Six Security Strategy Tips for Your SME

/in /by

StrategyDriven Risk Management Article |Online Security|Six Security Strategy Tips for Your SMETo ensure that your SME is protected from security threats, there are various strategies that you can implement. Your business could suffer from financial loss if security is breached, whether it is online and computer security, through employee errors, or the security of the building in which your business is based. Staying ahead of the latest security development in your field is essential, and could help to ensure your company has a future. Here are six security strategy tips for your SME.

1. Network Security

There are an increasing amount of security threats to your business that come from the internet, and one strategy you can use to protect it is to make sure you have good network security. This means using different layers of protection, such as anti-virus software that can stop computer systems being affected by malware.

2. Password Protection

Make sure you have different passwords for the area you need to log on to online. If a hacker were able to get access to your password, then it would only be one account affected rather than the rest of them that have the same password. Change your passwords regularly, and use a combination of letters, characters, and numbers, so they are not easy to guess.

3. Updated Software

If you do not regularly update your software, it leaves them vulnerable to attack, and they are not equipped to deal with the newest forms of cyber threat. When you update, it repairs any weaknesses that hackers could use to infiltrate your systems. Sometimes it is not convenient to update, especially when you are in the middle of a task. However, it is not something that should be overlooked.

4. Don’t Click Spam Email Links

Any inbox gets its fair share of  and they are not always easy to spot. However if they come from an address that seems to have lots of letters and numbers in it or the title doesn’t look like something usually sent to your business, avoid opening. If you do have to open an uncertain email, never click on any links it contains as it could be malware.

5. Use Encryption

Encryption makes it difficult for hackers to make sense of any information they steal, as an encrypted file will look like a string of nonsensical code. This adds another level of security for your business.

6. Train Employees

If your employees use laptops or have work stored on other devices, make sure they are aware of the dos and don’ts about security. Confidential and sensitive information can be stolen if they accidentally lose their laptop, or use WiFi in public places. Keep employees up-to-date with any relevant training, and this should minimize the risk of having data stolen from your business.

Cyber-crime is increasing, so getting the right security strategies in place is essential. If sensitive data is stolen, your business could find it hard to recover. Take the right steps to avoid security threats now, and have peace of mind for the future of your company.

How to deal with cyber-attacks: publicly or privately?

/in , , /by

StrategyDriven Risk Management Article | How to deal with cyber-attacks: publicly or privately?Cyber attacks spiked 164% in the first half of 2017, compared to the same period in 2016, entailing 918 disclosed breaches-according reports on broadcaster CNBC. Threats vary from sector to sector. Healthcare, for example, is more susceptible to crypto-locker ransomware like the infamous WannaCry.

Internet-connected consumer devices often fall prey to malware that shackles them to remotely controlled botnets such as Mirai. Varied though the threat may be, and staggering though these numbers are, the word disclosed highlights a central paradox: While transparency contributes to the overall fortification of cyber-security protocols and procedures, battening down the hatches presumably mitigates further financial risk.

Sure, a disclosure is immensely beneficial in terms of buttressing industrial safeguards, national and global security, and customer protection – not to mention mitigating the longer-term repercussions of an attack – but so too can disclosure exact lasting damage on a bottom line.

Fighting back

The nature, intent, and consequences of an attack notwithstanding, the way companies have responded to breaches is closely related to their designation: public or private. CFOs at public and private companies face different risks and pressures when it comes to cyber-security and disclosure, and exhibit divergent perspectives when it comes to preparation.

Broadly speaking, public company CFOs are more likely to outsource cyber-security to third-party firms, while private CFOs tend to invest in in-house IT teams. Regardless of who secures a company’s network, breaches are often known by CFOs before they are made public. By disclosing a breach, CFOs of publicly traded companies might trigger investor panic and sell-off, whereas private company CFOs risk irreparable harm to consumer and employee confidence.

On one hand, foreknowledge of pending disclosures can put unique pressure on public company executives, who often own considerable amounts of company stock. The ongoing federal investigation of three Equifax C-suite managers for insider trading arose due to alleged stock dumping prior to the revelation of the company’s catastrophic cyber-attack.
Equifax underscores the tension between a public corporation’s responsibility to its board, shareholders, and customers, and the financial implications of both the breach itself and legal requirements governing its reporting and remediation.

On the other, while private companies aren’t under the same legal obligations in terms of disclosure, and while the short-term consequences may be less impactful, these companies still face long-term pitfalls, such as lost trust and tarnished brands. Moreover, a medium-sized business may not have the capital or reserves to recover reputationally or financially after a major data breach the way a multinational corporation can.

Additionally, the moderate scale of many private companies sometimes instills a false sense of security. Middle-market businesses often assume they’ll be overlooked by attackers, whether due to a large number of similar companies, or a lack of enticing assets. After all, isn’t it the bigger fish that stockpile the type of data and info that hackers tend to target?

Be prepared

A lack of proper preparation only exacerbates the panic once an attack does occur. Attempting to deal with an attack on the down low can earn private enterprises a reputation as easy marks, and provoke subsequent attacks. Further, if the rearguard strategy backfires, or is exposed by the press, this can amplify the damage to a company’s brand and leadership, not to mention potential legal consequences if a court can prove negligence.

In terms of the bigger picture, the lack of reliable data pertaining to attacks on private companies leads to lopsided analysis regarding the multifaceted aims and motives driving these attacks, resulting in a sort of half-finished portrait of the threat landscape.

While cybersecurity prevention could be vastly improved by greater information sharing, some surveys of CSOs indicate that only one in seven attacks are reported to authorities. Alas, as it stands, adequate event modeling, and risk and security assessments, are being stymied by a lack of shared intel on private company breaches, effectively hampering the development of comprehensive prevention and management strategies.

This lack has precipitated the introduction of numerous cyber-security regulations around the world, and though the regulatory ecosystem is in a state of flux, the global trend is invariably toward greater transparency. CNBC notes that “governments around the world are introducing legislation which will force more companies to disclose data breaches,” a reach that already extends to private enterprises.

Regulatory environment

Both private and public companies are compelled to comply with local, national and global disclosure regulations, including Sarbanes-Oxley (SOX), the Health Insurance Portability and Accountability Act (HIPPA), and the EU’s General Data Protection Regulation (GDPR).

The GDPR, which regulates the collection and storage of customer information and data, and can levy fines of up to €20 million, requires that private companies disclose if they have a footprint in Europe, or otherwise handle the information of European citizens.

In the US, Sarbanes-Oxley (SOX) indexes the responsibilities of both public and private companies, including rules pertaining to compliance with federal prosecutors, and criminal penalties. Further, HIPAA governs how any company, public or private, handles personal health information.

Though public companies, traditionally, may have shouldered an inordinate amount of the fallout from disclosure, this has left them better readied for the implementation of legislation designed to enforce transparency. Even more advantageous, public companies now have hard-won practice mitigating the financial risks and ramifications resulting from disclosure.

Private companies, by contrast, are less aware and agile in terms of prevention and response; protecting their brand, for example, or proactively communicating with clients. Simply put, having been in battle, public CFOs are stepping up and getting more involved with cyber-security, while private CFOs, hovering on the sidelines, appear far more circumspect.

Make no mistake: this problem is only getting worse. The situation could improve rapidly if execs from companies of all stripes and sizes shared details of attacks with the larger corporate community.

Whether you are a CFO of an international, publicly-traded conglomerate, or a mid-sized regional business, it is well within your portfolio to do everything possible to properly prepare for the threat. Engage with the board, secure funding for proper security controls, and encourage leadership to be forthcoming when not if, your company’s cyber attack occurs.

About the Author

Andrew Douthwaite has over 17 years of technology experience joining VirtualArmour in 2007 as a senior engineer. Now as Chief Technology Officer, Andrew focuses on leading growth in the managed security services business and ensuring VirtualArmour is a thought leader in the security industry.

How to Keep Control Over Your Cloud Data

/in /by

StrategyDriven Risk Management Articles | Cloud Security | How to Keep Control Over Your Cloud DataMore people than ever are using cloud platforms for both business and personal use, and the numbers are set to continue growing. Consider how recently it used to be that photos and documents had to be emailed or sent over via a USB flash drive. Nowadays, large volumes of data can be shared quickly and easily, making cloud platforms one of the most essential priorities for businesses and individuals. Now that so many people use cloud technology, the onus has shifted to more security awareness. All online processes are vulnerable to risk, and cloud technologies seem especially vulnerable. If you’re concerned about your levels of security when using cloud platforms, here’s what you need to know.

Access Issues: Your Priority

One of the biggest benefits of the cloud is that you can access your data from any device and from anywhere in the world. While this is very convenient, it also means that hackers have similar access options. It’s vital to remember that although you own the data that you upload to the cloud, you do not own the security infrastructure. Being more responsible for your data is the key to better online security, and if you’re using a cloud platform then you should consider the following strategies to boost your own security:

  • Know what they do: If you haven’t read your user agreement then how do you know how those platforms are planning to protect you? It may take some time, but reading the user agreement will help you to understand how cloud platforms work and how they plan your security. McAfee has some in-depth assessment guides, so if you’re asking ‘what is cloud security’ then this could help you understand just how in-depth the security measures that they use can be.
  • Password Protection: Everyone knows that they need stronger password management. No matter how many times you read and ignore this piece of advice, it remains as true as ever. Never use the same password on multiple platforms, and consider making use of a password management system to give your online security a serious boost.
  • Essential Encryption: This is by far the most effective way of protecting yourself and your data. You can encrypt your cloud data by using software that necessitates an additional password before full access is granted. That way, even if hackers do get into your system, they cannot gain access to the encrypted data. This is essential for more sensitive information. Some cloud providers offer encrypted services as part of their package, and this could be the key trend to watch in the future.

Whatever you use the cloud for, be it personal photos or business documents, keeping your data safe should be a high priority. Understand what cloud providers are doing to protect you, and improve your own personal online security. Don’t assume that hackers only target large corporations. Both small businesses and private individuals are common targets, and you will be able to relax more knowing that your cloud security is fully optimized and as strong as it can possibly be.

How Can A Business VPN Secure Your Company?

/in , /by

Across the globe, VPN services are providing privacy and security to more than 400 million consumers and businesses. Business VPNs are used to help safeguard the information employees send and receive online and protect their internet connections from unauthorized intrusion and other dangerous hacks.

Here, we’re going to discuss how a business VPN can secure your company, so read on if this is something you’d like to learn more about.

StrategyDriven Risk Management Article | Business VPN
 
What Is A Business VPN?

A business VPN is something you use that provides you with end to end encryption for your business device’s internet connection. You get a secured web connection to your company devices, wherever people connect to the internet. You will be able to avoid things like hackers, governments, fake wi-fi, competitors, and more when you use a business VPN.

Is it a good idea for you to start using a VPN? Well that can depend on what your business goals are. We discuss the benefits of a VPN below:

Better Security For Your Business

Hackers and other threats can still be a danger if you have firewalls, antivirus protection, and other things in place. A typical online connection isn’t all that secure or encrypted, so a business VPN can ensure you are protected from the lesser known viruses, hackers, and threats. A good VPN will protect sensitive customer and client information, internal documents, internal communication and other trade secrets. Although it’s possible to pay for a VPN service, it could be a better idea to go for a Free VPN to begin with, especially if you’re not yet convinced of what this can do for you.

Secure Data Sharing

One of the best uses of a VPN is safe and secure data sharing. You will safely be able to share data between your colleagues and even those outside of your organization. You just have to ensure the VPN encrypts your entire internet connection rather than just the connection to your company network.

Remote Data Access

How do you securely connect to your cloud? A VPN allows you to remotely connect into a secure server that hosts the data you need to access, keeping you secure from prying eyes.

Companies that want to improve security while not hindering accessibility for their employees should all look into a VPN.

Avoid International Censorship

If you’re looking to grow your business, this may mean traveling to and from countries that have internet censorship in place – and this can hinder your employees and your progress in a big way. With a business VPN you can choose different locations to appear as if your business is still connecting to the internet just like you were back home.

When you’re thinking about whether a VPN is the right choice, other things to consider include set up costs and management and operations. A business VPN may not might be an ideal solution for every type of company, but the security and flexibility it offers can help those organizations looking to protect their data as securely as possible.

How To Take Risks In Business

/in , , /by

StrategyDriven Managing Your Business ArticleThere are many skills required of a person when they run a business. They need to be able to cope with lots of different situations and turn them around into successes for the business if possible. They also need to be able to manage people, deal with finances, organize marketing, and much more. Something that you might not have thought about before, but that is certainly an important trait when it comes to business, is risk-taking. There needs to be an element of risk-taking in any business if it is going to grow and thrive successfully. If you’re concerned that you aren’t taking enough risks (or perhaps even taking too many), read on to discover just how to do it right.

Search For Solutions

Risks in business should always be calculated ones. This means that you have looked at the situation you might be heading for and determined what the negative outcomes might be. Although you might not like to think in these terms, it is crucial – pretending that things won’t go wrong is a sure way to have problems because if something untoward does happen, you won’t know how to deal with it.

That’s the key; you need to know the potential negative outcomes because you need to know how to combat them if they do arise. Search for solutions for each issue that you might come across, and if they do occur you can deal with them. If they don’t, then you have nothing to worry about.

Think Long-Term

Having an idea that is a possible risk is one thing, but being able to continue once that idea has been implemented, whether the results are good or bad, is another. You need to not only think of the idea and weigh up the risks, but you need to think of the long-term for your business as well. Ask yourself what will happen if the risk you are taking does pay off, and what will happen if it doesn’t. This is important because you don’t want to take the first step and then not know where to go after that. A long-term plan is much easier to deal with broken down into smaller parts – it is also less risky.

Whether you’re launching your own Amazon associates site or building an e-commerce empire from scratch, the same principles apply when it comes to risk and long-term thinking.

Be Adaptable

Even if you do have a plan in place, you need to be able to adapt (and adapt the plan) if anything changes. Trying to continue with your original idea when you really should go in another direction won’t help you and won’t help the business. This is no longer a calculated risk but is instead a stubborn refusal to see that change needs to happen. This will hurt the business, and those being asked to carry out the tasks on your behalf could become extremely stressed by the situation, knowing it the wrong thing to do but unsure how to deal with it. A stressed employee might need time off; they might even need help from the Law Office of Scott D. DeSalvo.

Test First

You might be tempted to launch your new idea straight away because you’re so excited about it and you’re sure that it will do well. However, this is not a calculated risk – this is just a risk, and that’s not a good thing. Wait until you have all the facts and details you need to be able to launch successfully; launching a product and not having the right marketing in place, or not being sure how good that product, service, or idea really is, can be damaging to your business.