CPINetworks

by
back-up

A New Year’s Data Resolution To Stick To

back-upMany of us set goals, tasks, and challenges to tackle in the new year. Cleaning out the spare room, shopping around for the best energy deals, or exercising more than we did last year. We set these goals to improve our lives and build on productivity, health, and organization in the future.

Resolutions to improve for the coming year are great ideas to aspire towards; whether organizing your office, tidying your house, or taking control of your digital footprint. The problem for many is motivation can quickly fall away by the time February rolls around. If you manage to achieve only one of your new year goals for this year, make it to put a good backup in place for your digital files.

Storage failure, theft, accident, or natural disaster can impact at any time. Many of us put these possibilities to the back of our minds. We plan to organize our files ‘eventually’ and then never get around to it. It’s easy to think ‘it won’t happen to me’ or make creating a backup something that is always to be done tomorrow.

Replacing Old Valuables

Almost anything you own can be replaced one way or another. A broken laptop, tablet, or phone can easily be replaced with another model. Even credit card or financial details, if stolen or lost, can be cancelled and replaced by the bank in under a week.

Losing data, however, is far tougher to face. Without a safe backup, there’s no way to recover it once it is gone. Backups provide a service which could be described as the world’s best insurance policy.

While an insurer will often give you some, even most, of the value of the previous goods lost; data backup provides you with your exact data, precisely how you left it. It does this instantly, repeatedly, and without any additional charges or excess. In some instances, it is even automatic and done behind the scenes.

Recovering Irreplaceable Data

There are almost certainly old essays, browser bookmarks, and notes that you can comfortably live without. Equally, there are likely to be photographs, videos, and important documents that you couldn’t or should not part with.

For many, these files can be as valuable as the memories themselves: photographs of loved ones, long ago vacations, or milestone events in life. We commonly take critical data for granted; Assuming that because we can access it today, it will still be there tomorrow. This is unfortunately not always true.

These irreplaceable files are too important to keep in just a single place. Retaining only a single copy leaves your data vulnerable to luck and chance as to how long and if it survives.

Losing Data In An Instant

Data storage is liable to develop faults or failures at any time. Often a storage failure isn’t made apparent until the device fails to turn on or dies suddenly. These types of hardware failure become more and more likely as devices age.

Similarly, modern devices are more and more vulnerable to loss or theft as they get smaller and lighter. While criminals are not likely to be interested in your irreplaceable photographs and documents, they are vulnerable to being stolen along with the device they plan to sell. Whether lost through natural disaster such as flood or fire, misplaced by accident, or stolen by criminals; important files are truly painful to lose.

If you were to lose these files in an instant today, how much would you pay to end that stress and get them back again? Setting up a good backup is only a tiny fraction of the cost without any of the pain.

Backup For You

With the right backup solution, it doesn’t matter how many devices are lost or stolen. Even without a device or away from home, the data important to you can be kept safe and sound to be returned to you when you’re ready again.

Regular, consistent backups can even be made for you, automatic and in the background. Documents you create, photographs and video you take can be backed up and kept safe from the second they are captured or saved.

If you have travelled too long on borrowed luck, without putting a backup in place, give us a call at (416) 645-2469, (905) 667-0441 or email us to get set up with a robust and dependable backup solution for your data.

Want to be notified when our next blog is posted, sign up here.

by
bcc-nightmare-email

Do You Copy? What Can Go Wrong with BCC

bcc-nightmare-emailTry to find someone who has not “replied all” when meaning to send to only one individual. It’s embarrassing and can aggravate those people with more emails flooding their box. Another common email gaffe is misusing the CC and BCC fields in outgoing messages. This mistake can prove costly for business.

You’ll have noticed those extra fields below the “To” field in your email client. CC stands for carbon copy, and BCC for blind carbon copy.

When you use CC, it’s like you’ve imprinted your message on an old blue sheet of carbon paper. The email copy sends to your To recipients as well as anyone you have CC’d. All recipients can see who else you sent your message to. This is a great way to encourage collaboration and accountability.

When you use BCC, your To recipient and anyone else you BCC’d gets the email, but you’re not showing where you sent the message. This is for when you’re addressing a large group of contacts that may not know each other, or when you are sending a group message but you want to respect the privacy of all your recipients.

The Blind Carbon Copy Nightmare

A big problem is using To or CC when meaning to use BCC. You inadvertently expose all your contacts’ email addresses. Personal contact information needs protection, and people’s privacy demands respect. You don’t want to make this mistake with a single or a few emails, or worse still hundreds or thousands of emails.

There are many examples of BCC blunders. West Ham United Football Club faces the UK’s Information Commissioner’s Office fines for confirming all season ticket holders with email addresses in the CC field. In another example, the Independent Inquiry into Child Sexual Abuse was fined US$260,000 for exposing possible victims of child abuse in the same way.

Scotland’s National Health Service messaged transgender patients with their addresses in the To field. Instead of using BCC, the sender used an open distribution list. This shared 86 Glasgow patient email addresses and, perhaps, patient names and dates of birth when the addresses incorporated those details. You can bet there were some heated replies to that message, although the reports didn’t share whether they were “reply all” or not.

Also, the Sydney Morning Herald reported on a real estate company employee mistakenly CC’ing 300 customer emails. A customer complained. The error resulted in a six-figure aftermath. Lawyers, a consulting firm, and eight full-time employees worked on a data breach response plan for weeks.

What’s Better Than BCC

Any CC or BCC blunder could be a data breach. Take care. Don’t risk the loss of customer trust and possible compliance issues.

When you need to send out an email to a large group of people when you’re not necessarily expecting a response, use mailing software such as Mailchimp. Email marketing platforms send an individual copy of your message to every person on your mailing list, so there’s no risk of your contact list being exposed.

Need help setting up your email client or getting up to speed on an email marketing platform? We can help. Contact us today at (416) 645-2469, (905) 667-0441 or email us.   

Want to be notified when our next blog is posted, sign up here.

by
ransomware-email

7 Things You Need to Know About Ransomware

ransomware-emailRansomware is a well-named type of cyberattack. Cybercriminals taking this approach kidnap your data. After accessing your network, they encrypt files and demand payment for the passcode. Here are the top seven things you need to know about this business threat.

#1 It Can Happen to You

Cybercriminals rely on your false confidence. Don’t think “it won’t happen to me.” Attacks on government, education, healthcare, or financial institutions get publicity. Yet organizations of all types and sizes are targeted.

#2 Ransomware Spreads Fast

Ransomware is malware, malicious software that can reach throughout a network. So, if Jane from accounting opens a ransomware file, every single computer on your business network could be infected. The virus can spread between businesses, too. Consider the debilitating WannaCry ransomware attack of 2017. Within four days of its first detection in Europe, the strain had spread to 116 countries.

#3 Ransomware Targets People

A common method to send out phishing emails in the hope of having people enter their access credentials. Targeted business communication emails work, too. The attacker gets to know your business first. Then they send an email impersonating a colleague, supplier, or customer asking you to take action or update contact details by clicking on the link or downloading a file.

#4 Ransomware is Costly

Once the ransomware is installed on your system, it locks down your files. To regain access to the files, you need the password or decryption key the attacker supplies when you pay up; that’s if they keep their end of the bargain once you pay the ransom. These are crooks you’re dealing with after all!

In Coveware’s analysis of Q3 2019, the average ransom payment increased by 13% to $41,198 as compared to $36,295 in Q2 of 2019. And that’s just the cost of the ransom. Indirect costs include the cost of downtime, lost revenue, and long-term brand damage. There’s also the expense of removing the ransomware, forensic analysis, and rebuilding systems.

The average ransomware attack in Q3 2019 resulted in 12.1 days of downtime. – Coveware

#5 Ransom Requires Cryptocurrency

Ransom payment is usually made by bitcoin or another cryptocurrency. Your business needs to buy cryptocurrency with actual cash, then transmit the ransom. They choose cryptocurrency because it’s very difficult to trace. It doesn’t help you that bitcoin is not something you can charge back like a credit card.

#6 A Recovery Plan Helps

Planning in advance can help you respond more reasonably. Document plans to disconnect infected computers from the network as soon as possible. Also, power down any machines that could be vulnerable to avoid spreading contagion.

You should also discuss in advance whether or not your business will pay a ransom. Weighing the costs and benefits without a deadline on the decision can help you react more strategically.

#7 You Can Take Action

You don’t have to sit around worrying and waiting for a ransomware attack. There are many things you can do to help prevent this type of attack:

  • Filter traffic, preventing it from coming into your network in the first place.
  • Scan inbound emails for known threats, and block certain attachment types.
  • Use antivirus and anti-spam solutions and regularly upgrade and patch vulnerable software.
  • Educate all users about social engineering.
  • Allow remote access to your network only from secure virtual private networks.
  • Back up your data to more than one location so that you can restore any impacted files from a known source.

Ransomware is a lucrative, relatively easy mode of attack for cybercriminals. They could target your business. Contact us today for help implementing the best protection practices to keep your data safe. Call us at (416) 645-2469, (905) 667-0441 or email us.   

Want to be notified when our next blog is posted, sign up here.

by
abandoned-domainsemail

Don’t Let Crooks Hijack Your Domain

abandoned-domainsemailDoing business today you are as likely to give out your website address as your email or phone number. Your Web domain is your business identity on the internet. Don’t risk falling victim to the cyberthreat known as domain hijacking.

You build up a business site to represent your brand online. Every bit of content, and all the fonts and images you selected, reflect your business. You probably also have email addresses at the domain name (e.g. sales@yourbusinessname.com). So, imagine the pain of finding out that someone else has stolen your domain.

When your domain gets hijacked, you lose control of your website, its email addresses, and all associated accounts. And it’s not easy to recover them.

The Infosec Institute shares examples:

An advertising agency spent US$15,000 and 19 months recovering its stolen domain.

The owner of ShadeDaddy.com lost US$50,000 and had to lay off six of its eight employees. He said domain name theft is “like your house got stolen.”

How does a domain get stolen?

There are several ways this can happen to a business or individual.

The simplest is that your domain name expires, and you don’t know it. Domain registrars must send notice one month and one week before the domain expires. But the reminders might go to an email address that is no longer active or to the Web company that set your site up years ago and with whom you no longer communicate.

Once your domain rights lapse, the site gets disabled. After that, the domain name goes back into a pool of domain names for anyone to buy.

There are people who make money from purchasing domains. They hope to make money off your company’s desperation to get its domain back. Or they profit from redirecting traffic from your reputable Web address to their own.

Then there are the hijackers. These cybercriminals also want to profit from Web traffic redirects or to access your domain emails to send false invoices. They might intercept emails sent to your domain to learn proprietary information. They could change the content on your site or redirect traffic to a hub for online gambling, or worse.

The hijackers might steal your domain by gaining access to the email account you used to set up the domain. Cybercriminals might use phishing emails to obtain the access credentials. They use the password reset mechanism to take over your account and transfer the domain to a different registrar.

Your domain registration company could be compromised, too. It helps to pick an accredited registrar for your domain registration.

Any of these scenarios can have a serious, lasting impact on your business. Once someone else has access to your domain address they can do whatever they want with it.

Protect Against Domain Hijacking

The first step is to protect your access credentials. Leveraging two-factor authentication can also help prevent hijackers from stealing your domain. A registry lock can also help. It requires more communication if someone tries to change domain registration. This lets you know of suspicious activity and gives you some time to react.

It’s also important to know who is managing your domain name and how it is being managed. A Managed Service Provider can take care of this ongoing process for your business. Reach out to our Web experts today! Call us at (416) 645-2469, (905) 667-0441 or email us.   

Want to be notified when our next blog is posted, sign up here.

by

“So Slow!” Is it your Computer or your Internet Connection?

“Why is this computer running so slow?” It’s a common complaint. The question is whether it’s your computer or your internet connection.

You may feel your computer is moving at a snail’s pace, but it used to be cheetah-fast! You’re going to want to identify and address the issue to get back up to speed. Yet it’s hard to know whether to blame your computer or the internet, especially now that so many computer applications rely on internet connectivity.

So, how do you determine whether it’s your computer or connectivity that’s the problem? If you are having the problem only on one device in a network, you can guess it’s the computer not the connectivity. Otherwise, think about when you are having slow woes.

If you notice programs are taking longer to load up, your computer may not be up to the task. Running large applications such as Adobe Photoshop, Microsoft Office, or some accounting packages can cause slowdowns. The hardware may be overwhelmed. You may not have enough available storage space. Sometimes your computer’s parts are simply too old and not fast enough.

Even a new computer could be the problem if it’s an inexpensive one. Or perhaps you didn’t get enough random access memory (RAM). Your computer needs RAM to run applications or games; it’s the short-term memory of the computer. This is where the computer loads all the things it thinks it might need soon so that it can process them quickly. Without enough available RAM, the computer has to work harder (and slower) to get the results you want.

No wonder common advice for people dealing with slow computers is to invest in more RAM. If your device is less than five years old, you can often upgrade the RAM inexpensively, or switch to a solid-state drive (SSD). An SSD reads and writes differently than a traditional hard drive, which allows it to access information faster.

Meanwhile, buying a replacement computer may be the answer if your device is more than five years old.

Then Again, Maybe It’s the Internet Connection

On the other hand, you might notice computer slowness when online. Web pages might be slow to load, or you might be waiting ages to access YouTube videos.

If the lag is happening on only one website, it could be that site’s problem. Otherwise, internet slowness could be a provider problem. Or you might have a poor connection.

One way to confirm a connection issue is to check your internet speed. A site such as fast.com or speedtest.net can measure your speed, then you can compare it against the connection speed you’re paying for. Don’t know that? Check your service bill. You may have a slow internet speed plan. Maybe you haven’t changed it in years but have added many more devices. In that case, you’ll want to call your service provider about an upgrade… or confiscate the kid’s devices when you want to stream a favorite show.

When testing, you are looking for a speed of at least 10 Mbps. Anything below that, and you’ll start seeing slowdowns and start hearing the complaints from all corners of the house. To put that in perspective, Netflix needs at least 5 Mbps to stream in HD.

Other Tidbits to Tackle Slowness

You might also try rebooting your computer or your modem and router. If you leave these running all the time, never actually turning them off, they can get stuck in a slow rut.

If you’re on Wi-Fi, that could also be the root of your problem. Maybe you’re on a network with too many users making demands. For instance, if everyone in your family is streaming on their devices, expect a slowdown. You might be in a signal dead zone. In that case, you could look into a Wi-Fi mesh network.

Ultimately, there are many reasons for a slow computer or internet connection. Don’t get stuck with a tortoise of technology. A managed services provider can find the root cause and get you running faster. Contact us today at (416) 645-2469, (905) 667-0441 or email us.   

Want to be notified when our next blog is posted, sign up here.

by

The Trouble with Trusting Your Online Friends

Trust is the foundation of a good relationship – you trust friends to be loyal, sincere, and honest. But when you blindly trust online friends, you could be opening yourself up to cyberattack.

When you hear about a big data breach on the news, you may think you don’t need to worry. You may think, “I don’t do business with that company, so the crooks can’t steal my identity.” Or “my email address and password weren’t involved, so it’s not my problem.” Yet it could be.

One of your friends or family members’ personally identifying information may be hacked. Then, cybercriminals could use that as a stepping stone to get to you.

Think you’re safe when you interact with friends and family on Facebook or Instagram? Those aren’t the sites breached! Again, think twice.

Many people reuse their username and password on more than one site. Imagine the bad guys get hold of an individual’s credentials from a malware attack on a major retailer, or they buy that person’s credentials for a banking site on the Dark Web after a breach. The crooks might try the credentials on those sites to see if they can gain access, but they are also likely to try those same credentials on other sites, too.

What to Watch Out for Among Friends/Family

Hackers prey on our impulse to trust others. They have greater odds of success impersonating a Facebook friend asking for help. If a Nigerian prince emails out of the blue and asks for money, most of us know by now to delete the message immediately. But if Aunt Peggie does the same thing via Facebook, you’re more likely to fall for it.

The same thing happens with malicious content. We all know not to click on attachments from people we don’t know and trust. After hacking a social media account, cybercriminals email all that person’s friends. They might say something appealing such as, “you’ve got to check out this latest hilarious video of my son!” We want to see our friend’s son being funny, so we click, and the trouble starts.

One more note: be wary of whom you accept into your “friends” circle online. Adding your niece’s best friend or your work colleague’s husband may seem like a good idea, but, that’s one more possible vulnerability.

Impersonations of people you trust aren’t only happening on social media. You might get emails that appear to be from companies you trust, vendors you know, or work colleagues. For instance, you might get an invoice from your housekeeping service. It looks like usual, with the same services listed, but the banking details are different. If you don’t catch on, you’ll be paying the crooks instead of your cleaners.

Or you might get an email from a “co-worker” asking you to remind them of a password or account number. It seems like a simple request from someone who can afford to be casual about security with you. But don’t fall for a “hey, what was that password again?” request.

Another area of daily life that cybercriminals target is online selling sites such as eBay. They might hack an account with solid feedback to post items for sale. They’ll accept your payment but never deliver the goods.

Ultimately, don’t rely on that browser lock suggesting a site is secure or the fact that you already know so and so. You may not be actually dealing with that individual. Always confirm, using another method of communication, before sending sensitive info or money.

A managed services provider can help you secure online interactions and home computing networks. Want to learn more? Contact us today at (416) 645-2469, (905) 667-0441 or email us.   

Want to be notified when our next blog is posted, sign up here.

by

What is a Firewall, and Why Does It Matter?

Hearing “firewall” in the context of computing can be confusing. How does a tall, blazing fire separating rescue teams from people trapped apply to computers?

Well, imagine the rescue team using heavy blasts of water to save the day. A hacker is as motivated to get at your data. They will try everything to bypass your security. They want to get inside your network perimeter. In a business office, computers and printers are often networked together. This lets Jane in accounting and Kevin in graphic design access the same business tools.

In computing, a firewall sits between that internal network and the internet outside. It’s kind of like a nightclub bouncer. You definitely want it to be as burly and intimidating as possible to keep the riff-raff out. The firewall helps reduce or prevent unwanted traffic from getting through.

The Packet Filtering Firewall Approach

Your firewall can be hardware, software, or both. A packet-filter firewall monitors and controls network traffic. It filters data entering the network according to predetermined rules. IT experts set up a firewall to examine small amounts of data (called “packets”) to see if they contain threats. It checks packet data against criteria such as allowed IP addresses and packet type. If the data is suspect, the firewall stops those packets. If not, the data will continue on to its destination.

Firewalls stop certain software from sending and receiving data to and from the internet. This reduces the number of entry points for viruses or illegitimate traffic. After all, a club wouldn’t want to hire the bouncers to cover seven different doors.

A firewall also monitors outgoing traffic. Why’s that? Because an infected computer in your network could be sending out malicious information. If your company has fallen victim to a malware attack that turns a computer into a bot, it might be “phoning home.”

Unlike E.T. trying to get back to the safety of his home planet, the malware is checking in with its Zombie master. It’s helping to strengthen the bad guy’s ability to attack victims.

Firewalls can help prevent denial-of-service (DoS) attacks. In a DoS incident, thousands of computers are used to send an overwhelming amount of traffic to a network. It’s like putting 10,000 people in an elevator with an occupancy limit of 20 – expect a crash.

One famous 2016 attack seriously disrupted Amazon, Visa, PayPal, Netflix, AirBnB, and more.

Other Types of Firewall

Packet-filtering firewalls aren’t your only option. Stateful inspection is helping to make firewalls even smarter. These check where the packet came from, where it is going, and what application requested it. This end-to-end examination is more rigorous. All the parameters must match trusted information for the packet to pass through. This approach offers a smart, fast way to inspect for unauthorized traffic.

When setting up any firewall, it is important to avoid any unintentional openings. A hole in a chainlink fence renders perimeter security useless. A hole in a firewall leaves your network vulnerable.

Need help deciding on the right type of firewall for your business? Want to be sure your firewalls are going to withstand attack?

Our experts can help set up and test your firewalls. Contact us today at (416) 645-2469, (905) 667-0441 or email us.   

Want to be notified when our next blog is posted, sign up here.

by

Could Your Backups Survive A Ransomware Attack?

More and more businesses and organizations are getting stung by ransomware demands. Hospitals, schools, social networks…some days it seems like an epidemic that leaps around arbitrarily, and hackers are raking in millions.

Tallied across the word…billions.

Ransomware attacks are devious in their simplicity. A user in the target business is tricked into opening a file, usually through a phishing email or download. The file contains malware which instantly encrypts your data and demands money in exchange for the password.

No payment = no password = no data.

All of the target businesses should have backups, which they could simply revert to without paying any money, but the FBI reports more than $209 million was sent to hackers in the first quarter of this year alone. Keep in mind, this was just payments within the US, and only counts those who came forward.

Last year it was only $25million.

Aren’t backups helping?

Sometimes the backup solution fails and the data can’t be retrieved. This is particularly true in cases where the solution has been in use for years and something failed along the way.

In other instances, the target business has a backup that can be restored, but it doesn’t include everything they need for full recovery.

Finally, and the most common reason so many businesses are forced to pay the ransom:  the ransomware attack affects the entire system – including attached and synchronized backups. If the backup is also caught in the ransomware encryption, it becomes useless as a recovery method and the only options are to pay or lose the data forever.

Each day spent trying to recover the data is a drain on valuable business resources and in many cases, results in massive revenue loss.

The only defense is to block the malware before it can infect the first workstation, and then continue the protection with a comprehensive backup strategy for all workstations and servers.

Give us a call to discuss how we can help secure your business against ransomware today at (416) 645-2469, (905) 667-0441 or email us.   

Want to be notified when our next blog is posted, sign up here.

by

Is Your Tech Partner a Team Player?

Business is about relationships. One important relationship today is with a technology partner. This partner will consult on hardware, software, security, and other IT concerns. You can focus on other business priorities, but is your tech partner actually a good team player?

There are a lot of businesses that call themselves technology partners. The term can be broadly defined.

Technology vendors who sell specific hardware or software solutions will promise a partnership, but they will focus on a relationship that benefits their business goals.

For instance, they will generally try to steer you toward buying the products that they themselves make. Vendors will also bill your business for support when you need it. Yet that creates a conflict of interest: they profit from your inconvenience. That’s not the type of partner you want on your team.

A True Partnership with your MSP

Managed Service Providers (MSPs) are another type of technology partner. They look to add value to the team.

In MSP partnerships, your business pays a monthly fee to keep everything working. Your MSP manages your IT and protects your end-user systems. You are paying them to prevent problems before they happen. Unlike reactive vendors, MSPs work to enhance business security and compliance.

Partnering with an MSP adds experts to your team who learn your business needs and look to improve efficiency and flexibility. Besides the convenience of predictable pricing, an MSP will also suggest ways to help reduce IT costs. MSPs have relationships with many different vendors, so they can get the best price when offering you access to new technology.

In introducing new hardware or software, or making upgrades to streamline processes, an MSP is usually brand agnostic. Sure, they may have favorites due to good experiences with a particular brand, but they will still put your business needs first and always find the best solution for you. They’ll want to explore how the work gets done, get to know the IT environment, and seek employee input.

The MSP experts will sit down with you to find out the business challenges that need to be addressed. Then, they do the research and propose the best solutions for your users and environment. To continue the sports analogy, MSPs have more than one single play in their playbook: they draw up the tech strategy that best suits your business needs.

The MSP is also in it for the long haul. A vendor may be looking only to be a partnership that leads to product or service sales and tech support calls. The MSP model is built on collaboration and communication. These are IT experts who thrive on seeing their clients develop, optimize, and succeed.

Plus, MSPs can join forces with businesses of any size. They’ll bring the same team play to the IT playing field for small and home businesses as they would for enterprise-sized organizations.

Key Takeaway

In gauging whether your technology partner is a team player, consider the relationship benefits. You may get the technology you think you want from a vendor, but they are also focused on profiting from the partnership?

Your MSP should take the time to learn about user experience and business objectives to ensure their solutions and services add value. Instead of benefiting from things going wrong at your business, your technology partner should have an incentive to prevent problems from ever happening.

If you want a MSP technology partner who will find the right solution for the benefit of the team, CPI can help with our Flat Fee IT Solution!

Contact our experts today at (416) 645-2469, (905) 667-0441 or email us.   

Want to be notified when our next blog is posted, sign up here.

by

4 Common Compliance Issues You Might Be Missing

Information security is on every business’s radar these days. Data drives so much of what we do. Looking to contain the risks, many sectors have established IT compliance regulations. Whether meeting a standard or not, don’t overlook these common areas of concern.

Governments and regulatory agencies have established compliance standards for the financial, legal, healthcare, and energy sectors. Other organizations abide by best practices for data protection and improving system security. Whether mandated or not, the goals remain similar:

  • Improve security protocols.
  • Identify vulnerabilities.
  • Prevent breaches.
  • Reduce losses.
  • Increase access control.
  • Educate employees.
  • Maintain customer trust.

Shortcomings can mean compliance concerns, industry fines, customer churn, and brand reputation damage. Being proactive about these four common issues can benefit companies in any industry sector.

Common Issues that Thwart Compliance

Companies with Bring Your Own Device (BYOD) policies save $350 annually per employee, according to CISCO, but cost savings aren’t the only reason organizations are embracing BYOD. Letting people use personal mobile devices at work improves productivity and engages employees.

Yet allowing BYOD in the work environment can make the organization more vulnerable. There is greater risk of:

  • spread of malicious applications or viruses;
  • employees accessing business materials using unsecured Wi-Fi;
  • people who have left the company continuing to have access to proprietary systems.
  • None of these are good from a compliance point of view.

Personal portable devices may not have the same access controls as business computers, which makes them more vulnerable if lost or stolen.

This brings us to a second common compliance concern: physical security. A business may do a brilliant job of securing its devices on-site. It has firewalls, patches security regularly, and asks employees to update passwords, but what happens if a laptop, mobile phone, or USB drive is stolen or lost?

All devices accessing business systems and networks from off-site should use encryption. With remote monitoring and management, IT staff can control security configurations regardless of the end-user environment. Mobile device management allows your IT team to secure, locate, or erase any mobile device used for business.

Counting on Others for Compliance

Another area of concern is third-party connections. Again, your business may be top of the class as far as the five core functions of cybersecurity – Identify, Protect, Detect, Respond, and Recover – are concerned, but what if your vendor’s security isn’t up to snuff.

Do you have business partners that are storing your sensitive data? Or does a supplier have access to personally identifying customer or employee information? Third-party risk is a real thing – ask Target. Cybercriminals stole data for 40 million debit and credit cards via the retailer’s HVAC company.

Cybercriminals could use a third party’s lax security to target you. Make sure that your vendors are taking cybersecurity as seriously as you do.

Even in your own business environment, cut the number of people who have access to sensitive data. Obviously, you’ve hired people you think you can trust, but you can still better ward off the insider cybersecurity threat by:

  1. educating employees about the importance of strong passwords, securing devices, and physical security;
  2. informing people about social engineering (e.g. phishing emails or fraudulent business communications);
  3. limiting personnel access to data, network, or systems based on necessity;
  4. having a policy to revoke access permissions and reclaim devices from any employee leaving the company.

Ensuring compliance takes technological know-how and awareness of the evolving threat landscape. This vigilance, communication, and education require time and effort. Put the right policies and procedures in place with our help. Contact our experts today at (416) 645-2469, (905) 667-0441 or email us.   

Want to be notified when our next blog is posted, sign up here.