Waypoint Category: Charlotte Business Talk

Managed Service Providers and Your Business

07.23.15

These last posts covered a lot of ground: cyber security, data breaches, email security, cloud computing, and we only scratched the surface of each topic. Based on just this cursory overview, you should be doing the following:

  • Securing your equipment and network
  • Backing up your data.
  • Talking to any service providers you use, such as credit card processors, and finding out what they’re doing to secure your transactions and data.
  • Reviewing (or creating) your policies on
    • Permitted software
    • Passwords
    • Who should access the company’s network and devices
    • Working at remote locations
    • Physically securing company assets
  • Installing a spam filter on your email
  • Encrypting your email
  • Evaluating cloud services you use for security issues
  • Evaluating what you need to do to put your business on the cloud

That’s a lot to do. It can easily take the majority of your time (or even all your time), when you ought to attend to your customers and clients, run your business, find and qualify new prospects, develop new products or services. Things that can actually make you some money.

Nobody made a greater mistake than he who did nothing because he could only do a little. – Edmund Burke

If you take nothing else from these posts, if you do nothing else, at least do this: backup your data every day. You’ll be glad you did this.

What more can you do? Well, you can always hire new employees. But that gets expensive: salary, payroll taxes, benefits, etc. You’re rolling the dice that you make the right choice and don’t end up with “Wally from Dilbert”.

Or you can outsource all of this to a firm that specializes in providing all these services and more, leaving you free to do what you do best: bringing your business and taking care of your customers. Think of it this way: you don’t do your own payroll or accounting; you hire a payroll company and the CPA. This is no different.

Who are these firms?

As usual, the IT industry has its own name for these companies (of course they do). They’re known as managed services providers. They offer a range of services such as:

  • Backup and Data Recovery
  • Storage
  • Security
  • 24/7/365 Monitoring
  • Network Management
  • User Management
  • Data Management
  • Software – Production Support and maintenance

You can contract with them for the services you need right now, and add or expand as your business grows and your needs change.

Selecting an managed services vendor

Here are some items to consider as you evaluate services vendors:

  • Does the provider have demonstrated experience in designing innovative IT solutions?
  • What technology competencies does the MSP possess?
  • What engineer certifications do the company’s technicians have?
  • Has the MSP worked with companies similar in size, scope and industry?
  • Is the MSP interested in understanding your unique business issues?
  • Does the MSP offer Service Level Agreements and Opt-Out Clauses?
  • Does the company provide references?
  • Can you visit the company’s site?


The IT experts at Waypoint would love to talk with you about their managed services and perform a free review of your managed IT services needs.  Please click here to sign up for a free, no risk IT assessment.

Charlotte, NC Businesses Need to Take Advantage of Cloud Computing

07.08.15

Overview of the cloud

You hear it everywhere:

  • “The data is stored in the cloud.”
  • “Run our app in the cloud.”
  • “Upload that to the cloud.”

Cloud this, about that, cloud bank (okay, I made up that last one). You have a vague sense of what everyone means by “the cloud”, but you don’t know exactly what it is. Except you think it has something to do with the Internet.

You’re on the right track. In fact, speaking in broad terms, the “cloud” is the Internet. For example, let’s say you upload some data to a “cloud service.” The data moves through the Internet to servers operated by the company running the service.

Or say you run an app by the cloud. You usually run the app after going to a website. It’s not just apps. You can run entire software packages in the cloud. (The tech industry has a name and acronym for this. Of course they do. They call it “SaaS”, or “Software as a Service.”)

You’re Already in the Cloud

You probably already use “cloud services” and/or SAA S. Do you use:

  • Evernote?
  • Flickr?

Or how about:

  • Office 365?
  • Microsoft dynamics CRM?
  • Google docs?
  • QuickBooks on the web?

All of these are cloud services or SaaS. And millions of people and thousands of businesses use them every day.

Growth of the Cloud

According to Gartner, thousands more businesses will use them in the future. SaaS space is projected to reach $160 billion in revenue by 2016. The other “aaS” stacks, “Infrastructure as a Service” and “Platform as a Service”, are projected to show remarkable growth as well.

So in all likelihood, your business will be ”in the cloud” to an extent you couldn’t believe just a couple of years ago. What does this mean for your data?

Putting Your Business in the Cloud

Lots of small and medium sized businesses are taking advantage of the cloud to save on IT hardware and infrastructure, software and licensing, and better security. But there are some things you want to consider before moving to the cloud:

  • Can anyone access my data?
  • Do I have regulatory implications?
  • Where exactly is my data? How do I get it restored if necessary?
  • What happens when my cloud servicers performs upgrades or maintenance? Can my customers and staff access my systems? Will I get advance notification?
  • What happens if I miss a payment? Will I lose all my data?
  • What if I decide to leave the cloud? Do I still own my data, or does the cloud vendor? How do I get my data back?
  • What if the vendor goes out of business?

The IT experts at Waypoint would love to review your business and its readiness for the cloud, as well as all your other IT needs and cyber security vulnerabilities, for free.  Please click here to sign up for a free, no risk IT assessment.

Email Dangers – Best Practices for Spam Email

06.09.15

A Charlotte law firm received a ransom demand. But the ransom wasn’t for the release of a kidnapping victim. The law firm would have to pay for the release of its file server. You see, hackers scrambled the server and encrypted the data. The hackers then demanded the law firm pay for the encryption key.

A different Charlotte law firm transferred $38,000 to a Virginia Beach bank. Cybercriminals intercepted the transfer and eventually routed the funds to a bank in Moscow.

In both cases, you might think, the hackers worked their way through the Internet and kept testing the firms’ security, probing for weaknesses. They then surreptitiously worked to take over the server or intercept the funds.

Nope. The thieves walked right through the virtual front door and into the firms’ networks and servers. using spam email. And the employees let them in without a second thought, simply by opening it up.

” Give a man a fish and he’ll eat for a day. Teach a man to phish and he’ll take over your servers and empty your accounts. “

The cyber criminals used a technique called “spear-phishing”, a variation of “phishing”. A regular phishing attack uses email that appears as if they come from well known, legitimate companies. When opened, they either launch a virus or Trojan horse, or ask for account information to “verify” or unlock an account.

The second type of phishing commonly shows up as an email from a bank, such as Wells Fargo or Bank of America. The email typically says that an account is locked and the recipient needs to click through to a webpage and enter his or her account information, including Social Security number, password, and so on. The web page looks genuine: the logos are correct, there’s an appropriate copyright notice, so the user goes ahead and enters the requested information. Once he hits the “Submit” button, the hacker has everything needed to empty the account.

A “spear-phishing” attack is similar, but is more directly targeted at a firm or person. Typically, the email looks like it was sent from within the company or from a known vendor, and might be followed up by a phone call where the hacker says something like “Hey, this is Bob from Accounting. I really need you to look at that spreadsheet I just sent. The boss is questioning some of your numbers.”

The first law firm received an email from “att.com” which included an attached file. When the recipient opened the attachment, a piece of “ransomware” called Cryptolocker launched, encrypted the file server, and sent the ransom demand.

Now, you might think that phishing couldn’t possibly work. No one would fall for that. But according to Wired.com, 91% of hackers access the target company or system via a phishing attack. Yeah, it does work well!

So how can you protect your company? First, educate your employees. Make sure they know phishing and, more importantly, what they should do if they suspect they’ve received a phishing email.

Second, use a spam filter. Even though filters are not 100% effective, they do give you a fighting chance. Tell your staff not to open any emails or attachments that land in the spam folder.

Third, you should encrypt any emails you send that may contain sensitive information, such as financial account numbers, Social Security numbers, client lists, etc. Even if cybercriminals intercept the email, they won’t be able to access the data.

Finally, and this is a recurring theme in this series, back up your data on a regular basis! Ideally, you back it up daily. If the first law firm had a daily backup, they could have just restored their server. But since the backup was over a week old, they were out of luck.

The IT experts at Waypoint would love to review your email setup and security, as well as your other IT needs and cyber security vulnerabilities, for free.  Please click here to sign up for a free, no risk IT assessment.

 

Data Security Best Practices and Employee Mistake Prevention

05.18.15

You know that feeling of dread you get when you realize you just deleted a file or program critical to your business? That client list, tax return, report code?

Everyone knows that feeling.

Over the last 10+ years we have helped many companies: large and small, in Miami, Charlotte and elsewhere, who experienced a critical data loss. In the majority of cases an employee was the root of the problem, and in some cases production came to halt until someone fixed the error.

Data Security Best Practices

We tend to think of cyber-security as protecting our company against the iconic “hacker” trying to break into our systems and steal our data. In fact, non-malicious employee errors and mistakes cause just as much data loss.

Note the “non-malicious” in the previous sentence. People on your team, just doing their jobs to the best of their ability and with no ill will, can cause your business harm and not even know it.

Data Security Best Practices

How They Do It

What’s going on here? How can employees, with the best of intentions, be just as big a threat as hackers? According to a survey commissioned by Cisco, employees engage in the following risky behaviors:

  • Unauthorized application use (e.g., I’ll just install this app I found on the internet. It will make my job so much easier!)
  • Misuse of corporate computers (e.g., sharing work devices)
  • Unauthorized physical and network access
  • Remote worker security (e.g., e-mailing files to their personal accounts so they can work on them at home)
  • Misuse or sharing of passwords

To this list we can add:

  • Leaving devices unsecured:  a three-person company being incubated from a shared space in downtown Manhattan fell victim when a petty thief managed to walk the three machines out the door.
  • Falling for so-called “social engineering” schemes. Check out this document for some examples. Some may be a bit dated, but the principals remain relevant.

What Can I do?

How can you guard against employee errors and other internal vulnerabilities? The first and foremost step: back up your data! Companies we’ve helped recover their data performed regular backups. And they not only created backups, they practiced restoring from those backups so they were ready when the time came. And that time will come. Count on it.

The second step is to educate your employees. Review (or create) your policies on:

  • Permitted software
  • Passwords
  • Who should access the company’s network and devices
  • Working at remote locations
  • Physically securing company assets

Then review them with your employees. Let them know you’ll help them comply with the policies. For example, if you require company laptops to be physically secured, distribute docking stations and cable locks. And let them know you’ll enforce these polices!

The next post in the series deals with “Email Dangers – Data Security Best practices for spam, passwords and more”. I’ll dive deeper into such items as phishing and strong passwords.

In the meantime, have you checked the cyber security vulnerabilities in your business? The IT experts at Waypoint would love to review your IT needs for free, please click hereto sign up for a free, no risk IT assessment.

 

 

Cyber Security and Small Business

04.23.15

Foodie-Call.com, a Charlotte, NC small business, suffered a data breach twice in 2014. Owner Anu Mehra was left with the bill for $10,000 in fraudulent transactions, and may lose her business if hackers strike again. She told WSOC-TV: “I’m a local business owner. I don’t have partners. I don’t have a franchise. There’s no deep pockets for me to go to and have some help with this.”

According to the North Carolina Attorney General’s office, 2014 saw 17 reported data breaches in Charlotte, affecting 3,370 persons. The Charlotte metro area saw an additional 14 data breaches affecting and additional 520 people. Many of the targeted companies are large, but a good number of smaller firms were hit. These smaller firms include CPA and law practices, car dealerships, small mortgage brokers, a child-care franchise, and a sign manufacturer.

What are they looking for?

Simply put, cyber criminals want your data. Passwords, account numbers, banking information, customer lists, employee information, financial records, you name it, they want it. Cyber criminals can attack your business using:

  • Viruses, worms, Trojans
  • Malware
  • Botnets
  • Web-based attacks
  • Stolen devices
  • Malicious code
  • Malicious insiders
  • Phishing & social engineering
  • Denial of service

And let’s not forget about a disgruntled employee. He or she can wreck your system and data from the inside.

The Challenge

In 2013, a witness before the House Small Business Subcommittee on Health and Technology said about small businesses: “…90% do not have an internal IT manager focused on technology-related issues; 87% do not have a formal written Internet security policy; 68% do not provide any cyber-security training to their employees; and 83% do not have an automated systems that requires employees to periodically change their passwords.” This shows the challenge you face as a small business owner.

The next part of this series focuses on data security and employee “mistake prevention”. In the meantime, here are some actions you can take now:

  • Physically secure your equipment. All the firewalls and anti-virus software in the world won’t help if a thief can just walk off with your laptop or tablet.
  • Get your data backed up and stored off-site.
  • Talk to any service providers you use, such as credit card processors, and find out what they’re doing to secure your transactions and data.
  • Does your office have its own WiFi network? Lock it down! Break out the manual and set a good, long password. Change it often.

Have you checked the cyber security vulnerabilities in your business? The IT experts at Waypoint would love to review your IT needs for free, please click here to sign up for a free, no risk IT assessment.