security

The Modern Office: Why a Strong IT Foundation Should Be the Basis of Your Business

August 27, 2019 by securewebsite

Business builds itself from the ground up. Your business internet technology (IT) is no different, which is why your foundation is so critical. The modern office revolves around having strong IT in place. From communications to automated business processes and protecting valuable company data, your foundation is imperative to your organization’s ability to not only thrive but survive.

Without a strong foundation, your business risks everything: Being hacked; watching valuable data be stolen, held ransom, or destroyed; and experiencing crippling downtimes when systems fail to function properly, costing your organization money every minute your employees can’t function. A strong foundation will help protect your company from experiencing such destructive problems and allow it to keep functioning smoothly even through inevitable IT bumps in the road.

What is Foundation in IT Terms?

At ORAM Corporate Advisors, we view the foundation as the nuts and bolts of your operation. We consider that to be your firewall, your switches, and your wireless access points. This is the core of your network. These are the things that have to be 100 percent reliable all the time and what literally makes the world go round for your business.

Firewalls as a Gateway

The gateway in and out of your network is your firewall. When it comes to the network security of the modern office, the firewall is your first and best line of defense. It monitors and controls both incoming and outgoing traffic on your network based on the security rules set for it. What rules are employed depends on how your company operates, the security it requires, and industry regulations. The best firewalls are “smart firewalls” which are capable of configuring, monitoring, and managing network traffic on the fly.

An average firewall is a hardware device or even a software program that is a barrier, a wall, between your systems and network and the internet. Its purpose is to limit unnecessary communication between your computer network and the internet.

Smart firewalls offer much to your business in terms of additional protections. Today’s modern office should employ smart firewalls as they include:

Antivirus, Antimalware, and Limited Spam Filtering
Deep Packet and Stateful Inspection
Packet, Adjustable Content, and “Default to Now” Traffic Filtering

The IT experts at ORAM can configure your smart firewall to maximize its protective benefits for the specific needs of your business. This ensures there are no gaps or vulnerabilities in your security settings that could allow a hacker to infiltrate your business system. We also take the time to keep your firewall current and patched.

Switches: Your Business Connection

Network switches are another important piece of your modern office network. This is the link, if you will, that connects devices on your network. It’s the switches that receive, process, and forward data moving in and out of your network so that it arrives at its proper destination.

The most common switch among business networks is one that handles Ethernet traffic. That is to say, the switches that connect your business to the internet. Without such switches, your business would become a proverbial island and your business data from email to invoicing may not function properly.

In addition to traditional managed switches, “smart switches” are an evolving option that can offer some management and security. They can be cost-effectively used in large networks as a supplement to managed switches or can be included as the main infrastructure in smaller networks. Smart switches can allow your business to segment its network into workgroups by creating a virtual local area network (VLAN).

Wireless Access Points

Wireless local area networks, or WLAN, are created by using a wireless access point device. These WLANs are typically found everywhere from homes and restaurants to modern offices and large buildings. They provide wireless access to the network for devices such as laptops, printers, and cell phones in a designated area such as your office. This enables your employees and customers to stay connected on a secure wireless network that is isolated from the core network in your office. You can also open or limit wireless guest access to specific applications or times of the day.

Recommended Foundation Hardware

The foundation of the modern office is also cloud-based. This allows you to know more about what your end users are doing and how traffic is flowing. Traditionally, you’d have to look back through logs and that is a time-consuming process. The modern office can’t afford to sit idle while the IT staff sifts back through logs to determine where things went wrong. Smart firewalls, switches, and access points provide real-time information through cloud-based systems that allow us to make the best decisions with up-to-date information.

At ORAM Corporate Advisors, we recommend using Cisco Meraki for all of those devices because it’s one of the most reliable cloud-based systems to date for business networks. This is important because it is the foundation of your business. User management, connectivity, and the like don’t matter if you and your employees can’t even access the internet.

Without a strong foundation, your business floor will drop out from beneath you. Commerce, trade, and services for your organization will come to a screeching halt without a strong foundation. Though integrating a strong network can be costly, it is the most important investment you will make to keep your business moving forward.

Ensuring a Strong Foundation

There are several key components to developing and maintaining a strong IT foundation in the modern office. Those include the following:

Make sure your firewall(s), switches, and wireless access points are current, up-to-date, and are running the latest firmware.
The hardware needs to be current as well. Is it still being supported and warrantied by the manufacturer?
Can your network handle your current business needs and still allow room for growth?

For everything you do or that your employees do, your foundation is key. By ensuring that you have the major components from your firewalls to switches and wireless access points in order, you can keep your business moving forward smoothly at all times. If you need assistance with building or bettering your business foundation, contact ORAM online or call us today at (617) 933-5060.

Bring Your Own Device vs. Enterprise Devices

April 20, 2019 by securewebsite

Why Businesses Should Make the Investment for Employees

Mobility has become a major asset for modern businesses. It gives companies an edge when employees can work from anywhere with remote access on any device ranging from a cell phone, tablet, smartwatch, or laptop. Mobile technology has enabled unsurpassed flexibility in the workplace the likes of which the world has never seen before.

But as Spiderman’s Uncle Ben said, “With great power comes great responsibility.” When it comes to mobile devices, many business leaders wonder which is better: Allowing employees to bring their own devices to work or dropping the money to provide enterprise devices to all employees.

The Advancement of Technology

The development of the smartphone has shifted the way people communicate on a daily basis. In a recent survey conducted by Zinwave, “Over 85 percent of respondents, which included more than 1,000 office workers within the United States, utilize their cell phones on a weekly basis, at a minimum, for external communications, and usage was only slightly lower for internal communications.”

Not only do modern workers use their phones for voice capabilities (i.e. phone calls), but they use email through their phones as a prime form of communication. The aforementioned Zinwave study found email was the preferred means of external and internal communication for people while they are at work.

The ability to access the internet, company information, and messaging services (text) has made smartphones and tablets a necessity when it comes to productivity in modern business. “For example, 65 percent of industrial and 62 percent of healthcare workers utilize work-related data daily for a variety of applications,” according to Zinwave.

Technology has removed boundaries, improved flexibility, and enhanced communications with lower overhead costs. It can be tailored to the user experience and specific needs of any business. Mobile technology has even allowed organizations to increase their revenue potential.

“In our information-rich society, there are two critical types of interactions that must be fostered: employee empowerment and customer engagement,” according to the blog “6 Ways Mobility Can Transform the Workplace” by iOffice. “For many, mobility has become the backbone of their interactive strategy.”

The BYOD Market

According to an online article at GlobeNewswire, the U.S. BYOD market size was $30 billion in 2014 and is expected to grow 15 percent by 2022.

“Declining hardware prices, increasing mobile user workforce, and high smartphone penetration are the factors responsible for increasing BYOD market share across the region,” according to the article, which sourced BYOD research by Global Market Insights. “Increasing personal technology along with IT consumerization is also expected to boost the industry.”

While the popularity and benefits of mobile devices speak for themselves, business leaders must consider whether to allow BYOD or provide the devices for employees. Traditionally, BYOD was a highly accepted practice. Recently, there has been a move to corporate owned, personally enabled devices (COPE), the practice of organizations providing employees with mobile devices due to concerns over security, IT compatibility, and legal issues over user privacy versus company control.

At ORAM Corporate Advisors, our recommendation for mobile device management is that every employee should have a corporate-owned device. With an enterprise device, you can manage all of the security, firmware upgrades, software applications, and tracking your employees require to do their job. Additionally, COPE offers many other benefits.

Providing Mobile Devices

When your business owns the line of service for its devices, it has more control. You get to select the devices you prefer your employees to use rather than paying for and having the headache of supporting all device types. Additionally, you get to keep your devices up to date so you aren’t forced to make your network support older devices.

Protecting Your Assets

A study from Wall Street Journal Custom Studios commissioned by Symantec, showed “79 percent of employees admit to engaging in risky behaviors- intentionally or unintentionally- that place corporate data at risk” and “48 percent of employees don’t think about security risks when transferring files or sharing documents over cloud-based services.”

With corporate devices, you’re protecting your business assets. If your business owns the devices employees use, you’re able to wipe them in case they are stolen or lost somehow. This can be done remotely and quickly for theft or loss to prevent personally identifiable information (PII), trade secrets, or other secret data from falling into the wrong hands.

If a device such as a smartphone is owned by the company, you can simply call the phone carrier and wipe the phone’s memory. You request this by stating, “I need access to X, Y, Z employee’s phone. Here are the records that we are authorized to do so.” If the phone is a BYOD that’s accessing the corporate information, your business doesn’t have that same ability. The employee owns access to the account and the functions of that device.

Easy Access & Support

The same is true of the ability to access data easily. This is important when every minute counts in business. Take a smartphone for example. If there are any files, emails, or different communications downloaded to a phone on a corporate account, you’re able to search and query that device on demand. This is an improvement over waiting for an employee to submit paperwork at the end of the month in their call log when you need information immediately.

In addition, employees who use COPE devices have support from your IT department. Employees’ personal devices may not be compatible with your business network which could cause functionality issues. With corporate-owned devices, employees can simply contact IT for assistance.

Regulatory Compliance

COPE devices allow a company to reduce their exposure to security risk as well as legal and human resource issues. With tighter control through COPE devices, your business can implement the security measures it needs to keep its data and network safe. Furthermore, litigation resulting from breaches, loss of data, and regulation non-compliance is reduced.

In a highly-regulated industry such as finance, your business will need to be able to report such instances of loss or theft against that device to regulatory agencies such as the Securities and Exchange Commission. This is especially important should your business be audited or examined by such an entity.

The Money Factor

You may be thinking that providing mobile devices such as phones, tablets, and laptops to your employees is not cost effective, but the fact is that it can be. First, consider that many organizations provide a stipend for employees who bring their own devices. That stipend in and of itself is a cost. If you’re going to have the cost regardless, you should have the control as well.

Group mobile plans are getting less expensive for businesses of all sizes and can be written off as a business expense on taxes at the end of each year. In addition, when it comes to tablets, laptops, and other mobile devices, organizations buy in bulk to get a better price which benefits both the business and the employee. Another option for reducing the cost is to set up a cost-sharing option for both the device and its use with your employees.

Finally, when it comes to keeping your business secure to avoid regulatory penalties for non-compliance, the potential for lost revenue, and easy access to data, the investment up front is worth the return. That sense of security is priceless for most business leaders who wish to avoid potential breaches, lost revenue, and issues that can be caused by disgruntled employees.

The Employee Factor

Consider your best salesperson. If they use their personal devices to access your business information such as sales logs, client contacts, and invoices, they have information that could potentially damage your business financially if they were to leave.

In addition, your salesperson likely gives your clients that personal mobile number so they can contact them if they need anything. If your salesperson were to leave the company, your clients would still call that salesperson who can then easily take your customers to their new company with them. This means a loss of revenue for your business.

Should an employee leave, your business gets to keep the phone number. This means their clients will still be contacting one of your employees at your business through the same phone number. This reduces the odds of lost revenue for your company.

Create Policy & Enforce It

Every business, especially those in highly-regulated industries, should create policies regarding BYOD. This is true regardless of whether you allow BYOD or employ COPE devices in your business. You need a very secure policy and the correct mobile device management in place. In addition, your policy should outline that only legitimate work will be conducted on these devices.

If you need assistance with BYOD or COPE devices, creating policy, or mobile device management, contact ORAM today at (617) 933-5060. Our IT and security experts are always here to help your business grow smart while reducing its risks

The Modern Office and Security: What you need to know about protecting your business and its data

April 16, 2019 by securewebsite

One of the most critical components of the modern office environment for a healthy, scalable business infrastructure is security. It is the cornerstone of your IT for it protects the other components that your company needs to keep thriving and surviving in the modern marketplace. Today’s business security entails much more than just an anti-virus program and requires some pre-planning as well as a regular investment of time.

This blog covers the most important things every business should know about security. Additionally, it includes what business leaders should consider to best protect their organization, data, and clientele. As you will see, having the right security in place can make the difference between growing your business and shutting its doors permanently.

Secured Access

Every business should have secured access in place for both internal and external users on its network. As a modern company, both internal and external users will be accessing your data whether its email or highly-sensitive information not meant for prying eyes. This is important because data falling into the wrong hands can cost your business its reputation, revenue, and even its livelihood.

According to the 2018 Data Breach Investigations Report by Verizon, 73 percent of breaches were perpetrated by outsiders. This means your business data needs to be protected as much as possible and that external access to your network should be limited and monitored at all times. Hackers are always looking for a way to infiltrate networks. Phishing, ransomware, and malware were among the top means used by nefarious outsiders to access business networks in 2018. Of those breaches studied, 90 percent were motivated by monetary gain or strategic advantage (i.e. business espionage).

While you may believe that your business is too small for anyone to care about hacking its data, think again. A report by USA Today shows 61 percent of cyberattacks are aimed at small and medium-sized businesses. The same piece reported that a whopping 60 percent of small businesses close their doors for good within six months of an attack so it’s clear why security is so imperative to business survival in our modern society.

Though most breaches occur due to external sources, insiders can be just as dangerous to your business. Whether due to simple user error or something more insidious such as a disgruntled employee or cyber espionage, the aforementioned Verizon report concluded that 28 percent of breaches involved internal actors. Of those breaches, 12 percent involved privilege misuse. That’s why we always recommend implementing the practice of least privilege. This means allowing access to data only to those who require it to fulfil their job duties.

Email Security

Email is the bread and butter of communication for most modern offices. The use of email for both internal and external communications is a necessity for today’s businesses so securing it effectively is imperative. The issue is that it is also a major point of entry for many attacks.

A blog by CSO from IDG shows that 92 percent of malware is delivered by email. In addition, the blog stated that the average ransomware attack (which often occurs via email) costs a company $5 million. The same blog also stated that phishing attacks is one of the most common methods of email malware infection.

There is email and network scanning software available to help protect your business. At ORAM Corporate Advisors, we recommend Mimecast for email protection. It is a terrific solution to help organizations prevent email-borne ransomware as well as protect against the associated downtime and data loss such attacks can cause. ORAM recommends Mimecast because it “safeguards employee communication and reduces risk with targeted protection, data leak prevention, and enforced security controls.”

Mimecast, which I mentioned above for email and network scanning, is also an excellent solution for data loss prevention. Its data loss prevention solution scans all emails and file attachments and identifies potential leaks using flexible polices based on keywords, file hashes, pattern matching, and dictionaries.

Another piece of modern technology you’ll want to have in place is multi-factor authentication. Multi-factor authentication is a security system that requires more than one method of authentication to verify a user’s identity. This can range from requiring passwords that must periodically be changed by legitimate users to requiring a one-time PIN provided via smartphone for access. It adds an extra step for employees to access your network but it will help ensure your business’ data security.

In addition to software, we also recommend that employee training become a regular event. Every business should offer employee training during the onboarding process and at regular intervals throughout the year (every six months) to every employee. They should be trained not to click on email attachments or to follow links in emails from unknown or untrusted sources. Employees should also be taught to verify emails with links and attachments with a trusted source before opening them if something comes into their email that they weren’t expecting. While this training can take some time, it can prevent a costly breach later on.

Manage Your Network

While securing access to your network is important, managing your network is even more imperative to keep business operations running smoothly. Your network houses your most critical data while supporting the daily workflow and processes of your business. That means maximizing uptime, optimizing network capacity and utilization, and ensuring its protection.

There are a great deal of pieces that comprise your network and all of them need to be addressed on an ongoing, regular basis. Start with a network technology assessment and auditing. This will tell you where your network is in terms of optimization and data security. By assessing where your network is now and taking a full audit, you will be able to tell where your strengths and weaknesses are to tweak it to work at full capacity for your business needs.

In addition to regular assessments and audits of your network, you will need to plan ahead for storage, disaster recovery, business continuity, and more. Here are some of the things that go into managing a business network:

Email Continuity
IT Asset Tracking and Reporting
High Availability Services
Cloud Solutions
Network Design, Implementation, and Support
Data Assessment, Analysis and Recovery
Security and Monitoring Services
Workflow Assessment and Optimization

Up-To-Date Security

Your business should also have up-to-date technology security in place. You will want to ensure that your company has installed intrusion prevention software on all of its data networks to keep hackers from getting their hands on your information. You can check to ensure you have such software in place during the audit process.

The intrusion prevention system we use at ORAM is Cisco hardware that scans on a network level. It scans everything going into and out of your network to ensure that your network traffic is safe. This could catch someone maliciously trying to access your internal network, bad email attachments, and other threats.

In addition, you will want to put together policies for your employees that protect your business. Ensure you have a solid computer use and data loss prevention policy in place so employees know exactly when and for what purposes they can use their company devices. Make it clear what sites they should not visit and what the repercussions are for visiting non-work related sites on business devices.

You’ll also want to have a password policy in place so employees are not using the same passwords for multiple accounts or old passwords that could leave them at risk of being hacked. Passwords also need to be strong so encourage your employees to develop passwords that use letters (both lowercase and capital), numerals, and special characters. There is even software available to prompt your employees to change or update their passwords over time. You may even offer your employees a password manager so they can easily recall their passwords.

Many enterprise businesses are also moving to the cloud. Not only does this allow for greater flexibility for your employees, but it can offer greater data security. When you save both to your local network and the cloud, you have your data backed up. This is ideal in the event of a disaster and will get your business up and running again with less downtime or the worry that valuable information can’t be recovered.

Don’t Forget Your Physical Security

Remember that all data is not digital. Whether you have data files stored in locked filing cabinets or your HR employees are printing personally identifiable information (PII) during tax season, the physical security of your business is just as important as its digital security. You don’t want someone walking out with printed files or sifting through your garbage to steal information.

ORAM recommends that all businesses have a clean desk policy. This means requiring that all employees keep their desk clear of papers, notes, and other information that could lead to a breach or loss of information if it were to fall into the wrong hands. When they are not as their desk, employees should have a clean desk since everything should be put away, hopefully under lock and key.

Businesses should also limit physical access to certain areas such as file storage areas, server rooms, and other places where information is stored. If an employee doesn’t require that access to do their job on a regular basis, they shouldn’t have access. Such areas should be locked with limited persons possessing keys for access. We also recommend adding video cameras at data rich entry points to protect against a physical breach. This small addition will let administrators know who accessed the area(s) and when they did so which will help in an investigation.

Finally, you’ll want to ensure that all data is properly disposed of. Shred all hard copies before tossing paper information and consider hiring a disposal company that handles this type of waste. Don’t leave such waste out on the curb for anyone to take. Ensure the company will come in to gather paper for disposal. In addition, make sure that valuable paper data isn’t thrown into the recycle bin but is shredded before being thrown out. When it comes to cyber espionage, dumpster diving isn’t unheard of.

Have a Plan

Every business should also have a written information security plan (WISP) in place. It should include everything from regular IT audits to employee training. There are many mistakes that businesses make when it comes to backup that are completely preventable. Your WISP will outline effective administrative, technical, and physical safeguards specific to your organization to help prevent such mistakes. It will also define security measures for your business, protect against anticipated security threats, and unauthorized access. The WISP for your business will put safeguards into place to protect your data. It will also help you and your employees know exactly what to do and who to contact if disaster strikes.

If you need help with securing your modern office or want more information about building stronger security for your business, contact ORAM today at (617) 933-5060. Our experts are always here to assist you in bettering your business and data security.

Technology Assessments: What they are and why every business needs them

December 11, 2018 by securewebsite

Information technology, or IT as it is known in most modern business settings, can be a challenge for small to medium business owners. Whether your business may have its own IT expert in-house or be too small to employ its own, your organization uses IT every day. Government regulations change regularly and growth means IT needs to adapt, too. Additionally, the world of technology is always experiencing new development.

That’s where technology assessments come in. Every business should undertake an annual technology assessment to ensure its IT needs are being met. Here’s a look at what technology assessments are, the purpose behind them, and what types of things they evaluate.

Technology Assessments
Every organization uses technology. Whether your business is using the internet for ecommerce, your non-profit is building a new business website, or your company is sending and receiving emails, you and your employees utilize IT. As your business grows, the complexity of your IT does as well. This can be a challenge for small to medium businesses, however, as they often don’t have the budget to hire a full-time employee to handle such matters. Even if you do have IT staff on hand, they may be so busy that a third-party such as ORAM may be the key to getting your annual IT assessment done quickly and efficiently.

This is where an independent technology assessment comes in. Such assessments evaluate multiple aspects of your existing IT to determine if what you have is effective enough to cover your growing organizational needs and, if not, what changes need to be implemented. Just as you should see your doctor every year for a full physical, your company also requires an annual IT checkup.

The Purpose of IT Assessments
The costs of IT are rising every year, the complexity of IT planning is becoming increasingly difficult, and regulatory compliance is beginning to overwhelm organizational leaders. An annual technology assessment can tell you what your company currently has in terms of IT to overcome these obstacles versus what it really needs to achieve your technology and business goals.

An IT assessment should cover several aspects of your business technology including:

• Strategically evaluating whether your IT infrastructure is ready to grow with your business.
• Identifying areas of opportunity to improve your business processes and reduce your IT costs.
• Pinpointing any “red flag” areas that require deeper analysis and adjustments.
• Prioritizing your IT investments to reflect your business strategy.

What They Do
Information technology assessments examine your existing IT infrastructure and business goals such as growth. Through this audit of your business’s current systems and processes, it can be determined if they are effective at meeting your organizational goals.

For example, if you operate a law firm that wishes to grow by 10 percent each year for the next five years, your IT must be able to adapt to the changing needs of your law firm. In addition, you are bound by several governmental regulations such as the protection of your client’s personally identifiable information (PII). This means you must have achieved a certain level of security to meet those requirements with your IT.

An annual assessment can determine if the IT your business has in place is capable of handling these requirements and, if not, what adjustments need to occur. A strong technology assessment will answer the following questions:

• How is the health of technology in my organization?
• Is my business using technology to its fullest extent?
• Can my existing technology accommodate growth?
• Is my company exposed to risk that can be avoided with proper planning?

What They Cover
Just like a physical, an IT assessment comes with a checklist of things that are covered to ensure the best IT health and the lowest risk to your organization. Areas that should be covered in your IT assessment include the following:

• Physical assets: Servers, desktops, laptops, telephones, networks (internal and external), Peripherals (scanners, printers, copiers, etc.), and data management and tracking (such as storage and disposal)
• Applications: Desktop programs, email management, accounting and other business-critical applications, document management, security programs, and your organizational web site
• Policies, Procedures, and Processes: Business continuity plans, disaster recovery, change management, security management, on-boarding and off-boarding of employees, ongoing IT training, and help desk
• Partner & Vendor Management: Collaborations, sales, purchasing, software licensing, voice and data circuit providers, third-party service providers
• Industry or Business Specific Details: Government-issued regulations, industry requirements, and unique company needs

This list of items is reviewed by conducting interviews with key people in your business and through checks of your business infrastructure. During the interviews, you or your IT staff will be asked to answer specific questions about the technology in place that supports your organization. You will also be questioned about your business and its goals.

When ORAM conducts a full technology assessment, we have a list of 300 questions that thoroughly examine everything from your existing IT policies and procedures to your key IT assets and their settings. We also look at the infrastructure of your organization to determine what you have, how well it works, and what you need. All of this is wrapped up into a results report specific to your company.

Results-Oriented IT
All of the data gathered during the assessment is put into a final report that will allow business leadership to make informed decisions about the IT of your company. In addition to the current status of your IT health, recommendations will also be made to keep your business operating smoothly, protected against threats, and compliant with industry and/or government regulations. Business leadership should review the results to determine what steps to take in order to keep moving forward with safe, effective, and efficient IT that meets business goals within their budget.

The final report is also a terrific means for documenting your IT and planning business continuity in the event of a disaster such as a breach. While this is a wonderful report that can do much to support your business health and goals, it does need to be updated annually to address the changes in technology and your company.

Why Every Business Needs IT Assessments
Since every organization uses IT, every business needs an annual technology assessment. The final report is not only a document that keeps businesses on the cutting-edge of technology and security, but also provides assurance that government regulations are being achieved. Finally, it gives leaders a look at the IT health of their company and acts as a roadmap to guide them through the necessary changes to their existing technology that will allow them to achieve their desired outcomes in the future.

If you are interested in a short, free technology assessment by ORAM, a full technology assessment, or simply have questions regarding your organization’s IT, please contact ORAM at (617) 933-5060 or visit us online today.

Is your data safe?

December 3, 2018 by securewebsite

The basics of data protection from monitoring to backup and recovery

You’re at work getting things done when it happens. Your computer crashes and everything you were working on is gone. How long does it take to recover that data before you can get back to work? Or can it even be recovered at all?

Data is what keeps business moving which makes this scenario incredibly scary yet it is repeated day after day, year after year. Despite the fact that data is a business’s most valuable asset, this disaster situation and others like it keep playing out. That’s where proper data monitoring, backup, and recovery come in to help modern business.

Data Monitoring
A crucial component of business is to have data monitoring in place. This allows your data to be regularly checked against quality control rules to ensure data meets or exceeds established standards for formatting, consistency, and usage. With data monitoring, data is quality checked as it is created and used.

How It Works
Every piece of information serves a purpose. Data monitoring is a proactive approach to checking and evaluating data to certify that it meets quality standards and achieves its purpose. Businesses and organizations establish data quality metrics or criteria that are tied directly to its goals and objectives. Once the quality guidelines are established, monitoring allows data to be checked over time, allowing informed improvements to be made in data systems. It also allows companies to best use the data they have available.

Each time data is created or accessed, the data monitoring software kicks in to measure and track information. Such software uses dashboards, alerts, and reports so you can watch what is happening with valuable data. Some of the attributes many organizations monitor data for include:

• Completeness
• Uniformity
• Accuracy
• Uniqueness

With such monitoring, problems with inaccuracies and unusual data behaviors can be detected immediately. If there are data quality issues, an administrator is sent an alert with information about the problems detected. This allows system administrators to check the data and prevent issues before they can become a real problem. It also lets business leaders determine where to focus data quality initiatives.

Additionally, data monitoring can save time and money by making it easier to change quality regulations to adapt to the company’s changing needs. With consistent data monitoring, businesses can also implement new initiatives regarding data without a preparation phase as well. That means fresh data initiatives can be put into place immediately with no wait time.

Backup Monitoring
The next step to the best in information management is data backup. This is where files and folders containing important business data are copied and/or archived so they can be restored in the event of a data loss. Recall the scenario at the beginning of this piece where your computer shut down. Without backup monitoring, you may have lost your work permanently.

Data loss can occur for a number of reasons from computer viruses and breaches to flood or file corruption. With a data monitoring system in place, you’ll be able to replace your lost data, thanks to backup services that occur automatically without any further thought from you or your staff.

While you may already have a backup in place, a single system is not enough should a failure occur. Additional backup systems are necessary in case of natural or man-made disasters or even to keep you covered in the event of data corruption in your original backup. Other reasons for employing a data backup system include:

• Tax Audits
• Client and Investor Relations
• Archiving
• Competitive Advantage
• Improved Productivity and Processes
• Peace of Mind

Data Recovery
Whether natural or man-made, disasters happen. From floods and breaches to ransomware and file corruption, all organizations need a plan in place to recover their data.

Just a few days ago, Anchorage, Ala., suffered an earthquake that hit 7.0 on the Richter scale. Such a major earthquake can cause serious damage including the loss of data. This is just one example of where disaster recovery can come in handy.

In addition to such natural disasters, the number of breaches each year continues to climb. In the first half of this year, breaches have led to 4.5 billion records being comprised, according to the latest findings of the Breach Level Index.

Thanks to data backup software, today’s businesses are able to overcome the loss of important or proprietary information. In the event of an emergency, system administrators can quickly recover from such data loss. Rather than a permanent loss of information, businesses can experience a short-term, temporary loss that can be rectified in a short time. With the right backups in place, data recovery allows you to retrieve everything from documents in Word or Excel to images and video.

If you would like more information about data monitoring, backup, or recovery software and services, contact Oram online or call us directly at (617) 933-5060. Our experts are here to help your business ensure continuity in the event of a breach or disaster.

Password managers: What you need to know about generating and securing passwords that work

October 26, 2018 by securewebsite

By Ryan O’Ramsay Barrett

Being in IT, we hear about it all of the time. A client calls us in distress because they used the same password on multiple websites, social media platforms, and their email and now they’ve been hacked. The bad guys have access to several of their digital platforms, if not all of them, and things are a mess. The worst part is, the entire scenario could have been easily avoided.

One of the simplest and most commonly recommended cybersecurity practices promoted by experts to prevent problems like the one above is for people to use a password manager. Some are free and others cost a small annual fee but all of them are highly recommended over not using one at all.

What is a Password Manager?
A password manager is a type of software that assists in generating and retrieving complex passwords with the goal of improving your cybersecurity. One of the greatest issues is that most people either use the same password on multiple accounts or their passwords as just too simple. Using the same password for multiple sites can increase the risk that you will be hacked or that your business will experience a data breach. Overly simple passwords also make people more susceptible to being victimized by cyber criminals who would love to get their hands into our bank accounts, business data, and personally identifiable information (PII).

Consider a password manager as a vault of sorts, able to store multiple passwords in an encrypted database or produce them on demand. This means you don’t have to reuse the same password for various accounts, memorize them yourself, or write them down.

Regardless of how many passwords you have or how complex they may be, a password manager can keep track of them for you. Additionally, when you need a stronger password for a new account or to better secure an existing one, a password manager can generate a new, complex password for you.

Security Benefits
According to MyGlue, more than 60 percent of all data breaches are the result of weak or stolen passwords. By using more complex passwords that feature uppercase and lowercase letters, numerals, and special symbols, that are unique to each of your accounts, you are protecting vital online information from credit card numbers to the answers to your security questions. Not only is this important in your personal life but it is imperative to your business as well. Password managers help by generating unique, complex passwords that will not be easily guessed by bad actors.

Another sobering statistic is that more than 30 percent of employees keep track of passwords by writing them on Post-it Notes, according to MyGlue. This is not a secure or suggested form of storing passwords. With a password manager, you only have to remember a single master password to access your “vault” with all of your passwords in one place.

Business efficiency is also improved with the use of a solid password manager because employees won’t have to waste time resetting passwords or searching for that sticky note that disappeared. There will also be a reduction in requests to IT for password resets.

Password managers can also simplify shopping. Payment information can be stored in your password manager so that it’s all at your fingertips when you are ready to shop online.

Risks of Password Managers
I know what you’re thinking. If a hacker gets access to your master password, that would allow them access to all of your accounts. Bad actors have also been known to breach the central vault of password managers. The good news is that there are defenses available to address both of these concerns.

First, any password manager worth its weight is going to employ multifactor authentication. This means that when you, or someone else, attempts to access your “vault” of passwords, you will be sent a text or email with an authentication code to log in. If someone were to steal your master code, you would find out via a text message or email. No one can access your credentials without having both the correct password and the right authentication code. This gives you time to change your master password and notify your password manager should a problem arise.

Vendors usually protect master vaults as well by encrypting your password information locally. That information is encrypted and stored, on servers operated by the vendors who, in most cases, employ some of the best cybersecurity measures available. Some of the free password managers don’t offer the same higher level of security that paid password managers do. Be sure to do your research before signing up with a company or touch base with us at Oram so we can recommend one that works best for your needs.

The Cost of Better Security
There are a multitude of password managers available. Some offer free versions but when it comes to the security of your business, remember that you often get what you pay for. With that in mind, at Oram we recommend paying for a password manager as many don’t cost much.

Most password managers offer some sort of free trial period and range from $12 per year to upwards of $50 a month. The cost may depend on the number of devices or users the program is being employed for.

What Oram Recommends
There are so many password managers available that it can be hard to choose one. Some offer features such as photo login options (a form of multifactor authentication), phone support, and use across a wide variety of operating systems. The two that we recommend to our clients are MyGlue and LastPass.

We highly recommend MyGlue because it offers so many options for a low price. First, as a business owner, you will know who accesses what password and when. MyGlue is easy to use, functions well with multiple operating systems and allows you to share training material with your team for the program so no one is lost. Finally, you can avoid hackers by using strong passwords that are secure, keeping your business information such as the PII of employees and clients and your proprietary data safe. MyGlue also employs the highest security measures available.

If MyGlue doesn’t fit your needs, LastPass is the next best option. LastPass works on iOS, Android, Windows, Mac, and Linux operating systems. It offers a variety of subscription options from a single user to families, teams, and enterprises and all are quite affordable. With LastPass, you can simplify online shopping, store digital records, and share passwords and notes with others securely in addition to storing and generating passwords.

If you have lingering questions or concerns about the use of password managers, please call Oram today at (617) 933-5060 or visit us online. Our team is happy to help you select and engage a password manager that meets all of your business needs.