The cybersecurity employee training checklist

/in , /by

By 2019, it’s estimated that cybercrime will cost more than $2 trillion and affect businesses across the world. The numbers indicate how serious this issue is. However, what many business owners don’t realize is what their biggest risk actually is.

Their employees.

Effective cybersecurity employee training is an essential step when it comes to protecting your company. After all, a secure business is a protective one.

Creating, planning and executing cybersecurity training can seem daunting; however, with the tips here, it doesn’t have to be.

What employees need to know to protect your data

While cybersecurity employee training is imperative. And the foundation for network security training is simple. You need to make sure your employees fully understand their role in this.

Some of the things employees should know in include:

  • They have a responsibility to protect company data.
  • Proper document management practices need to be used, along with notification procedures.
  • Passwords need to be strong and secure, so they are not easy to guess.
  • Ensure employees understand that they are not allowed to install unlicensed software on any of the company’s devices.
  • Internet use needs to be restricted to sites that are known to be safe.

How to ensure your employees receive proper cybersecurity training

You almost certainly have anti-virus software, intrusion prevention systems and a strong firewall to protect your network. And even with all of that, isn’t possible to block every single threat out there.

As a result, you have to be able to rely on your employees to keep the network safe.

After all, these are the individuals who are on the front lines. They’re determining whether or not they should download that mysterious email attachment, or click on that oh-so-tempting pop-up ad. One of the best ways to ensure they make the right decision is with quality, cybersecurity employee training.

Provide ongoing cybersecurity training

Cybercriminals and hackers are always looking for new and innovative ways to “trick” even the most experienced users into downloading malware or responding to a malicious email. If you want to ensure your workers don’t fall for these tricks, it’s essential to let them know these threats exist.

Not only do you need initial training when you first hire a new employee, but also ongoing training to ensure that your network is protected from the latest threats out there.

There are some businesses that even send out daily security tips via email to their workforce. Not only is this beneficial in keeping everyone informed, but it helps to keep cybersecurity top of mind.

Make security something personal

When you have employees who aren’t directly involved in your company’s technology efforts, then network security may seem like a foreign concept. However, most of your employees have purchased something from their home computer with a credit card.

You can use this very practical, relatable example to help make your business’s security more personal for your employees. They’re likely careful with their credit card number. They need to be careful with company data, too.

Help them understand that their information is best protected when they follow certain security policies that have been designed to keep the network safe.

Be accessible to employees

Part of cybersecurity training for your employees should include letting them know who to turn to if they experience any type of network security incident, or if there are any questions about cybersecurity. If you don’t have an IT support team on-site, be sure your employees know how to get support and help from your service provider.

Keeping your data safe

If you want to ensure your small business’s network is secure, it starts with proper cybersecurity employee training. Be sure to play your part. Protecting your company’s sensitive information is serious business.

If you need additional help with your cybersecurity employee training, consider reaching out to a security expert. Most managed services providers can help you achieve an optimal level of security and protection.

Client Testimonial: Reinke Supply

/in , /by
 

“They got all the hardware for us. They changed our server. We now have a whole new email system.”

– Kathryn Rosanova
CFO, Reinke Supply Co.

What about you?

If you’re interested in seeing what CCS Technology can do for your company, let’s get the conversation started. Just fill out the form below and a friendly member of our team will be in touch with you shortly.

Request A Free Consultation

  • This field is for validation purposes and should be left unchanged.

Spoofing: What it is and how to avoid it

/in , /by

Cyberattacks cost businesses around the world about $15.80 million per company, according to estimates. And the number of security breaches has increased. In fact, the World Economic Forum’s Global Risks Report 2018 says that cyberattacks are now just as threatening as natural disasters such as extreme weather events and catastrophes.

One of the most commonly used scams that businesses are falling prey to is known as spoofing. Let’s take a closer look at what spoofing is and how you can avoid it.

What is spoofing?

Spoofing happens when a hacker gains access to your computer systems and is able to steal personal or sensitive information. That information can be as simple as passwords or as complex as business data.

You may have come across an attempt at spoofing before—for example, in the form of a suspicious email that promises cash rewards or an ad with questionable links. However, spoofing is not limited to spam emails. An intruder can use caller IDs or get you to click on a uniform resource locator (more commonly known as a URL).

There are several types of spoof attacks. Probably the most common are phishing emails, where you are sent a link and then given the option to download something. Even if you clicked the bait, usually nothing will happen unless you download the attachment.

How to safeguard yourself from spoofing

To protect yourself and your organization from spoofing, the best course of action is to avoid clicking any shady-looking links. And never download attachments unless you are absolutely sure the sender is legitimate.

If you have been the victim of URL spoofing, spammers may have attempted to infect your computer’s hardware with a virus. This is why it’s essential to install firewalls. Otherwise, you are putting your business—and your clients’ data—at risk.

You may think of cybercriminal activity as something that is unlikely to affect you or your business. But at the rate the threat is growing, it’s something to take seriously.

A 2017 Juniper Research report forecasts that the number of personal data stolen by spoofing attackers could reach 5 billion in 2020. The authors of the report expect businesses around the world to lose a combined amount of $8 trillion over the next few years.

On your side

If you take a proactive approach to cybersecurity, you are less likely to become a victim of a cyberattack. The first thing to do is examine where your walls of defense may be weak and get expert help to protect your organization.

A little self-directed proactive education can really help in this department. Take the time to keep up with industry news and pay attention to cybersecurity headlines. You can also follow our blog for everything you need to know about cybersecurity, spoofing and business data analytics.

Also, contact your as can a managed IT services provider. They’re there to help. All those years of experience providing IT support and managed IT services make a huge difference when it comes to protecting your business from cybercrime.

This is social engineering in action

/in , /by

In the simplest terms, social engineering is manipulation. It plays on the frailty of the human psyche.

According to CSO, it doesn’t matter if your company has the best defensive technologies and physical security in place. If a sneaky social engineer can trick your employee into giving out a password, you’re still at risk.

There are several aspects of social engineering in the business world that you need to know about so you can avoid it.

Pretexting

Pretexting involves setting up a false scenario such as pretending to be an official from a bank. The victim thinks they’re talking, emailing or texting someone legitimate who just needs more information about an account. Sometimes the attacker even pretends to be providing an IT service.

The attacker will then insist that certain information is needed in order to fix a problem or to confirm an employee’s identity. This method relies on exploiting a relationship built on trust.

Tailgating

Digital Guardian defines tailgating as a situation in which someone without authorization simply follows someone with authorization into a restricted space. This is a type of physical social engineering.

For example, someone might ask to borrow your access card, claiming they forgot their own. Or someone might ask to use your laptop or phone, using the opportunity to install a virus. The absolute simplest example is when one person asks another to hold a door open for them.

Phishing

This is probably the most common form of social engineering used. Fraudulent information is passed off as legitimate in an attempt to get you to install malware on your network, computer or mobile device.

Most of these kinds of cyberattacks begin with an email. Unfortunately, many of your employees may assume email is basically safe. All it takes is one employee clicking on the wrong link.

Baiting

Baiting happens when someone puts a malware-infected CD or flash drive in a place where another person is likely to find it.

The attacker is counting on someone finding the infected device and loading it onto their computer. Once it has been loaded the attacker has access to that person’s system . . . and you have a potential data disaster.

Tips for avoiding social engineering

The first step for avoiding social engineering is knowing who and what you can really trust. No matter what industry you’re in, there are several steps your organization should take to prevent social engineers from wreaking havoc.

Conduct random tests

You should periodically test your employees to discern how easily they succumb to various social engineering threats.

Fight phishing

Reduce phishing attacks by refraining from opening any links in emails from unknown senders. When in doubt, it’s always better to delete suspicious emails.

Require identification

You can eliminate pretexting and tailgating by insisting on identification before letting anyone enter any area of your business.

Continual education

Social engineers are constantly changing and upgrading their tricks, making it imperative to keep your staff trained and updated on what to look out for and avoid.

Choose the right IT company

An experienced IT company should be reliable, responsive and have years of experience and expertise.

Wrapping up

Social engineering can be just as complex as hacking. The only real difference is it adds an especially frustrating psychological twist.

We highly recommend partnering with an IT provider who understands all levels of security your company needs. Complete IT support should include technology as well as thorough employee training.

Client Testimonial: Inventrust Properties

/in , /by
 

“CCS has definitely helped with increasing . . . its partnership with my internal business.”

– Dipesh Shah
Chief Information Officer, Inventrust Properties

What about you?

If you’re interested in seeing what CCS Technology can do for your company, let’s get the conversation started. Just fill out the form below and a friendly member of our team will be in touch with you shortly.

Request A Free Consultation

  • This field is for validation purposes and should be left unchanged.

What to learn from the most interesting data breaches of 2017

/in , /by

Several high-profile organizations experienced data breaches in 2017. For instance, you probably saw media reports about data breaches involving Equifax or the InterContinental Hotel Group.

It isn’t enough to know that these breaches occurred. Companies and organizations need to pay attention to the mistakes that made the security breaches possible. That way, you can inspect your own company’s policies to make sure you protect yourself and your customers.

Equifax proved that how you behave after a data breach matters

A 2017 data breach at Equifax, one of the world’s largest credit reporting companies, exposed the personal information of approximately 143 million Americans. The problem was deemed so important that Congress held several hearings to understand what had happened.

According to Equifax, the breach happened because of a flaw in one of the company’s web applications.

Obviously, Equifax didn’t get the help it needed closing common cybersecurity holes. The worst part, though, was how Equifax chose to handle the situation. Some of the company’s most egregious actions included:

  • Waiting about two months to tell consumers about the breach.
  • Letting executives sell their Equifax personal holdings before announcing the breach.
  • Creating an unsecured WordPress site to help consumers determine whether they were affected by the breach.
  • Requiring consumers to provide even more sensitive information to determine whether the breach affected them.

The most important thing to learn from Equifax is how to behave after a breach happens. Basically, do the opposite of what Equifax did. The organization’s tarnished reputation may never recover.

InterContinental Hotel Group (IHG) exposes thousands of consumers to identity fraud

InterContinental Hotel Group (IHG) revealed in early 2017 that a data breach had affected 12 of its properties. Malware on the company’s servers had stolen credit card information from guests who used their cards at the hotels’ on-site restaurants and bars. Understandably, the announcement concerned thousands of people.

Unfortunately, that wasn’t the end of IHG’s security problems. A couple of months later, the company admitted that the malware hadn’t attacked 12 of its locations. Instead, it had targeted 1,200 locations. The malware also did more than gather credit card information from restaurants and bars. It had stolen personal information from payments processed at hotels, too.

A better cybersecurity process would have likely uncovered the malware before it had a chance to affect so many people. Unfortunately, IHG didn’t have the IT security to identify the threat before it had an opportunity to spread from a handful of locations to thousands.

Ransomware Targeted Organizations in Nearly 100 Countries

In 2017, ransomware became such a huge problem that it affected organizations in nearly 100 countries. Hospitals in Great Britain had to turn away patients because they couldn’t access their medical records. The malware also affected hospitals, police stations and businesses in the United States, Russia, Spain and Portugal. Overall, the ransomware affected about 57,000 networks around the world.

Educating employees to recognize phishing attempts is one of the most effective ways to prevent ransomware attacks. Organizations also need to update their systems and applications to patch security vulnerabilities.

Given the excessively wide reach of the 2017 attack, it’s obvious that most people don’t know how to protect themselves from ransomware.

If you’re worried that you don’t have the right technology or policies to protect your company from data breaches, contact your managed services provider to learn more about the most effective defenses. Without the right tools, you could fall victim to attacks just as easily as the organizations mentioned above.

Internal threats 101: What they are and how to avoid them

/in , /by

We’ve warned you before that half of all small to midsize businesses have endured at least one cyberattack. But did you know that “the biggest cybersecurity threats are inside your company?”

That’s an eye-opening claim from a 2016 report by the Harvard Business Review. It’s also backed by data from IBM’s 2016 Cyber Security Intelligence Index. According to that report, some “60% of all attacks were carried out by insiders,” with 75 percent of those coming from malicious actors. (The rest were inadvertent—which is better but still bad.)

What’s more, these internal threats can be particularly harmful. A 2017 article from Tripwire stated that “53 percent of companies estimate remediation costs of $100,000 and more, with 12 percent estimating a cost of more than $1 million.”

Ouch.

On top of that, insider threats can go undetected for years on end. And guilt in such cases is really difficult to establish. It’s little wonder why an estimated “74 percent of companies feel that they are vulnerable to insider threats,” and a whopping 7 percent classify their vulnerability as “extreme.”

The conclusion?

While it’s critical to defend against external cybersecurity threats (and they are, generally speaking, more widely sensationalized), internal threats are just as important to catch. Today, we’ll be giving you a leg up by delving into what constitutes an internal threat and how you can mitigate the risks.

Just what is an internal threat?

For a straightforward definition, we turn to SecureList:

“Internal threats include any harmful actions with data that violate at least one of the fundamental principles of information security (integrity, availability, and confidentiality) and originate from within a company’s information system.”

Easy enough to comprehend, but classifying internal threats goes even deeper. According to CSO, internal vulnerabilities come in three main flavors: accidental, negligent and malicious. Those first two have a degree of overlap, as there’s no ill will on the part of the employees who are responsible.

Accidental threats arise when employees aren’t well-educated on proper protocol (and, by extension, open your company to maladies like ransomware and phishing schemes). Negligent threats occur when employees understand the protocols but willfully ignore them in favor of completing a task the “easy way.”

Malicious threats, on the other hand, are a whole different ballgame.

The offending employee might be holding a grudge. They might have been paid off. Whatever the case, malicious instances are categorized by employees within your company who wish to intentionally cause damage. Those employees use their knowledge of your systems to further their less-than-well-intended goals.

How to guard against internal threats

The strategies you employ for mitigating internal threat risk will vary based on the types of danger we listed above.

For accidental and negligent threats, education and enforcement are key. As EY so succinctly put it, “education is prevention.” Getting employees up to speed is a great way to cut down on the mistakes that can put your organization in a cybersecurity predicament.

solid IT support team can help with educational efforts. Combine that with a no-nonsense policy that reminds employees that cybersecurity rules are not to be taken lightly. That’s how to deal with a sizable portion of the internal risks your company faces.

Malicious threats require a different approach.

Preventing these are where background checks, employee monitoring and restricted access to various systems will benefit your overall preparedness. Again, leveraging IT pros to formulate a strategy will grant you significant benefit.

With the right methodologies in place, your vulnerability will diminish drastically.

Client Testimonial: 25N Coworking

/in , /by
 

“The biggest thing that was for me is that they can handle everything—
you know, a single source solution.”

– Mara Hauser
CEO & Founder, 25N Coworking

What about you?

If you’re interested in seeing what CCS Technology can do for your company, let’s get the conversation started. Just fill out the form below and a friendly member of our team will be in touch with you shortly.

Request A Free Consultation

  • This field is for validation purposes and should be left unchanged.

The beginner’s guide to cloud ERP

/in , /by

Keeping your company running smoothly is a big task. Each individual department needs to run effectively, and all departments need to interact efficiently with each other. Cloud ERP is an effective method of keeping all areas of your business running smoothly.

This one tool really can transform how your business operates.

What is ERP?

ERP is the acronym for “enterprise resource planning.”

ERP helps organize, oversee and manage all the individual processes that keep a company running effectively. This could include everything from human resources and finance to marketing and manufacturing.

ERP systems rely on a centralized database for keeping track of all the moving pieces. When used effectively, ERP enables better communication and collaboration.

How does ERP work?

ERP works by organizing and integrating a variety of data from several departments in your company. Traditional ERP software depends on a local server infrastructure. This would require an onsite server you’d have to manage and maintain.

The great thing about cloud ERP is that it’s just as effective as a legacy, onsite ERP, and it can work for a variety of industries. That includes finance, manufacturing, distributing and any other vertical that could benefit from ERP.

How does cloud ERP work?

Doing business in the cloud allows companies to harness unprecedented levels of flexibility and agility. In fact, a cloud-based application, like cloud EPR, give SMBs access to enterprise level technology.

Cloud ERP offers customers an entire system that can work more effectively in unison. Utilizing a cloud ERP has several advantages notable advantages when compared with an ERP housed in an onsite server. These include:

  • Less costly: Services are leased as needed instead of requiring an expensive upfront purchase that might include more options than you actually need. You won’t have to invest in the necessary hardware or hire a qualified technician for maintenance. This is ideal, especially if you have a small or mid-size company.
  • Increased security: Keeping data secure is crucial and requires expertise and advanced technology that most small companies simply can’t afford. This makes it critical to choose a vendor that has the ability to keep your data secure. When your sensitive company information is stored in a secure cloud ERP, you’re adding another layer of protection to your company’s cybersecurity plan.
  • Protection from disasters: Security doesn’t just mean protection from hackers. When you’re storing all your information onsite, you’re susceptible to fire, floods and power outages. Cloud ERP can be a crucial part of your disaster plan.
  • More flexibility: Your cloud ERP can be accessed anywhere there’s internet. You can work from a tablet, a laptop or your mobile phone. This makes collaboration with your entire team easier.
  • Easy implementation & access: When your ERP is in the cloud, it normally takes less time to implement the system. You also have access to all your data and business applications at all times.

How do you keep ERP working effectively?

While there are several advantages of using cloud ERP, there are a few challenges you’ll need to keep in mind.

Support, especially during the start-up phase, is crucial. You want to get things get off the ground smoothly. We advise including your managed IT services provider in the process right from the beginning. That ensures you have the support and guidance you need to make the most of cloud ERP.

Real-world examples of business intelligence

/in , /by

Software and technology play an ever-increasing role in the business world. One of the most important technologies in today’s business environment is business intelligence software.

Here’s what you need to know about the basics of business intelligence and how some well-known companies have put it to work in their day-to-day operations.

What is business intelligence?

Today, businesses of all sizes have access to mountains of data that were never readily available in the past. Business intelligence (BI) is a way to make sense of what these data points mean and turn them into insights that businesses can use in real-world decision-making.

Using analysis software, BI systems take raw data sets and use them to inform everything from marketing strategies to planning for possible future setbacks.

Want a few examples?

Lowe’s leverages BI

Though the concept itself may seem a bit vague, there are many examples of large businesses putting BI to work to solve concrete problems. One of the earliest examples you’ll find of a large enterprise using BI is Lowe’s, America’s second-largest home improvement store chain.

In 2007, the company started building a new data center in Texas specifically to expand on its already significant business intelligence capabilities. Like many retail chains, Lowe’s uses BI to optimize its supply chain efficiency and reduce the rate of fraudulent returns in its stores.

Starbucks gets in on business intelligent

The Seattle-based coffee chain Starbucks is also a prominent user of BI technology. Through its popular Loyalty Card program, Starbucks is able to amass individualized purchase data on millions of customers. Using this information and business intelligence software, the large coffee company can then predict what purchases and offers an individual customer is likely to be interested in. The company informs customers of the offers it believes they will want to take advantage of via mobile devices.

This system lets Starbucks draw existing customers into its stores more frequently and increase its volume of sales. In this capacity, BI has a use similar to traditional CRM systems. In fact, many businesses choose to combine BI and CRM systems to get the most out of their data.

Amex is big on BI, too

One of the areas of business in which BI has been most effective is the finance industry. American Express has been a pioneer of business intelligence in this sector, using the technology to develop new payment service products and market offers to customers.

Rather impressively, the company’s experiments in the Australian market have rendered it capable of identifying up to 24% of all Australian users who will close their accounts within four months. Using that information, American Express can take effective steps to retain those customers who would otherwise be lost.

BI software also helps the credit card company detect fraud more accurately and thereby protect customers whose card information may have been compromised.

Amazon and business intelligence go hand-in-hand

Last but not least among the companies that use BI is the online retail giant Amazon.

Much like Starbucks, Amazon uses business intelligence technology to personalize product recommendations and market products, but it also uses its BI software tools for logistical business decisions. In fact, in-depth data analysis is what enables Amazon’s massive supply chain to run smoothly.

From optimizing shipping routes to allocating inventory among warehouses, data and BI tools influence practically every step of Amazon’s supply process.

The tip of the BI iceberg

Amazingly, these are just a few of the many uses to which modern business intelligence software can be put. From finance to retail and even in the public sector, BI technology is helping organizations glean useful insights from their data.

If your business has large amounts of customer data but isn’t using it to increase profitability, now is the time to invest in BI software solutions and the IT support needed to implement them effectively.