ PII, and your business is through Dark Web monitoring. ORAM uses SpotLight ID, which employs Dark Web ID, to monitor your identity and that of your covered family members. Through leveraging Dark Web ID, ORAM focuses on the cyber threats specific to you and the environment you work in. Our proprietary software continuously monitors the Dark Web and the digital criminal underground to determine if our clients’ credentials have been exposed.

With SpotLight ID, ORAM searches for your personal information on the Dark Web. If found, your data is harvested to protect it from typical hacker sites such as Pastebin. Many such sites frequented by cybercriminals require a membership and credibility to enter. Our monitoring system allows us access to search more than 500 internet relay chatroom (IRC) channels, 600,000 private websites, and 600 Twitter feeds utilized by bad actors.

Furthermore, SpotLight ID executes 10,000 queries daily to help monitor and protect your identity and those of the people you love. We also monitor and source information from hidden theft forums, peer-to-peer file sharing programs and networks, and social media. We can even find compromised data harvested through botnets and command and control (C2) servers.

Be On Alert

If your information is identified on the Dark Web, we notify you immediately. This allows you the opportunity to change your logins and passwords before cybercriminals can take advantage of the information they have. This also gives you time to consult with your business’s internal or external IT team as soon as possible to determine if a data breach or cyber incident has occurred using your credentials. Such monitoring and notification can buy your business the time it needs to change your username, login, and password before cybercriminals can strike against it.

In addition to monitoring the Dark Web for your PII, ORAM will alert you if someone actively targets you or your covered family members’ social media profiles. You’ll also receive instant updates, alerts, and access to your credit from all three major credit bureaus if something changes with your credit or that of your covered family members.

Monitoring of the Dark Web also gives you peace of mind that your identity and that of family is covered. With a team of U.S.-based Certified Identity Restoration Specialists, ORAM will work to completely restore your identity should the worst happen, even if the issue began before you enrolled for coverage. You can take even more comfort in knowing that with SpotLight ID, you have up to $1 million in identity insurance to cover related restoration expenses if needed.

If you are interested in learning more about SpotLight ID or registering in one of our affordable and flexible plans, contact ORAM Corporate Advisors online now or call us at (617) 933-5060. The cybersecurity experts at ORAM are here to protect you, your family, and your business from the threat of cybercrime.

The Modern Office: Why a Strong IT Foundation Should Be the Basis of Your Business

August 27, 2019 by securewebsite

Business builds itself from the ground up. Your business internet technology (IT) is no different, which is why your foundation is so critical. The modern office revolves around having strong IT in place. From communications to automated business processes and protecting valuable company data, your foundation is imperative to your organization’s ability to not only thrive but survive.

Without a strong foundation, your business risks everything: Being hacked; watching valuable data be stolen, held ransom, or destroyed; and experiencing crippling downtimes when systems fail to function properly, costing your organization money every minute your employees can’t function. A strong foundation will help protect your company from experiencing such destructive problems and allow it to keep functioning smoothly even through inevitable IT bumps in the road.

What is Foundation in IT Terms?

At ORAM Corporate Advisors, we view the foundation as the nuts and bolts of your operation. We consider that to be your firewall, your switches, and your wireless access points. This is the core of your network. These are the things that have to be 100 percent reliable all the time and what literally makes the world go round for your business.

Firewalls as a Gateway

The gateway in and out of your network is your firewall. When it comes to the network security of the modern office, the firewall is your first and best line of defense. It monitors and controls both incoming and outgoing traffic on your network based on the security rules set for it. What rules are employed depends on how your company operates, the security it requires, and industry regulations. The best firewalls are “smart firewalls” which are capable of configuring, monitoring, and managing network traffic on the fly.

An average firewall is a hardware device or even a software program that is a barrier, a wall, between your systems and network and the internet. Its purpose is to limit unnecessary communication between your computer network and the internet.

Smart firewalls offer much to your business in terms of additional protections. Today’s modern office should employ smart firewalls as they include:

Antivirus, Antimalware, and Limited Spam Filtering
Deep Packet and Stateful Inspection
Packet, Adjustable Content, and “Default to Now” Traffic Filtering

The IT experts at ORAM can configure your smart firewall to maximize its protective benefits for the specific needs of your business. This ensures there are no gaps or vulnerabilities in your security settings that could allow a hacker to infiltrate your business system. We also take the time to keep your firewall current and patched.

Switches: Your Business Connection

Network switches are another important piece of your modern office network. This is the link, if you will, that connects devices on your network. It’s the switches that receive, process, and forward data moving in and out of your network so that it arrives at its proper destination.

The most common switch among business networks is one that handles Ethernet traffic. That is to say, the switches that connect your business to the internet. Without such switches, your business would become a proverbial island and your business data from email to invoicing may not function properly.

In addition to traditional managed switches, “smart switches” are an evolving option that can offer some management and security. They can be cost-effectively used in large networks as a supplement to managed switches or can be included as the main infrastructure in smaller networks. Smart switches can allow your business to segment its network into workgroups by creating a virtual local area network (VLAN).

Wireless Access Points

Wireless local area networks, or WLAN, are created by using a wireless access point device. These WLANs are typically found everywhere from homes and restaurants to modern offices and large buildings. They provide wireless access to the network for devices such as laptops, printers, and cell phones in a designated area such as your office. This enables your employees and customers to stay connected on a secure wireless network that is isolated from the core network in your office. You can also open or limit wireless guest access to specific applications or times of the day.

Recommended Foundation Hardware

The foundation of the modern office is also cloud-based. This allows you to know more about what your end users are doing and how traffic is flowing. Traditionally, you’d have to look back through logs and that is a time-consuming process. The modern office can’t afford to sit idle while the IT staff sifts back through logs to determine where things went wrong. Smart firewalls, switches, and access points provide real-time information through cloud-based systems that allow us to make the best decisions with up-to-date information.

At ORAM Corporate Advisors, we recommend using Cisco Meraki for all of those devices because it’s one of the most reliable cloud-based systems to date for business networks. This is important because it is the foundation of your business. User management, connectivity, and the like don’t matter if you and your employees can’t even access the internet.

Without a strong foundation, your business floor will drop out from beneath you. Commerce, trade, and services for your organization will come to a screeching halt without a strong foundation. Though integrating a strong network can be costly, it is the most important investment you will make to keep your business moving forward.

Ensuring a Strong Foundation

There are several key components to developing and maintaining a strong IT foundation in the modern office. Those include the following:

Make sure your firewall(s), switches, and wireless access points are current, up-to-date, and are running the latest firmware.
The hardware needs to be current as well. Is it still being supported and warrantied by the manufacturer?
Can your network handle your current business needs and still allow room for growth?

For everything you do or that your employees do, your foundation is key. By ensuring that you have the major components from your firewalls to switches and wireless access points in order, you can keep your business moving forward smoothly at all times. If you need assistance with building or bettering your business foundation, contact ORAM online or call us today at (617) 933-5060.

Saying Farewell to Windows 7: Why It’s Time to Move On to an Updated Product

July 20, 2019 by securewebsite

In the Fall of 2018, Microsoft announced that its Windows 7 product would experience its end of life as of January 14, 2020. This will have major implications for businesses as Microsoft will stop providing free Windows 7 support such as security updates. That means business leaders will have to choose between paying Microsoft an annual fee per device for updates and support to maintain Windows 7 or businesses will have to move on to an updated product such as Windows 10. This blog outlines what the end of life for Windows 7 will look like for the consumer, what your options are, and what the experts at ORAM recommend.

End of Life

Just as the human body runs out of steam and becomes too old or sick to continue to function properly, the same is true of technology. Newer, safer, better versions become available so the old technology typically goes the way of the Dodo. This is due to the fact that software manufacturers don’t have the manpower to continue to produce updates and provide support for older products as newer versions become available.

According to a June 2019 update for the Windows Lifecycle Fact Sheet, “Every Windows product has a lifecycle. The lifecycle begins when a product is released and ends when it’s no longer supported. Knowing key dates in this lifecycle helps you make informed decisions about when to update, upgrade or make other changes to your software.”

Extended Support Updates

While the end of life for Windows 7 is set for January 14, 2020, businesses not yet ready to make the switch to a newer version of Windows can opt-in for Extended Support Updates (ESUs). Businesses should be prepared as this extended support is expensive, especially for businesses that have numerous computers, and the cost will continue to increase over time.

For example, the first year of ESUs (January 2020 to January 2021) will cost $25 per device for Windows Enterprise and $50 per device for Windows 7 Pro. The second year of ESUs (January 2021 to January 2022), this cost will double and, by year three, it will double again.

In addition to the extraordinary cost for ESUs, the older versions of Windows won’t have the same capabilities on some newer devices which, again, limits its use.

“Prior versions of Windows, including Windows 7 and Windows 8.1, have limited support when running on new processors and chipsets from manufacturers like Intel, AMD, NVidia, and Qualcomm,” according to Microsoft. “A device may not be able to run prior versions of Windows if the device hardware is incompatible, lacks current drivers, or is otherwise outside the original equipment manufacturer’s (OEM) support period.”

Microsoft makes it clear on its site that, “If you continue to use Windows 7 after support has ended, your PC will still work, but it may become more vulnerable to security risks and viruses. Your PC will continue to start and run, but Microsoft will no longer provide the following support for your business (unless you pay the extra annual fee per device): No technical support, no software updates, no security updates.”

What it all boils down to is that without the continued support for Windows 7, businesses are putting themselves at a much higher risk of experiencing a breach or data loss.

It’s Time to Upgrade

In order to avoid security risks and viruses, Microsoft recommends that you upgrade to Windows 10. At ORAM, we agree with Microsoft’s recommendation that it’s time for businesses to make the move to an updated software such as Windows 10. Not only does keeping Windows 7 put your business at a higher security risk, which may put you out of regulatory compliance in some cases, but the cost of ESUs is prohibitive for most businesses and will likely cost your business more money in the long run than it would to upgrade, depending on your individual circumstances.

The software system of Microsoft 7 is very dated. It’s been out for 10 years now and Microsoft can’t maintain so many operating systems. To stay on the cutting edge of technology and save money, it behooves business leaders to upgrade their software.

Hardware Upgrades

In addition to software, now is the time to also take a good look at your business hardware. We recommend new hardware every three to four years to keep up with manufacturer warranties. We want to make sure our clients have hardware that is up to speed, can be effectively managed and is warranted by the manufacturer.

For machines more than a year old, ORAM recommends a hardware upgrade. The reason for this is that there is more activity happening online than there was just three years ago. This means consumers, the clients your business serves, use the latest technology and expect your business is doing the same. For example, voice recognition technology has made huge leaps and bounds in just the last couple of years and consumers are using it more every day.

If you make the move to upgrade your software without upgrading your hardware there are many steps to making the change. This can be costly in terms of IT hours and services. For starters, you’ll need to remove all information from your computer, install the new operating system, reinstall all applications, and then bring your data back over. The cost of that can be quite prohibitive as it can take three to four hours per device to make these updates to older hardware.

Installing new hardware with the new software already on board is more cost effective. It allows you to simply upload the apps you want and add your data. You’re all set to move ahead from there and it takes much less time. Of course, for ORAM clients on managed services contracts, installing new hardware and migrating data is part of our monthly services.

Beat the Rush

At ORAM, we recommend that our clients start getting ahead of replacements and upgrades now as hardware may end up on backorder depending on the increase in demand as we approach the end of life deadline. Additionally, you can expect that the cost of new hardware and software may even increase the closer we get to January. Also, you’ll want to schedule your managed services provider to perform updates and the swapping of hardware as soon as possible before they get completely booked.

For more information about end of life for Windows 7, software and hardware upgrades, or managed services, please contact ORAM Corporate Advisors now at (617) 933-5060 or visit us online.

The Modern Office and Connectivity: Why Access to IT Drives Today’s Businesses

June 13, 2019 by securewebsite

As we discuss what makes the modern office function fluidly, we cannot overlook the importance of connectivity. While the end user sees only a portion of internet technology (IT) that actually exists, the fact of the matter is that IT is the driving force behind today’s modern business. Not only does connectivity allow employees the access they need for top productivity, but it provides clients, customers, and business partners the doorway to the information they require as well.

Connectivity is all about how every one of us gets the information we need every day from email to secure remote access. When it comes to getting your end users access to corporate information securely and consistently, connectivity is key. It is connectivity that allows us to perform the normal, day-to-day operations of our business effectively and efficiently.

Email Access & Connectivity

Email access is a necessity in the modern business world whether you are working on your desktop at the office, your iPad on the subway, or your laptop at home. Connectivity allows businesses to provide every employee unified email access. With the latest IT, your business can provide fully synchronized connectivity across all devices at all times with all employee contacts, calendars, and email.

In today’s modern office, your workforce can access email from their smartphones, smart watches, tablets, laptops, and desktops with certainty. This means higher levels of productivity, ease of use for the end user (i.e. every employee), and flexibility, all protected with the level of security your business requires.

Not only is email access important for your employees but consider your business partners, subcontractors, and consumers. There are many people clamoring to communicate with your business on a daily basis and email is the lifeline of much of that communication. Without the right connectivity, your business partners may not be able to close the deal without immediate access to all team players; service providers won’t be able to access what they need to get your job done; and consumers may become so frustrated that they seek out other businesses that are connected to fulfill their needs.

File Access

Connectivity allows the modern office to have secure access to a variety of systems. For example, you can provide your employees with secure access through a virtual private network (VPN). Connectivity also gives them access to files through cloud-based systems such as OneDrive, SharePoint, Box.com, or Dropbox to name a few.

In many industries, businesses also require the ability to share access to information with organizational partners. When you need to share proprietary information securely with subcontractors and other business partners, which is the case in many industries, connectivity is there to achieve your goal. The right connectivity also allows this to be done so securely.

Meeting Customer Expectations

The modern consumer is incredibly tech savvy and they expect businesses to be the same. This means every business from the small mom and pop to the multinational corporation are expected to provide the same level of connectivity. No longer does the work day run 9 to 5. Customers want access to businesses around the clock and they have the voice to demand it.

The 2018 Deloitte GLOBAL Human Capital Trends report shows important changes facing business leaders worldwide. One of those is in the strength consumers now have, making business connectivity more important than ever. Deloitte’s global survey of more than 11,000 business and human resource leaders shows the “shift in power to the individual is being propelled by today’s hyper-connected world, which enables people to track information about companies and their products, express their opinions to a wide audience, and sign onto social movements, globally and in real time.”

Today’s consumers want to be able to connect with businesses instantly, get answers quickly, shop, and more, both day and night. Customers want to connect with your business on all levels. What’s more, they expect your business to provide that connectivity for them on any device they choose to use.

In order to retain clients and customers, connectivity is an absolute necessity, especially in industries such as retail, education, and finance. Not only will you need the right hardware and software to meet customer demands, you’ll also need business processes and the network infrastructure in place to implement connectivity. Connectivity can be achieved affordably allowing every business to draw in new customers, meet their expectations, and retain them.

The Future is Now

There was a time when businesses simply needed a website, telephone number, and/or email address for people to reach out to them. That is no longer the case. Mobile technology has exploded which has led to the need for businesses to be available 24 hours a day. With the “always on” mentality of the modern business world and the drive to meet customer expectations, connectivity has become the right hand of business. Now is the time to ensure your connectivity is up to par as the future has arrived.

What You’ll Need

In order to meet the connectivity expectations of employees, business partners, and consumers, you will need to implement several elements of connectivity. Begin by looking at your hardware. Are your computers, servers, modems, printers and other hardware up to date? If not, or if they are nearing their end of life, don’t wait to upgrade otherwise you may find your business falling behind the times and that can lead to a loss of customers and revenue.

You’ll also need to look at your software. This is a banner year for software changes. Several companies such as Microsoft will be allowing software programs to pass into their end of life cycle over the next few months. This means companies will be issuing new software programs to replace the old. Be ready in advance for changes because if not, your business could be at risk for breaches since updates to old software will stop being issued. Up-to-date software is a prime element of strong connectivity.

Cloud applications are also imperative for effective connectivity. A cloud application is a type of software program where local components such as your existing hardware and software function cohesively with cloud-based programs. This means your business will have to rely, at least to some extent, on remote servers and the internet. This piece of connectivity can make file sharing like that mentioned above simple.

Mobile apps are also becoming mainstream for modern businesses as well. Whether you are a retailer hoping to capture consumers online and allow them to shop anytime or you are a financial institution that wants to promote e-trading directly through your clients’ mobile devices, you can have an app constructed for your business. Whatever your need is to reach your target customer and keep them engaged, there’s an app for that. Many third-party service providers such as ORAM offer mobile app development for businesses at surprisingly affordable rates.

Social media is another piece of the connectivity puzzle that many businesses fail to recognize or utilize to its full potential. Modern businesses introduce their brand, express their values, and cultivate higher sales through the use of social media from Facebook to Twitter and LinkedIn to YouTube. Such social media platforms offer businesses the opportunity to connect with consumers, praise hard-working employees, tout their products and services, boost their brand recognition, and so much more.

Changing Connectivity

Just as your business plan is a living document, your connectivity will need to grow and adapt to the demands of your business and the outside world. Connectivity is never static and your business will have to be ready to change with the times. For example, even small businesses are realizing that they have substantial bandwidth requirements to meet their connectivity needs. Standard broadband is becoming a limitation with today’s high-speed world.

You may also find that you need to revisit your software licensing or usable hardware to facilitate the growth and speed your business requires. After all, the plan is to grow your business which means more hardware, software, and connectivity. The expectation is that the demands of connectivity will only continue to grow and morph as technology changes and continues to expand.

Competing in a Competitive Marketplace

When it comes to business, competition can be fierce whether you are aiming to garner more clients, increase sales, or hire an effective workforce. You need to ensure your connectivity is in top condition to achieve your business goals regardless of what they may be. The truth is that all businesses require connectivity to gain and maintain a competitive advantage in today’s marketplace. Furthermore, it will allow you to raise awareness of your brand, provide you further reach, and allow your employees to achieve more.

If you want to learn more about how to improve your business connectivity, modernize your office, or talk about your business IT needs, contact ORAM at (617) 933-5060. You can also connect with us online.

Bring Your Own Device vs. Enterprise Devices

April 20, 2019 by securewebsite

Why Businesses Should Make the Investment for Employees

Mobility has become a major asset for modern businesses. It gives companies an edge when employees can work from anywhere with remote access on any device ranging from a cell phone, tablet, smartwatch, or laptop. Mobile technology has enabled unsurpassed flexibility in the workplace the likes of which the world has never seen before.

But as Spiderman’s Uncle Ben said, “With great power comes great responsibility.” When it comes to mobile devices, many business leaders wonder which is better: Allowing employees to bring their own devices to work or dropping the money to provide enterprise devices to all employees.

The Advancement of Technology

The development of the smartphone has shifted the way people communicate on a daily basis. In a recent survey conducted by Zinwave, “Over 85 percent of respondents, which included more than 1,000 office workers within the United States, utilize their cell phones on a weekly basis, at a minimum, for external communications, and usage was only slightly lower for internal communications.”

Not only do modern workers use their phones for voice capabilities (i.e. phone calls), but they use email through their phones as a prime form of communication. The aforementioned Zinwave study found email was the preferred means of external and internal communication for people while they are at work.

The ability to access the internet, company information, and messaging services (text) has made smartphones and tablets a necessity when it comes to productivity in modern business. “For example, 65 percent of industrial and 62 percent of healthcare workers utilize work-related data daily for a variety of applications,” according to Zinwave.

Technology has removed boundaries, improved flexibility, and enhanced communications with lower overhead costs. It can be tailored to the user experience and specific needs of any business. Mobile technology has even allowed organizations to increase their revenue potential.

“In our information-rich society, there are two critical types of interactions that must be fostered: employee empowerment and customer engagement,” according to the blog “6 Ways Mobility Can Transform the Workplace” by iOffice. “For many, mobility has become the backbone of their interactive strategy.”

The BYOD Market

According to an online article at GlobeNewswire, the U.S. BYOD market size was $30 billion in 2014 and is expected to grow 15 percent by 2022.

“Declining hardware prices, increasing mobile user workforce, and high smartphone penetration are the factors responsible for increasing BYOD market share across the region,” according to the article, which sourced BYOD research by Global Market Insights. “Increasing personal technology along with IT consumerization is also expected to boost the industry.”

While the popularity and benefits of mobile devices speak for themselves, business leaders must consider whether to allow BYOD or provide the devices for employees. Traditionally, BYOD was a highly accepted practice. Recently, there has been a move to corporate owned, personally enabled devices (COPE), the practice of organizations providing employees with mobile devices due to concerns over security, IT compatibility, and legal issues over user privacy versus company control.

At ORAM Corporate Advisors, our recommendation for mobile device management is that every employee should have a corporate-owned device. With an enterprise device, you can manage all of the security, firmware upgrades, software applications, and tracking your employees require to do their job. Additionally, COPE offers many other benefits.

Providing Mobile Devices

When your business owns the line of service for its devices, it has more control. You get to select the devices you prefer your employees to use rather than paying for and having the headache of supporting all device types. Additionally, you get to keep your devices up to date so you aren’t forced to make your network support older devices.

Protecting Your Assets

A study from Wall Street Journal Custom Studios commissioned by Symantec, showed “79 percent of employees admit to engaging in risky behaviors- intentionally or unintentionally- that place corporate data at risk” and “48 percent of employees don’t think about security risks when transferring files or sharing documents over cloud-based services.”

With corporate devices, you’re protecting your business assets. If your business owns the devices employees use, you’re able to wipe them in case they are stolen or lost somehow. This can be done remotely and quickly for theft or loss to prevent personally identifiable information (PII), trade secrets, or other secret data from falling into the wrong hands.

If a device such as a smartphone is owned by the company, you can simply call the phone carrier and wipe the phone’s memory. You request this by stating, “I need access to X, Y, Z employee’s phone. Here are the records that we are authorized to do so.” If the phone is a BYOD that’s accessing the corporate information, your business doesn’t have that same ability. The employee owns access to the account and the functions of that device.

Easy Access & Support

The same is true of the ability to access data easily. This is important when every minute counts in business. Take a smartphone for example. If there are any files, emails, or different communications downloaded to a phone on a corporate account, you’re able to search and query that device on demand. This is an improvement over waiting for an employee to submit paperwork at the end of the month in their call log when you need information immediately.

In addition, employees who use COPE devices have support from your IT department. Employees’ personal devices may not be compatible with your business network which could cause functionality issues. With corporate-owned devices, employees can simply contact IT for assistance.

Regulatory Compliance

COPE devices allow a company to reduce their exposure to security risk as well as legal and human resource issues. With tighter control through COPE devices, your business can implement the security measures it needs to keep its data and network safe. Furthermore, litigation resulting from breaches, loss of data, and regulation non-compliance is reduced.

In a highly-regulated industry such as finance, your business will need to be able to report such instances of loss or theft against that device to regulatory agencies such as the Securities and Exchange Commission. This is especially important should your business be audited or examined by such an entity.

The Money Factor

You may be thinking that providing mobile devices such as phones, tablets, and laptops to your employees is not cost effective, but the fact is that it can be. First, consider that many organizations provide a stipend for employees who bring their own devices. That stipend in and of itself is a cost. If you’re going to have the cost regardless, you should have the control as well.

Group mobile plans are getting less expensive for businesses of all sizes and can be written off as a business expense on taxes at the end of each year. In addition, when it comes to tablets, laptops, and other mobile devices, organizations buy in bulk to get a better price which benefits both the business and the employee. Another option for reducing the cost is to set up a cost-sharing option for both the device and its use with your employees.

Finally, when it comes to keeping your business secure to avoid regulatory penalties for non-compliance, the potential for lost revenue, and easy access to data, the investment up front is worth the return. That sense of security is priceless for most business leaders who wish to avoid potential breaches, lost revenue, and issues that can be caused by disgruntled employees.

The Employee Factor

Consider your best salesperson. If they use their personal devices to access your business information such as sales logs, client contacts, and invoices, they have information that could potentially damage your business financially if they were to leave.

In addition, your salesperson likely gives your clients that personal mobile number so they can contact them if they need anything. If your salesperson were to leave the company, your clients would still call that salesperson who can then easily take your customers to their new company with them. This means a loss of revenue for your business.

Should an employee leave, your business gets to keep the phone number. This means their clients will still be contacting one of your employees at your business through the same phone number. This reduces the odds of lost revenue for your company.

Create Policy & Enforce It

Every business, especially those in highly-regulated industries, should create policies regarding BYOD. This is true regardless of whether you allow BYOD or employ COPE devices in your business. You need a very secure policy and the correct mobile device management in place. In addition, your policy should outline that only legitimate work will be conducted on these devices.

If you need assistance with BYOD or COPE devices, creating policy, or mobile device management, contact ORAM today at (617) 933-5060. Our IT and security experts are always here to help your business grow smart while reducing its risks

The Modern Office and Security: What you need to know about protecting your business and its data

April 16, 2019 by securewebsite

One of the most critical components of the modern office environment for a healthy, scalable business infrastructure is security. It is the cornerstone of your IT for it protects the other components that your company needs to keep thriving and surviving in the modern marketplace. Today’s business security entails much more than just an anti-virus program and requires some pre-planning as well as a regular investment of time.

This blog covers the most important things every business should know about security. Additionally, it includes what business leaders should consider to best protect their organization, data, and clientele. As you will see, having the right security in place can make the difference between growing your business and shutting its doors permanently.

Secured Access

Every business should have secured access in place for both internal and external users on its network. As a modern company, both internal and external users will be accessing your data whether its email or highly-sensitive information not meant for prying eyes. This is important because data falling into the wrong hands can cost your business its reputation, revenue, and even its livelihood.

According to the 2018 Data Breach Investigations Report by Verizon, 73 percent of breaches were perpetrated by outsiders. This means your business data needs to be protected as much as possible and that external access to your network should be limited and monitored at all times. Hackers are always looking for a way to infiltrate networks. Phishing, ransomware, and malware were among the top means used by nefarious outsiders to access business networks in 2018. Of those breaches studied, 90 percent were motivated by monetary gain or strategic advantage (i.e. business espionage).

While you may believe that your business is too small for anyone to care about hacking its data, think again. A report by USA Today shows 61 percent of cyberattacks are aimed at small and medium-sized businesses. The same piece reported that a whopping 60 percent of small businesses close their doors for good within six months of an attack so it’s clear why security is so imperative to business survival in our modern society.

Though most breaches occur due to external sources, insiders can be just as dangerous to your business. Whether due to simple user error or something more insidious such as a disgruntled employee or cyber espionage, the aforementioned Verizon report concluded that 28 percent of breaches involved internal actors. Of those breaches, 12 percent involved privilege misuse. That’s why we always recommend implementing the practice of least privilege. This means allowing access to data only to those who require it to fulfil their job duties.

Email Security

Email is the bread and butter of communication for most modern offices. The use of email for both internal and external communications is a necessity for today’s businesses so securing it effectively is imperative. The issue is that it is also a major point of entry for many attacks.

A blog by CSO from IDG shows that 92 percent of malware is delivered by email. In addition, the blog stated that the average ransomware attack (which often occurs via email) costs a company $5 million. The same blog also stated that phishing attacks is one of the most common methods of email malware infection.

There is email and network scanning software available to help protect your business. At ORAM Corporate Advisors, we recommend Mimecast for email protection. It is a terrific solution to help organizations prevent email-borne ransomware as well as protect against the associated downtime and data loss such attacks can cause. ORAM recommends Mimecast because it “safeguards employee communication and reduces risk with targeted protection, data leak prevention, and enforced security controls.”

Mimecast, which I mentioned above for email and network scanning, is also an excellent solution for data loss prevention. Its data loss prevention solution scans all emails and file attachments and identifies potential leaks using flexible polices based on keywords, file hashes, pattern matching, and dictionaries.

Another piece of modern technology you’ll want to have in place is multi-factor authentication. Multi-factor authentication is a security system that requires more than one method of authentication to verify a user’s identity. This can range from requiring passwords that must periodically be changed by legitimate users to requiring a one-time PIN provided via smartphone for access. It adds an extra step for employees to access your network but it will help ensure your business’ data security.

In addition to software, we also recommend that employee training become a regular event. Every business should offer employee training during the onboarding process and at regular intervals throughout the year (every six months) to every employee. They should be trained not to click on email attachments or to follow links in emails from unknown or untrusted sources. Employees should also be taught to verify emails with links and attachments with a trusted source before opening them if something comes into their email that they weren’t expecting. While this training can take some time, it can prevent a costly breach later on.

Manage Your Network

While securing access to your network is important, managing your network is even more imperative to keep business operations running smoothly. Your network houses your most critical data while supporting the daily workflow and processes of your business. That means maximizing uptime, optimizing network capacity and utilization, and ensuring its protection.

There are a great deal of pieces that comprise your network and all of them need to be addressed on an ongoing, regular basis. Start with a network technology assessment and auditing. This will tell you where your network is in terms of optimization and data security. By assessing where your network is now and taking a full audit, you will be able to tell where your strengths and weaknesses are to tweak it to work at full capacity for your business needs.

In addition to regular assessments and audits of your network, you will need to plan ahead for storage, disaster recovery, business continuity, and more. Here are some of the things that go into managing a business network:

Email Continuity
IT Asset Tracking and Reporting
High Availability Services
Cloud Solutions
Network Design, Implementation, and Support
Data Assessment, Analysis and Recovery
Security and Monitoring Services
Workflow Assessment and Optimization

Up-To-Date Security

Your business should also have up-to-date technology security in place. You will want to ensure that your company has installed intrusion prevention software on all of its data networks to keep hackers from getting their hands on your information. You can check to ensure you have such software in place during the audit process.

The intrusion prevention system we use at ORAM is Cisco hardware that scans on a network level. It scans everything going into and out of your network to ensure that your network traffic is safe. This could catch someone maliciously trying to access your internal network, bad email attachments, and other threats.

In addition, you will want to put together policies for your employees that protect your business. Ensure you have a solid computer use and data loss prevention policy in place so employees know exactly when and for what purposes they can use their company devices. Make it clear what sites they should not visit and what the repercussions are for visiting non-work related sites on business devices.

You’ll also want to have a password policy in place so employees are not using the same passwords for multiple accounts or old passwords that could leave them at risk of being hacked. Passwords also need to be strong so encourage your employees to develop passwords that use letters (both lowercase and capital), numerals, and special characters. There is even software available to prompt your employees to change or update their passwords over time. You may even offer your employees a password manager so they can easily recall their passwords.

Many enterprise businesses are also moving to the cloud. Not only does this allow for greater flexibility for your employees, but it can offer greater data security. When you save both to your local network and the cloud, you have your data backed up. This is ideal in the event of a disaster and will get your business up and running again with less downtime or the worry that valuable information can’t be recovered.

Don’t Forget Your Physical Security

Remember that all data is not digital. Whether you have data files stored in locked filing cabinets or your HR employees are printing personally identifiable information (PII) during tax season, the physical security of your business is just as important as its digital security. You don’t want someone walking out with printed files or sifting through your garbage to steal information.

ORAM recommends that all businesses have a clean desk policy. This means requiring that all employees keep their desk clear of papers, notes, and other information that could lead to a breach or loss of information if it were to fall into the wrong hands. When they are not as their desk, employees should have a clean desk since everything should be put away, hopefully under lock and key.

Businesses should also limit physical access to certain areas such as file storage areas, server rooms, and other places where information is stored. If an employee doesn’t require that access to do their job on a regular basis, they shouldn’t have access. Such areas should be locked with limited persons possessing keys for access. We also recommend adding video cameras at data rich entry points to protect against a physical breach. This small addition will let administrators know who accessed the area(s) and when they did so which will help in an investigation.

Finally, you’ll want to ensure that all data is properly disposed of. Shred all hard copies before tossing paper information and consider hiring a disposal company that handles this type of waste. Don’t leave such waste out on the curb for anyone to take. Ensure the company will come in to gather paper for disposal. In addition, make sure that valuable paper data isn’t thrown into the recycle bin but is shredded before being thrown out. When it comes to cyber espionage, dumpster diving isn’t unheard of.

Have a Plan

Every business should also have a written information security plan (WISP) in place. It should include everything from regular IT audits to employee training. There are many mistakes that businesses make when it comes to backup that are completely preventable. Your WISP will outline effective administrative, technical, and physical safeguards specific to your organization to help prevent such mistakes. It will also define security measures for your business, protect against anticipated security threats, and unauthorized access. The WISP for your business will put safeguards into place to protect your data. It will also help you and your employees know exactly what to do and who to contact if disaster strikes.

If you need help with securing your modern office or want more information about building stronger security for your business, contact ORAM today at (617) 933-5060. Our experts are always here to assist you in bettering your business and data security.