• Prioritize – Every business has specific areas or assets critical to its core operations. Seek the input of valued staff and team members to determine what these are. Is there certain data that would be catastrophic if it was lost or stolen? If hackers compromise a network, or prevent access to certain applications, how disruptive would it be to daily business operations? What kind of potential threats or vulnerabilities pose the greatest risk to the company or your customers/clients? Focus on the most likely risks, not theoretical risks that “could happen.” Asking such questions gives you a clearer and more complete perspective as to where to focus available security resources.
• Develop and Enforce Policies – Every SMB needs to implement a security policy to direct employees on appropriate and inappropriate workplace behaviors relative to network, systems, and data security. Merely drafting this document isn’t enough. Employees must be held accountable if they fail to adhere to policy. Such policies should be updated regularly to reflect new technology and cultural shifts. For example, a document written before social media took off, or before the BYOD (Bring-Your-Own-Device) movement, doesn’t necessarily apply today.
• Education – Ongoing end user training must be provided. Many security breaches happen because employees fail to recognize phishing schemes, open emails from unknown sources, create poor passwords that are seldom changed, and don’t take proper precautions when using public Wi-Fi connections on personal mobile devices also used for work.
• Take to the Cloud – Running applications and servers in-house is a costly endeavor. Leveraging the cloud today allows SMBs to cut costs while also strengthening their security. Cloud operators typically have built-in security features, alleviating SMBs of the burden of maintaining security themselves. Today, not only can SMBs shift much of the burden of IT to the cloud, but they can also outsource much of their security by taking advantage of the remote monitoring, maintenance, and security tools provided by Managed Service Providers (MSPs).
• Don’t Aim for Perfection – There is no such thing as perfect security.  Striving for perfection is expensive and can prove to be more costly in the end.  Improving protection and response would be a more ideal allocation of funds.  It can take a hacker several months to figure out your systems and do real damage.  Having the ability to quickly detect their presence, and mitigate any potential damage they may cause, is a more realistic and less expensive approach than thinking you can completely remove any probability whatsoever of a hacker breaching your system.

Read more about small business IT security by reading all of our blog posts on the subject.

The post 5 Ways SMBs Can Save Money on Security appeared first on TechTastic.

This makes it the responsibility of every business, especially those collecting and storing customer/client information, to implement a multipronged approach to safeguard such information.

Yes, we’re looking at you, Mr. Pizza Shop Owner who has our names, addresses, phone numbers, and credit card information stored to make future ordering easier and hassle free.

Today’s SMB Needs a Robust Security Plan

Protecting your business and its reputation comes down to developing, implementing, and monitoring a robust security plan that adequately addresses everything from physical access and theft to the threat of compromised technology security.  This involves defining and outlining acceptable uses of your network and business resources to deter inappropriate use.  Here are four key components to consider.

Network Security Policy: Limitations must be defined when it comes to acceptable use of the network.  Passwords should be strong, frequently updated, and never shared.  Policies regarding the installation and use of external software must be communicated.

Lastly, if personal devices such as laptops, tablets, or smartphones are accessing the network, they should be configured to do it safely, which can be done easily with a reliable Mobile Device Management (MDM) solution.

Communications Policy:  Use of company email and Internet resources must be outlined for legal and security reasons.  Restricting data transfers and setting requirements for the sharing or transfer of digital files within and outside of the network is recommended. Specific guidelines regarding personal Internet use, social media, and instant messaging should also be clearly outlined. If the company reserves the right to monitor all communication sent through the network, or any information stored on company-owed systems, it must be stated here

Privacy Policy: Restrictions should be set on the distribution of proprietary company information or the copying of data.

The post Four Key Components of a Robust Security Plan Every SMB Must Know appeared first on TechTastic.

The short answer to that question is nothing. In the New York time’s attack, the attackers changed the newspaper’s Domain Name System (DNS) records to send visitors to a Syrian website. The same type of thing can very well happen to your business website. For a clearer perspective, let’s get into the specifics of the attack and explain what DNS is.

The perpetrators of the New York Time’s attack targeted the site’s Internet DNS records. To better understand this, know that computers communicate in numbers, whereas we speak in letters. In order for us to have an easy-to-remember destination like nytimes.com, the IP address must be converted to that particular URL through DNS.

Therefore, no matter how big or small a company’s online presence is, every website is vulnerable to the same DNS hacking as the New York Time’s site. The good news is the websites of smaller companies or organizations fly under the radar and rarely targeted. Larger targets like the New York Times, or LinkedIn, which was recently redirected to a domain sales page, are more likely targets.

For now… There is no reason to panic and prioritize securing DNS over other things right now. But there is a belief that DNS vulnerability will be something cybercriminals pick on more often down the road.

Here are a few ways to stay safe from DNS Hacking…

Select a Registrar with a Solid Reputation for Security

Chances are, you purchased your domain name through a reputable registrar like GoDaddy, Bluehost, 1&1, or Dreamhost. Obviously, you need to create a strong password for when you log into the registrar to manage your site’s files. Nonetheless, recent DNS attacks are concerning because they’re far more than the average password hack.

It was actually the security of the registrars themselves that was compromised in recent attacks. The attackers were basically able to change any DNS record in that registrar’s directory. What’s particularly frightening is the registrars attacked had solid reputations. The New York Time’s, along with sites like Twitter and the Huffington Post, is registered with Melbourne IT. LinkedIn, Craigslist and US Airways are registered with Network Solutions. Both had been believed to be secure.

DNS Hacking, What Else Can Be Done?

Set Up a Registry Lock & Inquire About Other Optional Security
A registry lock makes it difficult for anyone to make even the most mundane changes to your registrar account without manual intervention by a staff registrar. This likely comes at an additional cost and not every domain registrar has it available.

Ask your registrar about registry locking and other additional security measures like two factor authentication, which requires another verifying factor in addition to your login and password, or IP address dependent logins, which limits access to your account from anywhere outside of one particular IP address.

While adding any of these extra safeguards will limit your ability to make easy account change or access your files from remote locations, it may be a worthwhile price to pay.

The post DNS Hacking: Just Because You’re Not a Big Target, Doesn’t Mean You’re Safe appeared first on TechTastic.

Larger companies likely have their security game in check, making it difficult for hackers to crack their data. They have both the financial resources and staffing power to stay on top of security practices. But smaller firms continue to lag when it comes to security. In many cases, the gateway to accessing a large company’s info and data is through the smaller company working with them. Exposed vulnerabilities in security can lead cybercriminals right to the larger corporation they’ve been after.

Cybercriminals Target Companies with 250 or Fewer Employees

Research is continuing to show that cybercriminals are increasingly targeting smaller businesses with 250 or fewer employees. Attacks aimed at this demographic practically doubled from the previous year. This news has made larger enterprises particularly careful about whom they do business with. This means that any SMB targeting high-end B2B clientele, or those seeking partnerships with large public or government entities, must be prepared to accurately answer questions pertaining to security. This requires an honest assessment of the processes taken to limit security risks.

View Security Measures as Investments

CEOs must start viewing any extra investment to enhance security as a competitive differentiator in attracting new business. Adopting the kind of security measures that large enterprises seek from third-party partners they agree to work with will inevitably pay off. The payoff will come by way of new revenue-generating business contracts that will likely surpass whatever was spent to improve security.

Would-be business partners have likely already asked for specifics about protecting the integrity of their data.  Some larger entities require that SMBs complete a questionnaire addressing their security concerns. This kind of documentation can be legally binding so it’s important that answers aren’t fudged just to land new business. If you can’t answer “yes” to any question about security, find out what it takes to address that particular security concern.

Where a Managed Service Provider Comes In

Anyone who isn’t yet working with a Managed Service Provider (MSP) should consider it. First, a manual network and security assessment offers a third-party perspective that will uncover any potential business-killing security risks. A good MSP will produce a branded risk report to help you gain the confidence of prospects to win new business.

A MSP can properly manage key elements of a small company’s security plan and help keep you secure from hackers. This includes administrative controls like documentation, security awareness training, and audits as well as technical controls like antivirus software, firewalls, patches, and intrusion prevention. Good management alone can eliminate most security vulnerabilities and improve security.

Learn more about staying secure from hackers by reviewing our IT Management posts.

The post Stay Secure From Hackers Targeting SMBs appeared first on TechTastic.

So what has your business done to address this need for constant accessibility and optimal uptime? Do you feel you’re doing enough to meet the demands and expectations of your customers, new business prospects and those who have just now found you on Google?

If you’re a small-to-medium sized business owner, do you have confidence in your technology infrastructure? Can you say with certainty that your website, internal server, and mobile applications function smoothly, efficiently, and correctly?
When your IT team leaves work to go live their lives, are you confident that things won’t go bump in the night? That you won’t be ringing their cell phone while they’re out having dinner with their family, or worse yet, sleeping?

If you answer no to these questions, you may be one of the many small business owners who could benefit from cloud monitoring. And you’ll be pleased to learn that cloud monitoring can significantly improve all facets of your business – especially your service, productivity, reputation, and profitability.

What is the Cloud, and Cloud Monitoring?

According to a study conducted by Wakefield Research, 54% of those questioned responded that they’ve never used cloud technology. However, the truth is that they’re in the cloud everyday when they bank or shop online and send or receive email. Business owners, specifically non tech savvy small business decision makers, are still apprehensive when it comes to moving their server and web monitoring services to the cloud.  But FDR’s famous quote, “The only thing we have to fear is fear itself,” definitely applies here.  The cloud is nothing more than moving the storage and access of your data programs from a computer’s physical hard drive to the web. There is nothing to fear.

Benefits of Cloud Monitoring

Obviously, these physical and virtual servers, their shared resources, and the applications they run on, must be monitored. This can be done from multiple remote locations and it’s called cloud monitoring.

Cloud monitoring makes it easier to identify previously unseen patterns and potential problems within your infrastructure–issues that may be too difficult for any in-house support staff to detect. For instance, monitoring ensures that your site is delivering accurate page content and is meeting anticipated download speeds. It can detect unapproved changes, website tampering, and compromised data.

The continuous analysis and testing of your network, website, and mobile applications can reduce downtime by as much as 80%. The speed and functionality of e-commerce transactions are also optimized. Additionally, cloud monitoring tests your email server at regular intervals, which minimizes failure deliveries and other issues pertaining to sending and receiving emails.

Clearly, all of the above, along with the alerts that help identify and fix issues before they become catastrophes, make cloud monitoring an attractive way to gain insight into how end-users experience your site, while also enhancing their overall experience.

Read our prior post on using a hybrid cloud and their cloud monitoring capabilities.

Read more of our blog posts about the benefits of the cloud for small to medium businesses. Contact us at TechTastic

The post Cloud Monitoring Can Be the Difference Maker for SMBs appeared first on TechTastic.

The downside of this need for control is that operating and maintaining everything onsite can be time consuming, super expensive, and it can make your business more vulnerable to failure related downtime and cyber threats.

Although everything can be stored in the cloud at a fraction of the cost, many aren’t responsive to the idea of sharing the infrastructure their technology runs on.

Why a Hybrid Cloud is More Than Just Another Trend

The great thing about the cloud is it’s not an all or nothing thing. This is exactly why so many small to midsize businesses have turned to hybrid cloud solutions. Just as they name implies, hybrid cloud solutions are both on and off premises. It’s the best of both worlds. An entrepreneur can still control certain aspects of the business on-site, but simultaneously exploit the cloud’s cost effectiveness and overall scalability.

For example, a local server can be housed and managed on-site but that server, or just specific files, can still be backed up in the cloud and stored far away off-site. This provides a partial disaster recovery solution in the event of a hurricane, flood, fire, or just a basic server crash.

Here are some tips for developing your hybrid cloud strategy

• Honestly assess the current IT strategy – Over time, as your business grows and technology advances, your well-planned and neatly arranged IT infrastructure transforms into a disorganized mishmash of different servers and disconnected software and tools. View this almost as the spring-cleaning of a cluttered garage. What systems or applications are critical to your business right now and which ones no longer support your current or future business initiatives?
• Know what you want to keep close – Every business will be different in this regard. Certain companies will prefer keeping large files in-house, in a more controlled private cloud for easy access, but may be okay with having their emails out there in the cloud.
• See how others are leveraging a hybrid cloud environment – Services once only available to large enterprises are now available to SMBs. This presents an extraordinary opportunity to be more agile, flexible, and better suited for new business opportunities and growth. Remote monitoring, 24/7 support, and disaster recovery solutions can be easily integrated within a hybrid-computing environment – regardless of operating systems, server types, or mobile devices used.
• Staged implementation – Be sure to plan your hybrid cloud strategy as a multi-year plan that is deployed in phases. For example, in the beginning, private controlled access to a public cloud service can be granted to internal application developers experimenting with a new business initiative. Or a new customer relations management SaaS (Software as a Service) application can be implemented.

This is the year that even small or midsize enterprises are getting serious about cloud operations and a strategic mix of public cloud services and private cloud may make the transition easier.

Contact us at TechTastic

The post Hybrid Cloud is More Than Just Another Trend appeared first on TechTastic.

The Convenience Factor, Easily Build a Cloud Based Business

It once took smaller companies and startups weeks to launch and configure their own IT infrastructure. Doing so also required a ton of overhead costs. Today’s cloud technology provides the benefits of this very same infrastructure but on an as needed and on-demand basis. SMBs can easily build a cloud based business infrastructure for themselves online in less than a minute.

For example, a smaller agency that provides apps for its clients, can turn to a Platform-as-a-Service (PaaS) cloud provider. A PaaS provides companies an environment that enables them to more easily host and deploy apps. They do this by shielding developers from the hassles that come with the set up, configuration, and management of things like servers and databases.

Without having to worry about things on the infrastructure side, the company and its application developers can focus on creating innovative apps that will generate business revenue. Once their server is online and available, they can launch instantly with a 1-click deployment of their application.

Mission Critical Agility & Scalability

In the tech industry, everyone must channel his or her inner Maverick and Goose* because there is a need… a need for speed. Speed is everything and agility is mission critical. The cloud’s rapid provisioning of computer resources can offer additional storage space in mere minutes rather than weeks.

Having that kind of agility bodes particularly well for the scalability needs of SMBs. As business grows and the need to store more data increases, the cloud is flexible enough to resize your infrastructure on the fly and grow with you.

The cost of cloud-based solutions is much more beneficial to SMBs than the cost of traditional shared or dedicated hosting plans. This eliminates the high overhead that comes with buying dedicated hardware and hiring staff to run the servers.

Cloud technology has empowered SMBs by eliminating any need to make the same kind of costly upfront investments that large enterprise are able to incur. There is no longer a need for SMBs to spend thousands of dollars building out a massive infrastructure to support their big data applications. Better yet, backing up that big data is also inexpensive compared to traditional hosting solutions.

• Top Gun, 1986, in case you were wondering

The post How SMBs Can Easily Build a Cloud Based Business appeared first on TechTastic.

We live in a society where everyone must have the newest technology. We are inundated with ads reminding us that the smartphone or tablet we just bought a year ago is laughably outdated and inferior to the upgrade that just hit the market.

People who have just bought the latest technology don’t want to have to set it aside to use a separate company-issued device. As a result, businesses are beginning to grant these employee-owned devices access to their file and email servers, databases, and applications.

While this brings certain competitive advantages to employers, it naturally carries many risks, too.

Let’s begin with the pros of Bring Your Own Device (BYOD)…

The Advantages of Bring Your Own Device (BYOD)

Greater Flexibility and Productivity – Personal devices allow workers more flexibility, which in turn can increase productivity. Today’s employee isn’t restricted to their office workstation or cubicle. They can carry out job responsibilities from home, a coffee shop, their child’s dance recital, or while traveling.

Reduced Costs – Purchasing even the most basic Blackberry for an employee can cost a company $900+ per worker. Costs like that can be completely eliminated by adopting a BYOD policy where employees are required to use their own device.

Happier Employees/Attractiveness to Job Seekers – Recent studies have found that 44% of job seekers are attracted more to employers who are open to BYOD and occasional remote work. Beyond this hiring advantage over competition, it has been found that employees as a whole are generally happier using the devices they own and prefer for work purposes.

Better Customer Service – This goes hand and hand with more flexibility and productivity. Mobility allows employees to occasionally resolve or escalate urgent client issues outside of normal working hours, and clients remember that kind of response time.

And now the cons of BYOD…

Disadvantages of BYOD

Compromised Data Security – Unfortunately, letting employees use their own smartphones, tablets, and laptops increases the likelihood of sensitive company or customer/client data being compromised. It is important for companies to establish a comprehensive mobile device security policy and never make any exceptions to it whatsoever. Really. No exceptions. Ever.

Employee Privacy – Many employees may oppose using their own devices for work, especially if it’s a company requirement that they aren’t reimbursed for. You have to remember that these are the same devices employees use to log into their Facebook and Twitter accounts or do their online banking. In this age of constant paranoia over big brother watching our every move, employees may be concerned that their employer will spy on them or access their personal passwords and information.

Handling Employee Turnover – Companies must consider how they will address the retrieval of company data and information from an employee’s device if the employee either quits or is fired. Some companies may require that employees only save or edit company files on their servers or use cloud-based sharing software like Dropbox to share and edit docs.

The Importance of a Mobile Device Management Tool

Obviously, businesses must keep track of all of the devices that access their server, applications, and data. Mobile Device Management helps enterprises centralize what is an otherwise chaotic hodgepodge of devices and operating systems. This ensures that all devices are configured, deployed, and properly monitored and managed. This is a smart way for businesses to embrace BYOD while securing data and applications across multiple devices.

The post The Good, The Bad, and the Ugly of Mobility & Bring Your Own Device appeared first on TechTastic.

This is a real cause for concern since data breaches have the ability to put many already financially challenged SMBs out of business. If customer/client data has been breached, there could be potential litigation costs, and naturally, lost goodwill and an irreparable hit to brand or company reputation.

Don’t Just Say You’re Worried About the Bad Guys… Deal With Them

SMBs say they view network security as a major priority but their inaction when it comes to mobile devices paints a different picture. A recent study found that only 16% of SMBs have a mobility policy in place.

Despite the fact that stolen devices are a major problem in today’s mobile workforce, only 37% of mobility policies enforced today have a clear protocol outlined for lost devices. Even more troubling is the fact that those firms who have implemented mobility policies have initiated plans with some very obvious flaws.

Key components of a mobility policy such as personal device use, public Wi-Fi accessibility, and data transmission and storage are often omitted from many policies. Thankfully, most SMB cybercrimes can be avoided with a comprehensive mobility policy and the help of mobile endpoint mobile device management services.

A Mobility Policy Is All About Acceptable/Unacceptable Behaviors

Your initial mobility policy doesn’t have to be all encompassing. There should be room for modifications, as things will evolve over time. Start small by laying some basic usage ground rules, defining acceptable devices and protocols for setting passwords for devices and downloading third-party apps. Define what data belongs to the company and how it’s to be edited, saved, and shared. Be sure to enforce these policies and detail the repercussions for abuse.

Features of Mobile Device Management Services

MDM services are available at an affordable cost. These services help IT managers identify and monitor the mobile devices accessing their network. This centralized management makes it easier to get each device configured for business access to securely share and update documents and content. MDM services proactively secure mobile devices by:

• Specifying password policy and enforcing encryption settings
• Detecting and restricting tampered devices
• Remotely locating, locking, and wiping out lost or stolen devices
• Removing corporate data from any system while leaving personal data intact
• Enabling real time diagnosis/resolution of device, user, or app issues
• It’s important to realize that no one is immune to cybercrime. The ability to identify and combat imminent threats is critical and SMBs must be proactive in implementing solid practices that accomplish just that.

The post Why SMBs Must Proactively Address Threats of Mobile Hacks appeared first on TechTastic.

You’ve read it time and time again. “Bring Your Own Device” isn’t a trend, it’s the future. Workplaces where companies let workers use their own devices for work purposes are the new normal. BYOD attracts new hires and lifts employee morale and productivity. But this doesn’t mean a small business owner should recklessly jump right into BYOD just because everyone else is doing it. Data and network security concerns have to be thought out, defined, and addressed in a comprehensive BYOD policy. Here are three things to consider.

Cost of Support

Most businesses salivate at the thought of the money saved by having employees participate in a BYOD program. With employees using their own devices for work, there is no need to shell out thousands of dollars for desktop PCs, smartphones, tablets, and laptops. While that’s undoubtedly a huge incentive, extra support costs must also be factored in. Chances are your employees aren’t necessarily tech savvy and will need help deploying applications and performing basic yet very necessary maintenance techniques. Unless you have a dedicated IT support team, which most SMBs do not have, you will need to turn to a Managed Service Provider (MSP) in your region for support. A MSP can provide specialized expertise and leverage Mobile Device Management (MDM) tools to keep your network infrastructure and business applications monitored, secured and fully optimized.

Limited Number of Support Devices

Obviously you can’t accommodate EVERY employee-owned device. Limiting the types of devices accepted in your BYOD program will mitigate any need to pay for software or equipment upgrades for outdated devices and keep your infrastructure safer as a whole. It’s important to not be too exclusive, select a broad range of devices and their more recent releases to accommodate the varied preferences/tastes of your employees.

Legal Risks

Adopting BYOD at your workplaces will expose your company to more legal risks. Sensitive business or private client/customer data can potentially be exposed if devices are lost or stolen. The personal online habits of your employees can also increase your network’s vulnerability to viruses, phishing, or hacking schemes designed to steal such data. These increased legal risks are another reason why SMBs must take precautions such as working with a MSP that offers a solid MDM solution to ensure all employee devices are configured, deployed, managed and monitored in a manner that prioritizes data integrity and security.

The post 3 Things to Consider Before Jumping Into BYOD appeared first on TechTastic.