Protecting Your Company from Cyber Attacks

/in , /by

StrategyDriven Managing Your Business Risk Management Article |Cyber Attacks|Protecting Your Company from Cyber AttacksHow well are you protecting your company, client and staff data? Holding any kind of data will mean you need to be employing security measures to make sure all information you collate for whatever reason is secure.

Protecting your company from serious cyber threats is something you should be taking seriously within your business. How secure you need to be depends on the type of company you are running. Different sectors need different types of security measures to protect the company and also staff and customers details including personal information and banking details along with credit card numbers.

Use a Firewall

This should be something you use as standard. A firewall is your first one of defence against a security attack. And unfortunately, small businesses tend to be targeted more often than larger companies due to the level of security that is employed.

Consider an internal firewall along with an external one too for added protection against threats and potential hacks.

Educate Employees

Again, this is something most people are aware of. However, staff training on the use of technology and online habits and practises is never a waste of time. Especially as online security threats are changing and evolving all the time.

Draw up company guidelines for personal and work use and educate them on the many ways they could cause a breach in security unintentionally – such as opening links in unfamiliar emails. Make sure everyone understands and signs a document to agree to the security measures they have been trained on.

Limit Sensitive Information

Allowing certain employees access to sensitive information is another way you can reduce the risk of your staff creating a security breach. By giving different staff members limited access, the less the chance of that information getting into the wrong hands. And if it does, then you will know exactly who caused the breach and deal with it swiftly.

Regularly Back-Up Data

Making sure you have backups will help you get up and running again in the event of a security breach. Prevention is always the best option but you want to make sure that should the worst happen, you can still access everything you need to.

It is recommended that you back up to a cloud. The GCC High Cloud is now available for more companies to offer you another level of security.

Have your backups processed on a regular basis to ensure minimum disruption in the event of a security breach.

Install Anti Malware

A 2016 data breach investigation identified that 30% of employees opened phishing emails. You may presume that all employees know not to open phishing emails, some will still open them.

Phishing scams involve malware being placed on a computer when a link is clicked. installing anti-malware can help remove and/or block this before it gets any information or causes any damage. Include this as part of your training and make sure your anti-malware is running on all devices and internal and external networks.

Keep Your Workplace From Going Viral

/in , /by

StrategyDriven Risk Management Article | Keep Your Workplace From Going ViralWith the recent virus outbreak many people have become concerned with sanitizing their workplace to prevent the spread of the virus and germs. As a cleaning professional with over 25-years of experience, I have some good insights on how to handle this process. We at Cleaning Group Inc. have developed a protocol for disinfection and preventing infection in offices, gyms, medical facilities, restaurants, and other venues where the public meets with your staff.

The first piece of advice I can give you is don’t panic. Panic prevents rational thought and hinders the ability to make informed decisions. The first thing to do is assess the actual exposure. This is determined by how many people visit your facility on a regular basis and the probability that those people may be infected. Medical offices that treat patients or perform procedures in-office are at higher risk of infection than an office that only has a few employees and rarely receive visitors. The next thing to consider is where germs can be transferred. The most common places transfer takes place are telephones, door handles, light switches and restrooms. Air quality is another consideration as germs may become airborne and spread through ventilation systems.

Whether your workplace has a high or low risk, you should consider consulting a professional to assess what needs to be done in your facility. A professional cleaner will determine exactly what your individual needs are. There are safeguards that everyone can take. Start by informing employees, coworkers, clients and visitors of the risk factor. If you are a medical office treating infected patients or if you have employees who have been exposed, you need to inform everyone who enters your facility to take precautions. If you are hosting a meeting or conference, designate areas where visitors will be and properly clean and disinfect those areas before and after the meeting. Put hand sanitizing stations at entrances and lobby areas. Most people will use it if it is available. I recommend a touch free dispenser. When several people touch a soap dispenser before actually using the soap, they are leaving germs on the dispenser. Designate a phone that your visitors may use and place disinfecting wipes next to it with a sign asking people to wipe the phone before and after using it. Any keypads or touch screens that are heavily used should be treated the same way.

Signs should be placed in all restrooms asking everyone to please wash their hands. Touch free soap and towel dispensers are a great idea. Touch free faucets are beneficial. Electric hand dryers are better than paper towels. The restroom fixtures should be disinfected at a frequency that coincides with their use. A cleaning professional will be able to determine the proper frequency. Using the proper chemicals is key. For example, bleach evaporates much quicker than most other water-based disinfectants. In order for a disinfectant to work properly it must remain on the surface for several minutes. All surfaces should be wiped with a disinfectant daily.

Treating the air can be the trickiest. I recommend changing filters weekly using a high-quality filter that traps the most amount of allergens. Hepa filters work best. Having ducts professionally cleaned will help prevent germs from collecting in the ventilation system. Disinfectant fogging is the best way to treat the air and kill airborne virus. This process must be done by a professional. The fogger atomizes the disinfectant and sprays it into the air. This will treat areas that are hard to reach and may normally get overlooked.

Lunchrooms and kitchens are another area where disinfecting is important. Utensils and cups should be washed, dried and put away in a cabinet. Everyone should clean cups and utensils before and after each use. Water cooler handles should be disinfected as well. Make sure you replace kitchen sponges frequently and use an antibacterial dish soap. Wipe counters with disinfectant before and after each use also.

The best defense against germ and virus transfer is a good plan. Work with a cleaning professional and consult your local health department to assess risk factors and determine the level of reported infections in your area. These and other tips are available in more detail in our guidelines for disinfection. I realize that some of these things may seem extreme or expensive. Most business owners are reluctant to increase the cleaning budget. I can assure you that the money is well spent. Keeping your customers, clients and employees healthy is as equally healthy for your bottom line.

About the Author

StrategyDriven Expert Contributor | Glenn GreeleyGlenn Greeley is founder of CGI Cleaning Group Inc. headquartered on Long Island. For more information visit www.cleaninggroupinc.com, call 631-669-6033, or email [email protected] for a free disinfecting guideline.

What your employees can do to reduce cybersecurity risk

/in , /by

StrategyDriven Risk Management Article | Cybersecurity | Cyber security | What your employees can do to reduce cybersecurity riskNo longer just the responsibility of the IT department, cybersecurity is something that all employees have a vital role in. From making smarter decisions in the workplace to understanding how to spot common attacks, employees can do much to combat cybercrime in all of its forms. Here we take a look at the things that your employees can do to help keep your business secure.

Install regular software updates

It is unfortunately the case that many employees leave their computer turned on at all times – even when they’re out of the office. The convenience of having all windows and browsers tabs open when they return to work is offset by one a major cybersecurity weakness – computers with out-of-date operating systems and applications.

When an employee does not regularly turn off a computer it can leave the system without critical updates that are only installed when it is shut down. These updates fix vulnerabilities and weaknesses that could be exploited by cybercriminals. This is why it is vital that employees shut down their computers regularly.

Understand the dangers of phishing attacks

Phishing is still a major problem. We have all seen a phishing email; sent from a fake account and designed to look like a legitimate sender. The email will attempt to trick you into clicking a link and being sent to a duplicate version of a genuine site, with the exception that when you enter your login details, these will be harvested by criminals.

You might think you know how to spot a phishing scam – but phishing is becoming more sophisticated in 2020. A rise in deepfake voice phishing could see employees tricked into sending money to scammers or revealing sensitive information after getting voice messages and calls that sound like they are from senior executives.

It is important to understand these risks in order to be able to combat them.

Broaden their cybersecurity awareness

It is important for your employees to stay up to date with the latest tactics and techniques being used by cybercriminals. Providing employees with regularly updated training can be hugely valuable in boosting their knowledge and understanding. Employees with good cybersecurity skills and knowledge make a valuable line of defence against cybercrime.

One way that you can assess the cyber maturity of your employees is by engaging a cyber security company to carry out a pentest of the organisation. For example, this could take the form of a simulated phishing attack to see if any of your employees give out their log-in credentials.

Work closely with the IT department

It is important that employees should avoid any instances of “shadow IT”. Shadow IT is the term for any application or software that is installed on an employee’s computer without the knowledge and consent of the IT team.

Going through the process of having a piece of software signed off and approved can be frustrating and time consuming, but failing to do so can lead an employee to download software containing a vulnerability which can be exploited by hackers. Or which isn’t updated in the future by the IT team when known issues are identified in the software.

Be willing to invest in enhanced security tools like privileged access management, so system users are provided with different levels of access. This ensures greater control and, therefore, security.

Set strong passwords

Experts disagree as to whether employees should change their passwords on a regular basis. On one hand, changing passwords can be an important way to limit the risk of stolen passwords being used to access accounts. But on the other hand, employees being forced to remember too many different passwords will often result in them instead using unsafe workarounds.

It can be agreed, however, that the use of weak and commonly-used passwords is to be avoided. According to cybersecurity specialists, businesses can prevent staff from setting common passwords by enforcing rules and complexity such as the use of special characters.


Follow good cybersecurity practice away from the office

It is important if an employee works from home or remotely, that they should follow good cybersecurity practice when they do so. Any time that an employee accesses company data they should do so in an environment that is as secure as the environment in their workplace. Their remote computer should have cybersecurity measures just as powerful as those in the office – otherwise they are making themselves an easy target. For example, using public Wi-Fi is a major security concern.

Backup data regularly

Ransomware is still a problem, and losing access to business-critical data can be a major problem for any company. That is why it is vital that employees should use their company’s corporate network where possible as this is likely to be backed up regularly by the IT team. However, if staff do store data locally then they need to back up their data on a regular basis – ensuring that it is saved somewhere that would not be compromised in the event of a criminal attack.

Final thoughts

It is important that employees understand cybersecurity best practice so that they can act in accordance with it. Informed staff can be a powerful line of defense against cybercriminals.

5 Ways to Improve Your Cloud Security Standards

/in /by

StrategyDriven Risk Management Article|cloud security standards|5 Ways to Improve Your Cloud Security StandardsCurrently, roughly 90% of companies in the United States use some kind of cloud service. While the cloud computing industry may be worth more than $100 billion as of 2020, it’s still yet to reach it peak.

Just about any type of business can benefit from cloud services when it comes to their critical business processes. Cloud computing presents great advancements in efficiency and supportability.But does this shift in technology guarantee your company foolproof cloud security standards? The good news is that the top public cloud service providers offer a highly secure environment for your sensitive business data.

But while cloud service providers are generally reliable when it comes to data protection, they can’t guarantee protection when that data leaves the cloud to other systems.

In this friendly guide, we equip you with the information you need to know about cloud security policies, including cloud computing best practices. Keep reading to learn more.

Why Do Businesses Opt For the Cloud?

For many years after the internet entered the scene, organizations hosted their hardware in an office within the premise or hired space in data centers nearby. In the last decade, cloud computing has completely transformed that architecture. Companies no longer have to invest in hardware to securely store their data.

The rise of Infrastructure as a Service (IaaS) through cloud service providers means that companies can now entrust their data and systems to a third party. It’s a reliable alternative to hosting your website or storing your data in a physical location. Then cloud affords an organization more flexibility and can significantly cut costs.

How Do You Ensure Topnotch Cloud Security Standards?

As we mentioned earlier, transferring your data to the cloud does not make your information entirely immune to security breaches. But you can avert these breaches by adopting the best security practices. We discuss some of these practices below.

1. Set Up Multi-Factor Authentication

Stealing credentials is one of the top ways cyber criminals use to access your digital business data. That’s why you need to ditch the conventional username and password combination to access business accounts. This combination is often weak when it comes to protecting yourself from hackers.

Among the simplest and most effective cloud security controls is deploying multi-factor authentication. This authentication technique ensures that only authorized staff can access your sensitive data by logging in to your cloud applications. So reliable is this security measure that most security experts consider businesses that haven’t yet deployed it as negligent.

2. Manage User Access

While you want to maintain as much transparency as possible within your company, the fact is that not every employee needs to access every file or piece of information. That’s why you need to set up clear levels of authorization, so every employee only accesses data or application necessary for their job.

You want to avoid incidences of a member of staff accidentally editing data that they have no authority to access. Additionally, you want to protect your sensitive information from hackers who may have stolen the credentials of one of your employees.

3. Monitor User Activity Continuously

What if a hacker succeeds in stealing login credentials and can access your sensitive business data? Well, that’s where real-time monitoring comes in.

Through real-time monitoring, you can spot any irregularities that vary considerably from the normal usage patterns. These deviations include log in from previously unknown devices or IP addresses.

Once you notice an abnormal activity, you can promptly investigate it to determine whether there has been a breach of your system. In case there is, you can fix that security issue before it causes mayhem in your organization.

Besides monitoring user activity, it’s essential that you need to keep a record of instances that your employees have accessed business data and any changes they’ve made on it. This way, you can provide auditors with a report of people who have access to the data at any given time in case there’s a breach.

4. Develop a Secure Off-boarding Process for Outgoing Staff

When individuals depart from your company, you want to ensure they don’t leave with your trade secrets. Create a foolproof process of taking away access rights to outgoing employees so they can no longer access your business systems, client information, or intellectual property.

The off-boarding process may seem easy, but it isn’t. Keep in mind that a departing employee could have access to numerous cloud applications. Revoking access to each of these applications can prove time-consuming.

Have a systemized deprovisioning procedure to revoke all the access rights of departing employees. Some organizations opt for solutions that consolidate user credentials into a single identity that can be turned off for the company’s cloud applications at once.

Remember, you can always turn to an expert to help you with the off-boarding process if you can’t manage it internally.

5. Have a Cloud-to-Cloud Backup Solution

The risks associated with cloud platforms and applications are legitimate. You could lose your data anytime, especially as a result of human actions. For instance, an employee could accidentally delete data, or a hacker may intentionally clean it out.

Given the dire consequences of data loss or manipulation, companies need to have backup solutions. At the moment, numerous cloud-based backup solutions that can protect you. Consult a credible IT solutions provider like charlotteitsolutions.com to help you determine the best solution for you.

You Can Reduce Your Cloud Computing Security Risks

Generally, cloud computing is a highly beneficial option for businesses in the 21st century. However, companies that choose cloud services need to adhere to cloud security standards to get the most out of it. Fortunately, cloud computing best practices are reasonably easy to implement and follow.

Would you like to read more great content like this? Please keep visiting our blog.

Accident Risk Management: How to Deal with an Accident in Kansas

/in /by

StrategyDriven Risk Management Article |Accident Risk Management|Accident Risk Management: How to Deal with an Accident in KansasAlthough Kansas is a relatively road safe state, knowing what to do if the worst happens is quite important in keeping you and others safe. Yes, you can save lives and reduce property damage plus you will know how to handle legal issues after a car accident. Let’s look at some of the key steps you should take to deal with an auto accident in Kansas.

Dealing With an Accident Kansas

An accident can shake you, but you can handle the situation if you can compose yourself before acting. Being angry can be inevitable, especially if you feel that the other driver was reckless, but acting on an impulse will only worsen the situation.

Depending on the extent of accidents, you can try to assist others involved the accidents. Know that there are many ways of helping a car accident victim and the best first aid options will depend on the nature of injuries sustained. Proceed to call or ask a bystander to call the local police, the fire department or an ambulance. If it’s a minor injury, you can exchange information with the other driver and even try to collect evidence from the scene.

It’s important to note that you shouldn’t underestimate the injuries in case you have sustained them. So, ensure you seek medical help and keep the medical reports. You might have been the one on the wrong in the accident but don’t admit liability before speaking to an auto accident lawyer.

Now, Kansas is a no-fault state meaning that the damages incurred in the accident will be covered by the insurer. So, you ought to notify your insurer of the accident to claim compensation. However, in case of severe damages and personal injury, the Kansas no-fault law has an exception. You can file a lawsuit seeking compensation from the negligent party in the accident. Winning a claim in a no-fault state is easier than done keeping in mind that this rule is there to reduce the number of cases going to the court system. But, you can speak to a Car accident lawyer who will help assess your case and help you fight for justice.

Here are a few factors that will actually affect your chances of winning a car accident claim in Kansas:

Factors that Affect Your Car Accident Claim in Kansas

1.The Expertise of Your lawyer

You should not, under any circumstances, seek legal aid from just any attorney in Kansas. Only seek help from car accident lawyers who skillfully handle cases of similar types. A good attorney will handle all legal processes from compiling assessing evidence, dealing with the other party, filing a lawsuit to attending court sessions for your compensation.

2. Your Statements

When pursuing compensation, you will be asked about the accident by different people like police officers, medical attendants, and representatives from insurance companies, etc. They will look for consistency in what you say to determine the credibility of your story.

It is thus important to refrain from giving statements and let a skilled car attorney do the talking for you. It doesn’t matter if you were partially at fault. Tell your lawyer all the facts as this will help in the case. In fact, Kansas uses what’s known as a pure comparative negligence rule in determining compensation. This is to say that you can still get compensated if you were at fault but the amount will be reduced based on your role in the accident.

3. Extent of Injuries

Getting medical reports that detail the injuries and the effect of the pain and injuries to your lifestyle will also strengthen your claim. You should however not be tempted to lie about the pain for higher compensations. Your attorney should be able to guide you on the medical report documents that will help your case.

It’s important to note that there are no definite compensation amounts for car accidents in Kansas. Your compensation will depend on current expenses, expected expenses, and pain and suffering. The record of current expenses factors in medical bills, the extent of property damage, and loss of income. Future expenses factor in disability, inability to work as you used to and medical expenses.

Final Word:

Accidents do happen but you should at least be prepared especially in legal and health matters. You should know the first aid steps to assist in saving lives in a car accident plus you should know how to seek compensation for the damages caused by the car accident. Again, seeking legal assistance from a skilled auto accident attorney is the best way to get fair compensation for the damages and personal injury.