Facebook-f Twitter Linkedin-in

proprietary data

Budgeting for Technology in the New Year

by

How to squeeze the most out of your IT and save your business money

With the New Year in full swing you’re probably preparing to implement your updated information technology (IT) plan. As a business owner or leader, you probably have many questions such as, “How much should my business budget?” You may also be wondering if you’re making the most of the IT you already have in place. In this blog, we break down what every business should be budgeting at the very least as well steps for ensuring your business has the technology it needs and that your network is as secure as possible.

Cloud Computing
If your business has not yet migrated to the cloud for your email and other services, now is the time to do so. There are several reasons it is best for businesses to move to the cloud. From saving money to better data security, cloud computing offers a ton of benefits to modern businesses.

To begin, establishing and maintaining your own data storage is expensive. Not only do you need to purchase the right hardware and software, but you have to hire people to install it and set it up. Cloud computing allows you to pay for just the services you use and can reduce your IT costs. It is so affordable that is was estimated in research by McAfee that nearly one-third of worldwide enterprises would be using software-as-a-service (SaaS) by the end of 2018. Cloud providers typically charge based on the features you choose, storage used, and number of users. Most also charge for time and memory space. This means you get to select the package that best suits your IT budget.

Cloud computing also allows you both flexibility and scalability. Cloud computing lets your employees work from anywhere they have internet access through virtualization. Giving employees the option to work remotely means you can cut the number of workspaces at the office further reducing your costs. In addition, scaling Cloud computing services is a cinch. You don’t have to spend a ton of money on new servers, storage, and licenses as your business grows. With the cloud, you just sign up for additional storage space or features as your business needs them.

If you store your own data, a breach or disaster such as a fire could devastate your business’s valuable information. With the cloud, your data will always be available as long as users have internet access. Many businesses use the cloud specifically for backup and disaster recovery for this very reason.

Data security is also a top priority in this day and age of hacks, breaches, and ransomware. Email is the lifeblood of most businesses to ensuring it is secure should be a top priority. Storing data and using email on the cloud is often more secure than storing it or hosting on physical servers and data centers in your office. Laptops and desktops can be stolen as can other hardware. Data on the cloud can be deleted remotely or moved to a different account and hackers face a greater challenge in breaching cloud platforms so your data is simply more secure. As a matter of fact, 85 percent of enterprises keep sensitive data in the cloud according to Vormetric.

Finally, cloud computing is one of the most effective ways to promote collaboration and it gives you a wide variety of service options to choose from. Your employees will be able to easily share data, collaborate on projects, and provide updates in real time from the field. Time wasted on repetitive tasks such as data entry are no longer an issue and you get to choose the services your business really needs whether it is abundant storage or software from a wide range of providers.

Leveraging Your Existing IT
Hardware and software can be hugely expensive investments for many businesses. Your business needs to get the most out of every bit of IT it has invested in. For example, you may already be using Office 365 for email but is your business using it for file sharing or collaboration between teams? A network assessment and IT audit can tell you where you have room for improvement, opportunities for growth, and options for cost savings.

A study by Bank of America in 2017 revealed small business owners found the greatest barrier to achieving a balance between work and their personal life involved administrative tasks. Perhaps you have software that can help you automate administrative tasks to help your business free up time. For example, Intuit’s QuickBooks Self-Employed software has an expense management system built right into it. An independent IT auditor can show you how to best use what you already have to meet your organization’s needs without spending more money unnecessarily.

Hardware Replacement
Most businesses cannot afford to replace their desktops and laptops all at once. This is especially true when the average lifespan of a desktop today is between three and five years according to a piece by Chron, an online news source.

“Of course, this number is just a generalization and a number of factors play into lifespan, ranging from the computer’s quality, care, and room for upgrades,” according to the blog, “What is the Life Span of the Average PC?” “For small business owners, every new computer is an expense and an investment, one whose worth over time largely depends on how you use it and care for it.”

Laptops are also a typical expense for most businesses. According to a blog by TechGuided, the lifespan of a laptop will depend on the quality of the product you purchase, how often it is used, and how it is maintained. “A mid-range laptop should probably last around four to five years, though, give or take a year or two depending on how you use it,” advises the piece.

To make such updating of your IT more affordable, we recommend making replacements in quarterly cycles rather than all at once. Your IT personnel or your IT auditor can make recommendations as to which hardware needs to be replaced immediately, which can hold off for a few months, and which pieces still have a good life ahead of them. Based on these recommendations, you can schedule a plan for cycling out old hardware each quarter on a regular basis. This serves to level out your IT spending rather than investing a ton of money all at once.

According to an article by Business.org, businesses should “expect to pay between $400 for a basic model with limited storage space to $3,500 for a top of the line desktop with a large hard drive. Desktops also range in price based on operating system as well. For example, models that run Windows may be less expensive than Apple models. Apple desktops vary in cost from $1,500-$3,500, depending on which features you need.”

The same piece also stated that laptops “range from $300 for the most basic models to $3,000 for high-speed models with large storage capacity. Similar to desktops, laptops also vary in cost depending on which operating system you prefer. Apple laptops tend to fall towards the middle of the price scale, ranging in cost from $1,000 to $2,500. Laptops that run Windows have a wider price range, and cost depends mostly on features and brand.”

The Latest Software
In addition to hardware, businesses will also need to consider the software they are using. When you purchase software, it is licensed to your business and may have an end date to your user agreement. Additionally, software changes over time and there may be upgrades that could benefit your company or even new software that is better than what you have.

This is where the IT audit can once again assist your business with saving money. Your IT auditor can evaluate your existing needs versus the software you have in place. They can determine if you have the latest software or if the software you have simply needs to be patched or updated. A real IT expert can educate you about software to help you achieve your business goals while saving you money. Based on their recommendations, you can choose to either use what you already have or purchase better software to save your business money over the long term.

Email Security
As we mentioned before, email is as critical to business continuity as breathing is to life. That means you need to have quality security for your email. Software such as Microsoft Office 365 and other programs can scan for threats, identify phishing attempts, and filter spam. Programs such as Mimecast offer many of the same advantages and can also aid employees when it comes to identifying websites as safe or unsafe to visit based on URL reputation. Anti-virus, anti-spam, and firewall software are also good to include in your IT plan.

The cost of software will vary by brand and product. For example, a one-year subscription to Office 365 Unlimited Professional is just $99.00 online. That cost covers up to five desktops, five tablets, and five mobile devices such as smartphones. There are also monthly subscriptions to Office 365 Business for as little as $8.25 a month. What you spend will ultimately depend on what software you purchase or subscribe to, how many devices you need to cover, and for what length of time.

Technology Awareness Program
All of the hardware and software in the world won’t protect your business if your employees are not technology savvy. Any IT expert will tell you that regularly-scheduled, ongoing employee education is the cornerstone of securing your business data. This is something that every business should budget for because it’s your employees that can make or break your business.

The cost of security awareness and end-user training will, again, vary from business to business. This is because most companies that handle Technology Awareness Training programs, such as Oram Corporate Advisors, base their rate on how many people are being trained, how in depth the training will be, and how frequently you host trainings. Ideally though, businesses should train every new employee as part of their onboarding process with all-staff training every six months to keep employees updated on the latest threats and how to avoid or combat them. This investment in training will pay off in dividends as each employee becomes more aware of the threats they face and their role in protecting your business.

At the end of the day, how much your business should budget for technology this year will depend on a variety of factors from how you store your data to what hardware and software you have as well as your business goals. If you would like more information about IT asset management, network assessments and IT auditing, or other IT support services, please contact Oram at (617) 933-5060 or visit us online. We can even schedule a free technology assessment to get your business started off on the right foot in 2019.

Ransomware: A Guide for Protecting Todays Businesses

by

Ransomware has become one of the top threats to businesses in today’s global and digital society. It has become such a danger in fact that a late 2017 report from Cybersecurity Ventures predicted that the global cost of cybercrime would reach $6 trillion by 2021 with ransomware playing a major role in that total. Furthermore, Cisco’s 2017 Annual Cybersecurity Report showed ransomware is increasing by 350 percent each year and a business falls victim to a ransomware attack every 40 seconds. Last year’s worldwide attack in May 2017 of the WannaCry ransomware caused complete and utter chaos around the globe and begged the question of what’s next.

So what is a business owner to do? For starters, you must know what you’re up against. Next, there are steps for preventing the threat from opening the door to your business. Here’s your guide to ransomware and how to stop it before it stops your business.

What Ransomware Is
Ransomware is a malicious malware that targets the private files of your business. While malware can cause some annoying problems or create more malicious issues such as reformatting a disk or deleting files, ransomware is different. Ransomware is a malware that infects computers and restricts access to files, stopping businesses in their tracks.

When you run into ransomware, you will know it because it will notify a system’s user that it has been attacked. The notification will come after the damage has been done and your information is already encrypted. A cybercriminal will use the ransomware to demand a ransom, typically money or cryptocurrency, in exchange for the safe return of files. If the funds are not paid, the cybercriminal responsible may delete or publish your private business files. If you do pay, you may still not get your data back anyway as the hacker responsible can simply take the money and run.

Like a virus that can attack the body, ransomware can attack an entire network. And like viruses, ransomware can morph and adapt from the way they spread to the way they encrypt data. This means a business must approach protection on a multitude of fronts and be ready to adapt to new protections as they are developed.

Means of Protection
Your IT provider should offer you protection through at least six areas. By securing a variety of entryways and providing layers of protection, your business will be safer from all threats including ransomware. At Oram, we take a six-step approach to protecting our clients against ransomware and other cyber threats.

Patching
The most basic layer of security is to monitor and patch all computers and applications on an ongoing basis. We address all known operating system security vulnerabilities with the latest patches. This measure is the first step in protecting your operating system particularly when a flaw has been uncovered. Your company’s outside business IT partner or in-house professionals should be providing the latest patches to ensure your operating systems are running at peak performance while ensuring any system vulnerabilities are addressed.

Anti-Virus and Network Monitoring
Businesses are being targeted every day through a plethora of avenues: email, ad networks, mobile applications, etc. This is why the second part of a best-in-class security network employs both anti-virus and network monitoring. These two pieces of the security puzzle examine all traffic on your business network and all files. The anti-virus employs a filter to protect them from all known threats. Your anti-virus should be updated regularly in order to identify the latest viral threats.

Backup and Disaster Recovery
One of the things cybercriminals bank on is that your business didn’t think ahead in terms of implementing backup and disaster recovery. That’s why this step is a must, especially where ransomware is concerned. There can sometimes be gaps between when a threat is introduced to your network and remediation of the full system.

To ensure that your data is safe, it’s best to have a full system backup in place to protect your back-office systems. This will enable your business to stay on top of things if and when an attack occurs and it provides a recovery option for unknown threats. In the event of a catastrophic failure or a ransomware attack, a good backup can get your business back online fast.

Endpoint Backup
Though backup and disaster recovery provides a layer of protection for your back-office systems, businesses should also have backup and recovery of data for all devices. Devices such as laptops and tablets create, share, and store business data. Should a device become lost or a cybercriminal capture your proprietary data and sensitive information from these devices, your business will still be covered. This can have a significant impact on your business productivity and profitability. Your endpoint program should offer real-time data backup on such endpoint devices to prevent the compromise of business-critical information and keep your organization moving full-steam ahead.

Secure File Sync and Share
In today’s global society, being able to work remotely, collaboratively, and securely from any device anywhere is a modern business necessity. With the proper software in place, your employees can securely collaborate from any location on any device including their smartphones and tablets. Such a system can allow you to grant access and editing controls for specific documents including those in Word, Excel, and PowerPoint. Such software also allows you to recover documents employees may have accidentally deleted or that have been lost due to malicious activity.

Education and Awareness
One of the best steps you can take in protecting your business against ransomware or other digital threats is to educate and train your employees. With proper cybersecurity awareness training, you can turn your employees into your most important layer of defense. They should be trained and provided with educational materials about cybersecurity risks, new ransomware strains, and the best practices for spotting phishing attempts, suspicious emails, and other security risks. Additionally, they should be provided a simple and quick way to report any suspicious activity. By empowering your employees with such training, they can become proactive in the fight against cyber threats to your business.

Small ransoms are just the beginning of the ransomware threat and it is only expected to get increasingly worse. This is why it is so imperative for businesses to stay ahead of cybercriminals when it comes to security. While such protection may seem overwhelming, it’s nothing when compared with the downtime, stress, and financial cost of dealing with a ransomware attack. If you need assistance in protecting your business against ransomware, contact Oram Corporate Advisors today for a free consultation at (617) 933-5060.

Cybersecurity Awareness Training: How proper training can turn employees into your best security asset

by

Cybersecurity has become a major focus for business leaders today and rightly so with the number of major data breaches on the rise. Just look at the number of breaches in the first six months of 2018 from an infiltration of U.S. power companies by Russian hackers to 150 million users of Under Armour’s MyFitnessPal app having their personal data stolen. The threat to today’s businesses is very real but employees can be a business’s best security resource if properly trained.

The report, Magic Quadrant for Security Awareness Computer-Based Training, by Garner, a leading computer trends analyst, reported, “People impact security outcomes much more than any technology, policy, or process. People play an undeniable role in an organization’s overall security and risk posture. This role is defined by both inherent strengths and weaknesses: People’s ability to learn and their capacity for error.”

The Human Factor
Human error leads to breaches all the time. Whether an unsuspecting employee in your business clicks on a phishing link that exposes your entire network to a malicious virus or someone misplaces a phone, tablet, or laptop with unsecured access to proprietary data, human error can lead to big security problems.

Study after study shows the largest threat to any business, by far, is the people who work there. The 2018 Data Breach Investigations Report by Verizon shows malicious employees were responsible for 28 percent of attacks. In addition, the same report revealed human error was responsible for another 17 percent (or nearly one in five) breaches studied in the report.

Though these types of statistics show the desperate need for ongoing, repetitive, and engaging cybersecurity awareness training, many business leaders fail to see its importance and value.

Terrible Training Stats
Employees should be the first layer of security for every business but the fact of the matter is they have become the largest threat to business security today in major part due to a lack of proper cybersecurity awareness training. A report by SolarWinds MSP, Cybersecurity: Can Overconfidence Lead to an Extinction Event?, demonstrates that despite how important cybersecurity awareness training is, only 16 percent of respondents in the study considered it a priority.

An incredible 71 percent of companies studied in the SolarWinds investigation admitted to including such training only as part of the onboarding process or as a one-off annual event. Another 13 percent of organizations studied said that they offered no cybersecurity training to employees at all.

Why Training is Imperative
As mentioned earlier, breaches among businesses of all sizes are on the rise and the costs to remediate such attacks are also increasing. The FBI reported a 2,370 percent increase in exposed losses between January 2015 and December 2016. Additionally, a total of more than $5 billion was stolen from businesses in cyber theft between October 2013 and December 2016. That meant there was an average loss of $100,000 per incident and losses are projected to top $9 billion this year alone.

With this in mind, the primary goal of cyber security awareness training is to change the behavior of your employees so they are less susceptible to social engineering: Being manipulated, influenced, or deceived by someone to take action that isn’t in the best interest of your business. Some of the most common examples of social engineering attacks include phishing or spear-phishing by phone, email, postal service, or direct contact in order to trick people into doing something that will harm your company. You have the power to stop this by incorporating cybersecurity awareness training into your business before it’s too late.

When to Train?
The most-effective cybersecurity awareness training programs are ongoing. The first training for every employee should occur during the onboarding process. Thereafter, there should be frequent training opportunities and reminders, even if they are brief such as a once-a-month, computer-based training that only takes a few minutes.

Every employee should be offered a deeper training annually to update them on the latest threats to businesses in their industry and remind them of what they can do to help prevent attacks. There should also be additional trainings whenever a potential threat is identified or a cyber incident has occurred within the company so there are no repeat events.

What Should Be Covered?
One of the best ways companies can mitigate their cybersecurity risk is through proper training. The wrong way to approach training is as a once-a-year or semi-annual exercise where everyone is gathered for a training involving a long, boring PowerPoint presentation. This can feel more like a punishment for your busy employees rather than a valuable learning opportunity.

Not only should training be consistent with frequent, easy-to-follow training sessions, it should vary by topic and address the particular access to valuable data each employee has due to their individual role. Not everyone learns in the same way and not everyone needs to learn the same material.

Offer trainings aimed at specific roles taking into consideration how much access each has to valuable data and how they are most likely to be targeted by hackers. By offering interactive, role-based training in small, digestible portions with greater frequency, your employees will see it as valuable and easier to implement.

There should also be an emphasis on defeating social engineering attacks such as phishing emails that could lead to network-wide disaster. The aforementioned Verizon report determined that while 78 percent of people don’t click on a single phishing campaign all year, an average 4 percent of targets in any given phishing campaign will click it. Even more astonishing, it was found that the more phishing emails someone has clicked, the more likely they are to do so again.

Assess for Success
Cybersecurity training should also be assessed with frequent, short quizzes through training and reinforced through pen testing. This ensures employees absorb the valuable lessons being taught so they can act as the business’s first line of cyber defense.

How to Train
One of the most effective and more commonly used methods of cybersecurity awareness training being utilized by businesses today is interactive, computer-based training. It wields modern technology such as laptops, tablets, smartphones, and Internet of Things (IoT) devices to engage your employees in learning about the invaluable role they play in protecting your business.

“Showing a trainee how to recognize that out of nearly 20 types of files an email attachment could come in, the only one that is absolutely safe to open is a file ending in .txt can be a security game changer,” according to the whitepaper How to Fortify Your Organization’s Last Layer of Security- Your Employees. “Providing short, three- or four-question quizzes at regular intervals during a training module helps employees review and reinforce their understanding of particular training elements and can increase their trust in the impact the course is having and motivate them to complete it, thanks to congratulatory messages after each quiz.”

At the end of the day, human beings can become your best means of defense only when the proper security awareness training is employed. It can show them how they may be susceptible to social engineering, which is considered to be the single greatest security risk in the years to come, and that they can defeat it. Such training also demonstrates that you are willing to invest in them as much as you are in the technology they utilize each and every day. With such insight and education, your employees will feel empowered to protect the business you all are working so hard for.

If you need assistance with developing and implementing an effective cybersecurity awareness training program, contact Oram today at (617) 933-5060.