4 Ways to Protect Your Company Before a Data Disaster Strikes

As a small business owner, do you have an effective data back-up strategy in place? Don’t let a potential data disaster destroy your business. Check out these four tips to insuring one of your company’s most critical assets—your data.

Have you valued the assets in your business lately? You probably have items such as a company car, a building, inventory, office furniture, computers and other assets.  They appear on the balance sheet and all are likely insured. What about one of your most important assets, if not the most important asset, in your business—your data? Have you placed a value on your data? Have you looked at your data as a business asset? Have you valued that asset and have you considered how you are protecting that asset?

Hard assets can be insured and replaced. If an event damages or destroys one of your hard assets, your insurance company will likely cover the loss. If an event damages or destroys your data, will your insurance company issue a check for replacing the data? Likely not. Even if you could receive a check, where would you go to purchase your lost data?

Safeguard your data

You can insure your data with proper data back-up. Simple devices like USB sticks and portable hard drives are really not considered good back-up devices. Those devices can easily fail or are often lost. With today’s ransomware threats, USB sticks, portable hard drives and other network attached devices can easily be infected as ransomware will jump to these devices and encrypt all the data on those devices. In fact, ransomware has the ability to jump to some cloud-based storage applications such as Drop Box and others.

One of the best methods of insuring your data is with a business-class back-up process that is automatic, eliminating the human factor, and one that hides the back-up set from a possible ransomware virus.

When insuring your data, consider the following 4 tips:

Data insurance tip no. 1: Make data location redundant. If you are in a network environment, user data on local machines is automatically saved to the network server and then backed up to the server. In that way, data resides in three locations and you have more options for recovery.

Data insurance tip no. 2: Back up your data every day. Your employees are hard at work every day and your data is constantly changing. If you ever need a data restoration, you want to access the most current information possible and so a daily back-up is crucial. Some back-up applications operate throughout the day but that activity may slow network operations. Unless your business demands constant real time back-up, the best time each day to do a data back-up is in the evening when network activity is minimal or has stopped. 

Data insurance tip no. 3: Make the process automatic. When you automate the process, you can eliminate human intervention and therefore possible human error. You also don’t need to remember to run a back-up or rely on someone else in your company to do it. Use a system that sends an alert when the back-up is complete, indicating success, failure or possible errors.

Data insurance tip no. 4: Use a business-class back-up system. Data protection suitable for a business is different than consumer-level back-up systems. As a business owner, you need something that is robust and dynamic. An effective system captures the data on the server, as well as all devices on your network. You should feel confident that your system can be immediately ready for an efficient restore in the event of a data crisis.

Steve Giordano is president of TeamLogic IT. Learn more about the company by clicking here.
Share
  • Email
  • Next up: 5 Actual Case Studies Prove Energy Savings
  • More in Operations
  • 5 Actual Case Studies Prove Energy Savings

    It’s one thing to talk about energy savings. It’s quite another to show the actual savings amounts and the tangible impact energy efficiency can have on a business’ savings. Listed below are five real-life case studies from companies that have embarked on energy projects and the savings they have achieved.

    It’s one thing to talk about energy savings. It’s quite another to show the actual savings amounts and the tangible impact energy efficiency can have on a business’ savings. Listed below are five real-life case studies from companies that have embarked on energy projects and the savings they have achieved.

    Case Number 1: Office

    Total Project Cost: $29,504

    Total Annual Savings: $7,232

    Simple Payback Period: 4.16 years

    Finance Term: 60 months. Interest rate of 4.25%

    Key Energy Conservation Measures: Behavioral, Lighting, and Insulation

    Year 1

    Year 2

    Year 3

     Year 4

    Year 5

    Year 6

    Year 7

    Year 8

    Estimated Finance Payments

     $   6,692

     $     6,692

     $     6,692

     $     6,692

     $     6,692

     $          -  

     $          -   

     $          -  

    Estimated Energy Savings

     $   7,232*

     $     7,449

     $     7,672

     $     7,903

     $     8,140

     $     8,384

     $     8,635

     $     8,894

     Net Annual Savings

     $        540

     $        757

     $        981

     $     1,211

     $     1,448

     $     8,384

     $     8,635

     $     8,894

     Cumulative Net Savings

     $        540

     $     1,298

     $     2,279

     $     3,490

     $     4,938

     $   13,322

     $   21,957

     $   30,852

    This energy efficiency project has a quick payback of 4.16 years and also generates positive cash flow within the first year of project completion, even after making payments on the loan for the project. Despite the relatively high cost of about $30,000, the project quickly pays for itself, especially while providing extra dollars in the budget of the business in just the very first year. By implementing all of these measures, this business would be able to reduce their energy usage by about 26%.  The top measures to reduce energy consumption for this project were behavioral and lighting, which provide quick solutions and positive cash flow that helps to fund the deeper retrofit of insulation. Key behavioral changes that were exceptionally cost effective for this project were changing the heating and cooling set points for the building. These types of energy conservation measures are quite common for the offices that go through the COSE Energy Audit program.

    Case Number 2: Production/Process

    Total Project Cost: $43,291

    Total Annual Savings: $9,821

    Simple Payback Period: 4.5 years

    Finance Term: 60 months. Interest rate of 4.25%

    Key Energy Conservation Measures: Lighting, HVAC, Behavioral

    Year 1

    Year 2

    Year 3

     Year 4

    Year 5

    Year 6

    Year 7

    Year 8

    Estimated Finance Payments

     $     9,818

     $     9,818

     $     9,818

     $     9,818

     $     9,818

     $          -  

     $          -  

     $          -  

    Estimated Energy Savings

     $   9,821*

     $   10,116

     $   10,419

     $   10,732

     $   11,054

     $   11,385

     $   11,727

     $   12,079

     Net Annual Savings

     $            3

     $        297

     $        601

     $        913

     $     1,235

     $   11,385

     $   11,727

     $   12,079

     Cumulative Net Savings

     $            3

     $        300

     $        900

     $     1,814

     $     3,049

     $   14,434

     $   26,161

     $   38,239

    This project was cash flow neutral for the first year, which means it completely paid for itself through the energy savings. By the second year, this project will provide positive cash flow for the business. A reason this project might only be cash flow neutral for the first year is the inclusion of HVAC measures in the project. But this project is a great example of how something that can be as daunting as replacing your HVAC system can be easily tackled at a zero cost in the first year and even provide extra dollars to your business after the first 12 months. After completion of the energy project suggested for this business, their total energy usage would be reduced by 32%. Despite the large scale lighting replacements, the equally large electricity usage leads these measures to quickly pay for themselves.  

    Case Number 3: Religious

    Total Project Cost: $50,287

    Total Annual Savings: $14,567

    Simple Payback Period: 3.52 years

    Finance Term: 84 months. Interest rate of 5.50%

    Key Energy Conservation Measures: Lighting, Behavioral, Insulation

    Year 1

    Year 2

    Year 3

     Year 4

    Year 5

    Year 6

    Year 7

    Year 8

    Estimated Finance Payments

     $     8,845

     $     8,845

     $     8,845

     $     8,845

     $     8,845

     $     8,845

     $     8,845

     $          -  

    Estimated Energy Savings

     $ 14,567*

     $   15,004

     $   15,454

     $   15,918

     $   16,395

     $   16,887

     $   17,394

     $   17,916

     Net Annual Savings

     $     5,722

     $     6,159

     $     6,609

     $     7,073

     $     7,550

     $     8,042

     $     8,549

     $   17,916

     Cumulative Net Savings

     $     5,722

     $   11,881

     $   18,490

     $   25,563

     $   33,113

     $   41,156

     $   49,704

     $   67,620

    The energy efficiency project for this church featured a quick payback of about three and a half years while offering significant positive cash flow. By financing the project with a loan that was repaid over 84 months, the church would be adding about $5,000 of positive cash flow in just the first year. This high positive cash flow can be linked to the fact that a significant percentage of the energy savings came from low cost measures, such as lighting and behavioral changes. A common energy conservation measure for religious audits more than others is insulation. This project also included ceiling insulation for the building. This project offered the church an energy savings of about

    Case Number 4: Restaurant

    Total Project Cost: $56,068

    Total Annual Savings: $27,414

    Simple Payback Period: 2.09 years

    Finance Term: 48 months. Interest rate 5.50%

    Key Energy Conservation Measures: HVAC, Behavioral, Lighting

    Year 1

    Year 2

    Year 3

     Year 4

    Year 5

    Year 6

    Year 7

    Year 8

    Estimated Finance Payments

     $ 15,495

     $   15,495

     $   15,495

     $   15,495

     $          -  

     $          -  

     $          -  

     $          -  

    Estimated Energy Savings

     $ 27,414*

     $   28,236

     $   29,084

     $   29,956

     $   30,855

     $   31,780

     $   32,734

     $   33,716

     Net Annual Savings

     $   11,919

     $   12,741

     $   13,588

     $   14,461

     $   30,855

     $   31,780

     $   32,734

     $   33,716

     Cumulative Net Savings

     $   11,919

     $   24,660

     $   38,248

     $   52,708

     $   83,563

     $ 115,343

     $ 148,077

     $ 181,793

    This restaurant project offered significant energy savings for the business while attaining a short payback period of only about two years. This project also had significant HVAC installations, but was able to quickly recoup on its investment through these HVAC savings combined with behavioral and lighting savings. With a short loan period of four years, this restaurant was able to add about $12,000 of positive cash flow to its budget after just the first year. This project had similar HVAC conservation measures as other restaurants with the addition of new kitchen hoods and other kitchen equipment. By completing their project, this restaurant would be able to reduce its energy usage by about 15%.  

    Case Number 5: Retail

    Total Project Cost: $9,464

    Total Annual Savings: $5,542

    Simple Payback Period: 1.74 years

    Finance Term: 60 months @ Interest rate 4.25%

    Key Energy Conservation Measures: Lighting, Behavioral, HVAC

    Year 1

    Year 2

    Year 3

     Year 4

    Year 5

    Year 6

    Year 7

    Year 8

    Estimated Finance Payments

     $   2,146

     $     2,146

     $     2,146

     $     2,146

     $     2,146

     $          -  

     $          -  

     $          -  

    Estimated Energy Savings

     $   5,542*

     $     5,708

     $     5,880

     $     6,056

     $     6,238

     $     6,425

     $     6,617

     $     6,816

     Net Annual Savings

     $     3,396

     $     3,562

     $     3,733

     $     3,909

     $     4,091

     $     6,425

     $     6,617

     $     6,816

     Cumulative Net Savings

     $     3,396

     $     6,957

     $   10,690

     $   14,600

     $   18,691

     $   25,116

     $   31,733

     $   38,549

     

    This project featured large lighting upgrades within the store, but also incorporated behavioral and HVAC measures as well. This business would also be able to recoup their investment on this quickly as the project would practically pay for itself through savings in less than two years. If this business were to complete this energy efficiency project, they would be able to reduce their total energy usage by 26%. This business would also be able to add about $3,000 in positive cash flow to its budget by using the estimated financing plan. This extra cash flow can be vital to any business within the retail sector, especially with common energy savings measures such as lighting that have quick payback periods.  

    Share
  • Email
  • Next up: 5 Big Tech Trends for 2016
  • More in Operations
  • 5 Big Tech Trends for 2016

    If you notice some similarities between this list and tech that was popular in 2015, that’s not a coincidence. Many of 2015’s big hitters will continue to hit big in 2016, albeit in a more mature form. As these technologies pushed forward they’ve morphed and melded, showing that the same trends may still be around, but they’re certainly not sitting still. And that’s not to say everything is the same. There were definitely some big moves from every major player this past year, and even more rumored on the horizon. Windows 10 dropped, Apple and Microsoft both released several new devices, and the internet (and internet of things) continued to explode with new products and services. So, what made our shortlist of trends to watch in 2016?

    If you notice some similarities between this list and tech that was popular in 2015, that’s not a coincidence. Many of 2015’s big hitters will continue to hit big in 2016, albeit in a more mature form. As these technologies pushed forward they’ve morphed and melded, showing that the same trends may still be around, but they’re certainly not sitting still.

    And that’s not to say everything is the same. There were definitely some big moves from every major player this past year, and even more rumored on the horizon. Windows 10 dropped, Apple and Microsoft both released several new devices, and the internet (and internet of things) continued to explode with new products and services.

    So, what made our shortlist of trends to watch in 2016?

    1) 3D… everything

    3D printing made it on our 2015 shortlist as prices dropped, printers became safer and more flexible, and users came to expect easily configured and personalized experiences. What we didn’t catch was how eager people were to not only consume 3D content, but to create it too.

    Now professionals and amateurs can create relatively accurate 3D scans of everyday objects with nothing more than their smartphones. People even developed specialized stands to make phones and other relatively cheap cameras into high-quality 3D scanners.

    Users don’t need to wait several hours for a 3D printer to do its thing to make objects in 3D either. Samsung Gear VR launched in 2015 and is making a big push in the New Year. Occulus Rift will be launching in early 2016 and Hololens will be available to developers in 2016.

    We are reaching a point where anyone will be able to scan, store, view and recreate real life 3D items as easily as they can 2D documents and images. That’s going to change how companies use this data in their business processes and how they use the systems that maintain, store, search, and share it all.

    2) Global collaboration

    When the User Experience team at Hyland, creator of OnBase, needs to collaborate, we all circle around one of our many whiteboards or a team member’s screen. This isn’t the case at the non-profit I work with, where we collaborate by logging into GoogleDocs and dialing into a conference call.

    From places across the continent, we can all work quickly and efficiently together. We even do it on the occasions where we’re meeting in the same space. It works surprisingly well.

    As more people blend life and work together and companies continue to grow and shift to decentralized models, global collaboration has gone from a nicety to business critical. How we collaborate is also changing. Teams aren’t just looking for video-conferencing and asset sharing solutions anymore.

    Document collaboration, brainstorming, white boarding and project management are all beginning to take place in the virtual office. Interactions that require real-time participation of everyone, no matter where they’re physically located, are increasing. And companies will be looking for tools and processes that enable that work.

    3) The Cortana effect

    When Apple integrated Siri into iOS in 2011, everyone predicted that we would soon be living in the world of Star Trek. Simply speak into your devices in plain English and magically the information you wanted appears. Since then Google, Amazon, Microsoft and even Facebook have tried to jump on the digital assistant bandwagon, but the field has struggled to move past pony tricks and pub quiz questions. Even the savviest of users can struggle to find compelling uses for their virtual secretaries.

    Allowing users to complete small tasks through their voice without opening apps is the real strength of these digital assistants. And allowing developers to leverage that in a meaningful way in their own apps is how these companies will drive adoption. That’s why Microsoft created a framework for developers to extend their digital assistant, Cortana, into any program.

    Users can ask her to show search results and complete tasks with their favorite apps. And for larger interactions, Cortana can launch users directly into the context of the application. The commands and options are still very structured and developers have to anticipate all of the various ways someone may ask for their program, but it’s a step. A major step. It’s worth watching how developers take advantage of it in 2016 and how the other major digital assistants will respond.

    4) Tablets with pens

    Steve Jobs may have been clear about his feelings on the stylus, but that didn’t stop Tim Cook from standing on the Apple stage in 2015 and announcing the iPad Pro with the Apple Pencil. They aren’t the first ones to make the jump. Microsoft has been pushing the tablet+stylus combo with the Surface since 2013 (and Bill Gates had the vision well before that).

    Still, many developers and designers hold Apple as the standard in the tablet world, and without support for it in iOS, creative and widespread use of pen input has stalled. Now that Apple is onboard, that may change.

    Apple developers are known for getting creative when it comes to pushing the boundaries of what the devices can do and what people can do with them. Apple Pencil won’t be any different. 2016 will give many developers and designers their first chance to see what the Pencil and pen-based interactions can do. Hopefully they can take some notes form the work Microsoft has already done in the space and push it into something innovative and more widely accepted.

    5) Smartwatches

    A lot of analysts predicted that 2015 would be a booming year for the fitness tracker industry, and it was. But in hindsight it seems to mostly have been due to deep discounts convincing people, who were otherwise uninterested, to give the whole thing a try. Even with a good price, users found most fitness bands were lacking robust features and failed to give them actionable data. Who cares how many steps they’ve taken in a day if they can’t tell how to get enough to reach their goals?

    The smartwatch market, though still taking shape, seems poised and ready to fill that void.

    The Apple Watch, Moto 360 and Galaxy Gear have put tiny smartphones on our wrists, giving developers opportunities for all sorts of creative new solutions. Others, like the Microsoft Band, Garmin VivoActive, and FitBit Blaze try to elevate the fitness tracker with features like guided workouts, music control, and notifications.

    It’s a fine balancing act between, “I wish this did more,” and “Why would I want that on my wrist?” but as consumers warm up to the market and platforms grow and establish themselves, it will be an easier balance to reach. If 2015 was the year of the fitness band, then 2016 will be the year of the smartwatch.

    These technologies are all groundbreaking in their own way and we’ll be keeping our eyes on them in 2016.

    This blog originally appeared here

    Share
  • Email
  • Next up: 5 Business Software Trends to Know
  • More in Operations
  • 5 Business Software Trends to Know

    Learn about the 5 business software trends that are shaping business today.


    Share
  • Email
  • Next up: 5 Cybersecurity Tips to Keep Your Business Safe in the New Year
  • More in Operations
  • 5 Cybersecurity Tips to Keep Your Business Safe in the New Year

    Technology is more prevalent than ever and keeping your business safe is more important than ever. Here are five cybersecurity tips you can implement in the New Year.

     

    Advancements in technology are occurring at an increasingly dizzying pace. New technologies emerge to join the ranks alongside ‘new and improved’ functionalities of existing ones—and all the while, increased adoption of these technologies has led to an exponential growth of data breaches. Here’s something that puts the issue into perspective whether you’re reading this in your office, sitting in a traffic jam, on a plane, or at home with your family. Look to your left and see one person. Then look to your right and see two others. By the law of averages, one of those three people experienced a compromise of their personal information in the U.S. within the past year.

    Threats come in many forms, from many directions

    As technology becomes more intertwined with the fabric of our everyday lives, cybercrime has grown into an estimated $600 billion industry worldwide. With every new functionality, feature and access port to technology comes with new opportunities for cyberthieves and hackers to enter and corrupt networks. 

    Some of the most common types of attacks are:

    • Hacking/Malware: Malicious software including spyware, ransomware, viruses and worms
    • Phishing: The sending of fraudulent communications that appear to come from a reputable source, typically via email
    • Man-In-The-Middle (MitM) Attacks (AKA Eavesdropping Attacks): Occur when attackers insert themselves into a two-party transaction, most commonly through unsecure public Wi-Fi networks or malware
    • Denial-of-Service Attacks: Flooding systems, servers or networks with traffic to exhaust resources or bandwidth, leading to a fulfillment disruption of legitimate requests
    • Structured Query Language (SQL) Injection: Occurs when an attacker inserts malicious code into a server that uses SQL and forces it to reveal proprietary information
    • Zero-Day Exploit: Hits after a network vulnerability is announced but before a solution is implemented

    With these security threats hitting all industries, a dynamic cybersecurity strategy is a prerequisite for a company to protect itself.

    Here are five quick but helpful tips to keep your IT safe in the New Year:

    Tip No. 1: Implement a cybersecurity training program.

    In its survey of over 1,000 small business owners and C-level executives, Information security company Shred-It’s 2018 State of the Industry Report found that 47% identified human error (such as unintentional loss of a device or document, leaving a device unlocked while unattended, etc.) as the catalyst of a cybersecurity breach at their organization. Furthermore, the Ponemon Institute reports that two out of three threat incidents are caused by employee or contractor mistakes. This evidence clearly indicates a disconnect between where employees currently sit in their grasp of secure technology practices and where they should be. 

    In 2020, make it a priority to integrate a cybersecurity awareness and training program into your organization processes. Here are some ideas for protocol implementation:

    • Create a policy about the use of personal email accounts and social media platforms on work devices.
    • Hold quarterly training seminars for recognizing threat indicators, app installs and updates, and Virtual Private Network (VPN) setup and usage when working remotely.
    • Make any training programs a core part of your onboarding program for new employees.
    • Bring in guest cybersecurity speakers and instructors for lunch & learns (contact TEC if you’d like to discuss, as we hold many of these).
    • Schedule regular data access audits to ensure that the right employees have appropriate access to information, and that ex-employees who longer work at your company don’t have access.

    Tip no. 2: Get a firewall solution that protects your entire network

    Here are some questions to ask yourself regarding your business’ firewall:

    • How effectively does your firewall monitor your network’s incoming and outgoing traffic?
    • How well does it prevent viruses and other threatening intrusions?
    • Does your firewall properly manage bandwidth so that your network can operate at peak performance?
    • Do the identity and access management protocols consistently weed the bad users out?

    Your network’s firewall is the dataflow and coverage epicenter of your IT. It needs constant monitoring to ensure that your entire network is both efficient and secure against advanced threats.

    Cyberattackers are getting smarter every day, and your firewall needs to have every network entry point protected. 

    Tip no. 3: Make sure your employees are protected, regardless of where they’re located or connecting

    In TEC’s October 2018 Collaboration in Workplaces blog, we dove into the shifting of workplace dynamics from only office headquarters to a structure involving multiple satellite/home locations, employees with non-traditional hours, and more mobile and remote workspaces—all requiring real-time connectivity on a multitude of devices including computer workstations, laptops, phones, and tablets. Protecting your information everywhere your employees go on your network becomes exponentially more difficult when they’re connecting in a myriad of places, on an increasing number of devices. Will your cybersecurity setup protect against a data intrusion over an unsecured Wi-Fi network at the local coffee shop? At an airport gate? In an employee’s hotel room while traveling on business? While answering emails at their child’s soccer practice?

    Not knowing the answers to these questions leaves a huge gap in your cyberdefense…and creates opportunities for breachers to leverage a singular entrypoint to create havoc for your entire organization.

    Tip no. 4: Be more diligent in conducting ongoing internal threat tests

    TEC can help train your employees to identify cyberthreats that attempt to access your network via their endpoints. Regular phishing simulation tests are a turnkey way to test the effectiveness and recognition of phishing attempts. Such attempts (which are becoming more sophisticated, especially with the explosion of social media platforms) can be successfully stifled using a variety of approaches.

    Additionally, penetration tests—more commonly referred to as ‘pen’ tests—should be a dedicated part of your company’s continuing cybersecurity plan. A planned simulated attack on a system using the same tools and techniques that a cyberthief would, it reveals the strengths and vulnerability points in a cyberdefense plan. Such tests should be performed at least quarterly to maintain optimal security levels. The Payment Card Industry Data Security Standard mandates a regular testing schedule, including immediately after any system changes or upgrades.

    Tip no. 5: Consider using single sign-on or multi-factor authentication to buoy password security

    Look into the advantages of Single Sign-On (SSO) and Multi-Factor Authentication (MFA) resources, which exist for this express purpose. SSOs leverage other trusted sites to verify users’ identities, then allows them access with a single ID and password (which, because they are verified by other trusted sites, are not held in that site’s database). MFAs grants the user access to a network only after successfully presenting two (or more) pieces of evidence from among:

    • Something they know (i.e. a password);
    • Something they have (i.e. an access card, chip, etc.); and
    • Something they are (i.e. fingerprint, voice, etc.).

    Duo Security is an example of an effective, easy-to-use and affordable SSO/MFA solution that can significantly reduce your risk of a user-generated data breach.

     

    Cyberattacks do not happen in a vacuum; many variables come into play at every turn—on both the attacker and target sides—that make the dynamic a living, breathing organism that morphs with every advancement in technology. Therefore, it is critical to combat threats with a steady, ongoing campaign to ensure you’re never caught with your guard down.

    TEC Communications is a Cleveland-based Cisco Premier Certified Partner – in fact, the first Cisco technology partner in Northern Ohio – and trusted IT solutions provider celebrating its 40th Anniversary in 2019. Go to http://www.tec4it.com or call us at 440.333.5903 to find out how TEC Communications can help you identify, combat and prevent attacks on your sensitive data.

    Frank Keogh is a systems engineer, specializing in network consulting for LAN, WAN, cybersecurity and data center/hyperconvergence. Credentials? Plenty. CCNA, CCDA, CCNP, CCSP, VCP5-DCV

     

    Share
  • Email
  • Next up: 5 (More) Lessons from the FTC to Avoid Data Breach
  • More in Operations
  • 5 (More) Lessons from the FTC to Avoid Data Breach

    The second of this two-part series wraps up the FTC’s ten steps and practical guidance to avoiding data breach and protecting confidential information for businesses.

    In the first of this two-part series brought to you by staff from the FTC’s East Central Region, we discussed the first five lessons to protecting your company against vulnerabilities in data security. In part two, we round out the top ten lessons, distilled from over 50 law enforcement actions brought by the FTC

    Lesson No. 6: Secure remote access to your network

    Business doesn’t just happen in the office. While a mobile workforce can increase productivity, it also can pose new security challenges. If you give employees, clients or service providers remote access to your network, have you taken steps to secure those access points?  

    Ensure endpoint security

    Just as a chain is only as strong as its weakest link, your network security is only as strong as the weakest security on a computer with remote access to it. Take care to ensure that computers with remote access to your network, including those with remote login accounts or access through an online portal, have appropriate endpoint security, including firewalls and updated antivirus software.

    Put sensible access limits in place

    Not everyone who might occasionally need to get on your network should have an all-access, backstage pass. That’s why it’s wise to limit access to what’s needed to get the job done, including adequately restricting third-party access to your network. Consider placing limits on third-party access to your network—for example, by restricting connections to specified IP addresses or granting temporary, limited access.

    Lesson No. 7: Apply sound security practices when developing new products

    So you have a great new app or innovative software on the drawing board. Early in the development process, think through how customers will likely use the product. If they’ll be storing or sending sensitive information, is your product up to the task of handling that data securely?

    Train your engineers in secure coding

    Have you explained to your developers the need to keep security at the forefront? The FTC has alleged in several cases that companies failed to train their employees in secure coding practices, leading to questionable design decisions, including the introduction of vulnerabilities into the software. For example, the FTC alleged that one company failed to implement readily available secure communications mechanisms in the logging applications it pre-installed on its mobile devices. As a result, malicious third-party apps could communicate with the logging applications, placing consumers’ text messages, location data and other sensitive information at risk. The company could have reduced the risk of vulnerabilities like that by adequately training its engineers in secure coding practices.

    Follow platform guidelines for security

    When it comes to security, there may not be a need to reinvent the wheel. Sometimes the wisest course is to listen to the experts. The FTC alleged in three actions that companies failed to follow explicit platform guidelines about secure development practices, by, for instance, turning off a critical process known as SSL certificate validation in their mobile apps, leaving the sensitive information consumers transmitted through those apps open to interception through man-in-the-middle attacks. This vulnerability could have been prevented by following the iOS and Android guidelines for developers, which explicitly warn against turning off SSL certificate validation.

    Verify that privacy and security features work

    If your software offers a privacy or security feature, verify that the feature works as advertised.

    Test for common vulnerabilities

    There is no way to anticipate every threat, but some vulnerabilities are commonly known and reasonably foreseeable. In more than a dozen FTC cases, businesses failed to adequately assess their applications for well-known vulnerabilities like those identified by the Open Web Application Security Project (OWASP).

    Lesson No. 8: Make sure your service providers implement reasonable security measures

    When it comes to security, keep a watchful eye on your service providers—for example, companies you hire to process personal information collected from customers or to develop apps. Before hiring someone, be candid about your security expectations. Take reasonable steps to select providers able to implement appropriate security measures and monitor that they’re meeting your requirements.

    Put it in writing

    Insist that appropriate security standards are part of your contracts. Businesses can include contract provisions that require service providers to adopt reasonable security precautions—for  example, encryption.

    Verify compliance

    Asking questions and following up with the service provider can help ensure that the service provider is performing in a manner consistent with your privacy and security policies and the terms in the contract designed to protect consumer information.

    Lesson No. 9: Put procedures in place to keep your security current and address vulnerabilities that may arise

    Securing your software and networks isn’t a one-and-done deal. It’s an ongoing process that requires you to keep your guard up.

    Update and patch third-party software

    Outdated software undermines security. The solution is to update it regularly and implement third-party patches.  

    Heed credible security warnings and move quickly to fix them

    Have an effective process in place to receive and quickly address security vulnerability reports.  Consider a clearly publicized and effective channel (for example, a dedicated email address like security(@)yourcompany.com) for receiving reports and flagging them for your security staff.

    Lesson No. 10: Secure paper, physical media and devices

    Network security is a critical consideration, but many of the same lessons apply to paperwork and physical media like hard drives, laptops, flash drives and disks.

    Securely store sensitive files

    If it’s necessary to retain important paperwork, take steps to keep it secure. Storing sensitive consumer information in boxes in a garage or leaving faxed documents that include consumers’ personal information in an open and easily accessible area are both situations that the FTC has alleged increased the risk to companies’ customers.

    Protect devices that process personal information

    Securing information stored on your network won’t protect your customers if the data has already been stolen through the device that collects it. Attacks targeting point-of-sale devices are now common and well-known, and businesses should take reasonable steps to protect such devices from compromise.

    Keep safety standards in place when data is en route

    Businesses can reduce the risk to consumers’ personal information by implementing reasonable security policies when data is en route. For example, when sending files, drives, disks, etc., use a mailing method that lets you track where the package is. Limit the instances when employees need to be out and about with sensitive data in their possession. But when there’s a legitimate business need to travel with confidential information, employees should keep it out of sight and under lock and key whenever possible.

    Dispose of sensitive data securely

    Companies can reduce the risk to consumers’ personal information by shredding, burning or pulverizing documents to make them unreadable and by using available technology to wipe devices that aren’t in use.

    Looking for more information?

    The FTC’s Business Center has a Data Security section with an up-to-date listing of relevant cases and other free resources

    The FTC works to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop and avoid them. You can file a complaint online at www.ftc.gov/complaint or by telephone at 1-877-FTC-HELP (1-877-382-4357). 


    Share
  • Email
  • More in Operations