Why Periodic Security Assessments Should Be Your New Normal
By now you know that building up your cyber security is just as important as building up your cash flow. Both are essential to your success, but while most businesses keep an eye on the financials, they tend to think cybersecurity is something they can set and forget. Unfortunately, cybercriminals are constantly coming up with new methods of attack and the security you had in place yesterday may not be sufficient today.
Instead of reacting to breaches and taking on the costs of downtime, lost files and destroyed trust, a periodic security assessment can identify blind spots that place you at risk. Once you know about these problems, you’re able to proactively setup adequate protection before cybercriminals strike. It’s best to use independent IT experts who can audit your security from an outside perspective, often seeing risks that would otherwise be missed.
Regulations change - Are you affected?
Many businesses are kept to strict government regulations around the way they store, process and protect data. Their operating license depends on staying as secure as possible. All regulations require regular security assessments but they vary in scope and timeframe. As regulations change, so do the security assessment requirements. You can imagine how much stricter they are now compared to just 5 years ago. Our team can ensure your business is meeting the relevant regulations, diving deep to be certain you’re safe.
Security patches and updates are vital
It’s so easy to fall behind on your security patches, after all, it seems like there’s a new update every week and each one takes precious time to apply. What we’re seeing though, is that cybercriminals are targeting any business running late, and it’s basically easy pickings for them. If you’re unpatched where it counts, it’s like inviting them in. When we conduct your security assessment, we take a look at your history and see if your business has a robust patch plan in place and make sure you’re up to date. If there’s an issue that’s placing you at risk now, impacted you in the past, or will in the future, we’ll find it.
Viruses are always evolving
Just like the human variety, computer viruses are nothing to welcome into your workplace. They’re constantly evolving to skip past anti-virus scans and do damage in new and interesting ways. Cybercriminals know people are more aware of the traditional infection methods like downloading an attachment or inserting an infected USB, so they’re getting more and more creative. Your security assessment doesn’t just include ticking that you have the latest anti-virus, it includes identifying where you’ve had the most breach attempts and where your biggest vulnerabilities are. This type of precise awareness has a lasting impact on reducing your risks.
Your business may have changed
As your business has grown over the years (or shorter if you’ve experienced a recent surge), your entire setup has changed. More employees, expanded remote access, additional vendors, supplementary locations... the list really is endless. With each change has come a new risk, particularly if your security has been growing around you. It might be that your password policies haven’t been updated since you began, or that you still have the old voicemail system even though phones are within easy reach of customers. This is perhaps one of the most useful areas a security assessment can help with, as you and your employees are accustomed to the business working in a certain way, whether that way leads to risk or not. Our experts will be able to see things from a different perspective, particularly as we make sure to think the same way a cybercriminal would.
What to do with your assessment results
While many experts might present you with a long list of problems and leave you feeling overwhelmed, our team ensures you have a benchmark for progress. You’ll know exactly what you need to do, how we can help, and perhaps most importantly, which actions take priority. Moving ahead, future security investments will be smarter as you focus on the high-payoff areas. You’ll also know exactly what you’ve done well and where your security strengths lie. Employees will see how much you value security, which helps to create a stable culture, and you’ll be able to report your commitment to customers, confirming they’re making the right choice by staying with you.
Curious how your business is doing with security? Schedule a complimentary Security Assessment with Nice Guy Technology.
You may have noticed many business websites now have a green padlock in the address bar next to the letters ‘https’. Until recently, you’d only see that on shopping or banking sites, but it’s now become the expected norm for all business websites - even if you don’t ask people to log in or enter credit cards. Simply put, the ‘s’ in https stands for secure and means any data sent/received by the visitor is encrypted. Clearly, it’s an essential feature for e-commerce sites, but why have all the info-only websites started using https too?
The New Google Rule
As of July 2018, Google will mark your page as insecure unless you’re using https. It’s a movement they started a few years ago to make the internet a more secure place by default. Since Google pretty much rule the internet search and increasing security is always a good idea, businesses have been gradually switching over. Without https protection, someone with access to your internet connection, whether from digital eavesdropping or hacking, could intercept the information. They could also place malware onto otherwise legitimate sites and infect innocent visitors. That’s why eighty-one of the top 100 sites online have already switched to https and a strong majority of the web is following suit.
The Browser Bar Says It All
In the same way a green padlock in the browser bar indicates a trustworthy site, you can expect non-https sites to be marked with a “not secure” warning. Previously, users had to click an information symbol to actively investigate non-secure sites. The shift to plain sight markers will be most noticeable on Chrome, however it’s expected that other browser developers will follow suit. Visitors may then be alarmed by landing on your site and seeing that the connection isn’t secure.
The fact that you may not be asking them to log in, enter personal details or payment is irrelevant. You may not be asking them to enter anything at all, but perceptions matter. Eventually that warning will be changed to an alarming red as Google declares war on unsecure sites. As the common understanding is that a warning = bad, you may get more visitors bouncing away within seconds or even contacting you to report that your site has a problem.
Boosts for Secure Sites
Google is taking its commitment to safe web browsing further by favoring https. That means the search algorithm is taking your site security into account, preferring to display results that it knows will protect users from hackers. Since https status gets the nod, you may find yourself climbing in the ranking while other businesses scramble to catch up. It really is a win-win situation.
What to Do Next
In an ideal world, your site would have a secret switch on the back-end you could flick over and suddenly be https, but it’s a little more complicated than that. In fact, you may have already noticed some sites experiencing trouble with the migration. When the setup goes wrong, users don’t see your website with a little warning in the corner, they’re blocked by a full page error and offered a return to 'safety' (away from your site). The easiest way to make the move to https is to contact your IT technician or web developer, as they’ll be able to make sure you’re keeping Google happy and rolling in the green.
If you need some help, we can migrate your site to https - call us today at 614-233-1648.
Increase Your Productivity with Dual Monitors
Conventional wisdom states that cluttered workspaces lead to a disorganized mind. Mess prevents productivity and begins to hamper professionalism. Shouldn't that apply to the computer desktop too? The simplest way to clean and organize your digital desktop is to add more space. Just adding a second screen doubles the available room and makes organization a breeze. Getting work done with a single-monitor setup is a balance of poor compromises. There never seems to be enough space and the little space available is full of clutter and mess. Switching between windows or tabs wastes time and distracts from work to be done. Stacking windows together, side-by-side, or top and bottom wastes valuable screen real estate. The resulting clutter of windows makes it hard to focus on what is important. While most tasks can be tackled feasibly with a single monitor; two makes the same tasks faster, simpler, and much more enjoyable.
Two Monitors, Many Uses
Data entry with two monitors is far easier than data entry with one. Having source data on one screen, laid out in large type, and the destination on another makes the job a breeze. By eliminating the need to scroll tiny windows or switch tabs, forget and repeat; the same job can be done in a fraction of the time.
Graphic design, image manipulation, and editing are key areas that make the most of a dual screen setup. Stacking one image on each screen allows you to make quick comparisons to make sure your work is going in the right direction. Organizing your editing space is made simple too. Stacking your tools, menus, and options on one monitor with your image maximized on the other helps to stay focused and finish the task.
Beyond Just Two
Having more than a single screen helps you to track tasks you need to keep on the back burner. A team chat window to keep on top of collaboration, status updates for business-critical services, or the latest stock price. These windows and dialogues can remain open and serving updates on a secondary screen while you keep your work focused on your first. It is not uncommon for stock traders or financial analysts to maintain 6 or more screens running from a single computer. Many use this to track various stocks or indices so they don't miss a beat.
Setup How You Like It
Multiple monitors can be arranged in almost any practical configuration imaginable. While most monitor setups are normally horizontal you can arrange them vertically, a combination of the two or try using 3, 4, or 5 monitors to help your workflow. This setup is used often by software engineers, editors, and users reviewing large amounts of text. Multi-screen setups, no matter how they are arranged, behave the same as if all the monitors were just a single screen. Mouse input moves from one monitor to another as if there was no difference between them. From the user's perspective, there is no difference to how they interact at all.
A Boost to Productivity
There is a scientific advantage to multi-monitor setups too. A survey by Jon Peddie research found that adding an extra monitor boosted a user’s output by as much as 20 to 30 percent. A productivity advantage of even 10 percent is prized and very hard to come by in the business world. Receiving a productivity reward of over 20 percent for just the cost of adding a second monitor is something few firms can afford to pass up. The satisfaction of de-cluttering your digital desktop and keeping your focus in the zone is worth it alone.
Protecting A Business from Internal Threats
When considering IT threats to your business many articles focus on hackers, viruses, and attacks from external threats. These dangers are real, constant, and easily identifiable. In many cases, however, the largest threat to a firm comes from inside the business itself.
People inside the firm often pose the largest single threat to systems and security. These individuals often have trusted access and a detailed working knowledge of the organization from the inside. Employees therefore deserve the largest security consideration when designing a safe business system.
It is important to first distinguish the type of dangerous employee we want to defend against. We're not talking about an otherwise model employee accidentally opening a malicious email or attachment. Rather, a disgruntled employee seeking to damage your business.
Some firms, particularly young businesses, grant employees system-wide permissions from day one. This can make administration appear simple, preventing further IT requests in future. Granting system-wide access is an inherently risky strategy.
Private information relating to the business should be restricted access information. Many types of files need to remain confidential, often as a legal requirement. Human resource files, salary information, and employee documents should be limited to only a select few employees. Yet, businesses often keep confidential information in public places on the network.
Granting system-wide access can appear to save time short term. It is, however, a security policy which only serves to cause security, administration, and potentially legal troubles in the future.
The Principle of Least Privilege
The principle of least privilege is a vital tool, helping you to handle internal IT security. It defines a security policy which ensures staff can access only the resources, systems and data they require to carry out their job.
The policy protects the business from many different types of threat in day-to-day operations. Even where malicious attachments have been opened by accident, the damage is limited only to the work area of a single employee. This results in contained damage, less time needed to restore from backup, and drastically reduced downtime for the firm.
Along with limiting accidental damage, malicious employees looking to destroy or steal data are limited too. With restricted access, an employee with a grudge or profit motivation can only damage or steal from their own area of operation. This helps to ensure that no single employee can damage the entire firm's operations.
Security Policy In Practice
A member of staff within Human Resources, for example, may have read and write access to the employee database. This will likely include payroll information and sensitive data. This same member of staff would have no need to access sensitive client data, such as sales information, in normal working conditions.
Likewise, a staff member from the sales department should have no need for accessing sensitive HR records.
Using the principle of least privilege, each employee may only have full access to systems that are directly related to their role. Similarly, some systems may be visible to a wider group of staff members even if they can only be edited or removed by one or two people.
In some cases, a security policy may be defined by even finer details than a person’s role within the organization. An HR employee should not be able to edit their own file to change salary information for example. An employee file might only be edited by their superiors in such a case.
Additional parameters can be used to assign privileges to enable the business hierarchy to work within the IT network. Seniority, physical location, and time are all examples of factors that can restrict access to critical systems and secure data.
We can tailor your network to your business, locking down your data to ensure data is only accessed on an "as needed" basis.
Call us at (614)-233-1648 for all of your IT needs. You have a business to run. Managing your IT is our business.
Companies that suffer security breaches nearly always have one of these IT security problems.
Is your company guilty of any of them?
A shocking number of businesses are not backing up their data properly. According to market research company Clutch, 60 percent of businesses who suffer a data loss shut down within six months. Not only should every business be fully backing up their data, but their backups should be regularly tested to work too. It's a step that businesses miss surprisingly often. Many businesses don't find out that their backup can't be used until it's already too late.
Reactive and not proactive
The world is constantly changing. The IT world doubly so. Attackers are always figuring out new ways to break into businesses, hardware evolves faster than most can keep up, and old systems fail due to wear and tear far quicker than we would like. A huge number of businesses wait until these issues impact them directly before they respond. The result is higher costs and longer downtime.
By responding to hardware warnings before it fails, fixing security holes before they're exploited, and upgrading systems before they are out of date: IT can be done the right way. Being proactive about your IT needs means systems don't have to break or be compromised before they are fixed. The result for your business is less downtime, fewer losses, and lower IT costs.
Insufficient Staff Training
Humans in the system are commonly the weakest point in IT security. Great IT security can be a bit like having state-of-the-art locks on a door propped open with a milk crate. If staff aren't trained to use the lock, it's worth nothing at all.
Often times businesses can justify spending big on security for the latest and greatest IT defenses. The very same firms may exceed their budget and spend almost zero on training staff to use them. In this instance, a little goes a long way. Security training can help staff to identify a threat where it takes place, avoiding and mitigating damage, often completely.
A surprising number of people will use the password "password" to secure some of their most important accounts. Even more still will write their own password on a post-it note next to their computer. In some cases, many will even use no password at all. Strong passwords act, not only as a barrier to prevent unwanted entry, but as a vital accountability tool too. When system changes are made it's often essential that the account that made changes is secured to the right person.
With an insecure password or worse; none at all, tracking the individual responsible for reports or accountability becomes impossible. This can result in both auditing disasters on top of technical ones.
Weak Data Controls
Some companies can take an ad-hoc, fast and loose approach to storing professional data. Often crucial parts can be spread across many devices, copied needlessly, and sometimes even left unsecured. Client data can be found regularly on employee laptops, mobile phones, and tablet devices. These are famously prone to being misplaced or stolen out in the field along with vital client and security data.
It can be easy for both employees and firms to focus on the costs of devices and hardware purchased for the business. The reality is that the data held on devices is almost always worth many times more than the device that holds it. For many firms, their approach to data hasn't been changed since the firm was first founded. Critical data is often held on single machines that haven't been updated precisely because they hold critical data. Such machines are clearly vulnerable, outdated, and prone to failure.
Common problems with simple solutions
Each of these common issues have simple solutions to secure against IT failure. With a professional eye and expertise in the field, every business should be defended against IT issues that risk the firm.
If you need help securing your IT to protect your business, give us a call at 614-233-1648.
Very few things in life are as intensely frustrating as slow network speeds. Whether accessing a shared database, sharing files between computers, or sending a file to print; waiting for transfers can seem to take an eternity. Worse still, these business breaks can keep both clients and staff waiting and get in the way of the productive business day.
Every time you save or retrieve files from another computer or network storage device, file transfers have to be made over the network. Depending on your IT setup, files can pour over the network with the ferocity of a fire hose, or trickle between machines as if dripping through a drinking straw. Poor network speeds are often a critical bottleneck that slows down the entire IT system. If a slow, frustrating, and unreliable network sounds like your office setup then there are many available solutions we can use to help. Often, offices maintain networking hardware that is as old as the premises they are in or the businesses themselves. Components can be left in place long after their suggested expiration date. If it isn't broken, don't fix it commonly rules as long as some working connection, however slow, still remains.
Yet, outdated hardware in key areas can often slow the entire system down. Even when the rest of the network is capable of ultra-high speeds, a single bad component can bring the entire network to a crawl. Sometimes if it isn't broke, it still might not be working to its full potential. Even peripheral devices throughout the network can cause traffic to slow. A badly installed device may become lost from the network or send out an overwhelming number of messages that spoils network traffic. Defense against errors and vulnerabilities is simpler than you may think. Often just one or two small upgrades is all that is needed to unlock the full speed potential of the network.
For some businesses adding a dedicated server is an ideal solution that can balance the IT workload. Access to centrally shared resources often benefits the entire organization by eliminating redundancy. A network server is built with efficiency and reliability in mind to keep your business running at full capacity. By pooling resources for everyone to use, work is evenly shared and centrally available to prevent bottlenecks in the system. Reduced network loads, improved efficiency, and faster transfer speeds mean that higher productivity becomes the new normal.
Moving resources outside of the office can work for many businesses too. Where high speed, low-cost internet services are available, moving your work into the cloud can be a highly cost-effective solution. Software packages such as Quickbooks offer finance and accounting packages for operating in the cloud. Similar Suites such as Microsoft Office offers services for creating and sharing documents with cloud resources. Both packages eliminate the need for many of the network operations that we use every day.
For many applications such as Quickbooks huge databases sometimes gigabytes in size are required. It is these types of applications where the advantage of the cloud becomes clear. To use this locally, huge database transfers keep the application up-to-date daily. These transfers across a local network are time-consuming and clog up vital resources for the firm. Yet, the same application in the cloud requires only a simple web page for each user. Instantly, looking up finances and editing documents becomes as simple as checking your email. With services moved to the cloud, purchase cost and maintenance of expensive network hardware are reduced too.
A complete network solution that works to make the most out of all the available resources is unique to every business. Only a tailored solution to address your network needs will increase your productivity.
If you think slow network speeds are getting in the way of your business, give us call at 614-233-1648 to give your business the network it deserves!
Hi! I’m Mary from Nice Guy Technology and Nice Guy Digital Media. I wanted to chat with you for a minute about a HUGE part of marketing that businesses often overlook. Local search directories. Sounds exciting right? It actually it is pretty interesting stuff. If it brings business through your doors it’s DEFINITELY interesting.
Last weekend we decided to go to see a movie. We had a general idea of what was on in theaters but we needed details. What’s playing where, at what time? Standard, 3D, IMAX? What kind of food does this theater have - concession stand, dine in? Is the theater clean? Do they have those cool reclining chairs?
A quick search on my phone lets me see nearby theaters and their reviews. In the span of a couple minutes we’d scanned several businesses locations, services offered AND what other people thought of the place through their reviews. Did any of that influence our decision? ABSOLUTELY! 100%
So what’s the point of my story? No matter what type of business you own, customers are looking for your services online. They’re checking out your listings on places like “Google My Business” and Yelp to see things like your hours of operation, your menu, your location, photos of your business and reviews left by previous customers!
If I’m in the car and searching for something like a store or restaurant, many times I’ll search right from my GPS app. I tend to use Apple Maps which pulls its search information directly from Yelp. I can find a general list of restaurants nearby or I can focus on something specific like Vegetarian.
Remember in the first Jurassic Park when they discover that the dinosaurs are somehow reproducing even though they’re all females? How did that happen anyway?It’s much the same with the internet. The local directories will find information to place on your business listing. Sometimes they get it right and sometimes not so much. The only way to ensure that your business info is correct, up to date and exactly what you want your customers to see is to claim your listings and manage them.
The good news is that you’re not in this alone! I’ve got a couple more videos coming your way to help walk you through claiming and updating your local search listings.
So here’s a mission, should you choose to accept it… hop on the internet and check some of your directory listings. You might be surprised what you find.
What does your business look like online? If you don't have time to check out all these local search listings individually (who does, right?), we would be happy to run a complimentary "local search audit" for your business and let you know which listings are in good shape and which ones could use some work.
Getting new computers for your business is exciting, but what happens to the old ones? Depending on the age, some people sell them, others throw them out. That’s the easy part. The problem is the sensitive data on them. There are passwords, account numbers, license keys, customer details, medical information, tax returns, browser history… the works! Each computer, whether laptop, tablet or desktop, contains a treasure trove of sensitive information that cybercriminals would love to get their hands on.
Unfortunately, hitting delete on your files doesn’t actually make them disappear, nor does waving a strong magnet over the drive. These mistakes have cost businesses millions of dollars over the years.
Most businesses are unaware that specialized data cleanup is necessary, others think calling someone to collect the computers will cover all the bases. A 2016 experiment proved just how dangerous the situation can be when they bought 200 used hard drives and found 67% held unwiped, unencrypted sensitive data, including sales projection spreadsheets, CRM records, and product inventories. Frighteningly, they didn’t need any special hacking skills to get this data, it was all right there and helpfully labelled. It’s also not surprising that with simple data recovery tools, people have also been able to access British NHS medical records and missile data, all waiting patiently on a discarded hard drive.
Why hitting delete doesn’t help
Data on a hard drive works like a book with an index page. Every time data is written, it pops a quick entry into the index so when you need it again, it knows where to look. The index is used for files you create as well as system files you can’t even see. Sensible, right? Except if you delete a file it’s more like changing the index to say nothing is on page 10 and you can write something else there when you’re ready. But if you manually flip to page 10, you’ll find the information is still there - the file still exists until it’s been written over - it’s the index reference that got deleted.
Wiping data before disposal
There are software tools you can get to do it yourself, as well as dedicated security firms, but your best option is to choose an IT business you know and trust. With that in mind, a methodical approach is required to ensure not a single drive is left untreated. You don’t want to leave data behind, or even clues that a motivated person could extrapolate any private information from. The approach might include using checklists to maintain security, or dedicated processes to guide each step in decommissioning. Careful records should also be kept, including who signs off on completion of the retirement, and where the computers are sent afterwards. A proper inventory and auditing process may slow the rollout of the new computers slightly, but it’s always better than having your old data come back to haunt you.
We can migrate any needed data, backup the information to your server or external drive, then wipe or destroy the hard drives for you. We can assess the age of your old computers and either dispose of them for you or point you in the right direction of computer recyclers. Plus, the quicker you dispose of your old computers, the easier the process will be. Recyclers will be able to send less of your equipment to landfill, and you’ll be less likely to forget how valuable the drive contents are.
Upgrading your business computers should be a happy time for you and your employees, so with a little forward planning, you’ll be able to keep everyone smiling and all your data secure.
Need help with your old business hardware? Call us today at 614-233-1648!
Every 40 seconds a company gets hit with ransomware and 58% of those ransomware attacks are on small businesses. Check out this video to learn three simple steps you can take to keep your business safe from cyber criminals.
Putting the pieces together after a cyber security breach is costly and time consuming for your business. We want to save you the hassle! We're currently offering a FREE Cyber Security Risk Assessment for your business. There is no cost to you or obligation at all.
Sign up here and we'll get your assessment started!
We are very excited to announce some upcoming changes at Nice Guy Technology! For the past six years we’ve been proudly serving the technology needs of both residential customers and small business clients throughout the Columbus area. As our business has grown, we’ve found it more difficult to keep repair times short and devote enough time to each of you.
We’ve discovered that we are at our best when taking care of our small business clients, and have decided to make this our singular focus moving forward. By dedicating ourselves to serving one group, we can better serve our small business clients through increased remote and onsite support availability and faster response times.
In fact, to better meet the technology needs of our small business clients with multiple computers, we are developing new remote monitoring and management plans with comprehensive support built right in. New options include unlimited remote support, and even unlimited onsite support, all for a predictable monthly cost. This will help us provide you with our true vision as "your tech support department", as well as reduce unpredictable monthly costs due to unexpected support needs.
We will be releasing more information about these plans shortly, but wanted to let you know now about our exciting, new small business focus.
We'll be in touch soon!
Mason & Mary