The Werks is an IT related commentary bringing you the unvarnished truth steeped in a vat of reality. The information contained herein is the opinion and rantings of a 30+ year veteran of the IT industry. This will hopefully give you helpful knowledge untainted by any specific vendor focused kool-aide. Occasionally, you may find that this collection of brain droppings will also give you the laugh you needed to make it through another day locked in the IT gulag. Read-on, brave soldier!
So, you made it back home from the show. You're exhausted and work has backed up in your absence. Here is where the entire investment in the show can go down the drain. Follow-up is critical. Every one of those prospects need to have follow-up. Lots of it. One contact isn't going to be enough.
First, send out a short email drip that includes a 'thanks for visiting us at the trade show.' The second should be a 'call to action' email. Send an invitation to meet via phone or in person, and add something for them to download. The download can be a whitepaper, or even just your brochure, but it is always good to attach something.
Now comes the really hard work. Contacting prospects. No one is going to just mail you revenues. You need to actively market to your trade show visitors. If some seem uninterested, put their names in a tickler file to try back in 6 months. Just be sure not to just let them drop; the situation may change in the future.
In summary, look at a trade show as a marketing event that goes beyond the time spent at a booth in some convention center. It is just a stage in a lengthy and important marketing campaign. Make sure you prepare for the show and do active follow-up afterward. Otherwise a trade show is just an expensive few days meeting lots of people you will never see again.
We're back. In the last post, we talked about building momentum toward a trade show exhibition. Today, let's look at your efforts during the show itself.
You already should have sent out a reminder the morning of the show in posts on all your social media accounts, an article on your website blog, and a general email that you're exhibiting. Now it is time to work the booth.
First, recognize that your goal is to use this show to develop as large a list of prospects as possible. That means you not only want visitors at the booth, you need their contact information. The proven way to get attendees contact information is to offer them something for free, or run a contest for something worthwhile. Most booths will offer some giveway, coffee mug, etc. at the booth if visitors sign a contact info sheet. People can't resist free stuff, no matter how muchthey don't need another mug or could afford to buy them on their own by the caseload. Therefore, have giveaways.
You can also run a contest for those willing to take the time for a demo of your product or service. If they will take the extra step, enter them for a raffle for something of greater value, such as an iPad or tablet.
If anyone shows special interest, keep your non-exhibit hours open to schedule meetings for coffee or a demo.
Beyond getting prospects, use the show for broader networking. Work the other booths and introduce yourself to other exhibitors to get your name known. You can never do enough networking, and you never know when it might pay off. If the exhibitor entrance fee does not include entrance to other networking events such as meals and meet-and-greet-happy-hours, consider buying a ticket for access.These offer additional opportunities to network.
Finally, don't forget social media. Throughout the show, post pics of yourself with clients or prospects who visited your booth. You can even use the event hashtag if they have one to help your business generate buzz!
Next time, let's talk about what to do once you get back home.
Going to a tradeshow for the first time? Don't make the mistake of viewing this as a 1-2 day discreet marketing event. Instead, view your exhibit at a tradeshow as the central feature of a much longer and holistic marketing plan that builds to the event, and then culminates in the successful postshow follow up that signs on new customers. In the next few posts, we are going to break down the tradeshow marketing plan into three bite size pieces. Today, the pre-show build up.
The goal of your preshow marketing is to attract visitors to your booth at the show. You want them to know about all about you before they take that first walk around the exhibit hall.
Take advantage of all the marketing opportunities that the show planner offers. This may include access to an attendees list. If so, use this to send out a few introductory emails prior to the show including your booth number. Send one the day of the show reminding the reader where you are.
Sponsorships are also an opportunity, if your budget allows it. This can be a small ad in the program or sponsoring an event or get-together during the conference. This is a bigger step and may be beyond the budget of a SMB.
Social Media: Use social media to introduce yourself before the show. This means an active presence on Facebook, Twitter, and Linkedin. Send a brief announcement of who you are and that you will be exhibiting at the show, and then a reminder the day of the show or the day before.
Website and blog: Post an invitation to the show on your website and your blog. This should go up about one week prior the to event.
These are just four simple steps you can take to build momentum before the actual exhibition. Next, we’ll talk about marketing during the show.
Smaller firms often struggle just to keep up with maintaining a website. Worrying about a scaled down version for mobile users seems like just too much trouble. Today's blog is all about why this matters to you and why should you bother with a mobile version.
A bit of background: Mobile sites are versions of your website that can be easily read and used on a small mobile screen. What is readable on a laptop of desktop monitor can be too tiny to use on a small screen. Also, the buttons and fields on your forms become impossible to use.
Why does this matter? Three reasons
Showing up in search rankings. If you want to be found in a search and appear high in the ranking, you need to have a "mobile optimized" site. Google has now included the failure to have a mobile optimized site as a specific reason to lower a website in its search rankings. If you don't have a mobile optimized site, you slip lower in the ranking. Slip lower in the rankings and fewer people ever find you in a search.
More search and web activity now occurs on mobile devices than standard PC and laptops. If you want attention, you need to be "mobile ready." You can't just write off those mobile users- there are too many of them.
If your site is too difficult to use on a phone screen, the user is just going to jump to another vendor. There’s nothing else to say.
So the summary is, if you haven't already done so, you need to bite the bullet and get a mobile optimized site. The internet offers too much business to just ignore the issue.
You can have all the locks on your data center and have all the network security available, but nothing will keep your data safe if your employees are sloppy with passwords.
There are many ways data can be breached, and opening some link they shouldn't is one of the most serious security sins employees can commit, but today we’ll just talk about passwords.
Here are some basic practices that you should require your employees to follow. These are basic tips. System administrators should implement other policies, such as those that forbid using passwords previously used and locking accounts after a few failed attempts to login. But just for you as a manager, here are a few tips.
Change Passwords - Most security experts recommend that companies change out all passwords every 30 to 90 days.
Password Requirements - Should include a of mix upper and lowercase, number, and a symbol.
Teach employees NOT to use standard dictionary words (any language), or personal data that can be known, or could be stolen: addresses, tel numbers, SSN, etc.
Emphasize that employees should not access anything using another employee's login. To save time or for convenience, employees may leave systems open and let others access them. This is usually done so one person doesn't take the time to logout and the next has to log back in. Make a policy regarding this and enforce it.
These are just a few basic password tips, but they can make a big difference in keeping your business's sensitive data safe.
Losing an employee is not usually a good experience. If they leave voluntarily, you lose a valuable asset. If they have to be fired, you have the arduous task of the progressive discipline process and the final termination meeting. But there are other concerns that arise when an employee leaves. Those concerns are security and their access to company data.
Here are some considerations regarding passwords and voluntary termination (A.K.A. resigned) or involuntary termination (A.K.A. fired.) It is important you have a process in place so that whenever a termination occurs, nothing slips through the cracks regarding corporate data security.
When you dismiss an employee, you should immediately change out all passwords for anything the employee had access to. Because almost all terminations should be planned, you should also define the process for canceling access. It is unwise to cancel prior to the termination meeting. If you do that, you create the potential for a confrontation when they arrive at work and find their passwords have been disabled. Instead, plan ahead and assign someone to disable their passwords during the time you are having the termination meeting. Before the meeting, be sure you have a list of all access cards, keys, etc. prepared so they can be cancelled before the employee leaves the building.
Voluntary terminations - Different firms have different policies handling resignations. Depending on the specific position, an employee will be permitted to continue working during their 2 week notice period. In that case, you need to consider if there is any possibility the employee might get up to no good during the final days. That is something only you can judge.
In some cases, firms will ask an employee to leave the facility immediately. In that case, you need to have a plan in place. You need to have a list available of all of the restricted systems to which they have access for when this situation arises. The employee should not leave the building until all of their access has been canceled.
This all may seem a bit harsh, but things have changed. 30 years ago, for a disgruntled employee to steal files, they'd be carrying out large boxes of file folders. Now, not only can they empty the building onto a thumb drive, they can take nefarious action that wasn't possible when data was stored on paper.
In our last blog we started talking about the different layers of security necessary to fully defend your data and business integrity. Today we will look at the human aspect of it, and network defenses. The human layer refers to the activities that your employees perform. 95% of security incidences involve human error. Ashley Schwartau of The Security Awareness Company says the two biggest mistakes a company can make are "assuming their employees know internal security policies: and "assuming their employees care enough to follow policy".
Here are some ways Hackers exploit human foibles:
Guessing or brute-force solving passwords
Tricking employees to open compromised emails or visit compromised websites
Tricking employees to divulge sensitive information
For the human layer, you need to:
Enforce mandatory password changes every 30 to 60 days, or after you lose an employee
Train your employees on best practices every 6 months
Provide incentives for security conscious behavior.
Distribute sensitive information on a need to know basis
Require two or more individuals to sign off on any transfers of funds,
Watch for suspicious behavior
The network layer refers to software attacks delivered online. This is by far the most common vector for attacks, affecting 61% of businesses last year. There are many types of malware: some will spy on you, some will siphon off funds, some will lock away your files.
However, they are all transmitted in the same way:
Spam emails or compromised sites
"Drive by" downloads, etc.
To protect against malware
Don't use business devices on an unsecured network.
Don't allow foreign devices to access your wifi network.
Use firewalls to protect your network
Make your sure your WiFi network is encrypted.
Use antivirus software and keep it updated. Although it is not the be all, end all of security, it will protect you from the most common viruses and help you to notice irregularities
Use programs that detect suspicious software behavior
The mobile layer refers to the mobile devices used by you and your employees. Security consciousness for mobile devices often lags behind consciousness about security on otherplatforms, which is why there 11.6 million infected devices at any given moment.
There are several common vectors for compromising mobile devices
To protect your mobile devices you can:
Use secure passwords
Use reputable security apps
Enable remote wipe options.
Just as each line of defense would have been useless without an HQ to move forces to where they were needed most, IT defense-in-depth policy needs to have a single person, able to monitor each layer for suspicious activity and respond accordingly.
In the 1930s, France built a trench network called the Maginot Line to rebuff any invasion. The philosophy was simple: if you map out all the places an enemy can attack, and lay down a lot of men and fortifications at those places, you can rebuff any attack. The problem is, you can't map every possible avenue for attack.
What does this have to do with IT security? Today many business owners install an antivirus program as their Maginot Line and call it a day. However there are many ways to get into a network that circumvent antivirus software.
Hackers are creating viruses faster than antivirus programs can recognise them (about 100,000 new virus types are released daily), and professional cybercriminals will often test their creations against all commercially available platforms before releasing them onto the net.
Even if you had a perfect antivirus program that could detect and stop every single threat, there are many attacks that circumvent antivirus programs entirely. For example, if a hacker can get an employee to click on a compromised email or website, or "brute force guess" a weak password, all the antivirus software in the world won't help you.
There several vulnerabilities a hacker can target: the physical layer, the human layer, the network layer, and the mobile layer. You need a defense plan that will allow you to quickly notice and respond to breaches at each level.
The physical layer refers to the computers and devices that you have in your office. This is the easiest layer to defend, but is exploited surprisingly often.
Here are a few examples:
Last year 60% of California businesses reported a stolen smartphone and 43% reported losing a tablet with sensitive information.
The breaches perpetrated by Chelsea Manning and Edward Snowden occurred because they were able to access devices with sensitive information.
For example, Comptia left 200 USB devices in front of various public spaces across the country to see if people would pick a strange device and insert into their work or personal computers. 17% fell for it.
For the physical layer, you need to:
Keep all computers and devices under the supervision of an employee or locked away at all times.
Only let authorized employees use your devices
Do not plug in any unknown USB devices.
Destroy obsolete hard drives before throwing them out
Next time in Part II, we will talk about the human and network layers of security.
There are some things that only people can fix. There are many security risks to which your data is susceptible, but there is one method that remains a wonderfully effective hacking tool. That is the phishing scam. This is a legitimate looking email that asks the reader to click on a link. If clicked, the link can infect the user’s computer with malicious software that can steal passwords, logins, and other critical data. Alternatively, the email appears to be from a legitimate source, perhaps even duplicating a legitimate webpage. The distinction is that the phishing email asks the user to enter personal information, including passcodes. In either case, that is how hackers easily get into your systems.
What's the best defense against this one? The single biggest defense is education. Training your people to be constantly wary of all the emails they receive. One way some firms are educating their people is by sending out their own "fake" phishing scams. Employees who click on the link inside are greeted with a notice that they've fallen for a phishing scam and then are offered tips how not to be fooled in the future. Think of it as the hi-tech version of Punk'd.
You may not be ready to go that far, but it is important to provide ongoing training to all of your staff about phishing scams. Your staff are all critical factors in your data security plans.
This cyberattack scheme hasn't garnered nearly as much attention as the usual "break-in-and-steal-data-to-sell-on-the-Internet version," but it can be even more debilitating. Ransomware attacks have begun appearing in the last few years and its practitioners are so polished that in few cases they even have minicall centers to handle your payments and questions.
So what is ransomware? Ransomware stops you from using your PC, files or programs. The business model is as old as the earliest kidnapping. They hold your data, software, or entire PC hostage until you pay them a ransom to get it back. What happens is that you suddenly have no access to a program or file and a screen appears announcing your files are encrypted and that you need to pay (usually in bitcoins) to regain access. There may even be a Doomsday-style clock counting down the time you have to pay or lose everything.
Interestingly, one of the more common "market segments" being targeted in the US has been public safety. Police department data is held hostage, and in many cases, they have given up and paid the ransom. They had little choice. They aren't the only ones. A hospital in Southern california also fell prey, as did one in Texas.
Ransomware can be especially insidious because backups may not offer complete protection against these criminals. Such new schemes illustrate why you need to have a professional security service that can keep you up to date on the latest criminal activities in the cyber world. Talk to an MSP about possible protections against ransomware.
You hear on the news all of the time about big cyber attacks on large corporations, and even government agencies. The trouble with this news coverage is that is suggests a distorted view of where cyber attacks are taking place. These attacks are not solely hitting large organizations. Small firms represent a significant portion of those who face cyber attacks. Being small by no means keeps you immune. In fact, small firms can be used as conduits to larger organizations. That is likely what happened in the case of Target Corporation back in 2013
If you're a small business, then you're a target for cyber criminals. Last year, 71% of small to medium size businesses were the victims of cyber attacks.
Today's concern is how you would respond to an attack. 31% of small to medium businesses do not have a plan of action for responding to IT security breaches, and 22% admit that they lack the expertise to make such a plan. A data breach is disastrous.
Your response determines whether it's a survivable disaster. You need to have a statement for customers ready, (47 states require businesses to disclose data breaches), you need to be able to quickly access backups, and you need access to professionals with experience in disaster recovery and business continuity.
Hearing “all of your confidential information is extremely vulnerable, we know this because...” is bad news, but whatever follows the ellipses determines just how bad. Consider two scenarios.
“All of your confidential information is extremely vulnerable... we know this because a hacker took all of your customers’ credit card info and locked all of your files behind ransomware.”
“All of your confidential information is extremely vulnerable...we know this because we did a vulnerability scan of your network, and have some suggestions on how you can improve.” 61% percent of small businesses are victimized by cyber attacks each year, and one in five victims do not survive. It is financially worthwhile to make sure that you end up being the person hearing the latter sentence.
Scenario 2 describes the statement after you have had a vulnerability test conducted. A vulnerability test is a comprehensive audit of security flaws that a hacker could exploit, and the possible consequences. This is the equivalent of a doctor giving a physical examination. This information will allow you to know what your risks are and plan your security policies accordingly.
Vulnerability tests should be conducted quarterly, and can be done by in-house IT or outside consultants.They should be done quarterly, or whenever you are incorporating new equipment into your IT network.
What is a pen-test: A pen-test is a simulated attack on a network to test the strength of its security. Usually, the pen-tester will have a specific objective (e.g. “compromise this piece of data...) A vulnerability scan tells you “what are my weaknesses?” and pentest tells you “how bad a specific weakness is.”
How often should you pen-test: Different Industries will have different government mandated requirements for pentesting. One of the more broad reaching regulations, the PCI DSS, for example, requires pen-testing on an annual basis. However, it is prudent to go beyond the legalminimum. You should also conduct a pen-test every time you have
Four Key Components of a Robust Security Plan Every SMB Must Know
Most businesses are now technology dependent. This means security concerns aren’t just worrisome to large corporate enterprises anymore, but also the neighborhood sandwich shop, the main street tax advisor, and the local non-profit. Regardless of size or type, practically any organization has valuable digital assets and data that should not be breached under any circumstances.
This makes it the responsibility of every business, especially those collecting and storing customer/client information, to implement a multipronged approach to safeguard such information.
Yes, we’re looking at you, Mr. Pizza Shop Owner who has our names, addresses, phone numbers, and credit card information stored to make future ordering easier and hassle free.
Today’s SMB Needs a Robust Security Plan Protecting your business and its reputation comes down to developing, implementing, and monitoring a robust security plan that adequately addresses everything from physical access and theft to the threat of compromised technology security. This involves defining and outlining acceptable uses of your network and business resources to deter inappropriate use. Here are four key components to consider.
Network Security Policy: Limitations must be defined when it comes to acceptable use of the network. Passwords should be strong, frequently updated, and never shared. Policies regarding the installation and use of external software must be communicated.
Lastly, if personal devices such as laptops, tablets, or smartphones are accessing the network, they should be configured to do it safely, which can be done easily with a reliable Mobile Device Management (MDM) solution.
Communications Policy: Use of company email and Internet resources must be outlined for legal and security reasons. Restricting data transfers and setting requirements for the sharing or transfer of digital files within and outside of the network is recommended. Specific guidelines regarding personal Internet use, social media, and instant messaging should also be clearly outlined. If the company reserves the right to monitor all communication sent through the network, or any information stored on company-owed systems, it must be stated here
Inappropriate Use: Obviously, any use of the network or company-owned system or device to distribute viruses, hack systems, or engage in criminal activity must be prohibited with the consequences clearly noted. Any website that employees cannot visit should be identified if not altogether blocked and restricted. For instance, downloading an entire season of True Blood from a Bit Torrent site isn’t an acceptable use of company Internet resources.
Every employee must know these policies and understand the business and legal implications behind them. Companies must also make sure these policies are clear and understood by all, and most importantly, strictly enforced.
Think Quicker Recovery Time, Not Quicker Backup - While incremental backups are much faster than executing a full-backup, they also prolong recovery time. In the event of data loss, a full restore will require loading the most recent full backup and then each incremental backup tape. Having too many incremental backup tapes not only adds time to this restoration process, but it also increases the probability of not recovering all of your data. A tape could be lost, unintentionally skipped over, or contain corrupted data. Be sure to focus on optimizing the restore time to ensure faster data recovery. A quicker recovery time should be the main objective, not the need for a quicker backup process.
Maintain Sufficient Backup History - Within the blink of an eye, current data files can become corrupted and inaccessible. This will necessitate the loading of an earlier data backup that is clean of corruption. Many smaller companies make the mistake of failing to keep a sufficient backup history.
Be Sure to Backup Essential Data AND Applications - Some businesses don’t feel the need to backup all data, but be sure essential databases, documents and records are backed up frequently. Don’t overlook applications that are critical to day-to-day business operations either. Many companies fail to backup applications, only to realize when it’s too late that they don’t have access to the original installation disks when they’re trying to recover from data loss or an outage.
Have Off-Site or Online Backup - Some businesses backup data simply by moving essential files to tapes or external hard drives that are then stored somewhere onsite. But if they’re kept onsite, what happens if a fire, flood or other natural disaster takes out not just your server but your backup tapes and drives? Onsite backups can also be susceptible to theft. Having secure off-site, or even online backup, is simply the smart thing to do to ensure quick recovery when trouble comes to town.
Fix Broken Access Controls on Your File Server - Many businesses have folders with confidential data residing on a file server with overly permissive access controls. Why take the risk of having a disgruntled - even former - employee access and misuse this data when access can be limited to only those in the company who need it?
Be Sure to Test Restores - It happens time and time again. Business owners think they have a data backup plan in place. Tapes are changed diligently each day and everything appears to be backed up and good to go. However, it turns out the backups haven’t been working for months, sometimes even years, right at the very moment they’re needed. Either the backups had become corrupt and useless or large segments of data were not being backed up. This happens often. Don’t let it happen to you.
Managed Service Providers - or MSPs - are often recommended as a cost effective IT solution for small businesses. For a minimal monthly fee, MSPs provide a reasonably priced solution to the complex technology pains of small businesses. Here’s a look at the various benefits an MSP can offer your business…
Freed-Up Resources and a Renewed Emphasis on Core Business - Both business owners and internal IT staff would much rather focus on revenue enhancing tasks like product development or the creation of cutting-edge applications/services. This is one reason routine monitoring and maintenance tasks are often neglected by an internal IT person or team, which always proves to be detrimental much later.
Often misportrayed as a “threat” to an internal IT person or staff, MSPs can instead relieve internal staff of mundane network operations maintenance, repetitious monitoring of server and storage infrastructure, and day-to-day operations and help desk duties.
A True Partner Sharing Risks And Responsibilities -The goal of an MSP is to deliver on contracted services, measure, report, analyze and optimize IT service operations, and truly become an irreplaceable catalyst for business growth. Managed Service Providers not only assume leadership roles, they enable risk reduction, enhance efficiency and change the culture by introducing internal IT operations to new technologies and processes.
Access to Expertise, Best Practices and World-Class Tools and Technologies - MSPs have experience with a variety of businesses and organizations. Managed Service Providers can keep your business relevant and on track with continually evolving technology, support, and productivity demands. Let’s face it, no small or medium sized business can afford to fall behind with technology trends in today’s business world.
The Benefit of a Full-Time Fully Staffed IT Department at a Fraction of the Cost - Most small business owners live and die by proactive management. They just haven’t had the budget, resources or access to on-demand expertise to be proactive with information technology management. A Managed Service Provider gives business owners and overwhelmed internal IT staff affordable computer and server support, remote monitoring of critical network components like servers and firewalls, data backup and disaster recovery, network security, custom software solutions, and technology evaluation and planning.
Managed Service Providers can decrease the overall IT support costs by as much as 30% to 50%. Rather than being stressed about technology, business owners can instead get back to focusing on growing their business. All while enjoying the benefits of highly-trained IT experts boosting their network’s reliability and performance.
Small business owners are often worried about data loss. Rightly so, because data loss has the potential to wipe out a business. We have identified the most common forms of data loss so you can see how they fit into your business and assess the risks related to each of these pitfalls.
1. Human Error - Human error - by way of unintentional data deletion, modification, and overwrites - has become much more prevalent in recent years. Much of this is the result of carelessly managed virtualization technology. While virtualization and cloud computing have enabled improved business continuity planning for many businesses and organizations, humans must still instruct this technology how to perform. The complexity of these systems often presents a learning curve that can involve quite a bit of trial and error. For instance, a support engineer may accidentally overwrite the backup when they forget to power off the replication software prior to formatting volumes on the primary site. They will be sure to never do that ever again, but preventing it from happening in the first place would be more ideal.
2. File Corruption - Unintended changes to data can occur during writing, reading, storage, transmission and processing - making the data within the file inaccessible. Software failure is a leading cause of data loss and is typically the result of bugs in the code. Viruses and malware can also lead to individual data files being deleted and hard drive partitions being damaged or erased.
3. Hardware Failure - Storage devices may be at risk due to age, or they may fall victim to irreparable hard-disk failure. Viruses and hackers can also potentially shut down a hard drive by inserting undeletable malicious code and huge files via open, unprotected ports. If these malicious programs cannot be deleted, the entire hard drive may have to be reformatted, wiping out all the data.
4. Catastrophic Events/Theft - The threat of catastrophic events such as fire, flooding, lightning and power failure is always a concern. Such events can wipe out data in a millisecond with no warning. Theft is also a data loss risk that companies must address. While advances in technology like anytime/anywhere connectivity, portability and the communication/information sharing capabilities of social media and crowdsourcing have revolutionized business - the risk for theft is even greater due to this increased accessibility. More people are doing daily business on their laptop, iPad and mobile phones. They are also carrying around portable media like thumb drives, USB sticks and CDs. Physical theft of any of these devices can spell big trouble.
Data loss is as unique as the various sources from which it comes. The key is to identify the areas in which your business is weak and work towards a mitigation plan for each one of them. An MSP can act as a trusted partner in such cases, holding your hand through the process of safeguarding your data.
1. Backup Files Every Day - As catastrophic as data loss is, the number of businesses that still are not backing up their network is unbelievable. According to the Symantec Small to Medium Size Businesses (SMB) data, only 23% of SMBs are backing up their data on a daily basis and fewer than 50% are backing up data weekly. Any number of events can result in data loss, so the importance of frequently backing up your network cannot be overstated.
2. Ensure Backup Procedures Are Checked Regularly - Many times business owners think that they have a backup system in place only to find out after it’s too late that it hasn’t been working properly. It may seem like your files are being backed up daily, however, the backup could have become corrupt or it is not backing up huge chunks of critical data. Check your backup procedures regularly to ensure they are working properly in order to be sure that ALL of your data can be recovered. In the age of BYOD (Bring-Your-Own-Devices) it is also important to frequently backup data on your employee’s personal laptops, iPads or Blackberrys, so make sure you have a procedure in place to check those backups as well.
3. Make Sure Updated Virus Protection and Firewalls Are Always Enabled - Far too many companies either have no virus protection, expired virus software licenses, or disabled virus programs that aren’t running at all. This makes their business technology vulnerable to virus attacks from emails, spam, data downloads, and unreputable websites. Further, because of inadequate firewall protection about 40% of small to medium businesses will have their network accessed by a hacker. Chances are, when these businesses are attacked they will be entirely unaware it is happening. In order to protect your valuable data and assets, ensure your virus protection is adequate, up-to-date and functioning properly and that your firewall is intact. Finally, don’t forget to update security patches and change passwords when an employee leaves in order to deter hacking attempts.
4. Monitor Server Drives - Dangerously full server drives can bring their own set of problems - ranging from program and server crashes to sluggish email delivery. Proactive monitoring and maintenance of your server can spare your business a lot of problems down the road.
5. Regularly Check Critical Built-In Logs - Very few problems with technology emerge suddenly. These problems typically progress over time and evolve into more serious problems. Frequently review your critical built-in log files to help identify the problem before it has gotten out of control and wreaks havoc on your business infrastructure.
You’ve read it time and time again. “Bring Your Own Device” isn’t a trend, it’s the future. Workplaces where companies let workers use their own devices for work purposes are the new normal. BYOD attracts new hires and lifts employee morale and productivity. But this doesn’t mean a small business owner should recklessly jump right into BYOD just because everyone else is doing it. Data and network security concerns have to be thought out, defined, and addressed in a comprehensive BYOD policy. Here are three things to consider.
Cost of Support
Most businesses salivate at the thought of the money saved by having employees participate in a BYOD program. With employees using their own devices for work, there is no need to shell out thousands of dollars for desktop PCs, smartphones, tablets, and laptops. While that’s undoubtedly a huge incentive, extra support costs must also be factored in. Chances are your employees aren’t necessarily tech savvy and will need help deploying applications and performing basic yet very necessary maintenance techniques. Unless you have a dedicated IT support team, which most SMBs do not have, you will need to turn to a Managed Service Provider (MSP) in your region for support. A MSP can provide specialized expertise and leverage Mobile Device Management (MDM) tools to keep your network infrastructure and business applications monitored, secured and fully optimized.
Limited Number of Support Devices
Obviously you can’t accommodate EVERY employee-owned device. Limiting the types of devices accepted in your BYOD program will mitigate any need to pay for software or equipment upgrades for outdated devices and keep your infrastructure safer as a whole. It’s important to not be too exclusive, select a broad range of devices and their more recent releases to accommodate the varied preferences/tastes of your employees.
Adopting BYOD at your workplaces will expose your company to more legal risks. Sensitive business or private client/customer data can potentially be exposed if devices are lost or stolen. The personal online habits of your employees can also increase your network’s vulnerability to viruses, phishing, or hacking schemes designed to steal such data. These increased legal risks are another reason why SMBs must take precautions such as working with a MSP that offers a solid MDM solution to ensure all employee devices are configured, deployed, managed and monitored in a manner that prioritizes data integrity and security.
There has been a lot of hype about cloud computing transforming the way small-to-medium sized businesses do business. Proponents of the cloud say that cloud computing has leveled the playing field, allowing SMBs to finally compete with bigger companies despite their limited financial resources and staffing.
Still, many are apprehensive to make the jump. They’re hesitant to give up control and they fear the cloud will expose them to greater security risks. Moving to the cloud definitely requires a leap of faith, but a recent ComScore study, completed on behalf of Microsoft, suggests that those who are froggy enough to take the leap (sorry) have no regrets once they do.
In fact, more than half of those surveyed wish they had adopted it earlier and feel that the benefits far outweigh their initial worries.
What are those benefits?
Enhanced Privacy and Security
According to the study, 94 percent of companies who’ve adopted cloud services believe they’re now more secure than they were before, thanks to the cloud’s spam management and up-to-date systems and antivirus protection.
Less Downtime and More Confidence
61% of those surveyed reported fewer instances of downtime since their move to the cloud. Even those who still experienced downtime events felt that they were shorter in duration and that full recovery could be achieved much quicker.
93% indicated that they were more confident in their ability to fully recover after an outage. Comparatively, 73% responded that they felt the integrity of their data in the cloud was stronger than previously, which is interesting since data integrity has often been the biggest worry about the cloud.
Any company striving to be more "green" will appreciate the environmental benefits of moving to the cloud. A recent six-month study conducted by the Berkeley Lab found that moving 86 million U.S. office workers to the cloud resulted in the use of 87% less energy, leaving enough leftover electricity annually to power a city the size of Los Angeles for twelve months.
Cost effectiveness and greater ROI (return on investment) are the most important factors in getting CEOs and major decision makers to support shifting to the cloud. A Rackspace commissioned study conducted by Vanson Bourne, found that 62% of respondents felt that adopting cloud computing strategies freed up money that could be reinvested in other operations like marketing, customer service, product development, and expansion into new markets.
While there is a competitive advantage that can be realized by moving to the cloud, those who are still apprehensive should migrate to the cloud at a pace they’re comfortable with. Once they implement cloud monitoring, and understand it a bit more, most SMBs grow more comfortable with the cloud and expand their use of it.
Why SMBs Must Proactively Address the Threat of Mobile Hacks
More cyber criminals are targeting small-to-medium sized businesses. One reason for this is too many workplaces have insufficient bring-your-own-device (BYOD) policies in place. Some have none at all. Although firms are generally more knowledgeable about network security risks than in years past, they still woefully underestimate the security vulnerabilities linked to mobile devices like smartphones and tablets.
This is a real cause for concern since data breaches have the ability to put many already financially challenged SMBs out of business.
If customer/client data has been breached, there could be potential litigation costs, and naturally, lost goodwill and an irreparable hit to brand or company reputation.
Don’t Just Say You’re Worried About the Bad Guys... Deal With Them
SMBs say they view network security as a major priority but their inaction when it comes to mobile devices paints a different picture. A recent study found that only 16% of SMBs have a mobility policy in place.
Despite the fact that stolen devices are a major problem in today’s mobile workforce, only 37% of mobility policies enforced today have a clear protocol outlined for lost devices.
Even more troubling is the fact that those firms who have implemented mobility policies have initiated plans with some very obvious flaws.
Key components of a mobility policy such as personal device use, public Wi-Fi accessibility, and data transmission and storage are often omitted from many policies.
Thankfully, most SMB cybercrimes can be avoided with a comprehensive mobility policy and the help of mobile endpoint mobile device management services.
A Mobility Policy Is All About Acceptable/Unacceptable Behaviors
Your initial mobility policy doesn’t have to be all encompassing. There should be room for modifications, as things will evolve over time. Start small by laying some basic usage ground rules, defining acceptable devices and protocols for setting passwords for devices and downloading third-party apps. Define what data belongs to the company and how it’s to be edited, saved, and shared. Be sure to enforce these policies and detail the repercussions for abuse.
Features of Mobile Device Management Services
MDM services are available at an affordable cost. These services help IT managers identify and monitor the mobile devices accessing their network. This centralized management makes it easier to get each device configured for business access to securely share and update documents and content. MDM services proactively secure mobile devices by:
Specifying password policy and enforcing encryption settings
Detecting and restricting tampered devices
Remotely locating, locking, and wiping out lost or stolen devices
Removing corporate data from any system while leaving personal data intact
Enabling real time diagnosis/resolution of device, user, or app issues
It’s important to realize that no one is immune to cybercrime. The ability to identify and combat imminent threats is critical and SMBs must be proactive in implementing solid practices that accomplish just that.
Cloud Monitoring Can Be the Difference Maker for SMBs
It’s a fast-paced world. Not only do people want things, they want things right now. This sometimes-unnerving need for instant satisfaction has only intensified now that we have Wi-Fi and mobile devices that keep us connected regardless of where we are, what we’re doing, or the time of day. There is no longer any tolerance whatsoever for waiting. A business with a website that fails to load, or loads too slowly, will lose customers and leads to competitors.
So what has your business done to address this need for constant accessibility and optimal uptime? Do you feel you’re doing enough to meet the demands and expectations of your customers, new business prospects and those who have just now found you on Google?
If you’re a small-to-medium sized business owner, do you have confidence in your technology infrastructure? Can you say with certainty that your website, internal server, and mobile applications function smoothly, efficiently, and correctly?
When your IT team leaves work to go live their lives, are you confident that things won’t go bump in the night? That you won’t be ringing their cell phone while they’re out having dinner with their family, or worse yet, sleeping?
If you answer no to these questions, you may be one of the many small business owners who could benefit from cloud monitoring. And you’ll be pleased to learn that cloud monitoring can significantly improve all facets of your business – especially your service, productivity, reputation, and profitability.
What is the Cloud?
According to a study conducted by Wakefield Research, 54% of those questioned responded that they’ve never used cloud technology. However, the truth is that they’re in the cloud everyday when they bank or shop online and send or receive email.
Business owners, specifically non tech savvy small business decision makers, are still apprehensive when it comes to moving their server and web monitoring services to the cloud. But FDR’s famous quote, “The only thing we have to fear is fear itself,” definitely applies here. The cloud is nothing more than moving the storage and access of your data programs from a computer’s physical hard drive to the web. There is nothing to fear.
Benefits of Cloud Monitoring
Obviously, these physical and virtual servers, their shared resources, and the applications they run on, must be monitored. This can be done from multiple remote locations and it’s called cloud monitoring.
Cloud monitoring makes it easier to identify previously unseen patterns and potential problems within your infrastructure--issues that may be too difficult for any in-house support staff to detect. For instance, monitoring ensures that your site is delivering accurate page content and is meeting anticipated download speeds. It can detect unapproved changes, website tampering, and compromised data.
The continuous analyzing and testing of your network, website, and mobile applications can reduce downtime by as much as 80%. The speed and functionality of e-commerce transactions are also optimized. Additionally, cloud monitoring tests your email server at regular intervals, which minimizes failure deliveries and other issues pertaining to sending and receiving emails.
Clearly, all of the above, along with the alerts that help identify and fix issues before they become catastrophes, make cloud monitoring an attractive way to gain insight into how end-users experience your site, while also enhancing their overall experience.