Cybersecurity: 5 Easy Tips to Keep Your Business Safe

Cyberattacks do not happen in a vacuum; many variables come into play at every turn. It is critical to combat threats with a steady, ongoing campaign to ensure you’re never caught with your guard down.

Another year, another run of cyberattacks.

Advancements in technology are occurring at an increasingly dizzying pace. New technologies emerge to join the ranks alongside ‘new and improved’ functionalities of existing ones. And all the while, increased adoption of these technologies has led to an exponential growth of data breaches.

Verizon’s 2018 Data Breach Investigations Report listed nearly 2,200 data breaches and more than 53,000 total cybersecurity incidents reported from 65 countries from April 2017 to March 2018—an average of six breaches and 145-plus incidents every day. However, this next statistic puts the issue into perspective whether you’re reading this in your office, sitting in a traffic jam, on a plane, or at home with your family. Look to your left and see one person. Then look to your right and see two others. By the law of averages, one of those three people experienced a compromise of their personal information in the U.S. within the past year.

The problem is real, the problem is persistent, and it gains momentum the more technology becomes intertwined with the fabric of our everyday lives.

The ever-growing trend of data breaches is in full force as several high-profile cyberattacks have crippled networks across the world. One instance that hit close to home here in Northeast Ohio: A malware attack installed on City of Akron servers resulted in a disruption of the city’s 3-1-1 information line, with a ransom demand in exchange for its unlocking.

All organizations at some point will have to deal with a cybersecurity incident that can cause business disruption, lost productivity, lost data and lost money (the Ponemon Institute’s 2017 Cost of Data Breach Study put the average cost of a data breach at $3.6 million, with the cost-per-compromised-record at $141).

Threats come in many forms, from many directions

Cybercrime has grown into an estimated $600-billion industry worldwide. With every new functionality, feature and access port to technology comes new opportunities for cyberthieves and hackers to enter and corrupt networks. Here are the six most common types of attacks:

Attack No. 1: Hacking/malware. Malicious software including spyware, ransomware, viruses and worms

Attack No. 2: Phishing. The sending of fraudulent communications that appear to come from a reputable source, typically via email

Attack No. 3: Man-in-the-middle attacks: AKA Eavesdropping Attacks, these occur when attackers insert themselves into a two-party transaction, most commonly through unsecure public Wi-Fi networks or malware

Attack No. 4: Denial-of-Service attacks. Flooding systems, servers or networks with traffic to exhaust resources or bandwidth, leading to a fulfillment disruption of legitimate requests

Attack No. 5: Structured Query Language (SQL) injection: Occurs when an attacker inserts malicious code into a server that uses SQL and forces it to reveal proprietary information

Attack No. 6: Zero-day exploit: Hits after a network vulnerability is announced but before a solution is implemented

How can you stay safe?

Want to learn how you can take steps to protect your data from cyberthreats? Here are five quick but helpful tips to keep your IT safe.

Cyber-security tip No. 1: Implement a cybersecurity training program

In its survey of over 1,000 small business owners and C-level executives, information security company Shred-It’s 2018 State of the Industry Report found that 47% identified human error (such as unintentional loss of a device or document, leaving a device unlocked while unattended, etc.) as the catalyst of a cybersecurity breach at their organization. This evidence clearly indicates a disconnect between where employees currently sit in their grasp of secure technology practices and where they should be.

Make it a priority to integrate a cybersecurity awareness and training program into your organization processes. Some ideas for protocol implementation include:

  • Creating a policy about the use of personal email accounts and social media platforms on work devices;
  • holding quarterly training seminars for recognizing threat indicators, app installs and updates, and Virtual Private Network setup and usage when working remotely;
  • making any training programs a core part of your onboarding program for new employees;
  • bringing in guest cybersecurity speakers and instructors for lunch & learns; and
  • scheduling regular data access audits to ensure that the right employees have appropriate access to information, and that ex-employees don’t have access.

Cyber-security tip No. 2: Get a firewall solution that protects your entire network

When evaluating your firewall product, there are many questions to consider, especially:

  • How effectively does your firewall monitor your network’s incoming and outgoing traffic?
  • How well does it prevent viruses and other threatening intrusions?
  • Does your firewall properly manage bandwidth so that your network can operate at peak performance?
  • Does its identity and access management protocols consistently weed the bad users out?

Your network’s firewall is the dataflow and coverage epicenter of your IT. It needs constant monitoring to ensure that your entire network is both efficient and secure against advanced threats. Cyber-attackers are getting smarter every day, and your firewall needs to have every network entry point protected.

Cyber-security tip No. 3: Make sure your employees are protected, regardless of where they’re located or connecting

There has been a shift in workplace dynamics from only office headquarters to a structure involving multiple satellite/home locations, employees with non-traditional hours, and more mobile and remote workspaces—all requiring real-time connectivity on a multitude of devices. Protecting your information everywhere your employees go on your network becomes exponentially more difficult when they’re connecting in myriad places, on an increasing number of devices. Will your cybersecurity setup protect against a data intrusion over an unsecured Wi-Fi network at the local coffee shop? At an an airport gate? In an employee’s hotel room while traveling on business? While answering emails at their child’s soccer practice?

Not knowing the answers to these questions leaves a huge gap in your cyber-defense and creates opportunities for breachers to leverage a singular entrypoint to create havoc for your entire organization.

Cyber-security tip No. 4: Be more diligent in conducting ongoing internal threat tests

Regular phishing simulation tests are a turnkey way to test the effectiveness and recognition of phishing attempts. Such attempts—which are becoming more sophisticated, especially with the explosion of social media platforms—can be successfully stifled using a variety of approaches.

Additionally, penetration tests—commonly referred to as ‘pen’ tests—should be a dedicated part of your company’s continuing cybersecurity plan. A planned simulated attack on a system using the same tools and techniques that a cyberthief would, it reveals the strengths and vulnerability points in a cyberdefense plan. Such tests should be performed at least quarterly to maintain optimal security levels. The Payment Card Industry Data Security Standard mandates a regular testing schedule, including immediately after any system changes or upgrades.

Cyber-security tip No. 5: Consider using single sign-on or multi-factor authentication to buoy password security

LinkedIn’s 2012 data breach, which resulted in nearly 7 million encrypted passwords posted to a Russian crime site, yielded some interesting insights. Among them, more than one in three passwords were classified as ‘weak’ (easily guessed ones ‘123456’ and ‘password’ are still routinely among the most commonly used; a recycled one; one that can easily be decoded; etc.).

Look into the advantages of Single Sign-On (SSO) and Multi-Factor Authentication (MFA) resources, which exist for this express purpose. SSOs leverage other trusted sites to verify users’ identities, then allows them access with a single ID and password (which, because they are verified by other trusted sites, are not held in that site’s database). MFAs grant the user access to a network only after successfully presenting two (or more) pieces of evidence from among:

  • Something they know (i.e. a password).
  • Something they have (i.e. an access card, chip, etc.).
  • Something they are (i.e. fingerprint, voice, etc.).

A golfer and gamer in his free time, Frank Keogh is also a 15-year IT and cybersecurity expert who is a highly-certified Senior Systems Engineer for TEC Communications.

TEC Communications is a Cleveland-based Cisco Premier Certified Partner—in fact, the first Cisco technology partner in Northern Ohio—and trusted IT solutions provider celebrating its 40th Anniversary in 2019. Cisco’s solutions give employees top-level protection regardless of where they’re located or connecting, and TEC can help train your employees to identify cyberthreats that attempt to access your network via their endpoints. Go to https://tec4it.com or call us at 440.333.5903 to find out how TEC Communications can help you identify, combat and prevent attacks on your sensitive data.

Share
  • Email
  • Next up: Data Disaster: 5 Backup Blunders to Avoid
  • More in Operations
  • Data Disaster: 5 Backup Blunders to Avoid

    Your business is just one disaster away from losing all of its data. The key to mitigating this damage is to have a backup recovery plan—but don’t make these five mistakes when you put your plan together.

    At some point and at some level, your organization will experience a data disaster. When that happens, backup and recovery are two necessities you don’t want to have trouble with. However, mistakes do happen. Keep reading to learn more about the importance of data backup and disaster recovery and what mistakes to avoid to experience business continuity after a disaster.

    Malware, loss of power, a crashed server, fire or a disgruntled employee are all reasons you could face a data recovery situation. When that time comes, you will want to make sure you have a fool-proof disaster recovery plan in place.

    Think about it. Are you prepared to handle a disaster? Sure, you think you have it all covered. After all, what are those daily backups for? However, when it comes to restoring your data the trouble can come with how quickly and efficiently you can make it happen. Every minute of downtime could cost you another dollar.

    Many organizations are turned away by the time intensive nature of disaster recovery planning. When a disaster strikes, though, only a properly implemented backup and disaster recovery plan will keep your business afloat.

    Still not convinced. Well, consider that the Federal Emergency Management Agency states that 40% of businesses do not open after a disaster and another 25% will fail within a year.

    Here are a few other statistics about data breaches:

         • A total of 90% of all businesses have suffered a cyber attack.

         • The industry average breach goes undetected for more than eight months.

         • The average organization experiences 1,400 attempts to their network every week.

    Further, ransomware payments in 2016 hit $1 billion, which is up from 2015 payments of $24 million.

         • RELATED: Learn more about surviving a ransomware attack https://youtu.be/ovwqRqo_VLk

    Unfortunately, the statistics are not in our favor. It’s important to ensure you have your bases covered when it comes to your organizational disaster recovery plan. Here are some of the most common backup and recovery mistakes enterprises make- and how to avoid them.

    Mistake No. 1: Going it alone

    The responsibility of creating a disaster recovery strategy may fall on the IT department, but it can not fall on them alone. Recovery is an enterprise-wide responsibility that should include users, leaders, financial managers, partners and legal experts. They can help define what common types of disasters to plan for and which applications/data is mission critical. Managed Service Providers can help create, test and implement recovery plans to properly protect business resources. They can help you, along with other members of your organization, prepare for all disaster types from hardware or system malfunctions to human errors.

    Mistake No. 2: Overlooking the people part

    Disaster recovery is heavily involved in IT equipment and data, but it must also account for your physical locations, power supplies, communications and people. Don’t forget to think of things such as offsite locations for employees to work and what they will need to continue operations in case of an emergency. Don’t forget to document your plan in detail and educate your employees on these steps. If your employees are properly educated on the steps to take during and after a disaster, you can get your business up and running quickly and efficiently.

    Mistake No. 3: Not testing for all scenarios

    The next step after establishing your disaster recovery plan is to test. And test regularly under what-if scenarios. If you can’t be confident in your plan under normal conditions, you won’t be comfortable under extreme pressure. Assess your levels of tolerance with each different disaster scenario. While doing this, create a clear recovery point objective (RPO) that will determine your tolerance for lost data. As well as your recovery time objective (RTO) which will outline how much downtime you can afford in minutes, hours and days. The answers to these will vary for different industries and organizations. One thing to keep in mind, the lower the tolerance the higher the cost. Conducting tests can help you identify and mitigate weaknesses while building confidence in your plan.

    Mistake No. 4: Have a backup plan for your backup plan

    What if something goes wrong to your backup plan? Have a backup plan for your backup plan. No disaster recovery plan is fool-proof. Continuously bolster yours by confiding in a managed service provider that builds robust redundancy at secure, off-site locations. At our organization, Netserve365, we have partnered with Iron Mountain, a concurrently maintainable Tier-III designed, 220-feet underground, data center located in the Greater Pittsburgh Area. Data that is backed up is stored locally and is replicated to the Iron Mountain Data Center. If your original backup site fails or files become corrupted, you’ll have a secure and reliable data set to pull from.

    Mistake No. 5: Data recovery is a onetime deal

    As business naturally evolves and changes are made, it makes sense your disaster recovery plan must change to align properly. Revisit and update your plan several times a year, as well as whenever big changes are made. Once these updates are implemented, retest your plan to make sure everything is working smoothly.

    While there may never be a completely fool-proof backup and recovery plan, you can definitely create an effective plan that will get you through tough times. With careful planning, regular testing and consistent updates, your plan can withstand whatever comes your way.

    About NetServe365

    NetServe365 delivers a complete range of managed IT services, security services, hosting options and consulting services 24/7/365 worldwide, with our primary markets in Pennsylvania, West Virginia, Ohio and Virginia. We never stop evolving our technologies and operational efficiencies so we can deliver a customer experience and network results far superior to our competitors’. We strive to deliver on every promise, every time because we know who we work for--the partners and customers who put their trust in us. Learn more about NetServe365 here.

    Share
  • Email
  • Next up: Dealing With the Supply-And-Demand Conundrum
  • More in Operations
  • Dealing With the Supply-And-Demand Conundrum

    We’ve already talked about how pricing is going to be a major energy-related trend you’ll need to keep your eye on during 2017, but let’s dig a little deeper. What else are you going to need to be aware of? And what are some other strategies you can implement immediately to deal with the pricing challenges that might arise from these issues? We sat down with our energy partners to find out a little more about what’s impacting energy prices and what small . Here’s what they had to say …

    We’ve already talked about how pricing is going to be a major energy-related trend you’ll need to keep your eye on during 2017, but let’s dig a little deeper. What else are you going to need to be aware of? And what are some other strategies you can implement immediately to deal with the pricing challenges that might arise from these issues? We sat down with our energy partners to find out a little more about what’s impacting energy prices and what small . Here’s what they had to say ...

    Power Capacity

    One thing to watch for is an expected increase in natural gas usage for electricity generation. This will be primarily caused by new combined cycle gas power plants coming online. At the same time, we expect to see an increase in the retirement of inefficient coal generation plants and possibly nuclear plants as well. Renewables are also projected to grow at a record pace.

    In addition, a strong Marcellus and Utica gas production may help balance the supply-and-demand equation. That said, natural gas pipeline expansion could divert enough gas from the region to diminish the current gas glut. This would, in turn, put upward pressure on natural gas prices.

    What This Means For You

    So, if prices do rise, what can you and your business do to mitigate that impact and meet their energy needs in a cost-effective manner? Our energy partners suggest executing fixed-price contracts based on the recommendation of a reputable, independent consultant who has existing relationships with numerous energy suppliers.

    It bears repeating: These are complex issues and you do not want to go it alone. It’s imperative your consultant understands your goals and expectations, including but not limited to your aversion to business risk, budget certainty and green power needs, just to name a few. A reputable consultant will consider your historical usage profile as well as expected changes in your business that could trigger pricing adjustments during the contract term.

    Find a Partner

    Lucky for you, COSE’s Energy Team has numerous relationships in place with knowledgable, experienced partners who can help guide your energy strategy. For more on how our Energy Team can help your business, watch Roseann Vandevender of Marigold Catering talk about the savings she has acquired from enrolling in the COSE Natural Gas Program.

    COSE members have access to several programs designed to ensure you’re maximizing your energy. Contact us at 216-592-2205 or energy@cose.org to learn more.

    Share
  • Email
  • Next up: Netflix and Learn: Demystifying Recommender Systems
  • More in Operations
  • Netflix and Learn: Demystifying Recommender Systems

    Have you ever wondered how Amazon knows to show you ads for a new type of electronic you’ve been considering, or how Netflix recommends shows that totally fit your mood? Find out more about the science behind these recommendations.

    Seemingly customized recommendations are everywhere these days—Netflix is making suggestions of what to watch next, Amazon recommends products, LinkedIn highlights potential contacts, Pandora delivers you music you will probably enjoy. While sometimes these recommendations can seem off-base, in general, they are fairly accurate at reflecting our interests and sometimes present a welcome surprise. What is the science behind these recommendations? Companies are using a state-of-the-art data science technique, Recommender Systems, to leverage large datasets to efficiently guide the customer experience.

    While there are many variations on a recommender system, on a general level they work by using existing information about behavior to predict preferences of the clients or end users. One approach, referred to as “Content-Based Filtering” identifies characteristics of the end product that the customer engaged with and identifies similar products. For example, if you recently purchased warm winter boots, the shopping site may recommend a similar winter item such as wool socks. Under the hood, each item in inventory is characterized by text description, a series of features, or other such descriptors. Then, one (or multiple) algorithms can be used to identify which items are most similar. Then, when the customer purchases an item, the site can recommend products that are most similar. However, it can be problematic to recommend something too similar. If I just bought a pair of winter boots, I likely don’t need another pair.

    RELATED: Getting Value from IOT Data

    Recommending similar items based on item characteristics can be useful in some circumstances. However, by just identifying similar items, one is missing out on a voluminous and rich data source—human behavior. A technique called “Collaborative Filtering” uses information about what items people like or interact with to predict what any given person may prefer. As a very simplified example, Person A bought winter boots, and cold medicine. Person B bought winter boots, cold medicine, and diapers. Based on patterns in behavior from Person A and B, when Person C adds winter boots to their cart, the site may suggest “people who bought winter boots also bought cold medicine.”

    One way collaborative filtering is done using explicit ratings, like movie ratings (such as 4-stars). A popular algorithm takes all the ratings across all customers to make a big table, or matrix. Then, the algorithm uses matrix factorization as a mathematical way to represent information about the users and items.

    These representations can then be used to compute theoretical ratings for items that an individual may not have seen before. In the end, this manifests as “People who purchased winter boots also purchased cold medicine.” This approach differs from the previous one in that the recommended item is not suggested because it is necessarily similar at all to the original item, but rather patterns of human behavior suggest commonality.

    However, many of us don’t bother rating movies or products, yet still receive solid recommendations. Explicit ratings are great, but rare. Therefore, it is also possible to use the Collaborative Filtering technique using what is called “implicit ratings.” This term refers to the idea that you can infer what a person thinks about a product based on their behavior—did they click on it and spend time on the product site, did they buy it, did they only watch the first three minutes or did they binge the first three seasons.

    Mathematically transforming information about how a person interacts with a product can serve as a stand-in for ratings, although with some assumptions baked in—such as that they bought it, therefore they liked it. Or they watched three seasons, not just fell asleep with auto play on. While these assumptions may not always be accurate, with the large volumes of data common in streaming media or e-commerce, clear trends still emerge.

    RELATED: Read more articles featuring Pandata.

    While recommender systems can be very powerful, they are not without potential pitfalls. A big risk is that by using like to recommend like, suggestions fall into a silo. At best, this causes recommendations to be boring. At worst, recommendations can reflect social bias or discrimination present in the underlying dataset. Siloing can be due to limitations in content based filtering or due to the predictability and stereotypy of human behavior.

    People who watch one horror movie probably watch multiple horror movies. Pretty soon, the algorithms are only recommending horror movies. Human bias can also be reflected. For example, if you are using a recommender system to suggest college classes, a recommender system without additional modification may recommend engineering classes to male students and early childhood education classes to female students—based on gender biased enrollment patterns. That said, there are statistical and mathematical steps one can take to avoid pigeonholing. A truly effective recommender system involves a component to identify and address bias and siloing.

    Next time you are wondering how Amazon knows what shoes you like, or Netflix plans the perfect Friday evening, you have a recommender system to thank. If there is an AI concept that you would like to see explained, contact hello@pandata.co.

    Hannah Arnson is a Data Scientist at Pandata. LLC, a Cleveland-based data science consulting firm.

    Share
  • Email
  • Next up: Did You Know that You Can Choose Who Provides Your Electricity?
  • More in Operations
  • Did You Know that You Can Choose Who Provides Your Electricity?

    Looking for the short and sweet version? Listen to our radio ad featured on WTAM-AM. There are over 100 Retail Energy Providers (REPs) certified by the Public Utilities Commission of Ohio, and each provides customers with different benefits. Whether you stay with the utility or go with a third-party supplier, your service and bill format will remain the same. The difference is in the rate you will pay, as competition between REPs can result in lower-priced offers and additional benefits for customers.

    Looking for the short and sweet version? Listen to our radio ad featured on WTAM-AM.

    Did you know that you can choose who provides your electricity?

    There are over 100 Retail Energy Providers (REPs) certified by the Public Utilities Commission of Ohio, and each provides customers with different benefits. Whether you stay with the utility or go with a third-party supplier, your service and bill format will remain the same. The difference is in the rate you will pay, as competition between REPs can result in lower-priced offers and additional benefits for customers.

    Having options is a good thing, but COSE understands that finding the right electricity provider for you can be stressful. Fortunately, we’re here to help with the COSE Energy Choice Program. Our consulting partner, OnDemand Energy, has conducted the research and interviews needed to select a smart, reputable choice for your home’s utility services.

    Now, after much consideration, we are pleased to continue to recommend residential services with Public Power LLC  to COSE members.

    A few benefits that you will enjoy with Public Power:

    - The peace of mind that comes with a fixed rate.

    - Easy, quick sign-up with no interruption in service.

    - Monthly Usage Reports.

    - Renewal Incentives, including Energy Savings Kits!

    Our team is available to answer any questions about the COSE Energy Choice Program, rates, benefits and more. Please feel free to contact us at 216-592-2205 or energy@cose.org.

    To ensure you receive COSE’s exclusive rate, please visit https://www.ppandu.com/cose.

    Share
  • Email
  • Next up: Do You Know How to Access All the Savings Under the New Federal Tax Law?
  • More in Operations
  • Do You Know How to Access All the Savings Under the New Federal Tax Law?

    Read on below for savings available to businesses under the new federal tax law that you might not have known about.

    You know that working with the GCP Energy Team to complete an assessment of your facility—can help you uncover savings of up to 20%. And you know that energy efficiency is an economic engine, supporting 2.2 million jobs nationwide in manufacturing, construction and other fields, most of which cannot be outsourced overseas.

    BUT. Did you know there’s another reason why being more energy friendly should be a high priority for you and your business this year? I’ll give you a hint. It has to do with something that’s probably been on your mind given this time of year. Give up? It’s taxes. Specifically, it’s new tax savings (Code Section 179) for building owners under the recently passed federal Tax Cuts and Jobs Act of 2017. Retroactive to Oct. 2, 2017, the Tax Act now allows for immediate expensing of certain building components and systems involved in an energy project, namely the replacement of HVAC, roof, fire suppression or security systems valued at up to $1 million.

    Prior to the new Tax Act, Section 179 expensing was not available for HVAC, roofs, fire suppression, and other structural building components.  Building owners should consult with their tax advisor if also purchasing new  machinery, vehicles, equipment, etc. The tax deduction annual cap is $1 million. The deduction is reduced dollar-for-dollar if total expenditures for all qualifying improvements and new personal property exceed $2.5 million in a tax year.

    Below is a table showing what the tax savings and after-tax cost of a $50,000 HVAC replacement project would be in 2018 under the Tax Cuts and Jobs Act of 2017 is when compared to the prior year (before the new tax law.)

    2017

    2018

    HVAC replacement

    $50,000

    $50,000

    First-year write off

    -

    $50,000

    Bonus depreciation

    -

    -

    Normal year 1 depreciation

    $641

    -

    Total year 1 deduction

    $641

    $50,000

    Cash(Tax) savings

    $250

    $14,500

    After tax cost

    $49,750

    $35,500

    As you can see, the difference between the two years is striking. This table also shows how a project that you might have initially believed was cost-prohibitive is well within your reach. Even better, in addition to the tax-related savings, such a project could reduce your building’s energy usage by 20% to 30%. That, of course, brings along its own savings in the way of lower energy bills.

    I know it sounds like a lot of moving parts here, but it’s quite simple: If you’re willing to take steps to make your building more energy efficient, there are savings waiting for you. It’s that easy.

    To make things even easier, the GCP Energy Team is more than happy to walk you through all the steps you need to take to ensure you’re saving as much money as possible. You can email the Team at energy@gcpartnership.com or contact us by phone at 216-592-2205.

    Share
  • Email
  • More in Operations