4 Common Compliance Issues You Might Be Missing

Information security is on every business’s radar these days. Data drives so much of what we do. Looking to contain the risks, many sectors have established IT compliance regulations. Whether meeting a standard or not, don’t overlook these common areas of concern.

Governments and regulatory agencies have established compliance standards for the financial, legal, healthcare, and energy sectors. Other organizations abide by best practices for data protection and improving system security. Whether mandated or not, the goals remain similar:

Improve security protocols.
Identify vulnerabilities.
Prevent breaches.
Reduce losses.
Increase access control.
Educate employees.
Maintain customer trust.

Shortcomings can mean compliance concerns, industry fines, customer churn, and brand reputation damage. Being proactive about these four common issues can benefit companies in any industry sector.

Common Issues that Thwart Compliance

Companies with Bring Your Own Device (BYOD) policies save $350 annually per employee, according to CISCO, but cost savings aren’t the only reason organizations are …

Are You Doing Your IT Due Diligence?

The words “due diligence” may make you think of a courtroom drama on television. Surely, that’s something only lawyers have to worry about? Not so fast. Due diligence is something your business can be doing, too. Are you covering the basics?

Due diligence is about taking care and being cautious in doing business. It extends to how you manage your technology, too. You may think you’re immune to a data breach or cyberattack, but cybercriminals can target you regardless of business size or industry sector.

Depending on your industry, you may even have compliance or regulatory laws to follow. Some insurance providers also expect a certain level of security standards from you. The costs associated with these cyber incidents are increasing, too. Don’t leave your business vulnerable.

What due diligence involves

Technological due diligence requires attention to several areas. Generally, you’ll need to show the following:

Each staff member has a unique login. …

The Dark Web and Its Impact on Your Business

Business owners today know the internet is not only a force for good. Some people exploit the Web for ill intent. They congregate on the Dark Web, and small businesses need to understand the risks.

What is the Dark Web?

You and your employees spend time daily on the Web. They’re researching clients, checking out competitors, and searching for information. They are not accessing the Dark Web. The Dark Web houses dangerous, often illegal activity. This includes black-market drug sales, illegal firearm sales, and illicit pornography.

The Dark Web’s collection of websites is inaccessible using standard search engines or browsers. Users employ a Tor or I2P encryption tool to hide their identity and activity, and they spoof IP addresses.

To go into the Dark Web, you also need to be using the Tor or I2P service. Plus, you’d need to know where to find the site you are looking for. There are Dark …

5 Common Computer Myths Debunked

Common urban myths would have us believe alligators live in sewers or people put razor blades in kids’ candy. Common misconceptions about computers are just as persistent. Here are several IT myths debunked for your benefit.

#1 A slow-running computer has a virus

A virus can be to blame. Spyware or other malware can also cause a computer to slow down. However, there are also many other reasons your computer might run slower:

You may have a lot of programs that start up when you boot up the computer. You could remove or disable programs that start every time.
The computer has gone into power save mode every night, but you haven’t rebooted the computer in a long time.
There are many programs running in the background. On a Windows PC, you can go into task manager and see what is running and the computer resources in use.
A security …

Failure is Not an Option: Getting Rid of Single Points of Failure

You might think that your business is going to be OK even if a single device goes down. After all, there are other devices your employees can use. It’s not as if the entire system is going to fall like dominoes. Or is it? Get rid of single points of failure to make sure one vulnerability doesn’t take down your network.

A single point of failure (SPOF) can be a design, implementation, or configuration weakness. Without proper design considerations, unintentional SPOFs may be introduced into computing environments.

Yet, cybercriminals don’t need super powers to target IT fatal weaknesses. SPOFs for technology include:

Having only one server that runs an essential application. Without that server, your employees can’t use that particular business tool.

Solution: Plan for the worst with built-in server redundancy. Have multiples of any hardware that is business critical. Consider a standby backup server or migrate to the cloud so …

How to Destroy Data Properly

When we accidentally delete something, it feels like the end of the world. If a client file or new presentation is deleted, you may have to start again. Oh no! Yet deleting files is not as permanent as you may think. When it comes to destroying data properly, you’ll want to take a more thorough approach.

Deleting items, or “trashing” them, doesn’t permanently remove them from computer memory. While the data is still stored on your device’s hard disk, it’s possible someone could restore that deleted data.

Data does reach a point at which it’s no longer useful, and you are no longer required to maintain it. Nevertheless, it may still be valuable to cybercriminals. Bad actors can use names, addresses, credit card numbers, banking accounts, or health data. You need a policy to destroy paper records, magnetic media, hard drives, and any storage media.

Your obligation to protect customer and staff …

Locking Up Cybersecurity with a Managed Services Provider

Cybercrime is not the most costly of illegal activities. That dubious distinction goes to government corruption, followed by drug trafficking. Cybercrime comes in third. Yet cybercrime does take the top spot when it comes to numbers of victims. A managed services provider can help.

Cybercrime has hundreds of millions of victims. Two-thirds of people online have experienced personal information theft or compromise. A 2018 McAfee Security study suggested that represents more than 2 billion individuals!

If any of those people works at your business, it could mean trouble for your security, too. Why? People tend to think they have too many passwords to remember. So, they use the same login information again and again. That means a criminal could leverage employee data to access business systems, too.

Cybercrime is a global problem for both individuals and businesses. The bad actors, after all, can make big bucks from their crime with low risk …

Handle with Care: Sending Data Securely

In our digital economy, we send and receive information quickly online. The Internet offers immediate communication with colleagues, clients, vendors, and other strategic partners. Yet we shouldn’t prioritize convenience over data security.

What data do you send in a day’s worth of emails? Sensitive data you send might include:

personally identifiable information (PII);
credit card or payment card information;
attorney/client privileged information;
IT security information;
protected health information;
human subject research;
loan or job application data;
proprietary business knowledge.

The problem is people sending without thinking about the security of the transmission. One way to gauge the need for security is to consider how you might send that same information via the postal service. Would you put that data on a postcard that anyone could read? Or would you send a sealed, certified mailing and require the recipient’s signature?

Transmitting data on the Internet in plain text is like the postcard – …

Island Hopping: Not Always a Good Thing

The phrase “island hopping” conjures up positive images. You might think of cruising beautiful sandy beaches on a tour of tropical islands. Too bad cybercriminals have given the term a new, less pleasant spin.

Island hopping is an increasingly popular method of attacking businesses. In this approach, the cybercriminal targets a business indirectly. The bad actors first go after the target’s smaller strategic partners. So, vendors or affiliates, who might not have the same level of cybersecurity, become stepping stones to hop.

Attackers might hack into smaller businesses handling the target’s HR, payroll, accounting, healthcare, or marketing. Then, they take advantage of the pre-existing relationship to access the final destination.

Humans are trusting. Cybercriminals exploit that. With island hopping, attackers leverage the trust established between strategic partners.

It’s quite simple: attackers gain access to Company A and send a counterfeit business communication to Company B. Company B, knowing the sender, is less likely …

Do Macs Get Viruses?

Many Apple owners believe their Macintosh computers are immune to viruses. Apple itself has run ad campaigns promising its computers “don’t get viruses”. And those who have owned a Mac for years, decades even, are particularly prone to believing. After all, nothing’s happened to them yet. Regrettably, Macs do get viruses, and the threat is growing.

For a long time the argument was that cybercriminals didn’t bother to develop Mac viruses. There weren’t enough users to justify the effort. Instead, they’d focus on the lower hanging fruit – PCs running Windows.

Yet Apple’s market share is on the rise, and it’s increasingly common to see Macs in the workplace, especially in creative industries. Plus, there’s a widespread assumption that Mac users are a smart target as they are likely to be better off. So, while Macs remain harder to infect (installing most software requires a password), there’s often a greater payoff.

The …