By: Joseph Imperato, Sr., Partner, XSolutions Consulting Services, LLC Cybercrime is high, and hackers are setting their sights on small and medium businesses who are “low hanging fruit.” Don’t be their next victim! It doesn’t matter your size. All businesses have information that can be sold on the web for boatloads of cash (social security numbers, bank information, credit card numbers, login data, company secrets, etc.). Below is a list of 10 things hackers target when looking for victims: 8 Signs That Make Hackers Smile
You Need A Managed Security Plan Many Small-to-Medium size businesses (SMBs) feel that they can “go it alone” and secure their networks against hackers―they can’t. There are too many ways hackers can weasel their way into systems or trick unsuspecting, but well-meaning employees into letting them in. IT expertise is needed to give your business a fighting chance in today’s ultra-unsafe digital environment. Those businesses that do not have an IT department need to get a Managed Services Provider (MSP) on board right away. A good MSP will be able to quickly assess the state of your network, propose ways to strengthen your security and give you EXACT PRICING BEFORE you sign an agreement with them. Click Here To Schedule A FREE Technology Assessment
0 Comments
By: Cynthia Romano, Principal, Global Director, Restructuring and Dispute Resolution, CohnReznik Science has proven that the more stressful the situation, the less rational the decision-making. Our ability to process complex information diminishes, perceptions distort, and focus narrows. When that happens, people and companies rarely survive. Consider this real example: ABC company generated annual net income of $3 million on $65 million in revenue. The family owners departed. Five years of deepening distress followed. Fourteen months later, annual revenue was at 50% of plan, monthly EBITDA was averaging negative $400,000, and weekly cash burn approached $100,000. Frustrated, fatigued, and burning cash faster with each attempt to improve, the shareholders gave up and made plans to exit. But something unexpected happened. The chief restructuring officer appointed to wind down ABC stabilized the business, generated cash to support operations, and posted a profit for the first time in 18 months. ABC was no longer at death’s door. What made the difference? An unrelenting focus on this survival mantra: “cash, communication, control.” Cash First, stop the bleeding, then find and fix the source. Clearly, more cash can’t go out than comes in. Yet the smart, experienced people who owned and managed ABC allowed that to happen. Blinded by “good news,” like a new sales order positioned as a “great opportunity” that would have become a cash sinkhole, they focused on doing more of the wrong thing with more money. Therefore, Step 1 is to do the known, right thing and stop the cash bleed. Initially, it doesn’t matter why cash is bleeding; it simply matters that the bleeding be stopped while not further crippling the business or exposing fiduciaries to additional liability. Communication Reach out early and often – even when there’s nothing to say. Amid fear, shame, anger, and other crisis-induced emotions, communication fails. Information is held “close to the vest.” Executives hide in their offices. Productivity declines. Good people leave, and fear grips those who remain. Instead, leadership can effectively communicate honestly, transparently, and frequently. Control Know where you are and where you are going, and course-correct as necessary. Evolving a new way of seeing begins Day 1 through whatever mechanisms, policies, and actions make clear that this is about survival, not business as usual. By the end of the second week, a plan should be complete and vetted with allies whose support is critical. The plan begins with a cash model but, inevitably, includes a map for operational restructuring. Control is the implementation of the turnaround plan with practice, monitoring, assessment, and adjustment. The Three C’s coordinated: Surviving ABC’s team refused to quit, despite prior failures and terrible odds. They were unrelenting in repeating and enacting the mantra “cash, communication, control,” and the results were striking. Cash breakeven was achieved within six weeks. Margins improved monthly. Operating income hit breakeven. Profitability was achieved within four months after years of losses. And, a buyer expressed interest as an alternative to a shutdown. With the newly found cash runway, diligence commenced on the day the lights were previously scheduled to be shut off. By: Joseph Imperato, Sr., Partner, XSolutions Consulting Services, LLC 2020 is undoubtedly the year of “COVID-19.” The pandemic forced companies to allow most employees to work from home (WFH). WFH employees are, in many cases, using their personal devices. They are more easily distracted in the home environment. The pressure to complete assignments on time is causing security to take a back seat. When we think of security risks and data breaches, malicious emails, SPAM, phishing, and drive-by attacks come to mind. These are big problems, but there is one that is very common but not openly admitted to and discussed. Misdirected Email, The Risk Few DiscussA U.K. study shows that 68% of employees admitted to sending work emails in error. Another survey found that over 60% of U.S. respondents polled said they sent emails to the wrong person. Businesses use email as their primary source of written communication. The amount of confidential data contained in emails is enormous. The potential for harm is high. Why Errant Emails Are Big Security Risks You would be surprised what people put into emails. I’ve seen people include social security numbers, credit card info, personal names and addresses, medical data, etc. Errant emails containing confidential data are a problem for three reasons:
Awareness Is The Key Technology has come a long way. It can help with this issue, but it can’t prevent us from pressing the send button. Never email financial information, medical data, social security numbers, etc. The danger of that information falling into the wrong hands is too great. Please don’t do it. Find a more secure way to transmit that information such as an encrypted email service or a secure file-sharing application. However, before using them, make sure that your account is secured such as using multi-factor authentication if possible (in case of a breach), and that the transmitted data is encrypted end-to-end. The auto-complete feature is the main cause of misdirected emails because many users don’t check before sending. The only way to solve this is to double-check the address before hitting the send button! Proper training to make employees aware of the ramifications of sending emails to the wrong person is key. One mistake can cost your business big time! By: Rachel Lau, Social Media, Arts, and Design, Guardian Data Destruction Perhaps you’ve been asked to provide a certificate of data destruction as a result of an audit or routine chain of custody verification. Or worse, the fallout from a data breach. Ensure that your data destruction process is airtight by understanding what the certificate of data destruction is and the verification you’ll need for an effective, compliant data destruction plan that stands up to scrutiny. And, lets you sleep at night. What is a Certificate of Data Destruction? Quite simply, a Certificate of Data Destruction is a formal document stating that digital media has been destroyed. It should include detailed information about the method of destruction, a detailed list of IT devices (hard drives, SSD drives, magnetic tape, cell phones, USB drives, arrays, etc.) destroyed to ensure that the data destruction process complied with all relevant security laws, most importantly NIST 800-88 specifications. Are all Certificates of Data Destruction the same? There is no certifying authority for the data destruction industry so the reputation, reporting capability and legitimacy of your data destruction vendor is paramount. In other words, choose carefully. Data destruction partners should automatically provide verification that will protect you, your client and your client relationship in the unfortunate circumstance of either legal action, a data breach investigation or an audit of your data destruction process. Without the backup verification, the Certificate of Data Destruction doesn’t provide absolute proof of data privacy regulatory compliance and best practices. Find the best data destruction provider We’ve put together this handy How to select a gold-standard data destruction provider checklist of criteria that your data destruction provider should have or provide to support a strong Certificate of Data Destruction. Your ITAD, VAR or even head of data security should work with you to develop the right criteria for selecting the right data destruction vendor to meet your standard. And advise you on a best practices plan to ensure that the data is destroyed so that you can rest easy. Guardian is here If you need help, talk to us. Without obligation. We’re happy to answer any questions to ensure that your assets are certified (really certified) to be data free. And, we can refer you to a VAR or ITAD if you need one. To learn more about data destruction options, download our Data Destruction 101 guide or read our data destruction services section of the website. |
Guest Blog
Archives
September 2024
Categories |