Counting the True Cost – Cyber Security Breach

Cyber security breaches are in the news every single day of the week. Yet every day I hear another story about a small business that has had a cyber security breach. When talking to the owners, the anger, frustration and disbelief is evident to see. The shock is expressed in the following words; this is costing me so much, it’s the inconvenience, it’s the damage to my reputation and worst of all I am losing customers and I know they will not come back.

What is the cost for small to medium business?

  • The statistics on the cost to small business are hard to establish but one can only suspect that if big business is $142 per compromised record (Ponemon Institute Research report 2016) that is something similar for small to medium business.
  • From my personal experience, I know a podiatrist whose business incurred a breach of their booking system that took three months before their business was back to normal. Even after this time they continued to lose customers. The Ponemon Institute Research Report 2016 clearly indicates that the loss of business customers is the largest financial consequence for an organisation that experiences a data breach.
  • A breach becomes more costly to resolve the longer the breach remains undetected.

Is a small to medium business subject to fines?

All businesses no matter what size are subject to privacy laws. Currently our NZ Privacy Act which went into effect in 1993 contains breach-related penalties from $2,000 to $10,000. New Zealand’s privacy commissioner is now recommending new civil penalties against companies of up to NZ $1,000,000 for a “serious” data breach to keep NZ up with sterner penalties adopted by Australia and the European Union. Ultimately there is significant accountability on businesses to keep customers’ private information secure or face potentially large fines as well as bad publicity and damage to their reputation.

Why is small to medium business a target?

This may be obvious but every cyber- criminal is looking for a soft target, in effect every small to medium business has more information (data) to target than an individual consumer and, because of resource restrictions and lack of knowledge they have a less secure environment than a larger organisation. This is not only in terms of software but also in having security policies that are effectively implemented. For example; user training, passwords, network access, usage of personal devices and external storage devices such as USB sticks.

Too often small business owners are not proactive because they do not believe they have anything worth stealing.  This is not the case as every small to medium business holds customer credit card information, customer personal details such as bank details and emails.  Every bit of information is useful to a cyber-criminal who can make money, for instance, by selling an email address.

Are the hackers and cyber criminals becoming more sophisticated?

The short answer to this question is YES. In the 12 months to June 2016 the NZ National Cyber Security Centre reported a 78% increase in cyber security incidents over the previous year. Our Australian neighbours (Australian Cyber Security Centre Threat Report 2015) identified that the number of cyber criminals with capability will increase, that the sophistication of the current cyber adversaries will increase making detection and response more difficult, ransomware will continue to be prominent and there will be an increase in electronic graffiti such as web defacements and social media hijacking. All this is occurring because every day no matter what size business you are there is a greater reliance on technology to run and conduct a business. The cyber-criminal is aware of this.

How to minimise and protect your small to medium business against a cyber security breach or attack?

Suggested guidelines for protecting your business are:

  • Complete a risk assessment so you are aware of the areas you are most vulnerable. The suggestion would be to complete this with an IT expert, or use the NZ Government sponsored Connect Smart for Business SME toolkit as a starting point.
  • Educate your staff about the various types of scams such as ransomware. Ransomware is a piece of malware that is often sent via email and when executed it kidnaps your machine via encryption that blocks the user from accessing their machine. The kidnapper then demands payment for the decryption key. Ransomware is often referenced as Cryptolocker, Cryptovirus or Cryptotrojan. Examples include NZ Police notifications, Courier and Post deliveries, Inland Revenue Office, Microsoft support etc.
  • Ensure you have policies that are enforced around passwords.
  • Use up to date security systems such as anti-virus software, ensuring firewalls are in place, proper controls around network access.
  • Ensure you are backing up your data and protecting sensitive data in accordance with the privacy laws of New Zealand.
  • If you have limited IT capability and resources, consider the proactive approach of engaging an IT service provider on a managed services contract.
  • Have a remediation and recovery plan for a cyber security breach.
  • Take insurance against a security breach.

From a technology viewpoint aim for the following:

  • End user security – workstations, laptops and mobile devices all have anti-virus malware protection, scheduled back up and regular preventative maintenance.
  • Centralised user control and back up – critical company information and local files need to be protected and still require regular back up, preferably with offsite duplication to the cloud.
  • Unified threat management and content filtering – can offer maximum external threat protection and enhanced business productivity to your internal network.
  • Disaster recovery and data restoration – business continuity can only be guaranteed with adequate backup and recovery procedures in place

The four key elements in thinking about preventing cyber security breaches are to know your environment, to secure your environment, effectively control your environment and proactively monitor your environment.

The best approach is to make sure that the challenge of cyber security is at the forefront of the business owner’s mind and that of employees.

References:

Bank Info Security

National Cyber Security Centre

The Privacy Commissioner’s Office

Australian Cybercrime Online Reporting Network

Ponemon Institute; IBM sponsored 2016 Cost of Data Breach Study Australia

How to protect your family from cyber threats?

Do you have young children who risk being exposed to pornographic or inappropriate websites?

Do you feel you should control the type of applications your children use and the amount of time they spend on the internet on websites such as social media?
Are you worried your children are using gaming, gambling, or in-app purchasing applications?

If you answered “yes” to any of these questions you are part of a growing movement of concerned family’s’ who are struggling to control their childrens’ exposure to the internet.

Why is access to internet content so hard to control?

There are 3 main reasons why internet consumption by children is hard to control:

  1. Multiple Access – The internet can now be accessed in a variety of different ways. Traditionally the home network was the only access method for most families. Now we have access by mobile data access via 3G & 4G networks, plus the increased availability of free Wi-Fi public access networks, then the additional opportunity of roaming as guests on other private Wi-Fi Networks. Internet access is now available everywhere so managing access through gatekeeping devices such as routers is increasingly ineffective.
  2. Multiple Devices – With internet access everywhere comes the proliferation of multi device access with many children now using a range of smartphones, tablets, laptops, and workstations. Internet access is now available almost anywhere on any device, so managing access of devices is increasingly difficult.
  3. Knowledge – Our children are developing skills and shared methodologies that can circumvent traditional control network mechanisms (such as routers) and device profile user management (such as Windows Parental Control).

With anywhere anytime internet access from multiple devices, is it still possible to regulate internet access to our children?

Thankfully development of cloud technologies has enabled user management to be lifted above the physical network layer and enables user profile management to be delivered across multiple access networks and devices. Effectively the cloud allows an additional layer of control above the traditional approach to user management and content control.

Here is what a cloud based portal can enable:

  1. Block porn and adult content
  2. Restrict access to social media
  3. Restrict access to YouTube and gaming content
  4. Limit access to mobile games and apps
  5. Limit app downloads and in-app purchases
  6. Disable device features including cameras
  7. Set restricted access periods and sleep times across devices
  8. Cover devices in and out of home.
  9. Managed from a single cloud based portal

Given all this is possible, how it is achievable?

As a business who has been help protect Australian and New Zealand families for over 20 years we have watched the evolution of different internet security software and hardware struggle to keep up with these changes. In our view, if families wish to take control of how internet is consumed they must consider using a cloud based portal to provide comprehensive protection.

To the best of our knowledge the most comprehensive and accessible product for family internet management is called Family Zone. Family Zone is a new generation cloud based product that allows for all these changes in technology from anywhere access from multiple devices.

Upgrade to a new Computer or get a Tune Up service?

Does your computer seem unresponsive, sluggish, and unreliable?

Do you feel you spend time waiting for things to happen on your computer?
Is your productivity slowing down as a result of a slow computer?

One of the most common questions we get in our business is “Should I repair or replace my computer?” While it is an individual decision there are several key factors that should help determine your course of action. Obviously, the price difference can be huge and the disruption painful, but what are the key determinants of your choice;

3 key determinants to upgrade your computer?

We suggest you use a 3-step process to determine the correct course of action:

  1. Computer Age; If your existing computer is over 3 years old the risk of catastrophic failure due to hard drive or part failure is much higher,and the overall expected life of a PC that is constant use is rarely over 5 years. Life expectancy is generally lower for laptops that are moved & carried around regularly. Doing maintenance on an old machine might not be the best answer, especially if you are critically dependent on it working correct & if it fails you will end up in an emergency.
  1. Computer Specifications: Check the specifications of your current computer; with the evolution of new software & applications, especially video applications such as Facebook and news services, means your current computer just may not be able to process fast enough to give you performance that is satisfactory.Most new computers now offer significantly more processor speeds & RAM than what was available a few years ago.If you are looking to run the latest versions of Windows 10, Internet browsers (like Google Chrome), Office 365 or Microsoft Office 2016 then it is difficult to get the maximum benefits without modern specifications. If your old computer has low specification components a Computer Tune Up may not resolve all your speed issues.
  1. Computer Maintenance:Assuming you have agreed the first 2 steps are not a problem; then if you are experiencing slow startups, slow application opening, application time outs or regular restarting requests this can generally mean your computer needs a Tune Up. A computer Tune Up is where we do a deep clean to remove unwanted programs and files then the operating systems cleaned of unnecessary bloat. Often just normal use on the web can accumulate,without your knowledge, thousands of small unwanted programs, cookies, and tracking code that ultimately accumulates slowing everything down. The final area of a Tune Up is defragging your hard disk, where the storage space can be reallocated and made more efficient, giving improved performance.

Just like servicing a car we suggest that even the best computer will need tuning at least every 12 months or more frequently if you’re a business user, this can be done using a maintenance plan with automated routines and processes that can be run remotely by your local Computer Troubleshooters.

Repair or Replace?

Given the 3 critical factors above and your individual circumstance you should have formulated your own view of whether you should repair or replace your computer. So what are the options?

Repair – You can simply call in an expert like Computer Troubleshooters to do a computer Tune Up to get your machine back to optimal performance. They will do a series of deep scans and maintenance processes that should remove the bloat. We also would recommend joining a maintenance plan that regularly does this process to keep you at the optimal performance level. Part of this is also reviewing your backup regime to ensure that you will not experience data catastrophe should a failure occur in the future.

Replace – Once you decide to replace your machine there are few options you can consider;

  • Upgrade – Simply replacing the hard drive on an existing computer with SSD (solid state drive) can significantly improve processing speeds and memory without the need to replace the full system. This also significantly reduces a key point of failure risk from an old system.
  • New Packaged– a new system ultimately will give you a new experience in performance, you just need to ensure the specifications will deliver on your expectations. Lower prices can often mean lower performance, you generally get what you pay for. We generally suggest a minimum of 4GB of RAM and an i5 or better CPU. Just bear in mind you may need to repurchase software that was on your existing machine.
  • New Custom – if you have a specific need or application we can help put together a custom-built system option that can take into account your specific user requirements. We can spec, order & install a system specifically for your needs. Ask us for a quote.

You can transfer all your data and settings on to your new computer so that your new machine is setup is the same as previously, this can be done relatively easily by your local Computer Troubleshooters. Just bear in mind that Windows10 is now the standard operating system for PC’s, so you may need to adapt to the new Windows environment.

At the same time we also recommend reviewing your backup regime to ensure your critical data is protected.

Optimal Computer Performance

Regardless of your situation whether it is repair or replace we can help you optimize your computer experience to help you get the best performance. You don’t have to put up with a slow computer. Give your local Computer Troubleshooters office a call and one of their technology professionals will be happy to evaluate the status of your current computer and help you choose the correct course of action.

How to enable your business IT Systems

Is your business struggling to keep up with technology change?
As a business owner are you swamped with IT issues and user requests?
Do your business’ systems seem old and stuck in the past?

IT for most business has changed significantly in the last 5 years. Traditionally Small and Medium Businesses felt they needed to own their own hardware, software and support infrastructure. To have everything located in your office seemed safe and reassuring that your business was in safe hands. Then along came smartphones, Gen Y, and cloud computing!

So how do you take your business IT systems to the new frontier?

Surprisingly the change isn’t as hard or expensive as you think, you just need to see ownership as an old-fashioned way to view IT, you need to think more about access and scale as the key to better IT systems. By leveraging off broadband and cloud technological advances you can now achieve large business outcomes on a SMB budget.

Microsoft Office 365 is now the default software architecture for Microsoft products in Small & Medium Business, it forms the core of new business IT environments with over 80 million users worldwide and growing fast, it has proven to be reliable & solid.

Office 365 Advantages

Office 365 has been built as a cloud “software as a service” product so it is relatively device agnostic, controlled centrally with security top of mind. This means the Microsoft business office 365 environment is flexible, duplicable, accessible & remotely administered. Beyond the standard Microsoft Office suite benefits we have enjoyed for years it delivers additionally on 4 major areas;

  • Bring your own device – particularly smartphones & iPhones (BYOD).
  • Multi Device with Syncing between devices on multiple operating platforms.
  • Tablets, Smartphone & PC smoothing (same software on different device types).
  • Anywhere access – Security enabled and administered remotely.

This translates into 4 key benefits for users;

  • Same Operation – Outlook 365 looks feels and operates similarly on all device types.
  • Cross Platform – Microsoft, Apple, & Android all just work the same.
  • Simple Downloads – once your Outlook 365 tenant has been professionally setup, data migrated, & deployed – downloading the software on extra devices is easy if you know your admin stuff. Software is updated regularly automatically.
  • Syncing – it just works seamlessly regardless of what device you are using, it stays updated and syncs without any drama, knowing that the Microsoft data centre is doing all this in the background makes the value equation easier to swallow.

Personally, having used the combined office software now for some time, and having downloaded my Office 365 on 4 different devices and types (PC, Smartphone, Laptop, & Android Tablet) I am impressed, particularly with Outlook 365 with corporate grade email access from anywhere across the globe, on any device, and all synced and backed up at the Microsoft data centre. This alone is enough to justify Office 365.

Business Owner Considerations

  • Capital investment – do you prefer to invest to upgrade systems or use a pay as you go subscription model?
  • Space and operating requirements – do you need to run your own infrastructure?
  • Maintenance – would hosting dramatically reduce staff or outsource costs for your IT support?
  • Scalability – will you need to add or reduce users in the future?
  • Operating control – can you trust an external IT expert to remotely manage your systems?
  • Applications – can you use hosted applications or do you need to host locally?
  • Data usage and file sizes – are your business characteristics suitable to use hosted applications?
  • Broadband speed and capacity – can your internet bandwidth handle hosted usage?
  • Statutory data retention – does your business have a requirement to hold and protect data?

End user considerations

  • Access anywhere – do your users need access from PC, tablet and phones?
  • Syncing – do your staff need synced email and data?
  • Information sharing – would accessing business information on the move be helpful to your staff?
  • Seamless networking – would eliminating the need for a VPN reduce access complexity and increase productivity?
  • Backup and central control – would automatic backup and centralized control reduce your risk of user originated data loss?

In assessing these considerations, you may need some additional help to determine if the Office 365 alternative is applicable, feel free give us a call to discuss your situation.

Are you ready to IT enable your business?

So hopefully you can see a clear path to IT enable your business using Office 365 as the core software architecture. Office 365 offers a range of advanced tools that enables your employees to be productive anywhere and at any time across a range of devices. With Office 2016 & Windows 10 now fully proven you can combine to get the very latest software across your business knowing it works and is fully compatible.

If you wish to upgrade your IT Systems it will still requires guidance to get it right, so give your local Computer Troubleshooters office a call today and one of our technology professionals will be happy to discuss how Office 365 can benefit your business.

5 Tips to Increase Internet Security in the Workplace

Approximately two-thirds of employers do not monitor their employees’ access to social media sites, according to Media Bistro. As a result, it’s not uncommon for employees to indulge in a little Facebook or Instagram from their work computers. Although many employees use the Internet responsibly at work, a poorly articulated Internet use policy can leave your business vulnerable to hacking, phishing scams and other IT security issues.

Overhaul Your Internet Use Policy

Computer and internet security When was the last time your business revised its Internet use policy and officially updated the employee handbook? If it’s been a few years, it’s worth investing the time and effort into crafting an update. Lay clear guidelines about:

  • Checking personal email
  • Appropriate use of work email
  • Accessing social media accounts
  • Visiting YouTube or other casual entertainment websites

Let your employee know what’s expected. This avoids finger-pointing and arguments after Internet security has been compromised.

Educate Employees About Phishing Risks

Many employees are reasonably savvy about Internet security. Most people nowadays know better than to click on an email link proclaiming they’ve won millions in a foreign lottery. However, today’s phishing attempts are often better disguised. One common version of a scam is a seemingly official email from your company’s IT department or a senior executive. The email contains a link asking employees to reset their passwords by entering their current password.

To keep employees up-to-date about the latest phishing scams, conduct Internet safety training at least once per year. Remind employees that personal information—Social Security numbers, sensitive client information, passwords, etc.—should never be transmitted via email.

Password Security

According to the password management company SplashData, the passwords “password,” “123456,” and “12345678” remained the top options among Americans in 2012. Enhance employees’ password security by mandating more complex passwords. Set a character limit of at least 8, require capital letters or symbols and restrict use of names or birth dates. Even more important is ensuring that employees change their passwords frequently. Every six months, set your email client or other online system to prompt employees for a password change. This limits the potential for security breaches and keeps sensitive information safe.

Never Install Unauthorized Programs

Sure, it’s a hassle to ask an IT representative to install a new program on your machine, but this policy prevents employees from accidentally downloading malicious software. It’s easy to fall prey to hackers, malware and spyware these days—the AV-Test Institute, an Internet security company, registers more than 200,000 new malicious programs each day. To stop identity thieves, routinely scan for identity threats. Communicate these immediately to employees to prevent security breaches.

Police Personal Devices as Necessary

If your company has a bring your own device policy, security is paramount. Before allowing employees to use personal devices for business, reiterate the rules about password complexity, downloading potentially dangerous apps and software and keeping sensitive information secure. If business information resides on a personal mobile device, it must be kept safe.