Home » Blog » business owner

Tag: business owner

hacked email

Marriott Hotels Exposed 500 Million Customer Records. Make Sure Your Business Doesn’t Suffer the Same Fate.

Up to 500 million travelers could be compromised as hotel chain Marriott International have announced a security breach in their guest database. Analysts recently alerted the firm to a vulnerability that has granted hackers access to the hotel chain’s systems since 2014.

The firm announced their Starwood Preferred Guest (SPG) loyalty program was compromised for an extended period which left customers vulnerable. The exploit exposed critical guest information which included names, addresses, passport numbers, and dates of birth. Marriott also announced an unknown number of customers had encrypted credit card details stolen in the attack.

If you have been a member of Marriott’s Preferred Guest Program or a customer of Marriott hotels in the past, you should take steps today to ensure your data security. By doing so, you can protect your finances, prevent identity theft, and defend your data from attackers looking to exploit an opportunity.

Secure Your Data

Changing your Marriott password should, of course, be the first step to protecting your accounts. Even more importantly, sites where that same password may have been reused should be updated with new credentials too. Hackers commonly try details stolen from one site to access popular services and pages. We encourage everyone to use a password manager to store their details for safe use in the future. A good password manager enables unique, random, and strong passwords to be used with ease for every single website.

While we can’t stop hacks on systems outside of our control; we can defend our other accounts from being accessed by criminals.

With secure password management, attacks on your business services or related accounts from a single hack are made impossible.

Performing Damage Control

The damage to the Marriott International brand following news of the leak will be undoubtedly huge. At a minimum, they have lost the trust of their customers worldwide. Asking customers to leave their personal and financial details again to pay for goods and services will be no small feat.

News of the hack made front page news as it broke, further damaging the firm’s reputation among potential future customers too. As a result of a simple security attack, Marriott International will be forced into damage limitation to keep customers returning to the brand. This is why business security matters to us; when done right it’s cheaper by far.

The total cost of this latest attack won’t be known for years to come. The firm is vulnerable to lawsuits worldwide, in some cases liable for financial losses, and required to purchase identity monitoring and security services for affected customers. Business owners can learn from Marriott’s costly lesson.

Stopping an Attack in its Tracks

Marriott’s security breach was recently discovered, hitting the headlines just this week, but the firm admitted unauthorized access took place since 2014. This means the firm had a security hole for four years that they were unable to detect or patch.

For a firm of any size, this should be unacceptable. As business owners, we shouldn’t accept security vulnerabilities that leave our records, finances, or services open to hackers. As customers, we shouldn’t accept our data being treated so carelessly. The recent Marriott hack underlines the need for businesses to maintain constant network monitoring, regular security updates, and a lockdown on data access.

Protect Your Business and your Customers – Any business can find their systems vulnerable to attack at some point. Whether waiting for updates, a newly released zero-day hack, or malicious employee; responsible firms take steps to limit their liability.

As a rule, staff accounts should be locked to only the systems the regularly need to access. Similarly, customer data should only be open on an as-needed basis when a legitimate requirement exists. These steps, alongside systems and data monitoring, prevent a small-scale attack resulting in an enormous data breach. Strong security enables customers to place and maintain their trust in a brand they can keep coming back to again and again.

If your business could use a security update to protect against a Marriott style attack in the future, give us a call today at 570-779-4018.

Fire Employee

3 Essential Steps Before You Fire an Employee

Your employees need access to your various business accounts so they can do their job, but what happens to those passwords when you fire them? Nobody likes to think of firing their employees, or why you’d need to, but nonetheless, it’s a responsibility every business owner must face at some point. While your accounts team will no doubt be on top of stopping their paychecks, it’s important to take the same proactive stance to strip their system access.

Most of the time, the former employee leaves under good terms and you’ll wish them well. If you’re lucky, they’ll even manage hand-over to their replacement so your productivity losses are minimal. Other employees may leave your business reluctantly or in a storm of anger and suspicion. While you’ll have very different feelings about the two scenarios, the risk to your business remains high until action is taken. Here are 3 steps you can take to protect your business from retaliation and other password-related disasters.

Limit access to a need-to-know basis

You might be surprised how often a new employee is presented the entire business on a platter when their actual job requires little more than a computer login. Accounts, strategy, customer details, industry secrets…all those sensitive aspects of your business that have made it a success – exposed. A better policy is to limit access to only what the employee needs to do their job. Rather than view it as a lack of trust, your employees will appreciate the care you’ve taken to protect your business (and their job). It also helps keeps them from being overwhelmed, confused or tempted if the situation ever turns sour. Likewise, take a few moments to delete old or temporary accounts that are no longer required, as you never know when a hacker or disgruntled employee will squeeze through the gaps.

Change passwords fast

On average, it takes at least a week before passwords are changed after an employee is fired, if at all. Unfortunately, this is the one type of delay your business can’t afford. In 2017, an ex-employee from the American College of Education held their entire email system to ransom for $200,000 after an unhappy exit. Stories of others stealing client databases are also common, especially as they leave to start their own business or work for a competitor. It’s not just full-time employees either, contract and part-time employees such as social media managers and customer support email specialists often have access to more of your business than you might imagine. Recent rulings make it easier for business owners to prosecute former employees who access their systems, however as we know, it only takes seconds to login and wreak absolute havoc. Knowing you can force those bad eggs into a lengthy court case is poor comfort considering the extent of damage you’ll likely endure. The best option is to change passwords fast – even before your employee knows they’re fired. This lessens the chance of revenge attacks and opportunistic access.

Use a password manager

If you have good password manager like LastPass, reducing your risk becomes mostly automated. You’ll be able to keep your logins in a central vault that only you can see, and share based on business roles/need. There’s even an option to share passwords without letting employees see them in plain-text. Instead of writing passwords down somewhere and manually entering them each time, they’ll be able to connect securely with a click. Plus, you can revoke the share at any time. If their role changes or they’re fired, you can use the dashboard to see who is having access to what and add/revoke at will. If you’re not sure what that employee has been up to, you can also generate reports of their history.

We can help you set up password management and lock down your network. Call us at 570-779-4018!

better business owner

3 Tech Tips to Make You a Better Business Owner

There’s no doubt about it, business can be tough! You’re juggling employees, customers, suppliers, stakeholders…the list is endless. You’re also operating in a competitive, high-tech economy that keeps trying to speed ahead without you. It’s no wonder you’re craving ways to get ahead of the competition, cut costs, boost productivity and dreaming of a vacation. Here are 3 tech tips that will make your life easier – and maybe get you closer to that ‘World’s Best Boss’ mug.

Consider a commuting policy

With better technology and faster internet connections, remote working isn’t just a possibility now, it’s an expectation. Clearly, not for every job (virtual burgers anyone?), but there are a lot of computer tasks in your business that could be done from home. Even if you offer a split week with 1-2 days at home and the remainder in the office, this can be a huge boost to your productivity.

From your perspective, remote employees can be more efficient without the distractions of yet another birthday sing-along, they have fewer absences and stay in the job longer. From the employee perspective, they don’t need to waste time commuting, get their work done faster, and generally feel happier and healthier.

Don’t cheap out on technology

Unsurprisingly, a tech newsletter is advising you to invest in tech, but hear us out. Technology is rapidly becoming the backbone of most businesses, yet we still see people who try and get by with the bare minimum investment and maintenance. And by ‘see people’, we mean they’re our most frequent repair and data recovery clients.

When you take shortcuts with your tech you’ll always get higher failure rates, more downtime, and employees who can’t do their job even though you’re still paying them by the hour. When businesses keep old tech longer than they should, thinking of the immediate cost saving, they usually end up paying more in the long term.

Embrace the cloud

Many of your existing software packages have a cloud version, which would allow multiple people to access it at once and give added backup or synchronization benefits. Your remote workers, mobile staff, accountant or CFO can all view the same reports without anyone having the trouble of sending out separate copies.

Cloud technology is also perfect for notetaking and collaboration using software like Evernote or OneDrive. You and your employees can think of ideas while out and about, make a few notes on a mobile device, and have it all synced perfectly to your desktop when you need it. You can even scan in paperwork and have your entire filing cabinet in your pocket.

Your business tech can unlock multiple possibilities that will make your days run smoother, more profitable and put you miles ahead of the competition. Ready?

Give us a call at 570-779-4018 to make your tech work harder for you.

5 Tips for DIY Small Business Tech

First, the disclaimer: I do not advocate DIY small business tech. I highly recommend having a computer consulting company help you design and support your IT system. Of course, I would say that because that is how I make my living. However, I am a business owner too and if there is one thing I have learned, it is that you can’t (or shouldn’t) do everything yourself. An IT firm will save you time and money and can work with your budget. Since some of you are going to try to be a DIY small business tech anyway, here are some tips to help out.

Tip # 1 – Backup!

It is very important to make sure you have multiple backup systems in place. Beyond the obvious chance of data loss due to a system crash or hardware failure, there is the constant threat of malware and ransomware.

If you are mostly cloud based, make sure to export or download your data to somewhere local and then backup that data to a secondary system or device. If you are mostly internal, you should have an online backup and a local backup. If you do not want an online backup for security or cost reasons, you should have an offsite backup. This means you should have at least one backup device that you take away from your primary place of business at least once per week.

It doesn’t hurt to have all three (offline, online and local) backup. Some of the new malware and ransomware is extremely sophisticated. The more backups, the better.

Tip #2 – Security!

Some small business owners think “it will never happen to me” or “how can I afford to protect myself if these big companies can’t” or “Who would want our data?” It is your responsibility to protect you, your employees and your customers. In some cases, you can be held accountable if you have not taken reasonable precautions to protect your system. Criminals are targeting small business just because they are generally easier to break into.

This doesn’t means that you have to spend large amounts of money. A reasonably safe system can be built on a limited budget without any real monthly costs. If you want to build your own security system, look into pfSense, and Ubiquiti Networks. I strongly recommend purchasing antivirus and not using a free version. Kaspersky, Symantec, Sophos or any of the more popular security companies are better than the free versions.

Do not forget to use strong passwords and if possible multi-factor authentication.

Keep your devices, systems and software up to date.

Limit employee access to data and information and limit authority to install software

Tip #3 – Spend time researching your software

I have a client that was very disappointed after they moved to a cloud version of their favorite accounting package. They had decided to do this without consulting us. Don’t get me wrong; there are some great SaaS (software as a service) cloud systems out there, but there are differences from your favorite desktop version. In this particular case, the online version only allowed one company per account, and they wanted control of your data. One client wanted to switch back to the desktop version, and they had to re-enter one month worth of data because the online version would not give them their data back even though it was the same brand.

The point is, take your time and research thoroughly before committing to a new product. If possible, take advantage of the trial software and setup a test system. Read the fine print. There also may be free open source software they could just be what you are looking to help run your company.

Tip #4 – Do not neglect your network

Please do not tell me you are running your high-speed cable system and brand new desktop PC through a circa 1999 Linksys firewall/router and eight port hub. Network equipment must be kept up to date. That Linksys router and hub are making your internet system very slow and unsafe. If your equipment is really that old, you may need new wiring as well. This may sound expensive, but you are losing productivity due to your slow network. Even if you equipment is only five years old, there can still be speed and safety concerns.

Also, wireless technology is becoming more and more crucial to small business, and if your wireless system is more than a few years old, you should consider upgrading that as well. There are faster and more reliable systems at affordable prices. You need solid wireless coverage and should offer a guest version to your employees and possibly your clients unless you want to take on the security risk and burden of monitoring their devices in your network as well.

You should avoid consumer class networking equipment. The price is right, but they lack the security features and performance you need.

Tip #5 – Don’t buy cheap computers

I know you want to save money, but cheap computers or devices from your favorite big box store will cost you more in the long run. They usually do not last as long. They are slower and less productive from the start. They generally come loaded with software you do not need. They also usually do not come with the pro version of windows. The Pro version has extra security features the other versions do not. For example, Window 10 Pro has encryption options built in. Business class PCs have longer warranties and better parts so they will last a long time.

5 Tips for DIY Small Business Tech - NEPA