Nov 13, 2023 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
The state of cybersecurity seems to be getting better, though there’s always room for improvement. According to a recent report by CompTIA, “The State of Cybersecurity 2024”, more companies see the need to take a proactive approach and look at cybersecurity from a risk management standpoint. Read on to learn what this might mean to your efforts to protect technological assets. Encouraging Signs, with Room for Greater Improvement In recent years, businesses have made strides in adopting a proactive stance toward cybersecurity, according to the CompTIA report. Of the small to medium-size businesses surveyed, solid percentages have formal frameworks for cybersecurity (45% for small businesses, and 63% for medium-size companies. Many small companies are assessing their risk, but without a formal framework. Over the last year or so, general satisfaction about the state of cybersecurity has increased, as well as satisfaction of respondents with their own company’s cybersecurity. Even with these modest increases, progress is still somewhat slow. In spite of said progress, data breaches still occur. The global average cost of a data breach is $4.45 million! In 2022, 96% of organizations had at least one breach, according to a report cited by CompTIA. The top of mind question is quite naturally “What is the cost of a cybersecurity incident?” What if organizations could also ask what the cost is not just in terms of money but in time and effort taken to prevent an incident? Constructing a Risk-Management Plan Cybersecurity has often been considered a secondary factor in the past, but businesses are now shifting from a defensive posture to a proactive...
Nov 9, 2023 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
The old defenses against cyberattacks–firewalls, antivirus programs and operating system patches–worked well when the security perimeter was the office. Now that remote work is here to stay and more devices are connected to company networks, protecting networks is more complicated. Read on to learn how defense in depth, an integration of individual tools, can help you better protect your technological assets. The Significance of Defense in Depth With business operations having altered in the last several years, more endpoints are connected to networks, and the threat surface expands. Not every remote worker may have the most up-to-date antivirus protection, for example. Bad actors could use brute-force attacks, seeking entry into numerous parts of the network. With defense in depth, other controls would keep the criminals from getting very far. This redundancy can give administrators time to enact countermeasures to keep the intruder from penetrating the network deeply Typically, defense in depth involves three layers of controls–administrative, physical and technical. Administrative controls have to do with the policies and procedures that workers follow; for example, restricting permission to certain portions of the network, and allowing access to the data and applications they need to do their work (least privilege). Another layer involves physical security, and protects data centers and IT systems from threats like data theft. These controls include guards, security cameras and biometrics and/or ID cards. The layers of controls are working at different layers yet are integrated to provide a strong defense against cyberattack. Getting Started with Defense in Depth But where to start? CompTIA’s article on the topic makes several suggestions. One is to...
Oct 12, 2023 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
With an increasing number of devices connected to networks, as well as increasingly sophisticated cyber attacks, the threat landscape is incredibly broad. In 2003, the US government and various industries collaborated and created Cybersecurity Awareness Month. Each October, the spotlight falls again on keeping your system secure and being secure online. Read on to learn about becoming not just aware, but prepared, all year long. Benefits of the Awareness Movement The goal of the collaboration on Cybersecurity Awareness Month is to raise awareness about the importance of cybersecurity, and to ensure that businesses–including small to medium-size businesses–have the resources to be safer and more secure online. Such resources include educational tools like guides, planners, training modules, and much more, to help your business make cybersecurity awareness a visible part of your organization. Not only do these tools come in different languages, but they can be modified to fit the specific needs of your organization. Awareness Just the Beginning While awareness is certainly important, it’s just the beginning of being prepared. A good first step in preparedness is mapping your entire network, finding out every device connected to it and learning whether those devices are secure. Another step is keeping track of the latest threats–phishing emails that can introduce malware to your network, or hacking attacks to take advantage of weak spots in your infrastructure. Evaluating the risks particular to your geographic location is important, though even a low-risk location is still subject to the risks of power outages and the resulting downtime. And don’t forget assessing the knowledge of your workers, including any weak spots...
Oct 5, 2023 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
With the recent wildfires in Maui, disaster preparedness is (or should be) once again top of mind. Aside from the physical recovery of businesses, integrity of their data (the lifeblood of the business) is at stake. Even if you think you’re prepared, you may not be. Read on to learn more about where to start in your disaster recovery planning. Consequences of Not Being Prepared The disaster may be twofold, as discovered in Maui. Not only did brush fires start, but winds from Hurricane Dora blasted part of the island, resulting in an even worse catastrophe. Businesses and homes were burned to the ground, and work stopped. Do you know what your business would do during an outage, let alone a disaster like Hawaii’s? And why limit preparedness to major disasters? These days, anything can happen–even a worker unwittingly clicking on a link in a phishing email, giving away confidential information. Disasters can be big, or stem from small actions. Data can be lost or stolen, resulting in regulatory fines and loss of confidence in your business. Bad actors are always looking for ways to catch businesses off guard; the cyber damage can last even longer than physical damage. Where to Begin Perhaps you’re overwhelmed by the process, wondering how to even get started. A good place to start is doing an audit of your current preparedness level. What systems, data and applications need to be up and running first, to keep your business operating? Which ones can be delayed a bit while you get your bearings? A thorough review of business-critical functions can show...
Sep 14, 2023 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
While cloud computing is now a common way to provision computing resources and outsource IT functions, security can be a (perceived) obstacle to adoption. Cloud security can be a shared responsibility, however, between the customer and provider. Read on to learn more about what to expect from a current or prospective provider, and what you can do yourself to stay secure. Cloud Security and Why it Matters Cloud computing, although providing multiple benefits, also presents security concerns. With compute resources available through the Internet, the greater amount of data moving between networks and devices, data which can be lost or stolen. Cloud security is a combination of technology, processes and policies that can keep your applications and data safe, reliable and available. Who ensures this, your company or the provider? Cloud Security a Shared Responsibility The answer is, both. In general, the provider provides and maintains the infrastructure, and the company looks after the data and applications “in” the cloud. How much responsibility either party assumes depends on the type of platform used. For instance, for Infrastructure as a Service (IaaS), the provider furnishes just that – infrastructure–and your company needs to manage the security of its own data and applications. Other platforms like PaaS and SaaS provide more oversight. Sometimes the CSP will also offer data storage and monitoring. Top providers may even offer security-by-design or layered security as well as network monitoring and identity access management. Your Company’s Role In general, a provider that handles more of the functions also protects more. Beginning with Infrastructure as a Service (IaaS), you secure...
Sep 7, 2023 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
Artificial Intelligence seems to be the hot topic nowadays, in the business world and the world at large. Many of us use the technology, whether we know it or not. Visitors to a website see that chat window pop up, and it seems like a real person is on the other end. Because of AI, it is often a chatbot simulating personal interaction. With the rollout of Generative AI in the form of ChatGPT, previously unknown possibilities have arisen. Artificial Intelligence has the potential to boost business productivity but also carries risk. Read on to learn more about how to harness this technology for the benefit of your business while considering risks of its use. ChatGPT Has Started a New Conversation Recently, CompTIA published a blog post about how generative IT has created great potential to enhance everything we do, but also brings up serious questions. The article cites questions for business leaders to ask. One is, can you harness AI to improve your operations and offerings, and should you? What benefits does AI offer, and what risks? And what do customers want? As with all tech innovations, considering business goals first is key, and how the technology can be implemented to achieve these goals. One theme that stands out from the article: proceed, but with caution. Benefits Come with Considerations Some members of the CompTIA board of directors cite specific ways they’ve benefited from AI technology. For example, one is able to upload documents like contracts and let AI find any red flags ahead of time, reducing legal costs. Or an email scheduling app...
