Posts

Winter Is Coming, So Protect Your Business With Its Very Own (Fire)Wall

Game of Thrones fans across the world have spent years marveling at Jon Snow’s dedication to his all-important wall. While business lessons are probably few and far between in Game of Thrones, his dedication to keeping his country safe is one that any company should take on board. You might not need a physical brick wall outside your office, but that doesn’t mean you can’t still use a wall of some kind to keep your company safe.

Virus and spyware protection services like those offered by Charles are a first port of call for any company that wants to keep their data and customers safe. And, once you put managed security services like these in place, you can bet that a firewall will soon follow.

Unlike Jon Snow’s physical wall, Wikipedia describes a firewall as ‘…a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.’ But, what exactly can a security measure like this do for your company?

Your first line of defense

The GOT wall is the first line of defense in case of attack, and your business network firewall is no different. Viruses or malware on a business computer can have a catastrophic impact on your company’s operations and reputation. In fact, malicious malware that steals customer information could cripple your company altogether. In a sense, a firewall works as a shield against attacks like these. Whether you put one in place or trust a managed security service to do it for you, this is a way to improve security with little real effort on your part.

A way to stop anyone getting in (or out)

Like any good wall, a firewall provides a solid support to stop things getting either in or out of your company network. Strong firewalls will inspect the flow of traffic both ways, monitoring and blocking viruses as and when they arise. A firewall can also prevent unauthorized websites to ensure no unwanted pages find their way into your office. As well as keeping your company safe, then, a well-installed firewall can keep distractions like social media and personal browsing well clear of your work environment, and can make for increased productivity all around.

pasted image 0 5A safe place from which to spot trouble

Our GOT favorites continually patrol their wall for any sign of trouble, and this is yet another benefit that a firewall can bring to you. Far from just blocking viruses as they arise, a firewall can work wonders for foreseeing and even warning you of coming trouble. For instance, any firewall will log potential intrusions or unauthorized activity, thus allowing you to check out possible problems before they arise. By foreguessing and blocking malicious applications, your firewall can even do a pretty good job at its own patrol out of office hours.

For these reasons and more, a firewall is vital for security in any business setting. As a company owner, you should, therefore, go forth and be the watcher on the firewall.

Business Risks and How to Prepare for Them

StrategyDriven Risk Management Article | Business Risks and How to Prepare for ThemBusiness is a risky game and one threat that arises that you weren’t ready for can have a devastating impact. Risk management plays a big role in the finance department who are constantly assessing for risks that could impact the company’s cash flow or investments. However, there are a number of other risks that all departments have a view of that can cause big problems if not assessed and prepared for in advance.

Data Breaches

One of the biggest risks to all businesses in modern times if the risk of being the victim of a cyber-attack. Criminals are on the hunt for a range of information from businesses. The most common data they go after are customers personal details. These could include, names, addresses, bank details, and credit card numbers.

There can be huge fines and PR consequences if businesses are found to have been incompetent with their data management. Another piece of information that criminals are looking for is IP information. Stealing intellectual property is becoming very common now and businesses need to have the right systems and processes in place to protect IP that could be worth millions or billions of dollars.

Injured workers

It’s estimated that every 7 seconds a worker is injured in their place of work. Many of the injuries sustained are avoidable but it costs businesses millions of dollars and time in lost production to compensate workers for losses.

Among the questions employees regularly have about workers compensation are ‘how long does it take to receive workers comp’ and ‘are workers comp benefits taxable’. Being clear with your employees about the processes and health and safety procedures you have in place will help to minimize the risk of people being injured at work. This, in turn, will lead to fewer claims if people are more aware of the safety precautions that they need to take.

Product Recalls

There have been many high profile cases of product recalls in recent years, one of the main ones being the Volkswagen emissions scandal. This originally began in 2015 when the EPA found that Volkswagen had been deliberately tampering with their emissions outputs.

There is no limit to the damage a product recall can have on a business. Some businesses have been so badly affected that they have declared bankruptcy and closed down. Implementing tight quality controls and regularly auditing processes, machinery and staff are good ways to ensure that the risk of having a product recall issue is lowered.

Even if your business has never had a product recall issue, you should have a process in place in case this does ever happen. Along with how you will identify a defective product you must think about how you will get the message out to consumers that they need to return the product and what your policy will be on refunds or exchanges. Just as important will also be your PR strategy and how you manage a potential customer or industry backlash.

 

2019 Cyber Security Statistics

Cyber security challenges are not just limited to large banks, credit bureaus, utilities, or other critical entities, they effect all businesses.

The infographic below, presented by techjury, reveals the cyber security statistics for 2019.
 
Cybersecurity Infographic | Tech Jury | Cyber Security Stats – Infographic
 
Republished with permission from techjury.

How to deal with cyber-attacks: publicly or privately?

StrategyDriven Risk Management Article | How to deal with cyber-attacks: publicly or privately?Cyber attacks spiked 164% in the first half of 2017, compared to the same period in 2016, entailing 918 disclosed breaches-according reports on broadcaster CNBC. Threats vary from sector to sector. Healthcare, for example, is more susceptible to crypto-locker ransomware like the infamous WannaCry.

Internet-connected consumer devices often fall prey to malware that shackles them to remotely controlled botnets such as Mirai. Varied though the threat may be, and staggering though these numbers are, the word disclosed highlights a central paradox: While transparency contributes to the overall fortification of cyber-security protocols and procedures, battening down the hatches presumably mitigates further financial risk.

Sure, a disclosure is immensely beneficial in terms of buttressing industrial safeguards, national and global security, and customer protection – not to mention mitigating the longer-term repercussions of an attack – but so too can disclosure exact lasting damage on a bottom line.

Fighting back

The nature, intent, and consequences of an attack notwithstanding, the way companies have responded to breaches is closely related to their designation: public or private. CFOs at public and private companies face different risks and pressures when it comes to cyber-security and disclosure, and exhibit divergent perspectives when it comes to preparation.

Broadly speaking, public company CFOs are more likely to outsource cyber-security to third-party firms, while private CFOs tend to invest in in-house IT teams. Regardless of who secures a company’s network, breaches are often known by CFOs before they are made public. By disclosing a breach, CFOs of publicly traded companies might trigger investor panic and sell-off, whereas private company CFOs risk irreparable harm to consumer and employee confidence.

On one hand, foreknowledge of pending disclosures can put unique pressure on public company executives, who often own considerable amounts of company stock. The ongoing federal investigation of three Equifax C-suite managers for insider trading arose due to alleged stock dumping prior to the revelation of the company’s catastrophic cyber-attack.
Equifax underscores the tension between a public corporation’s responsibility to its board, shareholders, and customers, and the financial implications of both the breach itself and legal requirements governing its reporting and remediation.

On the other, while private companies aren’t under the same legal obligations in terms of disclosure, and while the short-term consequences may be less impactful, these companies still face long-term pitfalls, such as lost trust and tarnished brands. Moreover, a medium-sized business may not have the capital or reserves to recover reputationally or financially after a major data breach the way a multinational corporation can.

Additionally, the moderate scale of many private companies sometimes instills a false sense of security. Middle-market businesses often assume they’ll be overlooked by attackers, whether due to a large number of similar companies, or a lack of enticing assets. After all, isn’t it the bigger fish that stockpile the type of data and info that hackers tend to target?

Be prepared

A lack of proper preparation only exacerbates the panic once an attack does occur. Attempting to deal with an attack on the down low can earn private enterprises a reputation as easy marks, and provoke subsequent attacks. Further, if the rearguard strategy backfires, or is exposed by the press, this can amplify the damage to a company’s brand and leadership, not to mention potential legal consequences if a court can prove negligence.

In terms of the bigger picture, the lack of reliable data pertaining to attacks on private companies leads to lopsided analysis regarding the multifaceted aims and motives driving these attacks, resulting in a sort of half-finished portrait of the threat landscape.

While cybersecurity prevention could be vastly improved by greater information sharing, some surveys of CSOs indicate that only one in seven attacks are reported to authorities. Alas, as it stands, adequate event modeling, and risk and security assessments, are being stymied by a lack of shared intel on private company breaches, effectively hampering the development of comprehensive prevention and management strategies.

This lack has precipitated the introduction of numerous cyber-security regulations around the world, and though the regulatory ecosystem is in a state of flux, the global trend is invariably toward greater transparency. CNBC notes that “governments around the world are introducing legislation which will force more companies to disclose data breaches,” a reach that already extends to private enterprises.

Regulatory environment

Both private and public companies are compelled to comply with local, national and global disclosure regulations, including Sarbanes-Oxley (SOX), the Health Insurance Portability and Accountability Act (HIPPA), and the EU’s General Data Protection Regulation (GDPR).

The GDPR, which regulates the collection and storage of customer information and data, and can levy fines of up to €20 million, requires that private companies disclose if they have a footprint in Europe, or otherwise handle the information of European citizens.

In the US, Sarbanes-Oxley (SOX) indexes the responsibilities of both public and private companies, including rules pertaining to compliance with federal prosecutors, and criminal penalties. Further, HIPAA governs how any company, public or private, handles personal health information.

Though public companies, traditionally, may have shouldered an inordinate amount of the fallout from disclosure, this has left them better readied for the implementation of legislation designed to enforce transparency. Even more advantageous, public companies now have hard-won practice mitigating the financial risks and ramifications resulting from disclosure.

Private companies, by contrast, are less aware and agile in terms of prevention and response; protecting their brand, for example, or proactively communicating with clients. Simply put, having been in battle, public CFOs are stepping up and getting more involved with cyber-security, while private CFOs, hovering on the sidelines, appear far more circumspect.

Make no mistake: this problem is only getting worse. The situation could improve rapidly if execs from companies of all stripes and sizes shared details of attacks with the larger corporate community.

Whether you are a CFO of an international, publicly-traded conglomerate, or a mid-sized regional business, it is well within your portfolio to do everything possible to properly prepare for the threat. Engage with the board, secure funding for proper security controls, and encourage leadership to be forthcoming when not if, your company’s cyber attack occurs.


About the Author

Andrew Douthwaite has over 17 years of technology experience joining VirtualArmour in 2007 as a senior engineer. Now as Chief Technology Officer, Andrew focuses on leading growth in the managed security services business and ensuring VirtualArmour is a thought leader in the security industry.

Getting Started with Small Business Protection

Safety is paramount to the success of your business, which is why larger companies dedicate entire departments to protective measures. Small business owners don’t always have that luxury, leaving them to handle unique risks without a massive amount of protective resources. That creates a real challenge, one that can often lead to digital, physical, and even legal issues most are unprepared to handle.

StrategyDriven Managing Your Business Article
 
So, what can you do? Before leaving your failsafes and security protocols to the wind, check out these tips to help make protection a top priority at your small business. From simple office rules to management tools, here’s the ultimate safety strategy.

Get Rid of Personal Devices

Step one to your plan of action should be eliminating personal or bring-your-own devices in the workplace. This reduces the risk of weak links in your security plan, helping to keep the lid tight on your operations.

While this isn’t always possible, there are workarounds to achieve the same result. Instead of removing these devices from your place of business, adopt a universal security package for your employees. The usefulness of managing and auditing your entire IT infrastructure’s user access rights with a tool like SolarWinds can’t be understated.

Malware Matters

As tight as security may be on your employee end, the world of the web is a malicious place. Malware protection is a vital safeguard for your business, manning the front lines while data enters and leaves your servers. It’s still important to train employees on security and safety measures, but this set-it-and-forget-it protection is something you can’t do without.

Unique Passwords

StrategyDriven Managing Your Business Article
 
While this 90’s rhetoric shouldn’t need restated in 2018, the number of hacks from even seemingly airtight corporations in the past few years suggests that it hasn’t set in just yet. With a single data breach costing upwards of $1 million on average, this is one area of security you literally can’t afford to overlook.

Ensuring every member of your staff uses a strong password is crucial these days. Have them keep the word used unique, add numbers, and make sure they utilize symbols if possible for the best results. Also, it helps to have your employees change their password every six months to a year.

Physical Security

It isn’t something most business owners want to think about, but individuals within your operation can be just as dangerous as those on the outside. While it is important to trust your employees, it never hurts to utilize cameras and locks when possible. Plus, these tools are an excellent means of theft prevention.

Backup Your Data

From contracts to daily sales, today’s businesses record almost everything online. Technical malfunctions happen at the most inconvenient times, which is why backing up your data is essential. Instead of opting for pricey equipment, consider cloud storage as a frugal yet secure alternative. There are numerous cloud storage services available that can help you create “hard” copies of important information.

Insurance

Even if you’re in the earliest stages of operation, business insurance can save you an enormous headache. Depending on what your business entails, you may need varying types of insurance. Public liability, home business, and indemnity are a few popular examples. Regardless of which kind your business needs, protecting yourself in the event of a worst-case scenario is vital.
Other small business insurance needs include:

  • General liability
  • Professional liability
  • Errors and omissions
  • Owners policy
  • Workers compensation
  • Property
  • Home-based
  • Product liability
  • Vehicle
  • And business interruption

Physical Protection

No, not bodyguards. Physical protection and security come in a wide variety of forms. Each of which is equally as important as the digital ones you’ve set in place. A simple example would be ensuring that your brand is unique to avoid any litigation or legal ramifications.

Another example would be the use of physical documents for contracts and agreements. Aside from creating a professional look, it further protects agreements made between you, your employees, and your clients with a hard copy. Adding arbitration clauses to those contracts is another physical security measure that can prevent legal ramifications down the road.

StrategyDriven Managing Your Business Article
 
Finally, physical protection for a small business can be as simple as creating a safe work environment. Working to prevent accidents and encouraging non-discrimination as well as non-harassment policies might not be the first thing on your mind when the word protection comes to mind, but they are just as important as cyber security measures.

Protecting Your Business

Security isn’t something to take lightly in any business venture, but you don’t have to shell out your earnings on an entire department just to make sure your organization is protected. By following the tips and advice above, you can keep every aspect of your small business from digital to physical secure while keeping things affordable.