Your business is growing, and so is your team. That’s great news! However, tasks that were once manageable at a small scale must once again come into the conversation. Technology challenges that were once non-existent with your team of 5-10 are sure to come up as you reach a team of 25, 40, or 50.

Challenge 1: Cyber Security

Small, growing businesses can easily be the target of cyber attacks. With less technology defenses in place, they become susceptible to a variety of threats. Threats the business don’t consider: phishing attacks, malware attacks, ransomware, password hacking, and insider threats.

Solution: A study done by the Ponemon Institute stated that 62% of surveyed employees said they had access to company data that they probably didn’t need. Combat the chances of a cyber attack by putting the right defenses in place, and educating your team on cyber safety. Ensure your business has things like

• a strong email gateway
• web security
• password management
• multi-factor authentication
• file access restrictions

Challenge 2: Compliance of Regulations

As businesses expand and start to serve more sophisticated clients, there are government regulations that must be followed to avoid fines and other repercussions.

Solution: You might recognize the acronyms like HIPAA, EFTA, GDPR – and they are important to fully understand in order to comply. Partnering with a security professional can help you fully understand the technical language, translating it into something you can put into practice for your business.

Challenge 3: Technology Choices + Management

As more employees come on board, there is a greater need for a network of technology to come together for your company. This brings up questions like: which computers to choose, who is in charge of managing them, what hardware do I use, what processes need to be set up, and more.

Solution: It is important to take these decisions seriously, as they will impact your business long-term if set up correctly. Ask yourself, how does my company’s core values impact my technology choices? Think about what will help you execute effectively while also integrating with processes you already have implemented. Begin by evaluating your current technological set up, develop a timeline and budget for execution. Determine your priorities, and the goals you need technology to help you accomplish. Lastly, when finding the “perfect” piece of tech, understand what training or guidance you and your team will need to make it useful.

Challenge 4: Mobile Device Management

Employees crave flexibility, so having the option for remote work will become more and more necessary as you scale your business.

Solution: Implementing virtual collaboration tools and remote access will bring productivity anywhere beyond the office. There are different options for setting up a remote workplace, which differ in terms of security, ease-of-use, ease-of-setup, and cost. You may choose to have remote desktop access, a Virtual Private Network, or a cloud computing network. Don’t forget to take into account all technology needs for remote work, like phone systems, communication tools, and file sharing.

Challenge 5: IT Policies

Embracing technology and making significant changes can challenge your team without clear instruction throughout the transition.

Solution: Implementing IT policies early on in order to set standards and expectations for employees when it comes to the use of corporate technology. Your policies will depend on your company structure and makeup. Take the steps to write and define policies and educate employees on topics that cover: password requirements, levels of access, confidentiality, and more. Be mindful too on processes for new employee onboarding, technical support, and setting up employee permissions.

If these challenges all seem too much, hiring a Managed Service Provider will have your business on the right track from the beginning. Tech Noir Solutions ensures your business technology challenges are not only solved, but optimized in the best possible way.

Security for small businesses doesn’t have to be complex. In fact, there are many tricks you can leverage to not only identify possible vulnerabilities but even fix yourself! We’ve compiled a list of the top ways you can identify vulnerabilities and how to fix them.

Vulnerability 1: Too much Access

As much as we’d like to think people have the best of intentions, the reality is, that isn’t always the case. To protect your business, make sure you limit the level of access different employees have, to better protect what information they can see or share.

The simple way to check is by doing an audit of all your accounts to see who has been granted access to what. This is especially important now, given the volatility of the job market and being able to remove disgruntled ex-employees access.

Vulnerability 2: No Routine Maintenance

Security isn’t something that ever stops. It’s always evolving. As hackers are coming up with new ways to steal information, systems are coming up with more advanced protocols to keep your data protected.

In this never-ending game of cat and mouse, be sure to routinely check up on basic things like software and firmware updates, password strength, employee knowledge and more.

Vulnerability 3: BYOD

Work-from-home = home computers, personal cellphones, and other devices employees might turn to, to make working from home feel productive. Unfortunately, this can leave your business at risk as many personal computers or home-networks don’t bring the same level of security as your office devices.

Vulnerability 4: Poor IT Management

For many businesses, having an entire IT team just isn’t feasible.

However, by not having a strong foundation from the start, you’re leaving your business open to attackers who can easily access your data.

Given we are living in an era where stress and distractions are at an all time high, common attacks that are exploited due to these vulnerabilities include DoS attacks, ransomware, and phishing.

Our advice – consult the experts.

 

Have you ever stopped to think about “why” IT departments continuously preach about password security?

We think it’s important to not only educate business owners & their employees on how to enhance their security (especially at home), but also to educate them on why it’s important. So let’s start by looking at how hackers get your password, so you can understand how to better protect yourself:

1. Credential Stuffing

This involves hackers testing passwords and usernames against multiple accounts to see if there is a match.

How to Protect Yourself: To protect yourself, every login credential should be unique. This means the password you use for your email should be different than what you use for Facebook, and so on.

2. Phishing

This is psychological manipulation to trick users (usually via email) to supplying their credentials via a “legitimate request”.

How to Protect Yourself: To protect yourself, you can use 2-FA (multi-factor authentication). This means that even if a hacker were to obtain your login information, they would also need the second form of identification in order to finish logging in.

3. Password Spraying

Batman is on the list of Top 100 most commonly used passwords. Pass Spraying is a technique that involves using the most popular, widely used passwords and testing on a wide-scale. Unlike credential stuffing, the hacker already has the usernames and is focused on a single goal – figuring out your password.

How to Protect Yourself: Be as unique as possible. Lots of characters and something that only you will know.

BONUS Trick:

Some password systems will allow you to use a [space] in your password. This will make your password MUCH harder to guess, giving you an added layer of security.

4. Keylogging

This is the act of tracking your movement – aka your key logs. As you type, hackers can see this – thus, they follow your keystrokes to decode your password.

Hackers can typically deploy this method by infecting commercial spyware tools (that are used to monitor employees!).

How to Protect Yourself: Make sure you have your endpoint is protected or that you’ve installed security software installed that can detect malicious activity.

5. Bruteforce Attacks

This might seem like it’s out of a sci-fi film, but Bruteforce is a method where hackers are using password cracking software to run through millions of combinations in seconds.

How to Protect Yourself: Your system administrator should be familiar with a term called – salt. It’s a term associated with encrypted passwords. If your system has been set up correctly, it’s virtually impossible to get your passwords. However, if your salts are not stored properly, then you could be at risk. It’s best to call your administrator to double-check.

6. Local Discovery

If you’re writing down your passwords on a sticky note and placing them on the bottom of your computer, then you’re at risk. If you’re not writing down your passwords than you’re safe.

To summarize, if you’re a small business owner, it’s highly recommended to make sure you’re employees are following basic password etiquette so you can keep your information protected, and keep your business safe.

A picture might say a 1,000 words, but those 1,000 words are what hackers use to guess your password.

COVID has prompted a tidal wave of attacks against businesses and individuals who haven’t practiced common sense when it comes to security.

Here is a list of how hackers are getting more creative with capturing your information:

1. Social Media

At this point, we’ve all been made aware not to post when we’re out of town to inform potential robbers, but have you ever thought about online robbery?

Hackers are watching you engage with social media trends like #classof2020 #favoritethings to learn more about you – where you grew up, your high school mascot, the year you were born, and other basic facts that are commonly used in password creation.

It’s fun to tell people about what you are up to, however you need to remember that there are a lot more people interested in your what you are up to, than your friends and family.

2. Wi-Fi Scanning

Secure your home WiFi network by using a secure password, changing the admin password, updating the firmware and ensuring you are using WPA2/WPA3 as the security protocol. If you are not at home, use a VPN to browse the web or do work on the internet.. Traditionally, in public wi-fi environments, hackers would use the weak security layers of public wifi to monitor your internet behavior and steal your data.

Now that everyone is working from home, hackers have shifted to exploiting the at-home wi-fi vulnerabilities.

3. Uncommon access points

Yes- your connected LED Lighting could be putting your information at risk. Historically, in office spaces, uncommon access points exploited by hackers have been printers.

Today, that has exponentially increased in our ‘connected everything’ world. As you’re working from home – think about all the backdoors hackers might be able to get into – connected coffee machines, garage doors, doorbells, baby monitors, refrigerators, lighting, pet feeders, and the list goes on.

Not only should you do an audit to keep your home and personal information secure, but now think about the sensitive business information they might be able to get.

4. G-Suite Scams

If a hacker can include a link, you can bet they will try anything to get you to click it. Common G-suite invitations that we’ve become accustomed to, and might accidentally click if we aren’t paying attention are:

1. Calendar invitations
2. Google photo invites
3. Google forms
4. Spam in Google Drive or Storage
5. Google Analytics Reports

Protect yourself by practicing common sense. Look twice, call a friend if you’re unsure, just don’t’ click the link 🙂

43% of all breaches occurred at small businesses – and this was before COVID.

The shift to working from home, although forced, puts an exponential amount of businesses at risk.

In honor of #NationalSmallBusinessWeek, here is a list of tips that you can implement to increase your chances of protection.

1. HTTPS vs. HTTP

It seems so simple – but that extra letter at the end makes the world of difference. In fact, Google won’t even consider putting your website in search rankings because they don’t want their users to be ‘at risk’.

To get the “s”, you’ll need to purchase an SSL certificate from your hosting provider. Once purchased, you select the domain you want to attach it to – and that’s it!

2. Wi-fi / Internet network security

Not all connectivity looks the same. Chances are, your at-home networks aren’t as secure as you think. Simple steps to increase your chance of protection:

• • Encrypt your wi-fi network so only trusted users can access (using a passcode and the WPA2/WPA3 Personal Security protocol)
  • Change the default settings – IP address & default login-password for the administrator
  • Turn off remote access related features (this means you won’t be able to access your router if you’re not home – but unless you know what you’re doing,  you shouldn’t need to do this anyways)
  • Update the router firmware
  • Log out properly

3. Leverage VPNs

If you’re going to be accessing any files from work servers use a VPN (Virtual Private Network) – this is a MUST.

There is a term called “wardriving” in the cybersecurity world. This means there are a handful of people who drive around and look for vulnerable Wi-Fi networks to hack. So be smart and use a VPN.

One caveat, make sure your computer is up-to-date with software, operating systems and antivirus software before you use the VPN to remote into your work servers.  If your computer is compromised with malware or ransomware and you VPN into your office network, you have just let the bad guys into the office too!

4. Managed Password Services

Storing your passwords in Chrome? We suggest you stop – immediately. If a hacker is able to get into your Chrome account, they are able to see all your passwords. A simple tip you can take is using a managed password service like LastPass, to keep your passwords secure.

BONUS: These password managers offer randomly generated passwords that can add another layer of security.

5. Multi-Factor Authentication

Multi-factor authentication means there are two steps to log in. For example, if you get a text message with a code to enter, you’ve now just completed two (multi) steps to log in.

If you’re a business owner, we suggest you enable the 2FA option for all employees in your most critical applications, like CRM and billing.

6. Update your apps

“That’s an app for that” – is a phrase we’re all too familiar with… and yes, apps are fun to help with productivity, but the more you have, the more at risk you could be. When apps send that notification to update – do it. Updates are often rolled out to fix any security issues that were exposed.

7. Turn off Default settings

This the simplest, most overlooked step in at-home security. With the recent Zoom security scandals, they’ve made strides in improving product-level security, but it serves as a reminder that ALWAYS turn-off any default settings.

Just because startups are small, it doesn’t mean they don’t have large scale IT support needs. The truth is, unlike their major corporate counterparts, emerging new businesses tend to have an even more diverse BYOD environment as well as a mixed bag of operating systems, applications, and peripherals. And unlike enterprise-sized accounts, they less frequently have the budget to justify hiring a full time IT person let alone an IT department. As a result, they need their IT services provider to do everything. So where do they turn for support?