Each day, nearly six million devices connect to the Internet. The International Data Corporation estimates that by 2020, there will be 26 times more devices connected to the Internet than people! With the rapid growth of Internet “gadgets” such as Fitbits, NEST home automation systems, refrigerators that email you a grocery list, and all of the phones and tablets in use, it is easy to understand the explosive growth in the “Internet of Things” (IoT).
As the IoT continues to expand, business owners are struggling to keep up, especially in regard to device privacy and security. These employers must manage any potential risk to customers and vendors arising from the conduct of their employees, while also protecting the employees’ best interests.
The first concern for an employer is to minimize the risk of a data breach resulting from careless or rogue employees. Minimizing this insider risk is often the first line of defense. Although data security is usually seen as an “IT concern”, it is an issue for any business that wants to minimize potential liability. Companies should consider conducting a privacy or security risk assessment, minimizing the data they collect and retain, and testing their security measures before launching their products. As for personnel practices, organizations should train all team members about good security practices.
For companies who process or store IoT data, they should only store necessary records and information for the correct period of time and in the proper format. A business is in a better position in any litigation or government investigation if it can show that it took reasonable steps to protect confidential data within its possession. Most states already impose data breach obligations on companies, and some jurisdictions even require a written information security program (WISP) outlining what they have done to protect confidential data. This process involves using specific policies and employment agreements related to the storage and dissemination of IoT and other electronic data, as well as training of individuals with data access.
Employee training options include:
• Teaching employees about the importance of data security to create a culture of awareness and safety;
• Implementing policies on what data is retained, how long it is retained, and how it is stored and protected;
• Adopting policies addressing employee use of laptop computers and other mobile devices, including bring-your-own-device policies;
• Developing policies on employees using public WiFi while outside of the office and requiring the return of all mobile devices and information from employees upon job conclusion;
• Implementing checklists and procedures to block computer system access for any terminated employee;
• Establishing programs to monitor employee compliance with security, including potential internal attacks to determine employee vulnerability; and
• Developing appropriate password and encryption policies with assistance from IT.
The IoT gives business owners the ability to have a more efficient, productive and healthy workforce. However, prudent businesses will take the necessary steps to not only protect themselves against data breaches caused by employees, but will also take steps to ensure that to the extent an employer obtains employee health data, appropriate steps are taken to protect the privacy and proper use of that information.
If you need help making sure that your business is secure and ready for the IoT, contact Dorset Connects.
We have all seen the news stories: compromised passwords causing many high-profile business security breaches, including Sony Pictures, Apple, LinkedIn, and Target. These breaches happened because most users’ passwords are easily guessed or “phished” by hackers. Even worse, they are sometimes stored in a file that can be easily stolen.
If you want to keep your business’s, clients’ and personal information safe, here are five suggestions to boost password security:
Adding extra symbols and characters to a password will make it tougher to crack. Passwords should appear to a stranger as just a random string of characters, incorporating a good mix of upper and lower case letters, numbers, and punctuation symbols. Try using a long acronym or partial words from a phrase to throw off any kind of dictionary-based attack.
Short passwords are easy to crack with modern technology; even ones with eight characters can be cracked in a few days. Passwords of at least 12 characters (alphanumeric with special characters) that are completely random present a tougher challenge for event the most sophisticated decryption systems used by hackers.
A password manager is a secure way to generate long, complex and unique passwords without relying on your brain or a piece of paper to remember them. It is easy to import log-in data from all the accounts associated with your email address, and they are encrypted. Highly-rated password manager services include Dashlane, LastPass and Sticky Password. No matter which service you choose, it’s better than storing your passwords on your browser!
Two-factor authentication is an increasingly popular way of tightening security when using web services, such as Amazon, Dropbox, and Facebook. Users can add a secondary authentication method, such as a text message, email, or phone call to verify account details.
Most people have a 4-digit PIN on their cell phones, but if you’re serious about security, use the password setting on your phone to make the PIN longer. It’s also a good idea to differentiate it from your banking PIN.
Dorset Connects’ team of IT security experts can help you make sure that your organization is taking the right steps to keep its data secure.
Organizations today are dependent on their need to access a lot of data. More and more, that critical information is moving to the cloud.
Here are three ways that moving to the cloud ensures that you’ll have access to your important files when you need them.
Moving your data to the cloud ensures that your employees always have access to the information they need when they need it. Whether your company offers flexible work locations for remote workers, or your sales team is on the road and needs access to close a deal, when you move to the cloud, the information is available – at any time and from any device. It saves time and improves your team’s overall productivity.
While most people understand the benefits of being able to access their data via the cloud, the most common question we get about the process has to do with data security. At Dorset Connects, we take multiple steps to ensure that your data is completely secure.
In addition to encrypting your data during transfers and employing a multi-factor authentication process, we take another critical step in securing your data by educating your staff. How your team protects your data is frequently overlooked, but integral to an effective data security strategy.
By working with your employees to ensure everyone understands the necessity of the data security measures, everyone becomes a valuable member of the team we have assembled to keep your data safe.
One of the biggest benefits of moving to the cloud is that regardless of server failures, natural disasters or power outages, you will always have the ability to store and retrieve your most valuable asset: your data. This ensures that you can continue to do business even if you can’t get to the office.
One client, a regional restaurant chain, used to host their email internally. They faced constant power failures that caused the whole company to lose email access days at a time. Employees would have to resort to using personal email to communicate, causing major disruption to business.
By moving to the cloud, this client was finally able to maintain constant access to their emails, and thereby avoid the hassle that their frequent email outages caused, allowing them to maintain business as usual.
Making the move to the cloud can be a big decision. What it ultimately means to your business is peace of mind, improved employee productivity, and enhanced business agility. Just imagine the ways your organization could evolve if you partnered with an expert company like Dorset Connects to give your employees access at any time, from anywhere, on any device.
Learn more by joining our live breakfast event: Cloud in My Coffee. Register here.
Microsoft is set to retire Internet Explorer 8, 9 and 10 for most versions of the Windows operating system next Tuesday, according to a support page from Microsoft. What this means is that while these older browsers will continue to work, Microsoft will cease providing security updates, putting people still using them at significant security risks. Additionally, many Microsoft web services, such as Office 365 will no longer function properly on these unsupported browsers.
Microsoft warned of the change last year. The only exceptions to the planned retirements will be for Windows Vista, Windows Server 2008 and Windows Server 2012. The first two will see Internet Explorer 9 still supported, while Internet Explorer 10 will continue to be supported on Windows Server 2012.
Organizations that are on Windows 8.1 or Windows 10 have nothing to worry about, given that they come with Internet Explorer 11 installed. For now, organizations that are still running soon-to-be-retired versions of Internet Explorer on unsupported platforms are well advised to upgrade as soon as possible. While any existing patches or updates will still be released as part of Microsoft’s monthly Patch Tuesday release next Tuesday, continuing to use them beyond Tuesday will put them in a position of increasing risk.
There are many options for small and medium businesses considering a browser upgrade. Small to mid-size organizations (<500 employees) without web applications can update automatically using Automatic Updates. Those with dependencies on existing web applications can locate a Microsoft Certified Partner, such as Dorset Connects, to understand the best options to meet their business needs.
Visit the End of Life page for more information
Technology has always been at the forefront of business operation in the legal sector and yet today there is reluctance among legal services providers to adopt some of the latest technologies like cloud and mobility that offer the capability that can make a material difference to their bottom line. These technologies unreservedly offer tangible business benefits. Yes, they also bring with them certain risks, which in reality are no more than those triggered by any other longstanding technology currently deployed.
With reference to the cloud, security is often singled out as the biggest obstacle to its adoption due to the highly confidential nature of the work that law firms undertake in an increasingly regulated sector. This is of course true, but the financial services industry has the same challenges and yet organisations are actively deploying the technology to enhance business efficiency and critically, to improve customer service.
Cloud technology is reaching a tipping point, a result of the significant investment that has gone into its development. Government agencies are working hard to implement the new Safe Harbor legislation, likely to be agreed by February 2016, which should see much stronger and clearly defined checks and balances for secure data transfer between the EU and the US. The recent announcements from Microsoft and Amazon on the opening of the new UK data centers are also a positive development. All of these advancements collectively will spur law firms to embrace the cloud in 2016.
In fact, as law firms investigate the cloud, they will find that the concerns that they had – especially pertaining to security – will be proven groundless if the technology is implemented correctly, and consequently firms will find that the benefits far outweigh the investment cost of getting it right. Already, cloud service providers employ some of the best minds in the industry and they are investing huge amount of resources into building secure offerings – more than any individual end user organisation can ever hope to match.
Similarly, technology providers are recognizing the growing demand from enterprise for the ability to consume business services from any device, in any location. However, this mandate comes with an imperative need to ensure that these devices are entirely secure in terms of data and from cyberattack. As yet, there doesn’t seem to be any evidence of major law firms under sustained cyberattack, but there exists the worrying possibility that those attacks remain undetected.
Apple appears to be the supplier of choice for handsets from a security standpoint – the company’s decision to encrypt all data at ‘REST’ and completely lock down devices gives IT professionals and users alike more comfort. However, with the price point of an iPhone relatively high, the door is open to adoption of Android and Windows devices. Both these vendors need to do more to convince IT and end users of the security they offer. Blackberry of course now just serves as a cautionary tail on how quickly market share can be lost in technology if one does not stay ahead of the curve!
In 2016, expect to see firms actively demanding mobile applications for functionalities such as matter management, CRM and time recording from vendors. These will mark the initial steps to help them change the way they connect and interact with clients. As a result, 2016 may well experience the first ‘Uber’ moment in the legal sector for an enterprise mobile application.
In the current global and digital business environment, law firms must operate as profitable, enterprises. Consequently, real time insight into operational aspects of the organisation in order to leverage the intelligence to make informed decisions is key. Big data will play an increasing role as legal services providers look to leverage predictive analytics to understand their organisations and the wider market landscape. Driving this trend will be software vendors embedding analytics functionality in their products as standard, recognition and understanding of the benefits of exploiting data and indeed dashboard-style, aggregations tools becoming cheaper, intuitive to use and easily integrated with firm-wide systems.
Similar to the approach that Microsoft has taken with Windows 10, which marks a shift away from the three to four year operating system upgrade to ongoing, incremental delivery of new functionality – vendors in the legal sector will begin to deploy ‘Continuous Development’ practices to the way they develop software. The adoption of this software development methodology will benefit law firms, as it will minimize the downtime and business disruption that comes with traditional, cyclical upgrades. Many other organisations such as Apple and Facebook are already following this kind of agile software development practice.
A continuous development approach will in turn encourage software vendors to open up their systems to allow for easy integration with third party complementary solutions. Consequently, law firms will be able to tap into an ecosystem of technology offerings to create tailored solutions to meet their individual needs. And this will mark a shift in technology adoption away from ‘legal’ specific software to industry-wide solutions such as enterprise resource planning as service providers experience the value of globally recognized business best practice to their organisations.
These are interesting times for the legal sector and 2016 will see it make marked strides in both attitude and adoption of new technologies to support business efficiency and new and innovative ways of delivering customer service.
Find out the nefarious doings security professionals are expecting from hackers next year.
The past year brought a staggering number of high-profile data breaches and other cyberattacks. As usual, most hackers waged attacks for financial gain. But 2015 also saw a handful of others beginning to take action for moral reasons, targeting companies they believed were doing wrong.
In the coming year, security experts expect there to be other new types of hacks that diverge from the standard blueprint. Below, find out the surprising (and scary) developments they’re betting on.
Not only will cybercriminals have a greater variety of motives, they will also increase their range of targets, Patrick Peterson, founder and CEO of security firm Agari, tells Inc. “Businesses and government entities that have never seen themselves in the crosshairs will move into the scope for these diversifying attackers,” Peterson warns. Nontraditional targets such as power plants and consumer sites and applications are among those that could become victims.
Social engineering, the act of tricking someone to reveal desired information either in person or through electronic communication, is not new. But criminals will continue to use it in creative and effective ways, taking advantage of the fact that humans are the weakest link in any company’s security. “They will pick one company, then one unsuspecting individual within that company to prey on,” Peterson says. “Using information on that person, gleaned through the sites they’ve visited or data the hacker has purchased, the bad actors will convince the good ones to unknowingly betray themselves, and ultimately the organizations for which they work.”
If you’ve ever read privacy policies for mobile apps, you know that some apps access your email, contacts, and text messages. Hackers have already targeted massively popular apps like Snapchat, but these new attacks will go further–the personal information will serve as the basis for a larger scheme. “An attack entry point via an app on a mobile device may well be able to access a whole company network,” Margee Abrams, director of IT security services for Neustar, tells Inc. “In 2016, we will see many more companies recognizing this threat and applying for a professional vulnerability assessment that identifies potential security holes in networks, wireless networks, and applications.”
As more types of equipment connect to the internet, expect a host of new attacks to originate through them. The so-called internet of things “will become central to ‘land and expand’ attacks in which hackers will take advantage of vulnerabilities in connected consumer devices to get a foothold within the corporate networks and hardware to which they connect,” says Derek Manky, global security strategist for cybersecurity firm Fortinet.
There have already been hacks that caused physical damage in the offline world, but experts are warning that 2016 might bring an attack on critical infrastructure. The result, they predict, will be new laws to shore up the electrical grid, nuclear power plants, and other large energy facilities. “This year we will see governments making compliance mandatory across all critical infrastructure industries–with real consequences for non-compliance,” says Yo Delmar, vice president of MetricStream, a governance, risk, and compliance firm.
Clarence Beaks, December 2015
Small business owners can’t assume cybercrime won’t happen to them. But there are some simple steps that can help mitigate risk.
All too often, data breaches make news headlines but the attention received by business behemoths like Medical Informatics Engineering and Premera when they were hacked has given many SMB owners a false sense of security.
In reality, the National Small Business Association reports 44 percent of small businesses were victims of cybercrime, with an average cost of $9,000 per cybersecurity attack.
Small business owners can’t assume cybercrime won’t happen to them. One wouldn’t leave the doors of your brick-and-mortar location doors flung open all night with shelves stocked full of valuable merchandise and hope nothing happens. By not protecting your business online, that’s essentially the risk you’re taking.
While your business might survive a night or two unscathed, your luck will eventually run out. It’s the same principle with cyber security threats.
According to the Online Trust Alliance, nearly 90 percent of cybersecurity breaches could have been avoided with simple controls and security best practices. Outlined below are 10 steps you can take to mitigate your risk.
Think you’ve already got your business covered? Take this short cybersecurity IQ quiz to test your knowledge and take steps to fill any gaps that might put your business at risk.
Hurricane Joaquin is bearing down on the East coast and may, or may not, cause serious issues for residents and business ranging from the Carolinas to Massachusetts. While I hate to be reactionary, it is times like this that make me want to shout from the rooftops the importance of having a Disaster Recovery solution in place for your organization.
Disaster recovery means different things to different people. For some businesses, they may be fine for a week or two without their PCs and access to their business applications. For others, a building or power loss could cripple their business within a day. How would a disaster impact your company?
As the old adage states: “fortune favors the prepared”. Microsoft Azure provides a safe and reliable disaster recovery solution through its Azure Site Recovery service. If your network is running virtualization for its servers through either Microsoft Hyper-V or a supported version of VMWare, then it is easy and relatively inexpensive to replicate these systems to the Azure cloud. Replication can then be configured to update the cloud “mirror” as often as every thirty seconds, ensuring that the replicated systems have the most current copy of your data.
In the event of a catastrophe, businesses have the assurance that their data is safe in the Azure cloud and can turn on the replicated systems to have an operational datacenter in the cloud and be back up and running in a matter of hours instead of weeks.
If disaster recovery is not on your radar, then look at the Storm Trackers being shown on every local news channel to see just how close disaster can be. When you are ready to start planning, contact Dorset Connects and we can help get your business onto the high ground!
When most people think of transforming a business they think of moving to a new location, changing up their business strategy, expanding marketing efforts, hiring new employees and most of all they think of the dollar amounts associated with these upgrades.
But there’s another more effective and more cost efficient way to transform a business — technology. The cloud has been the single most transformative tool to happen to small businesses since the advent of modern computers. Cloud technology enables even microbusinesses to compete with much larger enterprises by increasing efficiency and improving productivity.
Another major benefit of modern technology is improved security. Cyberattacks are a real threat to businesses of all sizes and the right technology can help protect sensitive customer data and prevent a breach that will be costly in both dollars and eroding customer trust.
For more information on how modern technology can protect your business from security threats, watch the below video from SMB owner and technology evangelist Ramon Ray. Be sure to download our latest eGuide for more information on how technology can transform your business.
Your business is a castle. And that castle needs protection in an increasingly digital and connected world. Although the large, corporate data breaches tend to grab headlines, attacks on smaller businesses are increasing because they may have less sophisticated online and cloud security practices in place. Plus, malware and inadvertent employee misuse tend to be more common in businesses without centralized IT policies and enforcement.
The good news is: applying basic security processes can help protect against many of the common threats we see today. Use online services, cloud and device technologies that offer built-in security features. And, most importantly, make your employees your first line of defense.
How can you have them help dig a digital moat to protect valuable business assets?
An initial checklist to help get you started:
Teach your employees about phishing emails, whether they’re coming through work or personal email accounts. Leverage the protections provided in Outlook.com to help protect against hackers. You can set up two-step verification, making it more difficult for a hacker to sign in, even if they’ve somehow learned your password. Microsoft Outlook comes with built-in anti-phishing detection to help prevent fraudulent email messages from reaching you in the first place.
Create strong passwords. We’re all guilty of it – using birthdays, names, and personal references as passwords. Consider using programs that randomly generate strong passwords. Or, have enforceable policies in place that require employees to change passwords regularly. Test the strength of your passwords here.
Keep antivirus software up to date. It seems like an annoyance, doesn’t it? Having to update your security software every time another version comes out. And yet, it’s the most effective way to keep protected against constantly-changing cyber threats. Microsoft helps to take the work off your plate by constantly monitoring and detecting threats, and making sure the latest protections are in place within their solutions. For example: in Windows 8.1 Pro, Windows Defender notifies you when a virus is detected and the specific action needed to resolve it. And Office 365 includes up-to-date spam and virus protection to better protect your email communication.
Protect your device. Be aware of the devices your employees use for work. Are they password protected? Is sensitive information winding up on personal devices? Consider managing devices for your team so you (and they) don’t have to worry. Microsoft provides built-in protection at every level of your technology platform, from the server to PCs to mobile devices. For example, with Mobile Device Management for Office 365 and Microsoft Intune you can remotely lock a device, wipe data, and reset a pin if the device is lost or stolen. And encourage employees to use a device tracking app or “find my phone” service that can ring, locate, lock, and erase a missing phone.
Keep sensitive data inside your doors. An organization’s data may remain on a personal device when employees leave a company. Encourage your employees to save business data in the cloud. OneDrive for Business files are automatically backed up. And Office 365 also offers the option to define clear permissions and access levels to those backup files. That way, when your employees walk out the door, your data stays with your business.
Protect email communication. If you are emailing a sensitive document, password protect it in Office (just click on File → Info →Protect Document →Encrypt with Password). Alternatively, save the document in the cloud, using OneDrive for Business, and simply send a link to the select people that need the information.
Introduce auto-updating browsers and software. Whenever possible, use automatic updates in your software applications to help guard your PC against viruses, spyware, and other malicious software in real time. Windows 8.1 Pro provides protection as soon as you start-up your device, always loading anti-malware software before any third-party applications. And its antivirus solution, Windows Defender, helps detect and stop the execution of known and unknown malware, as you employees browse the Web.