Archive for category: Small Business IT

small business

Can Your Small Business Afford the Risk?

/0 Comments/in /by

small business it protectionThe average cost of a cyberattack now exceeds $1 million, reports Security Magazine. Can you afford to lose that kind of money and remain in business? Most small businesses can’t, but more than half of those small businesses responding to a recent security report survey experienced a breach last year. In fact, according to Accenture, 43% percent of cyberattacks are aimed at small businesses, but only 14% of small businesses are prepared to defend themselves. According to Kaspersky, more than a third of small businesses fell victim to cyberattacks in 2019. Even more concerning is the fact that more than two-thirds of small business leaders do not believe they are a target.

Steps Your Small Business Must Take Now to Survive

Every organization needs to take the threat of cyberattack more seriously, especially in light of recent tensions that make cyber warfare more likely than ever.  Start with these 5 steps:

  1. Backup and disaster recovery. Avoid paying ransoms and losing access to your data, by having a comprehensive backup and disaster recovery plan. This plan should include offsite backups of your data that are isolated from and not accessible by your network, as well as contingency planning for how your organization will handle data recovery, designating specific people for specific rolls. Read our guide on creating an effective disaster recovery plan.
  1. Regular updates. Not only should you have strong anti-virus and malware protection, but you should also ensure that you regularly install patches, upgrade software, and manage apps to avoid security risk. In particular, there should be no instances of Windows 7 operating at all.
  1. Strong policies. In addition to limiting data access to only those employees who actually need access to perform their jobs, you should implement strict policies for using personal devices to access the company network from public Wi-Fi, strong mobile device security requirements for all devices used for work, and ongoing training requirements for all employees.
  1. Email security. In addition to securely hosted email, establish policies regarding payment and information requests sent by email. Email security and training are essential.
  1. Multifactor authentication. Password security is no longer adequate to protect your network and your data. Require multifactor authentication for access to any part of your network. This should include a password that is combined with a secondary, required security protocol, such as a mobile authentication app for quick push notifications, as well as some form of biometric security.

Whether you are a healthcare firm, an oil and gas company, a legal firm, or a part of the many other industries The ITeam supports, such as construction and accounting, organizations need strong IT security. The ITeam understands the IT security issues facing Canada businesses. We are committed to helping Calgary- and Alberta-based businesses develop proactive, cost-effective IT strategies that minimize risk and maximize efficiency. Contact us to learn more.

your password IS the problem

Your Password IS a Problem

/1 Comment/in , /by

Data security is something every organization in Canada must contend with. Implementing layers of security and 24/7 threat detection can help provide protection, like leaving the your door locked at all times so no one can just walk into your business. But when your staff (executives included) reuse passwords across a variety of different sites and apps, they’ve essentially left the keys to your most valuable information in the lock.

The Password Problem

the password problemHackers have passwords, and they know that people use them on multiple sites. As well, hackers use social engineering to know which executives in your organization have financial roles. And they can use the password they stole from a shopper’s club loyalty card account database, for instance, and try it on your network. And this method often works.  Hackers also know that the more complex passwords become, the more likely people are to come up with two or three variations of one that works (i.e., it meets all the criteria for one capital letter, one number, one symbol) and reuse it everywhere – from their grocery store loyalty card accounts to your network.

But it’s more than just the repeated use of the same passwords across different apps and sites that poses a risk to your business; it’s the fact that many people don’t change their passwords even after being notified of a breach. How many of your employees are still using the same passwords (or variations) following the Yahoo data breach? The LinkedIn breach? The Capital One breach?

It Takes More than Passwords to Keep Your Data Safe

Yes, you still need to have strict password policies. But in addition to that, you must:

  • Provide ongoing, in-depth training to your staff about threats, including common email threats
  • Establish and follow a strict patching regimen so that you prevent potential access to your data through a back door
  • Implement as many barriers as possible against a data breach, including layers of security (firewalls, malware detection, network security)
  • Monitor your systems 24/7 for threats
  • Delete access immediately – including remote access – for any employee who leaves the company
  • Require a multi-factor authentication to access any secure area of your network
  • Have the capability of logging and monitoring who is doing what inside your network

Protecting data is one of the most complex issues facing organizations today. It’s not just about PIPEDA compliance, although that is a significant factor, but it’s also about protecting proprietary data, customer information, trade secrets, and financial information. Complicating all of this are the hackers who continue to develop more insidious ways to penetrate your defenses, gain access to your data, and either sell it or use it for financial gain. Employing best practices does make a difference.

Data breaches are not going away, but you can minimize the risk to your organization with strong IT security and a comprehensive disaster recovery plan. You can’t just address one of these issues; you must have a comprehensive, proactive data security program that addresses all of these risks and more.

The ITeam understands the IT security issues facing businesses in Canada. We are committed to helping Calgary- and Alberta-based businesses develop proactive, cost-effective IT strategies that minimize risk and maximize efficiency. Contact us to learn more.