10 things that any business can do to fight the insider threat – cybersecurity

protect your business informationWe have all heard about the threat to an organisation that a staff member can do.   From having stealing critical information, running an embezzlement scheme or just being a pain in the ass, an insider threat can cripple an organisation in a minimum amount of time.

So what can you do to protect yourself from an employee going rogue?

Background checks

It is critically important, in today’s business world that you make sure you are getting the person that appears on paper.   So after the basic weeding out process and before the offer of the interview you need to check the truth behind the resume.   In most cases, a quick check of references and a look at social media will give you an inkling into a person’s character, capability and attitude.   If there are no obvious contradictions then it is safe to proceed to the next level.   (You could also use a psychology test as supplied by www.thewhitehousereport.com.au)

In addition to this when someone leaves, cancel their access as soon as possible.   Relationships can sour and it is best that when someone has left that they no longer have access to any part of the organisation.

This is doubly important, if you are firing someone.   Before you go through the actual process of firing them make sure they have no access to your systems.

Acceptable use

The insider can quite easily steal your time and money by not actually doing anything illegal.   Staff members who spend a lot of time on social media, especially when they are supposed to be working can have a detrimental effect on not only the business but also on staff morale.

Make sure that you have policies in place that specifies what people can and cannot do with business assets.

Least privileges

Staff members should only have access to information that they need access to do their jobs.   In the case of small and medium business, you have to make a conscious decision that you cannot trust everyone.   By not trusting everyone you are actually protecting your business.   The larger the organisation the more need there is to separate working areas and capability.

Administrator privilege

In any Organisation there should be only a minimal number of administrators.   In most areas there is a need to ensure that staff and users only have access to what they need to do the job.   The administrator account should not be used except for administration.   It should never be associated with an email or webmail account.

All administrators should have separate logins to do normal work.   This reduces the risk of being compromised as well as ensuring that only minimal access to the administration of the business.

Separation of duties

In a really small organisation this is very hard to do but in larger Organisations there should be an action process to spend money from credit cards and bank accounts.   There should be a separation to ensure that one person is not authorizing and acquitting invoices and payments.

Job rotation

There are 2 reasons for this.   It allows you to build resilience into the business because a backup person has access to the processes that the business needs in an emergency.   The second reason is it allows for training of personnel in the roles and as an audit.

Mandatory holidays

Everyone needs to go on holiday.   In most cases 2 – 4 weeks is mandatory.   It allows for recharging batteries as well as protecting the organisation from someone going rogue.

Auditing

Most if not all accounting packages have an auditing feature.   This feature needs to be running at all times to ensure that you can check all transactions occurring within the organisation.

Auditing can also be employed to track other components of the business including information being passed through email, cloud based technologies and cloud based storage.

Data loss prevention technologies

There are number of software packages and hardware systems that allow you to monitor and manage information leaving your organisation.   From restricting USB devices, to cloud storage systems are available to ensure that your trade secrets are not leaving your organisation.

End point protection

This last point is more a solution to one of your people getting infected through malware.   If you have done all of the other nine point’s then malware will have little impact on the organisation if it does get past the end point protection systems.

In addition there should always be 2 levels of end point protection – at the firewall and on the devices, preferably using different vendors.   If malware gets past one it may not get past the second.

These 10 Ideas will ensure that your organisation is better protected from an attack from an employee or staff member.

Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework.   He is a Speaker, Author, Teacher and educator on cybercrime and how to protect yourself from the digital world.

So you want to outsource your digital security to a managed security service provider!

There are huge benefits to getting a reputable organisation to manage your digital security.   There are also large risk management component and a due diligence process to follow to ensure that you are getting the best available.

The outsourcing of your digital security involves an in-depth discovery process.   It is not one of those decisions that is solely based on price and cost.   Getting the right outsourcing company with the best reputation is critical to your Organisations viability.    Making a bad decision or decide on one based solely on cost can cripple your business.

These are the areas that you should look at prior to looking at the cost component:

  1. What are they going to do for your organisation?
    • A good Managed Security Service Provider (MSSP) will not only be looking at your firewall, anti-virus and patching.   A good MSSP will have a holistic outlook on how they protect their clients.   A good MSSP will ensure that they are in a position to implement “security change” to create a more holistic outlook on protecting your organisation.
    • That holistic outlook takes the following into account: (start with a protection philosophy and end with a compliance requirement)
      • Technology – UTM firewall, wireless, VPN, best practice and patch management.
      • Management – policy, Procedure, process, auditing, reporting and training and education
      • Adaptability – disaster recovery, business continuity, business resilience, backup and culture
      • Compliance – if you have done the above compliance is a relatively easy.
    • An MSSP will have the empathy and understanding to ensure your organisation is protected
  2. Do they have the expertise?
    • Most managed security service providers focus on one or two types of technology is specific areas.   They may have a focus on Cisco or WatchGuard or a specific AV, or a specific make and model of PC.
    • This level of specification ensures that the MSSP has the right level of education, training and capability within it ranks.
    • A good MSSP should have people who are experts in one or more areas of digital protection, if they do not then talk to another MSSP.
  3. Do they have the capability?
    • Most MSSP’s have the capacity to manage clients.   They will have trained people at every level of the organisation to ensure that they are servicing their clients to the best of their capability.   When it comes to capability the MSSP should have staff with professional qualification to support your business.
  4. What are they going to change to make their life easier?
    • There are changes that will be recommended by an MSSP for two reasons:
      • The systems that you have in place are not doing the job that they should be doing and need to be replaced with systems that are more secure.
      • The systems that you have in place cannot be supported by the MSSP because they do not have the expertise on staff.   So if you have recently invested $10K in a firewall and they want you to replace it with another one worth the same then you probably have the wrong MSSP.
  5. What benefits are you going to get out of it if you PARTNER with them?
    • The outsourcing of your digital security to an MSSP is a partnership.   They are there to protect your data, your Infrastructure, your clients and your staff.  You pay them to do that.   Make sure that all parties involved understand their requirements by putting a service level agreement (SLA) in place.   No SLA then no contract.
  6. How much will it cost?
    • Finally we have the cost.   You should always know how much your monthly digital security cost is going to impact your organisation.   If the month cost is going to change then once again you should be looking at alternatives.  The cost of an MSSP SLA should include monitoring, management and reporting, it will not include projects that are outside the scope of the SLA.

There you have it, if you employ a MSSP based solely on how much it will cost then your organisation will not have the right digital protection.

There are a large number of Organisations out there who think that they are MSSP’s but lack the expertise, capability and understanding that is required to protect your organisation

Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework.   He is a Speaker, Author, Teacher and educator on cybercrime and how to protect yourself from the digital world.

(Video) What is the cloud Computing?

Hi. My name is Roger and today I would just like to do a brief synopsis of what the cloud is and why we are using the cloud.

Well the cloud we are using nowadays has a number of reasons. 1) It’s inexpensive, 2) it reduces your infrastructure costs and there is no capital [Indiscernible 00:00:20]. And it also becomes not a capex but it is an operational expense.

And that is some of the reasons. It’s no longer a case of you have to spend thousands of dollars to buy a server and another thousands of dollars to find an operating system and then put that over in a corner and you have power to it and Ethernet cables and lots of stuff. So cloud is like buying electricity.

It’s now a resource that we can consume and utilize and then get rid of as we need. But there are three types of cloud. There’s the public cloud, which is everybody. So things like Dropboxes are a public cloud environment.

Office 365 is a public cloud environment. So anybody can use it and anybody can get on it. Then we have a private cloud. Now a private cloud is a cloud that’s supplied by a cloud provider but only one customer can utilize it. And that information on that customer is where this information is going to be stored. And then manage it for you. And then on top of that you got a hybrid cloud. So you can have a bit of public and a bit of private.

Even though at most times they won’t talk to each other but you can have storage in one place. You can have operating systems in another. But what do we use the cloud for? Well, utilization of the cloud, there are three main levels. So we can have infrastructure as a service. That’s where I go and buy a virtual server.

I manage the server but they manage the hardware. So with them looking after the infrastructure, everything that’s above the infrastructure is our responsibility. And again you need people to be able to — who know operating systems, you need people who know applications, you need people who know SQL and Web Data and all of that.

The second component is we have platform as a service. This is where you have – the cloud provider provides the server and the operating system – and that gives you a platform to be able to do everything else that you need to do.

But in both of those cases when it comes to things like antivirus, updates, how you manage it, that’s all your responsibility. And then finally we have software as a service. Software as a service is just the data. So you don’t have to manage every Exchange because Office 365 does — all that does is connect to the Exchange that you have got and then it can send out your email.

Office 365 for instance, for things like Dropbox and OneDrive and any of those Microsoft products that have a component that is in the “cloud”. So you have access to that data because it’s the storage area but that is what the cloud is. So those three things: infrastructure as a service, platform as a service and software as a service is way that derivatives of cloud is coming from.

And you can utilize any components of those. You no longer have to spend $25,000/- getting a server and putting in plugs because you can spend $1000/- a month doing everything you need to do from the server which you’ve got as infrastructure as a service.

Thank you very much.

[End of transcript]

Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework.   Rapid Restart Appliance Creator.   He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world. 

(Video) How a SMB can reduce its labour costs using a MSP

Hi. My name is Roger. I’d like to talk to you today about how to reduce your business labor cost. And how as a small business you can go forward using the right technology. As we all know SMEs in business, it can be very difficult and very complicated. How you use technology, why you use it, what you want to use it for? So, you need to get the right qualified people and at the best of times that can be hard.

On top of that you need to make sure that those people are actually going to resolve this — the problems that you have inside your business. But when it comes to paying for someone in the ICT industry that can be very expensive. Some of the people that I work with or I know can cost up to $150,000 to $200,000 for what they do.

So what you end with is someone in a business who is multi-talented. They are your sales person but they are also your IT person. They’re your marketing person but they’re also your IT person. And that does two things. It takes away from their marketing role with their sales role, with their reception role or their CEO role, which is very credible for the business.

And puts them in something that takes a long time to resolve like getting little Johnny some emails to work properly or having little john and Sara talking to the right people when setting up meetings or all that stuff. So you then have other problems associated with that. so one of the things we really need to look at is, how do you reduce those very expensive labor costs by having an ICT person on board or how do you reduce the chance that your sales person is no longer going to do sales because he is too interested in doing the IT.

One of the best ways to do that is to outsource your IT. Now if you outsource your IT, you have someone who comes in or are available on the web, on helpdesk system. They can access your PCs, they can talk you through your problems, all of that sort of stuff. And your sales person and your marketing person continue doing what they do and how they do best.

They are generating revenue for your business not wasting time making the printers work or meetings to call and all those things. so when it comes to reducing your business labor costs, have a really good look at what a MSP can do for your business because I can guarantee that by taking that role away from someone who is doing something else, that person will then go off and make more revenue for you.

Thank you.

[End of transcript]

 

(Video) Why all SME’s need a Helpdesk

Today I’d like to talk about why all SMEs need a helpdesk. So first things first. What is a helpdesk? A helpdesk is where you have the ability to ring up someone and say, I need some help and this is what I need for you to do. Now a helpdesk can be contacted through a number of options. You can just send them an email. Fax them if you’ve got a fax machine or you can just pick up the phone and talk to them.

And their role behind your business is to help you out of why you have a problem and what that problem is and get your [Indiscernible 00:00:39] working with you. So how can it help with small business? Well, small business, with the increase in technology and increase in complexity of technology needs somewhere to go, ‘what do I do here’. But that helpdesk, if done properly, can also say, when the boss rings up and goes I need to know what I can do about x.

Can I put this system in place and is it going to impact these other systems? And that is a really good way of using a helpdesk. Now helpdesk is usually supplied by a managed service provider. And that managed service provider probably has a large number of other things in the background that are working.

But for a small business a helpdesk is really critical because it takes away that nagging ‘everybody get involved because Jim or Joey can’t print from the third tray. So everybody is opening bits and playing with bits and you’ve just lost five hours’ worth of productivity because he can’t print because he doesn’t understand what’s going on.

Whereas you can pay 25 cents or $25 for someone to come in or someone to come over the phone line or as a remote connection to his desktop and workout what the problem is, rather tie him up and everybody else can go back to work. So that’s one of the good aspects of having a helpdesk. The other aspect is, as I said before, is that you can have people on the back end of a helpdesk helping you make decisions about your business.

So they can be there and you can say, ‘should we move to the cloud?’ I want to know. What repercussions if we move to the cloud are going to be involved? Okay, yes you’re going to have a monthly cost. But is it going to impact our internet connection? How we’re going to print it from our servers in the cloud if we want to print from here.

That information is also very important. But as I said, an MSP whose primary helpdesk is probably supplying a lot more as well. They are probably monitoring your systems. So, with luck, that problem that you’re having with tray three wouldn’t come up because they would’ve been alert to come up and say Joey is trying to print to tray three and that printout hasn’t gone to tray three, and that type of thing.

And on top of that an MSP will also give you reports. How many times people have rang the helpdesk? How beneficial it is to your business? What is the next step going forward? So why do all SMEs need a helpdesk? It makes you more productive.

Thank you very much.

[End of transcript]

 

(Video) How does an Managed Service Provider (MSP) Control your Business Costs

How do managed services control the cost of your business?

Today’s technology is complicated. We have so many catch phrases and so many different words and so much jargon around that it’s very hard for small businesses who are not in the IT space to understand what they need to do, how they need to go forward, what technology and systems do they need to have in place to gain the best advantage against their opposition and to get more customers and clients.

When it comes to managing your technology within a business, there are two things you can do. There are three things you can do, but two of them we’ll talk about. We’ll talk about the first one, which is you have someone on task who is onsite, one of your salespersons for instance.

When it comes to technology, we’ve found and I think you’ll find that you’ve found, that the person who has been assigned to look after the computers likes to play with the computers all the time. They like to be in a situation where they don’t have to do their main role, their money-spinning role. They would rather look after technology, make the printer work, play with the firewall.

So not only are you now paying a person to do two jobs, one job is always going to be a failure compared to the other one. When it comes to managed services, and most managed service providers have different plans, you can get someone who will manage your technology.

So little Johnny can now go back off and be a salesperson or a marketing person or the secretary, whatever he used to be. Or in most cases, and in a large number of businesses, the CEO or small business manager. They can now go off and do what they need to do to make the business grow.

What we find in technology is that over a yearly period, the cost of the technology will change. So in January it might only be $100. In February you had a server failure, and it’s $2K, and that’s not including hardware, software, that sort of stuff. In March, it’s gone down to $700. April it’s down to $200, and $200 again , and $1700 because you had to buy and install a new printer and manage it and all that sort of stuff.

So you end up with this type environment where you’re spending lots of money at some times, and you’re not spending very much money at other times.

With a managed service provider, you have a constant fee in most cases starting around $495. They will say, yes, you’ve got a problem, and you’re going to lose money here. But you’re going to make money here. You’re going to lose money here and there. That type of thing.

So over the flow of a year, you may have spent $17K on your IT, with break-fix, as we call it, compared to 12*495. And that 495 will include things like monitoring and management, reports, it will make sure that your people are educated, that your people understand how things are working.

Sometimes if you want to pay a bit more you could have a virtual CIO, Chief Information Officer or an IT manager who will then talk to your management team, work out where your management team want to go, and then discuss what technologies you need to do to get there.

Because when it comes to this, these people know what they’re doing. The technology they’re going to employ is going to improve your business. And it’s no use having someone onsite saying, let’s go buy that. But you don’t know what else it’s going to do, how it’s going to achieve the rest of the business target market.

So as you can see, managed services can create a level field. You get a monthly fee, some things you get a service level agreement. We will have a person on site within an hour, we will have someone answering the phone all the time, we will have monthly reports, monitoring of all your systems including things like iPhones and iPads and Androids, tablets, all of that as part of the managed service plan.

So as you can see, managed services, and managed security services can save you a lot of money.

So if you want to see or talk to anybody about managed services, please contact us. Thank you very much.

(Video) Why is Patch Management so Important to Cybersecurity

Today I’d like to talk to you about why patch management is so important to the cybersecurity of your business. And it’s not only your business. It’s also in your own personal connection to the digital world.

Patch management is something that’s really been pushed in the last couple years, because a couple of years ago, they found that things like malicious software, viruses, Trojans, worms, were targeting software that hadn’t been repaired. And that’s what a patch does. It repairs the application or the operating system or the BIOS for instance.

Now this is why it is so important that you have a patch management plan in small- and medium-businesses and not-for-profit organizations.

That patch management plan makes sure that if X has released a patch, might be a Microsoft patch, for a specific problem that they have discovered or someone has told them that they have got a problem, they will rectify that problem and release it as a patch.

And yes, we all know those patches are really annoying, cause they come up when you’re logging on or off or you they want to shut down the computer and restart. But it’s a damn sight better than getting hit with a virus or malicious software.

But patch management also has other components. Patch management in a small business is making sure that all the iPads are up to date, or all the Android phones are up to date and all the applications that people are using on those iPads, iPhones, and Androids are also up to date.

Because most of the viruses that are coming out now look and feel and target specific vulnerabilities in things like Java and Adobe and any other system that is integrated into how we do business nowadays.

So that is why patch management is really important for your business. It’s to make sure that when you go forward that your operating system and your applications cannot be targeted by a virus.

If you need to know more information about patch management, please contact us. We’ll quite happily help you work out a system of doing it.

(Video) How can a Managed Service Provider (MSP) make your business more competitive?

I’d like to talk to you about how you as a small or medium business or a not-for-profit organization can increase your business competitiveness.

Most of us when we get to the stage that we’ve started a new business and we now get to the point we’re employing 5-6 people, we look for an office to go into, and we’ve got an IT person that is happy to do that role, we suddenly realize that we’ve got 5-6 different platforms that we’re using.

You might have someone on who only likes Apple, or someone who only wants to use Windows 7 or Windows 8. Or we haven’t gotten around to buying a server. Do we go to a server? Do we go to a cloud? That type of environment, and those types of questions are really important for a small business going forward.

Now, if you didn’t know the correct questions to ask, then what you get out of the answers is not going to help you very much. And this is where a managed service provider really comes into the game.

Because they will sit down with your small- to medium-sized business and they will do a business and risk analysis on your business to find out where you want to go, how you want to get there, and then they will find the technology that suits your business.

If you’ve got 9 people in your office and 8 of them are on the road at all times, then you are going to need some way for them to connect and work together. And that connecting and working together is very critical to your business, because that’s the business model you’re using.

So from a small business perspective, when you’re talking to a managed service provider, you can sit there and go, this is what I want to do. This is where we are. I want to add another 5 staff by the end of the year.

I want to look at outsourcing some of my components. Where are you going to outsource them to? What components are you going to outsource? That whole plan is what a managed service provider will help you do.

So if you want to increase your business competitiveness, then talk to an MSP. An MSP will actually sit there and talk to you about how you can take your business forward and what you can do to make it more competitive.

In most cases, and most MSPs that I know, if you give them a ring and say, “we need to have someone come out and have a talk to us,” they will quite happily come out and talk to you. And most of the advice they give will be free advice.

So how to increase your business competitiveness? Talk to an MSP. Thank you very much!

(Video) What can a Virtual Chief Digital Officer (V CDO) do for your organisation?

I’d like to talk to you about the role of the Chief Digital Officer in your business.

Now most small- to medium-businesses and not-for-profit organizations cannot afford to have a Chief Digital Officer inside their business.

You’re probably asking what will a CDO do for me? Well a CDO will actually take all of the components to your business and find out what direction you are going in, what is good technology and what is not good technology for your business, and it doesn’t necessarily mean that we’re going to put everything in the cloud.

But the CDO is also anything to do with the digital world. He has the knowledge about it. So you want to use Facebook. Okay, not a problem. How are you going to use it? What are you going to use it for? How are you going to get your message out there?

That is also part of the role of a CDO. But as I said, they’re an expensive commodity in a small business. So how do you get all of that information and expertise without paying an arm and a leg and sending your business broke?

Well, when it comes to the Virtual CDO, you can have access to that information by employing someone who will come in an hour a month, an hour a week, an hour every two weeks, and sit down with the management team and work out what you need to do for your business.

And what digital components will reinforce that message, to make sure that when you are looking at how you’re going to get, that the information is not going to get cul-de-sac’d, or that information is not going to be bad for you, or in some cases, the information that you’re playing with needs to have some other components to make it really beneficial for your business.

And that is the role of the CDO. And a virtual CDO will come in, talk to management teams, talk to Board members, and find out exactly what direction your business needs to go in and how you want to do it and how much it will cost to do it.

And if it’s going to cost an arm and a leg again, then how are we going to grab it back to make it cost effective.

Now a virtual CDO, what we do as a role in our managed services is you get that for free as part of a service level agreement we put in place having one of our high-end technical experts come to your office. And none of that gobbledygook. They are based in applying technology to business to make it work.

So if you need to have someone who can come in and have a look at your business and find out where your business needs to go and what you need to do and put it in place, then a virtual CDO is what you need.

Thank you very much

(Video) Why a managed (Security) Service Provider (MSP, MSSP) allows you to focus on your CORE Business

I’d like to talk to you about Managed Services and how they allow you to focus on your CORE business.

What do I mean by that?

Most people have a specific focus for their business, whether it’s making widgets, accounting, or a legal service.   Anything that you do as a business is your core business.

That core business, makes you money.   It’s what you focus your marketing and advertising on, and your sales and your internal processes.

In today’s technology world, most small businesses have a person on staff who looks after your technology.  They are the “computer person.”  And they spend a lot of time being the “computer person.” Because they are the “computer person,” when it breaks, someone yells, they go and fix it.

So they’re coming away from their business role and your core business to fix the problems so others can do their jobs.

What happens when they are in a situation where they are no longer doing their normal job?

As we all know, the moment you have something that you like to do, then being the sales and marketing person is no longer important and being the computer person gets a lot of focus.

The number of computer components that you have in a small business start to grow as you get bigger. That small computer person who’s looking after your computer systems starts to take on a bigger and bigger role. In addition to that if something should happen to them, you no longer have someone

  1. a) As the go-to person for all internal computer problems, but
  2. b) You can no longer focus on your core business because you’ve got to get other people in to fix the problem that this person use to rectify.

So when it comes to this type of situation, we have to make sure that you focus on your core business. If you’re not focusing on your core business, then you need to know where the technical support will come from.

Your core business might be an accounting practice. Your requirement maybe different versions of an accounting system. An accounting system needs people to install it, needs people to manage it. As an accountant, they have to have different versions, because all of their clients have different versions, they also will need to have different accounting systems.

All of that information is all tied up in one person. He wins the lottery and goes off and lives on a beach or gets hit by a bus and all that critical business information about your technology is no longer available. You now have a situation where nobody else knows the systems. Yes, people, individuals know all about the little bit of area they work, he might work in Arrow, he might work in MYOB he might work in QuickBooks, but there’s no overall system that’s in place to make sure everything is going to work.

This is where a managed services provider (MSP) come into the picture. As an MSP their priority is to document the network and to make sure that not just one person has control over the systems in place. Through that one control, it is then split over the number of people in the managed services role.

In addition, they have the expertise. They have the expertise to make sure that that information is, as I said, documented. This is how you install X. This is how you install Y. This is where the databases have to be. This is why you need to have a backup system in place. When they do a backup, these are the components that need to be in place.

That information is critical to your business. And once again, that is where a MSP comes in. Now if you want someone to come out and have a look at your business, please contact us. Thank you.