While small businesses lack the big budgets of their enterprise counterparts, that doesn’t make security any less of an issue for SMBs. In fact, small and medium businesses are more and more often the target of cyber criminals precisely because they generally have fewer security measures in place. So to ensure your business has enough security to stay protected, here are a number of rules every SMB should follow to keep themselves secure.

Security rules for SMBs to follow

Recognize where your most critical data lies

Is it in the cloud? Hard drives? Backup disks? Mobile devices? Whether or not you have the budget and resources to adequately secure all of your data, the critical data that your business relies on must be sufficiently secure. If you’re unsure of what that is, ask yourself which data you would need to access within 24 hours of your business suffering a major disaster, in order to ensure your operations remained up and running. Once you’ve answered this question, talk with your IT managers to determine the security measures that need to be implemented to protect your most vital data.

Learn the basics

After you’ve bulletproofed your critical data, it’s time to arm your network with the basics. If you haven’t already done so, ensure that you have anti-malware protection on servers and endpoints, and firewalls for both wireless and wired access points.
If you have the budget, it’s worth seeking outside counsel from an IT expert fluent in today’s security best practices. They’ll ensure your business is protected from the latest cyber threats. However, if you don’t have the budget, then it’s time to take matters into your own hands. Read up on security trends, join technology networking groups, and ask your fellow business owners about their own IT security policies.

Cash a reality check

Bad things happen to nice people. Tornadoes, fires, thieves, and faulty technology couldn’t care less about how your business donates to local charities and supports your community’s youth sports clubs. What’s more, hundreds of small businesses across the country suffer severe data loss each year. Ignorance and turning a blind eye will not protect you, so make a wise decision and automate your data to be backed up daily. This allows your business to remain in operation if you’re hit by a security breach.

Dispose of old technology properly

Whether it’s a computer, server or tablet, any device that stores data on it must be properly disposed of when it conks out. Specifically, the hard disk must be destroyed completely. And remember, proper data disposal is not only limited to technology, as critical information is also revealed on paper files. So if you’re migrating the content of physical documents to the cloud, make sure to shred the paper versions too.

Mind your mobiles

The mobile age is here, and along with it come employees who may access your business’s critical information via their smartphones, tablets and other mobile devices. Recognize that many of these devices have different operating systems that require varying security measures. You and your IT manager should be aware of this, which leads to our last point…

Think policy

Have a policy for all your company’s devices. If you don’t inform your employees they shouldn’t access company information via their phones or tablets, then they’ll likely assume it’s okay to do so. But thinking policy doesn’t pertain only to mobiles. You should also determine acceptable online behavior for your employees, as well as how data should be shared and restricted. Put this in writing, and then have your employees read and sign it.
Of course, it’s not always wise to be overly restrictive. Rather the point is to have policies in place and make everyone in your organization aware of them because if you don’t each staff member will make up their own rules.

Are you concerned your business’s security isn’t up to par? Need the guidance of a seasoned IT provider who specializes in security? Talk to us today.

Published with permission from TechAdvisory.org. SOURCE

The risks of using passwords – GC Infotech

We all use passwords to access and protect sensitive online data—whether it’s logging onto the network at work, shopping for goods on the web, or accessing personal email. Passwords are a basic function of the way we work, live, and socialize; yet as anyone who has had an account hacked can tell you, password protection is far from perfect.

With personal data playing an ever-larger role in the way we do business, current password functionality is in need of an overhaul. If you’re looking for a better way to secure your personal and professional data, here’s what you need to know.

The problem with hashing

In theory, passwords should work: if someone doesn’t know your password, they shouldn’t be able to log into a site or an account as you. Unfortunately, outdated storage methods and a lack of universal best practices have made it increasingly easy for hackers to get their hands on your passwords—and your data.

Each time you register a password with a website or service, that organization needs to store your password somewhere in order to authenticate your identity later. Some organizations store your password as plain text, which leaves you and your data extremely vulnerable if the sites’ password lists are accessed by unauthorized users or hackers. Security-minded sites take pains to create a protected version of your password known as a “hash,” dicing up your password into small pieces and rearranging the pieces so that they no longer resemble the original. In this case, when you re-enter your password, it goes through a hashing function where the result is compared to the stored hash for verification.

The thought behind password hashing is that if hackers manage to breach a website or online service, they won’t be able to steal users’ intact passwords. Instead, the hackers will be left with difficult-to-crack hashes that are either unusable or take a very long time to reverse engineer into passwords. However, with the rise of powerful, off-the-shelf components such as modern graphics cards and lists of pre-generated hashes for short passwords, hackers can easily reverse engineer passwords.

A modern high-end graphics card, for example, can easily perform more than 600 million SHA256 hash operations per second. A few of these relatively inexpensive cards arranged in an array can try every possible eight character password in about seven days. While that’s impressive enough already, attackers have far more advanced ways to crack hashes, and with the right tools they can crack hundreds of passwords per hour.

“Online sites are aware of these issues,” explains Jim Waldron, Senior Architect for Platform Security at HP, “and so some of them have increased the security by adding secret questions and answers like: ‘What is your mother’s maiden name?’ Unfortunately, much of this ‘private’ information can be legally purchased from online data aggregators.” In other words, even users’ private personal information is no barrier to a determined hacker.

The problem with best practices

To make the situation worse, once a hacker obtains a user’s password, they can use this information to try and access the rest of the user’s online accounts—such as their email or bank accounts. The reason for this is that most consumers—and businesses—skirt password best practices.
A secure password should adhere to three basic rules:

  • It should be long — at least 16 characters1
  • It should be complex — containing uppercase letters, lowercase letters, numbers, symbols, and spaces
  • It should be unique — i.e. you only use it once

You’re probably familiar with at least a few of these rules. Many password systems require users to create passwords of a certain length and complexity, but the resulting passwords are hard to remember and many users recycle the same password multiple times. In fact, 54% of consumers use five or fewer passwords across their entire online life, while 22% use three or fewer.2

So what’s next for passwords?

With all these issues, combined with an increasing number of high-profile online data breaches, the public is losing faith in passwords. Nearly 70% of consumers report lacking a high degree of confidence that their passwords can adequately protect their online accounts—and they’re calling on online organizations to add another layer of security to the process.2

“At a very high level,” says Waldron, “what we need are new, more secure methods for users to identify themselves to online services—methods that are also easy for users to perform.” While broad changes will take time and a large joint effort, there are some immediate actions businesses can take to improve their own authentication methods.

Passwords are still an important security feature, despite their many problems. Check the strength of your passwords—make sure they are long, complicated, and never repeat. You probably already have access to a Password Manager which can store your unique passwords for you. This is an efficient way to eliminate the headaches normally associated with remembering complicated passwords across multiple sites. You can also try to institute several layers of authentication at once—such as a fingerprint reader plus a password, or an iris scanner plus a smartcard reader. This is known as multi-factor authentication and is much more secure than any one method alone.

The absolute best way a business can ensure that their systems and networks are secure is to work with an IT partner like us. Our managed services can help ensure that you have proper security measures in place and the systems are set up and managed properly. Tech peace of mind means your focus can be on creating a successful company instead. Contact us today to learn more.

[1] CNET, The guide to password security (and why you should care)
[2] Telesign, Telesign Consumer Account Security Report

Published with permission from Hewlett Packard. SOURCE

iPhones, iPads, iPods and Macs have always been pretty common in certain types of small businesses. But these days, they’re becoming popular in almost all types, due to the growing number of capabilities they offer. While it is a smart investment in the long run, switching to them means setting up a bunch of hardware that brings with it new challenges. In this article you will learn how to manage Apple devices easily and efficiently.
When adding any new technology to your business, it’s important to find ways to make doing so cost effective. Making the right decisions up front can prevent you from spending more money and time correcting bad decisions. Here’s a look at what you need to know to set up and economically manage your Apple devices.

Plan Your Setup

A major feature that is good to make use of from the very start is Apple’s Device Enrollment Program (DEP). When a device is signed up with DEP, setup processes are automated, saving a ton of time when enrolling many devices. A few of these automatic processes include:

  • Install apps that are purchased using a central Volume Purchasing Program (VPP) account from Apple to all devices
  • Bypass Activation Lock (so if you have any turnover, you don’t have to do a bunch of work to assign the device to someone else)
  • Add Wi-Fi networks (for example, if you have a different network for each location and want to set them all up at the same time
  • Add your email accounts to devices so you don’t have to do so manually
  • Force good security practices so all your customer data isn’t exposed
  • Keep an inventory of all your devices for insurance and tax purposes

Having done a lot of large Apple integrations myself, I happen to be pretty partial to automatically setting up and enrolling devices into an MDM service like Bushel (www.bushel.com), which is designed specifically for SMBs. Setting up devices this way can save you a ton of time, but it’s important to keep in mind that you can only use DEP if you purchase devices that are DEP-enabled.

Before you buy these DEP-enabled Apple devices, there needs to be some strategic thought. You will want to make a list of all the tasks that your users need to perform and then figure out how people are going to complete those tasks. For example, are your employees going to fill out time cards? If so, are you going to use a more traditional route, or are you going to digitize the process with an app?

Buying Apple Devices

After thinking about your needs, you should begin by setting up one device with all of these needs to make sure that it works for your business. When you have one device set up the way that you want and you want to replicate it to your other iPhones, iPads or Macs, you have a few different options. There’s a free tool from Apple called Apple Configurator that can be used to duplicate the setup of an iPhone or iPad to other devices. An MDM solution basically finishes the setup for you by putting the apps, mail accounts and other user-centric settings on the new devices. Pretty cool.

Maintaining Apple Devices

Once devices are set up and in people’s hands, there are a few final things to consider:

  • What do you do if a device gets lost? You can remove all of the data on a device remotely in a family/home environment with a tool such as Apple’s free Find My iPhone. An MDM solution does a better job at this for businesses, as only the administrator can lock or wipe devices.
  • What happens when an employee leaves? If the device has an AppleID on it, resetting it can be tricky. An MDM solution can bypass the Activation Lock without problem; otherwise you’ll need the original receipt of the device and a trip to the local Apple Store.
  • What happens if the device breaks? You’ll want a backup of the device. iPhones and iPads can be backed up to an iCloud account for free (or a small fee if you have a lot of data). Macs can either backup to a hard drive using Time Machine or a third party service, such as CrashPlan.

There’s a lot more to think about, but these initial steps should get you started off on the right foot. The best piece of advice is to plan out your deployment of devices before acting on it. This will give you time to explore your options and prevent a lot of stress for you and your employees alike, all while preserving your underlying business processes. Remember that this experience doesn’t need to be an unpleasant one and GCInfotech can assist you with each step of the way.

Want more tips and news about technology for small businesses? Looking for a dependable IT provider? Get in touch with us today.

Published with consideration from SmallBizDaily.com. SOURCE