Home » Blog » business owner

Tag: business owner

Invest Well in Your IT Security

“If it ain’t broke, don’t fix it” is a common and useful rule for many business owners. It serves to protect your business against unnecessary costs and unneeded downtime. While protecting your business against many types of danger, it poses an outright threat when it comes to IT security.

Security threats to your firm move so fast that your IT should be working twice as hard as your company just to keep up. Every day, hundreds of thousands of new malware threats are released. Falling even hours behind means any one of these attacks can threaten your business.

The single most dangerous thing IT security can do is stand still. Keeping up with the latest advice, technology, and updates the security industry offers is vital to keep your business safe. This makes up much of the unseen job of IT professionals. Hackers never stop looking for new ways into your system, which means your security can’t stop looking for ways to keep them out.

Modern Systems for Modern Business

One of the most common security threats a business opens itself to is using an outdated operating system or software package. Many firms are scared to upgrade, update, or renew their IT over fears of breaking legacy systems. Many rely heavily on old software and are afraid to make a large change themselves. Some businesses today still run machines on Windows XP, an operating system first released back in 2001.

Old operating systems stop receiving security updates and patches that protect against newly released attacks. These systems become very vulnerable, presenting a large target for knowledgeable hackers. This happens many years after newer versions have been released, giving knowing IT firms a chance to migrate safely.

Hackers are always on the lookout for businesses that run IT equipment outside of its suggested service life. A server, desktop computer, or peripheral is a golden opportunity for criminals to enter and threaten a business.

Hackers purchase their attacks on the dark web, safe in the knowledge that old systems won’t be patched. These attacks can then be used to attack unguarded firms to steal or compromise vital company data.

An unpatched old machine is like a valuable security door left propped open overnight, a golden opportunity for thieves.

Smart Budgets

Budgeting for business is a difficult task. We aim to make the most of everything we spend and reduce spending as much as we can. IT security can easily fall very far down the list of priorities.

IT can seem like an easy way to cut costs. It’s a department that the customer doesn’t always benefit from directly, and when it’s working well, it might not be on the radar at all. Despite working largely behind the scenes, successful IT is one of the critical components of every highly successful firm. Good IT can be the binding glue that holds the company together.

Even businesses far removed from the IT world typically uses payment machines, ordering systems, and inventory. Even restaurants and retail stores rely on computers to operate. Downtime for any critical system can be a complete disaster. A business can be unable to trade, and costs can mount up fast.

When vital IT components are used by the customer, a sales website, or an automated booking system for example, the problem can multiply tenfold.

Keep On Top Of The Essentials

Good IT isn’t built on high peaks and deep troughs in the yearly budget. The kind of IT that makes your business and helps it to grow is built by smart financing and careful planning. Great technicians are what makes excellent IT.

Maintaining steady updates, keeping pace with the latest security, and building your IT as you build your business keeps you in the driving seat when it matters most.

When IT is planned and issues are solved before they appear, security becomes cheaper, easier, and many times more effective. System upgrades can be planned out months, if not years in advance so you are never caught unaware.

Don’t let your IT be broken before you take steps to fix it. Move ahead of the curve and give us a call at 570-779-4018 so you don’t have to find out what your business looks like without IT.

What Hackers Target In Small Businesses

Hackers today have many ways to attack small businesses and business owners. Many attempt to use technology to send malware, viruses, or phishing attacks; or use information to con owners and employees into handing over more information than they should.

One or more of these techniques can be combined with gaining physical access to steal from vulnerable firms. Identifying precisely how criminals target businesses and what they deem most valuable can help to protect from the most devastating attacks out there.

Remaining vigilant and informed is one of the most vital things you can do as a business owner to protect your assets and reputation.

Extortion

Different types of attacks tend to rise and fall in popularity. Fifteen years ago, computer worms were the most common attack that businesses faced. Security software wasn’t as advanced or as widely used at it is today. Computer worms were, at the time, an exceptionally low-cost and efficient way to inflict the maximum amount of damage for minimum cost.

Today ransomware has seen an unfortunate boom in popularity. This technology aims to encrypt the target’s files on their personal computer. This technique denies the victim access and charges a large fee in exchange for the key to retrieve the victim’s own data.

The attack has worked so often because it requires minimal effort and can be used again and again. Many businesses have no option but to pay because the data is worth far more than the ransom demand the hackers have made.

The best defense against ransomware attacks, in addition to strong online security, is an up-to-date offsite backup — one that is tested to work reliably.

Targeting Customer Records

One of the most important things for your firm to take care of is your customer data records. Records which include names, dates of birth, and other personally identifying details. These details are extremely valuable to hackers or criminals who, either use them personally or sell them on to someone who will.

Many regions have strict laws and guidelines about how this information must be stored, accessed and protected. Failing to follow these can result in severe penalties that could devastate any company.

Targeting Financial Information

Like personal information, a small business must take extreme care when storing customer financial information. Sensitive details such as credit card or banking information are a key target for hackers looking to steal money fast.

The impact on your business reputation following a breach of financial data will be severe and devastating. Even a simple mistake can require years of advertising and great PR to repair. Many firms have failed to recover after losing the trust of their customers.

Social Engineering

Most firms today run good IT security packages to protect against online attacks and other forms of malware. Attackers often know to take their methods offline to achieve the best results.

Whether posing as a supplier, customer, or interested party; attackers can seek to gain information that you may be less than willing to hand over to a stranger. Small businesses can often be used to gather information on vendors and suppliers they do business with in order to attack them too.

Be particularly cautious of the information you provide when discussing business with individuals you haven’t spoken to before.

Keeping Small Business Safe

Each of these targets and attacks are just some of the most popular and hard-hitting attacks out there now. The list is forever changing, and the methods we use to protect against them always needs to change too.

Some can be defended against with great security, backups, and software. Others, such as social engineering, need you and your staff to stay up-to-date and remain vigilant about the major attacks affecting small business today.

If you need help tightening your businesses security, give us a call at 570-779-4018.

hacked email

Marriott Hotels Exposed 500 Million Customer Records. Make Sure Your Business Doesn’t Suffer the Same Fate.

Up to 500 million travelers could be compromised as hotel chain Marriott International have announced a security breach in their guest database. Analysts recently alerted the firm to a vulnerability that has granted hackers access to the hotel chain’s systems since 2014.

The firm announced their Starwood Preferred Guest (SPG) loyalty program was compromised for an extended period which left customers vulnerable. The exploit exposed critical guest information which included names, addresses, passport numbers, and dates of birth. Marriott also announced an unknown number of customers had encrypted credit card details stolen in the attack.

If you have been a member of Marriott’s Preferred Guest Program or a customer of Marriott hotels in the past, you should take steps today to ensure your data security. By doing so, you can protect your finances, prevent identity theft, and defend your data from attackers looking to exploit an opportunity.

Secure Your Data

Changing your Marriott password should, of course, be the first step to protecting your accounts. Even more importantly, sites where that same password may have been reused should be updated with new credentials too. Hackers commonly try details stolen from one site to access popular services and pages. We encourage everyone to use a password manager to store their details for safe use in the future. A good password manager enables unique, random, and strong passwords to be used with ease for every single website.

While we can’t stop hacks on systems outside of our control; we can defend our other accounts from being accessed by criminals.

With secure password management, attacks on your business services or related accounts from a single hack are made impossible.

Performing Damage Control

The damage to the Marriott International brand following news of the leak will be undoubtedly huge. At a minimum, they have lost the trust of their customers worldwide. Asking customers to leave their personal and financial details again to pay for goods and services will be no small feat.

News of the hack made front page news as it broke, further damaging the firm’s reputation among potential future customers too. As a result of a simple security attack, Marriott International will be forced into damage limitation to keep customers returning to the brand. This is why business security matters to us; when done right it’s cheaper by far.

The total cost of this latest attack won’t be known for years to come. The firm is vulnerable to lawsuits worldwide, in some cases liable for financial losses, and required to purchase identity monitoring and security services for affected customers. Business owners can learn from Marriott’s costly lesson.

Stopping an Attack in its Tracks

Marriott’s security breach was recently discovered, hitting the headlines just this week, but the firm admitted unauthorized access took place since 2014. This means the firm had a security hole for four years that they were unable to detect or patch.

For a firm of any size, this should be unacceptable. As business owners, we shouldn’t accept security vulnerabilities that leave our records, finances, or services open to hackers. As customers, we shouldn’t accept our data being treated so carelessly. The recent Marriott hack underlines the need for businesses to maintain constant network monitoring, regular security updates, and a lockdown on data access.

Protect Your Business and your Customers – Any business can find their systems vulnerable to attack at some point. Whether waiting for updates, a newly released zero-day hack, or malicious employee; responsible firms take steps to limit their liability.

As a rule, staff accounts should be locked to only the systems the regularly need to access. Similarly, customer data should only be open on an as-needed basis when a legitimate requirement exists. These steps, alongside systems and data monitoring, prevent a small-scale attack resulting in an enormous data breach. Strong security enables customers to place and maintain their trust in a brand they can keep coming back to again and again.

If your business could use a security update to protect against a Marriott style attack in the future, give us a call today at 570-779-4018.

Fire Employee

3 Essential Steps Before You Fire an Employee

Your employees need access to your various business accounts so they can do their job, but what happens to those passwords when you fire them? Nobody likes to think of firing their employees, or why you’d need to, but nonetheless, it’s a responsibility every business owner must face at some point. While your accounts team will no doubt be on top of stopping their paychecks, it’s important to take the same proactive stance to strip their system access.

Most of the time, the former employee leaves under good terms and you’ll wish them well. If you’re lucky, they’ll even manage hand-over to their replacement so your productivity losses are minimal. Other employees may leave your business reluctantly or in a storm of anger and suspicion. While you’ll have very different feelings about the two scenarios, the risk to your business remains high until action is taken. Here are 3 steps you can take to protect your business from retaliation and other password-related disasters.

Limit access to a need-to-know basis

You might be surprised how often a new employee is presented the entire business on a platter when their actual job requires little more than a computer login. Accounts, strategy, customer details, industry secrets…all those sensitive aspects of your business that have made it a success – exposed. A better policy is to limit access to only what the employee needs to do their job. Rather than view it as a lack of trust, your employees will appreciate the care you’ve taken to protect your business (and their job). It also helps keeps them from being overwhelmed, confused or tempted if the situation ever turns sour. Likewise, take a few moments to delete old or temporary accounts that are no longer required, as you never know when a hacker or disgruntled employee will squeeze through the gaps.

Change passwords fast

On average, it takes at least a week before passwords are changed after an employee is fired, if at all. Unfortunately, this is the one type of delay your business can’t afford. In 2017, an ex-employee from the American College of Education held their entire email system to ransom for $200,000 after an unhappy exit. Stories of others stealing client databases are also common, especially as they leave to start their own business or work for a competitor. It’s not just full-time employees either, contract and part-time employees such as social media managers and customer support email specialists often have access to more of your business than you might imagine. Recent rulings make it easier for business owners to prosecute former employees who access their systems, however as we know, it only takes seconds to login and wreak absolute havoc. Knowing you can force those bad eggs into a lengthy court case is poor comfort considering the extent of damage you’ll likely endure. The best option is to change passwords fast – even before your employee knows they’re fired. This lessens the chance of revenge attacks and opportunistic access.

Use a password manager

If you have good password manager like LastPass, reducing your risk becomes mostly automated. You’ll be able to keep your logins in a central vault that only you can see, and share based on business roles/need. There’s even an option to share passwords without letting employees see them in plain-text. Instead of writing passwords down somewhere and manually entering them each time, they’ll be able to connect securely with a click. Plus, you can revoke the share at any time. If their role changes or they’re fired, you can use the dashboard to see who is having access to what and add/revoke at will. If you’re not sure what that employee has been up to, you can also generate reports of their history.

We can help you set up password management and lock down your network. Call us at 570-779-4018!

better business owner

3 Tech Tips to Make You a Better Business Owner

There’s no doubt about it, business can be tough! You’re juggling employees, customers, suppliers, stakeholders…the list is endless. You’re also operating in a competitive, high-tech economy that keeps trying to speed ahead without you. It’s no wonder you’re craving ways to get ahead of the competition, cut costs, boost productivity and dreaming of a vacation. Here are 3 tech tips that will make your life easier – and maybe get you closer to that ‘World’s Best Boss’ mug.

Consider a commuting policy

With better technology and faster internet connections, remote working isn’t just a possibility now, it’s an expectation. Clearly, not for every job (virtual burgers anyone?), but there are a lot of computer tasks in your business that could be done from home. Even if you offer a split week with 1-2 days at home and the remainder in the office, this can be a huge boost to your productivity.

From your perspective, remote employees can be more efficient without the distractions of yet another birthday sing-along, they have fewer absences and stay in the job longer. From the employee perspective, they don’t need to waste time commuting, get their work done faster, and generally feel happier and healthier.

Don’t cheap out on technology

Unsurprisingly, a tech newsletter is advising you to invest in tech, but hear us out. Technology is rapidly becoming the backbone of most businesses, yet we still see people who try and get by with the bare minimum investment and maintenance. And by ‘see people’, we mean they’re our most frequent repair and data recovery clients.

When you take shortcuts with your tech you’ll always get higher failure rates, more downtime, and employees who can’t do their job even though you’re still paying them by the hour. When businesses keep old tech longer than they should, thinking of the immediate cost saving, they usually end up paying more in the long term.

Embrace the cloud

Many of your existing software packages have a cloud version, which would allow multiple people to access it at once and give added backup or synchronization benefits. Your remote workers, mobile staff, accountant or CFO can all view the same reports without anyone having the trouble of sending out separate copies.

Cloud technology is also perfect for notetaking and collaboration using software like Evernote or OneDrive. You and your employees can think of ideas while out and about, make a few notes on a mobile device, and have it all synced perfectly to your desktop when you need it. You can even scan in paperwork and have your entire filing cabinet in your pocket.

Your business tech can unlock multiple possibilities that will make your days run smoother, more profitable and put you miles ahead of the competition. Ready?

Give us a call at 570-779-4018 to make your tech work harder for you.

5 Tips for DIY Small Business Tech

First, the disclaimer: I do not advocate DIY small business tech. I highly recommend having a computer consulting company help you design and support your IT system. Of course, I would say that because that is how I make my living. However, I am a business owner too and if there is one thing I have learned, it is that you can’t (or shouldn’t) do everything yourself. An IT firm will save you time and money and can work with your budget. Since some of you are going to try to be a DIY small business tech anyway, here are some tips to help out.

Tip # 1 – Backup!

It is very important to make sure you have multiple backup systems in place. Beyond the obvious chance of data loss due to a system crash or hardware failure, there is the constant threat of malware and ransomware.

If you are mostly cloud based, make sure to export or download your data to somewhere local and then backup that data to a secondary system or device. If you are mostly internal, you should have an online backup and a local backup. If you do not want an online backup for security or cost reasons, you should have an offsite backup. This means you should have at least one backup device that you take away from your primary place of business at least once per week.

It doesn’t hurt to have all three (offline, online and local) backup. Some of the new malware and ransomware is extremely sophisticated. The more backups, the better.

Tip #2 – Security!

Some small business owners think “it will never happen to me” or “how can I afford to protect myself if these big companies can’t” or “Who would want our data?” It is your responsibility to protect you, your employees and your customers. In some cases, you can be held accountable if you have not taken reasonable precautions to protect your system. Criminals are targeting small business just because they are generally easier to break into.

This doesn’t means that you have to spend large amounts of money. A reasonably safe system can be built on a limited budget without any real monthly costs. If you want to build your own security system, look into pfSense, and Ubiquiti Networks. I strongly recommend purchasing antivirus and not using a free version. Kaspersky, Symantec, Sophos or any of the more popular security companies are better than the free versions.

Do not forget to use strong passwords and if possible multi-factor authentication.

Keep your devices, systems and software up to date.

Limit employee access to data and information and limit authority to install software

Tip #3 – Spend time researching your software

I have a client that was very disappointed after they moved to a cloud version of their favorite accounting package. They had decided to do this without consulting us. Don’t get me wrong; there are some great SaaS (software as a service) cloud systems out there, but there are differences from your favorite desktop version. In this particular case, the online version only allowed one company per account, and they wanted control of your data. One client wanted to switch back to the desktop version, and they had to re-enter one month worth of data because the online version would not give them their data back even though it was the same brand.

The point is, take your time and research thoroughly before committing to a new product. If possible, take advantage of the trial software and setup a test system. Read the fine print. There also may be free open source software they could just be what you are looking to help run your company.

Tip #4 – Do not neglect your network

Please do not tell me you are running your high-speed cable system and brand new desktop PC through a circa 1999 Linksys firewall/router and eight port hub. Network equipment must be kept up to date. That Linksys router and hub are making your internet system very slow and unsafe. If your equipment is really that old, you may need new wiring as well. This may sound expensive, but you are losing productivity due to your slow network. Even if you equipment is only five years old, there can still be speed and safety concerns.

Also, wireless technology is becoming more and more crucial to small business, and if your wireless system is more than a few years old, you should consider upgrading that as well. There are faster and more reliable systems at affordable prices. You need solid wireless coverage and should offer a guest version to your employees and possibly your clients unless you want to take on the security risk and burden of monitoring their devices in your network as well.

You should avoid consumer class networking equipment. The price is right, but they lack the security features and performance you need.

Tip #5 – Don’t buy cheap computers

I know you want to save money, but cheap computers or devices from your favorite big box store will cost you more in the long run. They usually do not last as long. They are slower and less productive from the start. They generally come loaded with software you do not need. They also usually do not come with the pro version of windows. The Pro version has extra security features the other versions do not. For example, Window 10 Pro has encryption options built in. Business class PCs have longer warranties and better parts so they will last a long time.

5 Tips for DIY Small Business Tech - NEPA