Hi. My name is Roger and today I would just like to do a brief synopsis of what the cloud is and why we are using the cloud.
Well the cloud we are using nowadays has a number of reasons. 1) It’s inexpensive, 2) it reduces your infrastructure costs and there is no capital [Indiscernible 00:00:20]. And it also becomes not a capex but it is an operational expense.
And that is some of the reasons. It’s no longer a case of you have to spend thousands of dollars to buy a server and another thousands of dollars to find an operating system and then put that over in a corner and you have power to it and Ethernet cables and lots of stuff. So cloud is like buying electricity.
It’s now a resource that we can consume and utilize and then get rid of as we need. But there are three types of cloud. There’s the public cloud, which is everybody. So things like Dropboxes are a public cloud environment.
Office 365 is a public cloud environment. So anybody can use it and anybody can get on it. Then we have a private cloud. Now a private cloud is a cloud that’s supplied by a cloud provider but only one customer can utilize it. And that information on that customer is where this information is going to be stored. And then manage it for you. And then on top of that you got a hybrid cloud. So you can have a bit of public and a bit of private.
Even though at most times they won’t talk to each other but you can have storage in one place. You can have operating systems in another. But what do we use the cloud for? Well, utilization of the cloud, there are three main levels. So we can have infrastructure as a service. That’s where I go and buy a virtual server.
I manage the server but they manage the hardware. So with them looking after the infrastructure, everything that’s above the infrastructure is our responsibility. And again you need people to be able to — who know operating systems, you need people who know applications, you need people who know SQL and Web Data and all of that.
The second component is we have platform as a service. This is where you have – the cloud provider provides the server and the operating system – and that gives you a platform to be able to do everything else that you need to do.
But in both of those cases when it comes to things like antivirus, updates, how you manage it, that’s all your responsibility. And then finally we have software as a service. Software as a service is just the data. So you don’t have to manage every Exchange because Office 365 does — all that does is connect to the Exchange that you have got and then it can send out your email.
Office 365 for instance, for things like Dropbox and OneDrive and any of those Microsoft products that have a component that is in the “cloud”. So you have access to that data because it’s the storage area but that is what the cloud is. So those three things: infrastructure as a service, platform as a service and software as a service is way that derivatives of cloud is coming from.
And you can utilize any components of those. You no longer have to spend $25,000/- getting a server and putting in plugs because you can spend $1000/- a month doing everything you need to do from the server which you’ve got as infrastructure as a service.
Today I’d like to talk about why all SMEs need a helpdesk. So first things first. What is a helpdesk? A helpdesk is where you have the ability to ring up someone and say, I need some help and this is what I need for you to do. Now a helpdesk can be contacted through a number of options. You can just send them an email. Fax them if you’ve got a fax machine or you can just pick up the phone and talk to them.
And their role behind your business is to help you out of why you have a problem and what that problem is and get your [Indiscernible 00:00:39] working with you. So how can it help with small business? Well, small business, with the increase in technology and increase in complexity of technology needs somewhere to go, ‘what do I do here’. But that helpdesk, if done properly, can also say, when the boss rings up and goes I need to know what I can do about x.
Can I put this system in place and is it going to impact these other systems? And that is a really good way of using a helpdesk. Now helpdesk is usually supplied by a managed service provider. And that managed service provider probably has a large number of other things in the background that are working.
But for a small business a helpdesk is really critical because it takes away that nagging ‘everybody get involved because Jim or Joey can’t print from the third tray. So everybody is opening bits and playing with bits and you’ve just lost five hours’ worth of productivity because he can’t print because he doesn’t understand what’s going on.
Whereas you can pay 25 cents or $25 for someone to come in or someone to come over the phone line or as a remote connection to his desktop and workout what the problem is, rather tie him up and everybody else can go back to work. So that’s one of the good aspects of having a helpdesk. The other aspect is, as I said before, is that you can have people on the back end of a helpdesk helping you make decisions about your business.
So they can be there and you can say, ‘should we move to the cloud?’ I want to know. What repercussions if we move to the cloud are going to be involved? Okay, yes you’re going to have a monthly cost. But is it going to impact our internet connection? How we’re going to print it from our servers in the cloud if we want to print from here.
That information is also very important. But as I said, an MSP whose primary helpdesk is probably supplying a lot more as well. They are probably monitoring your systems. So, with luck, that problem that you’re having with tray three wouldn’t come up because they would’ve been alert to come up and say Joey is trying to print to tray three and that printout hasn’t gone to tray three, and that type of thing.
And on top of that an MSP will also give you reports. How many times people have rang the helpdesk? How beneficial it is to your business? What is the next step going forward? So why do all SMEs need a helpdesk? It makes you more productive.
We can also use the digital world for collaboration, both internally, so I know what my nightly manager is doing and the nightly manager knows what I am doing, or someone external. I have a colleague, for instance, who does my changing of content when I am writing stuff for my website. Now I do a draft and send it to the edit, and they fix it. And that’s where the collaboration comes into it.
And of course, we have social media. Social is Twitter, Facebook, LinkedIn, Pinterest, all of these platforms that you are using. Now you have got to remember they are a platform. You have no control the algorithm they are using, how they make their money, so they might what Facebook did at the beginning of last year and change their algorithm so your rich, organically goes from 30% to 1%. And that’s a big change, and that’s because they were trying to make money.
But you have no control over that because it is a platform. So with all of this going on, what are the bad guys doing? What are the bad guys doing to use the digital world? The bad guys are after a number of things. One is your reputation, going back to Coca Cola and McGraw’s. They have a big reputation. It doesn’t matter whether it is good or bad, but you have a big reputation.
And most businesses have a reputation that they can utilize to get followers and customers and go forward as a business. But they are also after your money. Money, you might think is a huge driving force, and it is. But it is not the only driving force of what cyber criminals are doing.
Cyber criminals are after your money, but they are also after your access to other people’s money. Hacking into my system and taking over my accounting system, they can send an invoice to someone and that money can go to the wrong bank account. You will have no idea what’s going on.
How do managed services control the cost of your business?
Today’s technology is complicated. We have so many catch phrases and so many different words and so much jargon around that it’s very hard for small businesses who are not in the IT space to understand what they need to do, how they need to go forward, what technology and systems do they need to have in place to gain the best advantage against their opposition and to get more customers and clients.
When it comes to managing your technology within a business, there are two things you can do. There are three things you can do, but two of them we’ll talk about. We’ll talk about the first one, which is you have someone on task who is onsite, one of your salespersons for instance.
When it comes to technology, we’ve found and I think you’ll find that you’ve found, that the person who has been assigned to look after the computers likes to play with the computers all the time. They like to be in a situation where they don’t have to do their main role, their money-spinning role. They would rather look after technology, make the printer work, play with the firewall.
So not only are you now paying a person to do two jobs, one job is always going to be a failure compared to the other one. When it comes to managed services, and most managed service providers have different plans, you can get someone who will manage your technology.
So little Johnny can now go back off and be a salesperson or a marketing person or the secretary, whatever he used to be. Or in most cases, and in a large number of businesses, the CEO or small business manager. They can now go off and do what they need to do to make the business grow.
What we find in technology is that over a yearly period, the cost of the technology will change. So in January it might only be $100. In February you had a server failure, and it’s $2K, and that’s not including hardware, software, that sort of stuff. In March, it’s gone down to $700. April it’s down to $200, and $200 again , and $1700 because you had to buy and install a new printer and manage it and all that sort of stuff.
So you end up with this type environment where you’re spending lots of money at some times, and you’re not spending very much money at other times.
With a managed service provider, you have a constant fee in most cases starting around $495. They will say, yes, you’ve got a problem, and you’re going to lose money here. But you’re going to make money here. You’re going to lose money here and there. That type of thing.
So over the flow of a year, you may have spent $17K on your IT, with break-fix, as we call it, compared to 12*495. And that 495 will include things like monitoring and management, reports, it will make sure that your people are educated, that your people understand how things are working.
Sometimes if you want to pay a bit more you could have a virtual CIO, Chief Information Officer or an IT manager who will then talk to your management team, work out where your management team want to go, and then discuss what technologies you need to do to get there.
Because when it comes to this, these people know what they’re doing. The technology they’re going to employ is going to improve your business. And it’s no use having someone onsite saying, let’s go buy that. But you don’t know what else it’s going to do, how it’s going to achieve the rest of the business target market.
So as you can see, managed services can create a level field. You get a monthly fee, some things you get a service level agreement. We will have a person on site within an hour, we will have someone answering the phone all the time, we will have monthly reports, monitoring of all your systems including things like iPhones and iPads and Androids, tablets, all of that as part of the managed service plan.
So as you can see, managed services, and managed security services can save you a lot of money.
So if you want to see or talk to anybody about managed services, please contact us. Thank you very much.
Today I’d like to talk to you about why patch management is so important to the cybersecurity of your business. And it’s not only your business. It’s also in your own personal connection to the digital world.
Patch management is something that’s really been pushed in the last couple years, because a couple of years ago, they found that things like malicious software, viruses, Trojans, worms, were targeting software that hadn’t been repaired. And that’s what a patch does. It repairs the application or the operating system or the BIOS for instance.
Now this is why it is so important that you have a patch management plan in small- and medium-businesses and not-for-profit organizations.
That patch management plan makes sure that if X has released a patch, might be a Microsoft patch, for a specific problem that they have discovered or someone has told them that they have got a problem, they will rectify that problem and release it as a patch.
And yes, we all know those patches are really annoying, cause they come up when you’re logging on or off or you they want to shut down the computer and restart. But it’s a damn sight better than getting hit with a virus or malicious software.
But patch management also has other components. Patch management in a small business is making sure that all the iPads are up to date, or all the Android phones are up to date and all the applications that people are using on those iPads, iPhones, and Androids are also up to date.
Because most of the viruses that are coming out now look and feel and target specific vulnerabilities in things like Java and Adobe and any other system that is integrated into how we do business nowadays.
So that is why patch management is really important for your business. It’s to make sure that when you go forward that your operating system and your applications cannot be targeted by a virus.
If you need to know more information about patch management, please contact us. We’ll quite happily help you work out a system of doing it.
I’d like to talk to you about how you as a small or medium business or a not-for-profit organization can increase your business competitiveness.
Most of us when we get to the stage that we’ve started a new business and we now get to the point we’re employing 5-6 people, we look for an office to go into, and we’ve got an IT person that is happy to do that role, we suddenly realize that we’ve got 5-6 different platforms that we’re using.
You might have someone on who only likes Apple, or someone who only wants to use Windows 7 or Windows 8. Or we haven’t gotten around to buying a server. Do we go to a server? Do we go to a cloud? That type of environment, and those types of questions are really important for a small business going forward.
Now, if you didn’t know the correct questions to ask, then what you get out of the answers is not going to help you very much. And this is where a managed service provider really comes into the game.
Because they will sit down with your small- to medium-sized business and they will do a business and risk analysis on your business to find out where you want to go, how you want to get there, and then they will find the technology that suits your business.
If you’ve got 9 people in your office and 8 of them are on the road at all times, then you are going to need some way for them to connect and work together. And that connecting and working together is very critical to your business, because that’s the business model you’re using.
So from a small business perspective, when you’re talking to a managed service provider, you can sit there and go, this is what I want to do. This is where we are. I want to add another 5 staff by the end of the year.
I want to look at outsourcing some of my components. Where are you going to outsource them to? What components are you going to outsource? That whole plan is what a managed service provider will help you do.
So if you want to increase your business competitiveness, then talk to an MSP. An MSP will actually sit there and talk to you about how you can take your business forward and what you can do to make it more competitive.
In most cases, and most MSPs that I know, if you give them a ring and say, “we need to have someone come out and have a talk to us,” they will quite happily come out and talk to you. And most of the advice they give will be free advice.
So how to increase your business competitiveness? Talk to an MSP. Thank you very much!
I’d like to talk to you about the role of the Chief Digital Officer in your business.
Now most small- to medium-businesses and not-for-profit organizations cannot afford to have a Chief Digital Officer inside their business.
You’re probably asking what will a CDO do for me? Well a CDO will actually take all of the components to your business and find out what direction you are going in, what is good technology and what is not good technology for your business, and it doesn’t necessarily mean that we’re going to put everything in the cloud.
But the CDO is also anything to do with the digital world. He has the knowledge about it. So you want to use Facebook. Okay, not a problem. How are you going to use it? What are you going to use it for? How are you going to get your message out there?
That is also part of the role of a CDO. But as I said, they’re an expensive commodity in a small business. So how do you get all of that information and expertise without paying an arm and a leg and sending your business broke?
Well, when it comes to the Virtual CDO, you can have access to that information by employing someone who will come in an hour a month, an hour a week, an hour every two weeks, and sit down with the management team and work out what you need to do for your business.
And what digital components will reinforce that message, to make sure that when you are looking at how you’re going to get, that the information is not going to get cul-de-sac’d, or that information is not going to be bad for you, or in some cases, the information that you’re playing with needs to have some other components to make it really beneficial for your business.
And that is the role of the CDO. And a virtual CDO will come in, talk to management teams, talk to Board members, and find out exactly what direction your business needs to go in and how you want to do it and how much it will cost to do it.
And if it’s going to cost an arm and a leg again, then how are we going to grab it back to make it cost effective.
Now a virtual CDO, what we do as a role in our managed services is you get that for free as part of a service level agreement we put in place having one of our high-end technical experts come to your office. And none of that gobbledygook. They are based in applying technology to business to make it work.
So if you need to have someone who can come in and have a look at your business and find out where your business needs to go and what you need to do and put it in place, then a virtual CDO is what you need.
Why your website is a target of hackers. And we’re being very loose with the term hacker, because there are a number of different variations of people out there in the digital world who are deemed as “hackers.”
We’ve got three types really.
The main one and probably the most common one is the script kiddy. Now the script kiddy is the wannabe. The 14-year-old teenager who sits in the back room on a computer and thinks he’s a hacker. They download an application from the internet from a very unsavory site. They install it on their computer, which then makes them part of a bigger system to attack other people. And then they quite happily go off and target people on the internet.
The second is the hacktivist. Now hacktivists are people who can be the teenager, but they are also interested in pushing their own particular wheelbarrow. They are only interested in defacing websites or compromising people or finding out information about people. They are in a situation where they don’t want to break anything. Some of they do. But they are more interested in raising awareness about what they are interested in.
The third one is the true full-blown hacker. Now these are the guys, and there are probably .001% of the people who consider themselves hackers who are actually in it for the money. They are in it to disrupt and compromise things as much as possible.
So what are these people all after? It doesn’t really matter what they are from a script kiddy to a hacker to a hacktivist.
Why do we have websites?
Well, in most people’s eyes, and this is thinking from the last 5 years, a website is somewhere someone can come to your little piece of your digital world and get information about who you are, what you are, what you do, what you have to sell.
The second part of a website is a blogging website, where the content is changing all the time. You are putting videos up, you’re doing blogs. You’re getting your message out to the real world and getting other people to associate with you, join your tribe, get people interested in what you’re doing.
And the last part of having a website is as an e-commerce platform, so you can sell stuff. You can get people interested in your product through the blogging. They come to your website, and they will then purchase something.
We know what the cost of a website is. The cost of a website is only part of the equation. We are looking at protecting not only the www component of your website, but if you’ve got a hosting platform where you’re using C-panel, then you have to make sure that doesn’t get compromised either.
You’re trying to make sure that logging onto that digital location is really secure.
So what are the bad guys, the hackers after?
Well primarily and only one of the large number of components, they’re after money. They’re after your money, they’re after other people’s money, and they’re access to money. So credit card details is one of their biggest targets. So if you’ve got an e-commerce site that takes credit card details, you have to make sure that they’re not collected in a way that they can be used by other people.
They are also after intellectual property / trade secrets. There was a company in 2010 who made metal detectors, and they used them to detect metal. One of their salesmen went to China, logged onto a free Wi-Fi, and had his laptop compromised, and they stole the blueprints to the metal detector..
The people who stole the blueprints, sold it to another company. They started building replicated metal detectors, and from there they then undercut the original price. The funny thing was that the original makers of the detectors didn’t realize they’d been compromised until some of the replicas created by other manufacturers started coming in as warranty issues.
But more importantly, the hackers are after your visitors. You’ve done all the hard work, you have used your SEO or payperclick money to attract people and they are quite happily coming to your site regularly. If your website is infected then they can compromise all those people.
So how do they get access to your website?
Well in the first case, they do a scan of the digital world. Remember those script kiddies, they are going to find out you’ve got a connection to it, whether it’s on your website, your office or your office 365, but they are going to find out what your connection is.
All that information then becomes critical to what they do next. How about a little social engineering? They then associate your website with your Facebook, Twitter, LinkedIn accounts, any of your social media platforms that you’re using. Now they can see exactly what you’re doing, who your people are and what your products are.
So you’re actually doing some of the hard work that the hackers need done by having all of that information out there.
I’m not saying you can’t have it out there. I’m saying you have to be very careful about what you put out there.
And then from that, they see if they can compromise your website.
Now compromising your website is the hard part of the whole process. The above process are all easy, they’re all done automatically. The next step is to come up with a plan of attack. That usually involves cross-site scripting or malware.
How are we going to go about protecting ourselves from these people who are targeting our websites? Well, one of the big things you can do and one of the main things you can do is you have complicated user names and passwords. And they are not only complicated but they are unique. They have to be 9 characters long. They have to have alphanumerical symbols. Everything that you can think of.
When you install a website through some of the hosting platforms, like the WordPress system, the first thing it does when you press the button that says install, it says it needs a username for the admin account. Your admin account is literally the keys to your kingdom. And a lot of people just go admin, password blank. So what you’ve done on the internet is give all of those hackers access to your site without you even doing anything in particular.
The script kiddies don’t have to do anything because they first thing they’re going to do with their automated systems is try admin blank, or admin password, admin 12345.
So instead of using admin, you use _29_admin41.
Yes, you have to remember that’s the name of it. But, and then you use a complicated password, a really complicated password, 9 characters long, to make sure that people cannot get in there.
The next thing you have to do for your website, and one of the most important things is you have to make sure that all of the small applications on the website are up to date. If they plug into j-script, or they have a Java component, they need to be updated and patched to make sure that a) they’ve got the most secure version and b) they’ve got the newest version.
You know that your passwords are in place, and all your systems including the actual underlining system like C-Panel itself, or WordPress are all updated.
Getting down to the nitty gritty of the website, most people have comments automatically enabled. If you want comments coming through, or if you flip the comments through to your social media, but if you want comments on your blog site, then you have to make sure that people who are coming to your site to put on the comments are leaving their username, creating a username, creating a password, and leaving an email address that you can then verify.
The fourth component of what you need to do is if you are logging on to your system, you have to make sure that you’re logging on through a secure connection. Used to be SSL. It’s now TSL. SSL is a method of encryption, which is not as secure as TSL, but it still works.
The fifth thing you need to do is no matter what happens, you need to back it up. You never know when your hosting platform is going to have a fire and burn to the ground. What are you going to do if that happens? Are you in a situation where you can build your website straight up and down on another platform?
Or if you don’t like the platform you’re on, and you want to move it to another place. You have to have a backup of it. Otherwise there’s a lot of work involved.
One thing that people don’t do is they don’t visit their site regularly. And I’m talking 1-2x a week, 1-2x a day, but no less than 1x a fortnight. Because you never know when these have to be applied. You never know whether someone’s left a comment, unless it’s emailing you as well. But if you’re visiting it regularly, and you can see what is happening, then you know that the look and feel of the website that you’ve produced is going to stay the same. And it’s very important you see it as regular as possible.
Getting down to the security component of what we’re talking about, most websites do not have a way of informing you that people have logged on or that something has happened or there’s no regular scan of PHP or of SQL. Now this is a module that goes onto WordPress. I’ll talk about WordPress here, but they have got modules that work with HTML and a number of the others CMS systems.
This module is very important. For one, it tells you when people log on, from where they’re logging on and if people have failed to log on. So if these people are trying admin, you’re going to get a message, or a consolidated message every day about these people who have been trying to access your site.
But Securi has two more things. They have a one-click secure system. So you install this plug-in on your website, and when you hit the secure one-click, it locks all of the PHP down, it changes some of the permissions to a level where things are still going to work, but they’re a lot more secure.
And if you really want to be secure, and you start to look at other components like e-commerce and gateways, then you need to start looking at a proxy gateway. Now a proxy gateway will cost $20-$40-$60 a month. If you’ve got a regular website that is getting accessed every 2-3 hours, 10-20-30x a day, as a small business, you need to start thinking about what these people are doing and how they’re getting to your website.
A proxy gateway creates your www request coming into the gateway and then getting physical forwarded to your hosting site. Now, what that does is it makes this part of your website very secure. Because they’ve got to come through this gateway before they can get to your site.
This site if it gets compromised, not a big deal, because there’s no information on that site or that area of the gateway. But is it going to allow the system to be compromised?
So instead of affecting this, trying to affect that, nothing happens. So they’re always in the situation where this information is going backwards and forward, and that is under SSL or TSL. So it’s all secure. And you then know that your site is going to be relatively secure. And that makes it a lot better for your website itself and for your own peace of mind.
So as I said, they are out there. The cyber criminals are targeting you not because you have something they want, but because you are connected to the internet, and that is really important. It’s a big message to get across. The fact that although you may think you don’t have anything worth stealing, or you’re too small to be a target, or it’ll never happen to us, with the script keys and the hacktivists and the real life hackers targeting your website just because you are on the internet makes you a target.
So you have to make sure that although you are a target, you try to take yourself away by putting in a few initial systems that will protect you.
Now if you go to our website at the bottom of this page, there is a security website checklist. Just download it, leave your first name and your email address, and you can see – and this will give you an idea of where your website is and what you need to do to protect it.
10% of the global population that use the Internet have more than a basic understanding of the digital world. There is a severe disconnect between what is done and what needs to be done when protecting an organisation from cybercrime.
Throw terms like dark net, cloud technologies, IOT (internet of things) or BYOD and most managers, board members and owners shrug, glaze over and say that it is an IT problem.
In today’s threat landscape, cybercrime, is a business risk. Probably one of the biggest risks a business will face. Like all business risks it has to be addressed as soon as possible. But what are you addressing?
In most cases management teams, board members and owners consider cyber and digital protection an unreasonable and unjustifiable expense for the organisation (until it’s too late that is). In most cases they under invest in Digital Security, for no other reason than they do not understand the problem.
From a business perspective, of the thousands of attacks on most business systems, mobile devices and other devices that are connected to the digital world every year only one has to succeed. As an organisation, we have to stop them all. That compromised system is the Trojan horse to get into your organisation.
We have all experienced a virus and how hard it is to stop and clean up. Image if that virus was just the scout of a more costly attack. You don’t have to image it, in most cases it is the vanguard of your worst nightmare!
The recently discovered attack on 100 worldwide banks that netted the criminals around $1 billion was done through a very sophisticated process that included boutique malware (undetectable by the best AV), social engineering, bad work practices, substandard policies and procedures and a lack of auditing.
The perfect storm that netted the bad guys all of that money over a 2 year period.
Compared to walking into a bank with a gun, or blowing the safe, this theft is relatively painless. It is very profitable! Very profitable and relatively safe! Catching the bad guys is remote, difficult and the criminals that do get caught show Darwinism at its best.
These 3 factors make the management of cybercrime difficult:
The cost of Digital Security technology!
Walk into any office, locks on the doors, motion detectors in the rooms, alarms on the windows, possibly biometric locks and access and in some cases bollards out front. These are known protections that have come about in the last 100 years. Costly but important protection.
Protecting the Organisations digital assets is a little harder.
If an organisation does not understand the WHY of cybercrime and Digital Security the protection requirements are often underestimated.
The business management’s attitude that free or cheap is the solution reigns supreme.
Free anti-virus must be better than having to pay a monthly or annual subscription for a managed end point protection system! The fact that it only captures 90% of the known problems is irrelevant.
Or purchasing the inexpensive router from the local retail shop will do the job of a router with UTM (unified threat management). The attitude that we just need a device that connects to the Internet is often heard.
There are thousands of other examples where free or cheap is the solution that is taken by SME’s and even larger Organisations.
When it comes to technology – you pay for what you get and scrimping on Digital Security by buying the cheapest means you are exposing your business to unnecessary risk.
The cost of protection can be exceedingly high and that is the main reason that risk management and risk assessment is paramount in those decisions. Throw away lines like “we are too small to be a target” and “it will never happen to us”. These are based on myth and legend. Like a normal risk factors, understanding and then mitigating the risk has to be front of mind and in Digital Security, mitigating those risk comes at a cost.
The Digital Security jargon (non jargon) is hard to understand!
There are times when the discussion around cybercrime and Digital Security is difficult. I will even admit that at times I have trouble understanding what sales and technical people are saying, and I have been in the industry for more than 30 years.
One of the reasons for this disconnect is jargon. Each manufacturer has a new word, new catch phrase, new product name or new operating system, that someone somewhere in the purchasing organisation has to now learn, understand and manage.
Getting straight and understandable answers to basic questions in the digital space can also be difficult. The answers are made more difficult if you cannot understand them or worse still have not asked the right questions.
Paramount to protecting business information is to understand what information needs to be protected.
This communication disconnect also happens when describing the criminal element. Malware, zombies, botnets are the tools of the digital criminal, but most businesses do not understand the impact that they have on the protection paradigm.
In most cases businesses do not understand why they are being targeted with viruses or malware.
“Why did we get a virus, we have nothing worth stealing” is a cry we get regularly! Everyone has something worth stealing even if it is just the storage and cycles used by the system itself to become a zombie or to join a botnet.
Digital Security Protection is difficult to manage!
The next problem with Digital Security is the management of all of those digital components. Organisations believe that digital protection is “set and forget”. A couple of years ago this might have been true.
Thinking that once it is in place you don’t have to worry about in today’s digital world is a bad idea and can have devastating consequences. Not updating a device for 12 months or in some cases 3 years is definitely not best practice.
All of the components that protect the business have to be updated regularly, checked regularly and most importantly tested to ensure that they are working to design specifics. Once again Jargon is a problem.
The digital threat landscape is constantly changing. The bad guys know this because in most situations they are behind the changes.
Digital Security is a holistic process. Once again jargon impacts the Organisations decisions. To make a correct risk assessment on the organisation you need to know:
What needs to be protected?
How will it be protected – this is the technical component of the risk analysis process
Who needs access to it?
Does everyone in the organisation need access to all information?
Can components of the information be separated?
You have to have a basic understanding of the required components that are protecting that information before you can make decisions.
Convenience is usually the primary driving force for business. It is also the driving force with applications and systems. Security should be more important than convenience, most of the time it is further down the list.
This post is addressed to all of those small business, the businesses who have an email account, a laptop, an accounting package, a couple of smart phones and tablets and a desire to utilise them to their best. So I am talking to Tradies, Mom and Pop businesses, small sub-contracting businesses and micro businesses.
Welcome to the digital world and it is nothing like the real world. The digital world can be and is a very dangerous place. The criminals only have to get their attack right once to win. We have to protect ourselves and your information all the time.
Most cybercrime attacks in the digital world use malware to target all connections to the internet through automated systems. These automated systems make up 85% of attacks and they are happening all of the time. 18 computers/devices get compromised every second through these automated systems and although they may not have anything of importance on them the actual hardware can be used to target others on the Internet. This in the long run costs you money in traffic or reputation.
Here is the best way to protect yourself:
Every password that you use has to have the following features.
They have to be more than 8 characters long,
use numbers, letters and symbols and
have to be unique for every web site or location that you need a password.
Your email account is the keys to your kingdom, if you lose access to it then you are in very big trouble.
Using cloud technology
Cloud technology has come a long way in the last 3 years. In a business sense we can now do a large amount, if not all, of our business in the cloud. From cloud based CRM for client management to accounting software for billing and invoicing. From web based email to project management for managing projects they are all there in the cloud.
The good thing about the cloud is that most of the products are accessed through a web browser and can be accesses from any system that has browser capability. Although the underlying platforms security is managed by the vendor it is the user’s responsibility to have a secure password to ensure that no one else can access the information.
Bank accounts and credit cards.
There are so many ways that a criminal can gain access to your bank accounts. A key logger through a virus or malware. A RAT (remote access Trojan) that can actually take over your digital device and do whatever it is programmed to do.
But the bank accounts are not the only problem. Pay wave is becoming a target for criminals, to a level where an RFID scanner can access your credit card, in your wallet, from 30 feet away.
End point protection
All devices that have a connection to the Internet have to have some sort of personal protection. You can go with a licensed copy of an anti-virus or you can go with a free system, no matter what they have to be protected at all times. We recommend the free AV – Forticlient as it does most of things that you need.
In addition to real time protection you also need to to a regular scan of the whole system.
How annoying is it when the system comes up and tells you that it has updates to apply. This is a good thing. The systems are updating code that has been found to have errors or inaccuracies in it that will allow an attacker to gain full control of your machine, phone or tablet. These errors are what malicious code targets through viruses and worms.
All systems use subsystems like Java and Adobe and these are also regularly updated by their manufacturers.
Backing up / business continuity
Even when you think that nothing can go wrong, that when something does. Having all your information in the cloud, email, accounts, CRM or project management, what happens if you can no longer access your information? How long will your business last without email, or the ability to invoice clients.
This is why some level of backup, disaster recovery and business continuity is required. Thinking through to a point where if this happened what will my business look like, how will it work is very important for the everyday operations of the business.
When it comes to cyber and digital security, what happens if you get a virus from an email on your laptop, or visit a website and get a malware infection on your smart device? Where is a copy of your schedule, or your contacts? This is why you need some level of backup.
Paranoia and awareness
Have I instilled a little bit of paranoia in you yet. To tell you the truth, that is good. On the Internet everyone is targeting you, so in fact you are not actually paranoid, just being very aware.
Small operations have enough to worry about when it comes to business. By being aware that cybercrime is a legitimate threat to that business is important. Being aware of the problem means you will make additional decisions based on those threats.