By the DynaSis Team

With bad news about cybercrime appearing daily, many small and midsized business (SMB) owners may be wondering, “How vulnerable am I?” After all, most of the news accounts of data breaches and other attacks relate to major companies, governmental entities, and other very large targets.

Unfortunately, the reason SMBs aren’t making headlines is because they don’t make great news, not because they aren’t favored targets. A quick Internet search will turn up dozens of stories about the vulnerability of SMBs, as a group. In 2011, Symantec’s annual Internet Security Threat Report found that companies with fewer than 250 employees constituted 18 percent of targeted attacks. In the 2016 report, that figured had risen to 43 percent, with SMBs being the most heavily targeted group.

Why are SMBs so attractive? Major corporations have big security budgets, and they can afford to implement the latest techniques to protect their networks. Many have teams of security specialists whose primary tasks are to keep cybercriminals at bay. SMBs don’t have these types of resources, and hackers know that.

Nevertheless, the vulnerability of SMBs wouldn’t be enough, by itself, to make them targets. If hackers had to expend days, or even hours, finding and attacking a vulnerable SMB in exchange for a handful of proprietary information, they wouldn’t do it. Fortunately for the hackers, they don’t need to.

An entire ecosystem of cybercrime tools now exists, and many of them are freely available. Hackers have also learned they can turn groups of vulnerable systems into “botnets.” Here, multiple computing devices are interconnected and used to scan the Internet, looking for compromised websites to hijack, open corporate network connections to infiltrate, and other inadequately protected resources. Making matters worse, cybercriminals continue developing new attack tools and approaches, and even large organizations have a hard time keeping up.

For SMBs, becoming a victim at some point is a near certainty. In fact, most experts no longer counsel organizations that they can completely prevent a breach. Rather, the goal is to mitigate the damage when one happens.

Fortunately, it is neither expensive nor complicated to secure your firm and its resources and substantially reduce your odds of attack. It is also possible to implement automated mechanisms that will detect penetration and stop it, quickly. However, these tools are sophisticated and it is usually neither practical nor cost effective for in-house IT support teams to manage them.

For most SMBs, contracting with a managed services provider or an IT solutions firm is the most effective way of implementing and managing stringent IT security. However, not all IT consulting or IT support companies are created equal. Some are more security focused than others, with certified professionals and the latest technologies at their disposal.

To help organizations better understand cyber security and the considerations for hiring outside IT security assistance, DynaSis has developed two white papers: Cyber-Security 2016 and Managed IT Security. Both are complimentary downloads on our site. In future blogs, we will drill down into greater detail about cyber security, so stay tuned!

Selection of an IT outsourcing company is a very important business decision. For almost a quarter century, Atlanta’s small to mid-sized businesses have relied on DynaSis’ for managed IT services, internet security, and 24 x 7 x 365 helpdesk support. Today, with cybercrime becoming an ever-increasing threat, DynaSis has become an industry leader in network protection and ransomware prevention. Please take a tour through our website at www.DynaSis.com or speak with a technical expert at 678.218.1769.

[featured_image]

By the DynaSis Team

Despite mobility being one of the technology cornerstones for small and midsized businesses (SMBs), many organizations still are not making effective, long-term decisions for their firms. In May, we talked about the ongoing challenges of Bring Your Own Device (BYOD) to the workplace and the importance of having qualified IT support teams or managed IT services providers administer and manage this solution. However, numerous studies indicate that BYOD is not the only component of mobility where SMB owners and decision makers are having a hard time achieving optimal benefit.

Per data from research firm SMB Group, between 55 and 65 percent of SMB owners (depending on organizational size) agree or strongly agree that mobile solutions and services are “critical” to the business. Yet, the researchers also found that many SMB owners do not have a strategic perspective regarding mobile technologies. Following are a few examples:

• According to a Techaisle 2015 SMB Mobility Adoption and Trends survey: More than 80 percent of SMB employees require mobile access to company data, yet many owners remain overwhelmed by issues such as total cost of ownership (46 percent), compliance (44 percent) and integration with desktop, IT and communications infrastructure (37 percent).
• In an SMB Group survey of mobile application selection: For firms with 1 to 100 employees, “ease of use” and “low cost” are the top two criteria for adopting or allowing a mobile app in the workplace. Companies of 100 to 1000 selected ease of use and “integrates well with other applications” as the two top criteria. Neither selected such strategic drivers as “increases productivity and collaboration,” “ease of access and management” or “application security” as top application criteria.
• Per a study by RBC Capital Markets about mobile websites: 67 percent of SMBs do not have a mobile-optimized website, and similar studies show that even fewer use SMS or text messages to reach their partners or customers. The study noted that such low adoption rates could be hurting SMB sales—and even corporate reputation—given the uptake of mobile devices.

From these examples (and others), it’s apparent that SMBs lag behind larger competitors in the mobile arena. The development of the “mobile workplace” was supposed to help level the playing field for smaller companies. Yet, for organizational leaders who don’t have the time, expertise or sense of direction to take advantage of mobile opportunities, the reverse could be true.

What many SMBs need most is a cohesive mobile technology strategy, which is a key, not only to effective mobile adoption but also to mobile risk management. As with so many areas of the business, company leaders are often too wrapped up with daily operational issues to make time for strategic planning.

Having the assistance of an outside resource, such as a managed services provider or IT consulting firm, is often the best way to obtain both resource and expertise for objective planning and decision making. With a strategic plan in place, business leaders can make informed, long-term decisions that support both the organization and its personnel.

DynaSis has been providing managed IT support services to Metro Atlanta’s small to midsized businesses since 1992. We provide Availability – making sure your network is up and running; Mobility – allowing your employees world-wide access to your network; and Security – as an Internet security company, we resolve “issues” before they grow into problems. If you want to learn more, please visit www.DynaSis.com, or call us at 678.218.1769.

[featured_image]

By the DynaSis Team

For many small and midsized business owners, cybersecurity is a maze with no apparent exit. Bad news arrives daily, and “recommended” or “best practices” solutions can differ from one IT solutions provider to the next. As a managed IT services firm that helps companies navigate this maze on a daily basis, we understand how confusing cybersecurity can be. Even so, that doesn’t mean business owners can afford to ignore the threat landscape and hope it will go away. It won’t.

Last week, we read the annual Data Breach Digest from Verizon, an incident report that identifies cyberattack trends. To pinpoint the trend lines, a team of investigators explored more than 500 cybersecurity incidents from 2015 and then analyzed them with data from the two previous years.

Some of the results were unsettling, to say the least.

• Human error is still responsible for a large percentage of data breaches (30% over the past three years). Among breaches caused by human error, phishing (spoofed emails or websites that look real, to which users respond and become infected) accounted for 72% of those breaches.
• Initial compromise is happening the same ways it has for a decade, including email, social media, and infected thumb (USB) drives.
• Perhaps most disturbing, the report found that 80% of all data breaches--even those not officially assigned to human error--involve exploitation of stolen, weak, default or easily guessable passwords.

Since the dawn of corporate computing, experts have been urging companies to require secure passwords—and to teach employees how to keep them safe. The fact that 80% of breaches involve compromised passwords surprised even us.

Human gullibility will never be eliminated, which is why cybercriminals rely upon it. However, organizations can teach employees how to recognize danger—and avoid giving into their gullible natures.

In addition, requiring strong passwords throughout the organization is one of the single easiest steps a business owner can take to secure his firm and its assets. Even if you don’t think you can afford an advanced threat detection and mitigation solution or don’t have the time to conduct a “safe IT practices” training session for personnel, it is business suicide not to enact and enforce a password policy.

If you do not have a password policy, we urge you to create one, now. Issue a memo about passwords with a deadline, and identify a trusted management or IT staffer to follow up and ensure compliance. To get workers excited, sponsor a contest, and offer a gift certificate or other perk to the person with the best password and the one that reaches compliance first.

To help you get started, here are a few pointers:

• Passwords must contain at least eight characters; 14 is even better.
• Passwords must not contain the user name or parts of the user’s full name, such as a first name.
• Passwords must use at least three of the four available character types: lowercase letters, uppercase letters, numbers and symbols.
• Passwords must be changed at least every 90 days, and personnel should receive a task reminder via email, calendar, etc. that won’t go away until they confirm completion.
• Passwords for company resources must not be shared with anyone—even other employees—not should they be transmitted to other devices via email or other method “for safekeeping” or any other reason.
• The firm should have a written, enforced policy that states failure to adhere to password guidelines may result in termination.

Many data storage solutions incorporate strict password policies, and a number of affordable security solutions police them. After you get everyone on board with password management, consider working with an IT consulting or IT support firm to adopt a technology-based enforcement mechanism. It will pay for itself, quickly.

DynaSis has been Atlanta’s premier IT support services provider for more than 23 years. As an IT company working with small to midsized businesses (10 to 150+ users), DynaSis has developed a unique 12-layer approach to network threat protection, ransomware prevention and crypto virus threat elimination. The DynaSis Business Cloud functions through a highly secure environment with full real-time data backup. Please contact us at 678.218.1769 or visit our website at www.DynaSis.com.

By the DynaSis Team

[featured_image]

Cybersecurity, already a hot topic in the news, has moved to an even brighter spotlight now that the presidential candidates are discussing it. The merits of their positions are not for us to debate here. However, their actions underscore the idea that cybersecurity is an issue of concern to the citizens who might vote for them.

Statistics support this viewpoint, especially among the small and midsized business (SMB) community. In May, 2015, Endurance International Group (EIG) released the results of a survey that indicated 81 percent of SMB owners have cybersecurity concerns. Even more (94 percent) “often think” about online security. This is good news, given that SMBs are prime targets. A Verizon study found that organizations with 11-100 employees are 15 times more likely to have their security defenses breached than organizations with more than 100 employees.

Unfortunately, the EIG survey also contained some deeply worrisome statistics. Researchers discovered that 94 percent of SMB owners don’t have cybersecurity insurance. Eighty-three percent handle cybersecurity themselves, often because they don’t think they can afford to employ IT support staff or contract for managed IT services.

In reality, the risk of being breached has become so great that no business can afford not to engage professional help. Attack vectors are evolving so rapidly that it is impossible to avoid them completely. Multi-national, billion-dollar corporations work to manage risk with layers of protection that close security holes, remove or clean infections, detect and stop malicious activities, and provide other lines of defense for corporate systems.

As we head into 2016, we hope all SMB owners will embrace this approach and take action to fortify their companies’ defenses. There simply is no “silver bullet” for security. No single solution will protect a firm. Companies must use a multi-layered approach in order to mitigate threats. Beginning with our first January article, we will be covering various aspects of cybersecurity to help educate our readers regarding this daunting but critical task.

Cybersecurity is complex, and it deserves everyone’s full attention. To ignore it is to accept the consequences of a breach. For an SMB, such an event is almost always financially crippling. In 60% of cases, it will destroy the business within six months.