Category: Uncategorized

Technology is changing the face of almost every industry, and anyone who can’t keep up will be left behind. The United States has far more STEM jobs than qualified applicants to fill them, with the need growing steadily. Just in 2016, there were about 3 million jobs which couldn’t be filled because there weren’t enough people with the right education and skills. Businesses and schools are working hard to find ways to meet the technology gap, with programs encouraging students from a young age and scholarships for STEM majors.

When workers can’t adapt to the new environment, they won’t just be denied new and better opportunities. They will be stuck in whatever menial, low paying jobs are left, and there may not be enough of those if those when so many are automated.

The New Jersey Institute of Technology

NJIT has been working to provide the educational credentials with the necessary experience so graduates will be prepared to step into high paying tech positions. Students are well versed in aspects of various industries while learning necessary technology skills, such as maintenance, processing control and manufacturing. NJIT students get offers before graduation and earn 20% more than many of their peers.

The Growth of Automation

The increasing use of technology in every aspect of business is paralleled by the astronomical growth in automation. NJSpotlight.com predicts that as many as half of all jobs will be automated as soon as two short decades from now. Governor Murphy has made a promise to help support workers during this time of upheaval, and has set up a task force to evaluate possible upcoming changes.

By making a proactive plan, Governor Murphy hopes to protect the interests and livelihoods of the New Jersey workforce. He also wants to help prepare for the upcoming changes in the various industries which will be impacted.

Changes to the Economy

The automation task force is part of Governor Murphy’s economic plan. As the leader of the state, he wants to avoid unemployment and underemployment for New Jersey residents. Instead, he wants to find creative ways to help residents succeed in the new economy. One idea is lifelong learning accounts, which would allow residents to achieve new credentials and skills so they could become qualified for every changing STEM jobs.

One way Governor Murphy is trying to help New Jersey residents is by raising the minimum wage significantly. One of his top campaign promises was to raise the minimum wage to $15 per hour by 2021, and the change is being enacted incrementally. Although those changes aren’t happening as fast as he wanted, a higher minimum wage will help ensure that residents will continue to be able to earn their living even with a lower technology job.

Changes in Job Types

Studies predict that there will be more computer jobs, automation, robots and other technologies which will replace or enhance many current jobs. It is simply more cost effective to have a machine perform many tasks, and the newer technologies have other advantages like accuracy and safety. A job which might be dangerous for a human may be safely done by a robot.

Many jobs have already disappeared, or at least declined significantly. It is easy to see, even though the changes seem gradual. Cashier jobs and gas station attendant positions were replaced by automatic checkout and “pay at the pump,” leading to open worry and discussion by residents who were worried about losing their own jobs to technological changes.

Retail salespeople and cashiers are the most in danger of losing their livelihoods, and the United Way predicts that there is a 90% chance of those positions disappearing. Other jobs which could be on the chopping block include sales representatives, movers, janitors and health aides.

Preparing for the Future

Many people are anxious, even if they personally have the training necessary to get one of the best new tech jobs. When there is so much change, and it seems to be happening so fast, people can feel uncertain about how the changes will affect them and their own position.

Governor Murphy’s task force is predicting huge changes by the year 2025, and his focus is on innovation and change. When one door closes, another opens; the loss of some jobs means merely that other jobs will be created to help with the new way things are done. If everyone works together and focuses on the end goal, the end result will be a steady rise in employment and residents in good-paying technology jobs.

Users around the world have been receiving bitcoin extortion emails for a long time, one of the most notorious being a “sextortion” threat to show a computer-eye view of you watching adult videos to the world. The latest threat is more alarming: the sender claims to have a bomb planted at the recipient’s business. Financial institutions in New York began receiving bomb threat emails demanding payment of $20,000 in Bitcoin in early December.

New York City Police warned via Twitter that they were monitoring multiple bomb threats on December 13 and reports soon came in of threats emailed to Philadelphia, Las Vegas, Huntsville, Alabama, and Columbus, Ohio.

The subject line of most of these bitcoin scam emails is: “I advise you not to call the police.” Some emails received in Canada came with a subject line of “Think Twice.”

One copy of the email, which has been sent to multiple recipients, reads:

“My man carried a bomb (Hexogen) into the building where your company is located. …. I can withdraw my mercenary if you pay. You pay me 20.000 $ in Bitcoin and the bomb will not explode, but don’t try to cheat – I warrant you that I will withdraw my mercenary only after 3 confirmations in blockchain network.”

KrebsOnSecurity describes the emails as extremely disruptive spam. The emails have been received by thousands of governmental organizations, businesses, educational, and health care institutions around the world.

Hexogen is a chemical term for RDX, the explosive component in the military plastic explosive C-4.

What To Do If You Receive A Bitcoin Bomb Threat Email?

The National Cybersecurity and Communications Integration Center (NCCIC) released a bulletin about the emails on December 13. NCCIC recommends that if you receive the email:

• Do not respond or try to contact the sender.
• Do not pay the ransom.
• Report the email to the FBI Internet Crime Complaint Center or the local FBI Field Office.

What Are The Risks With Bitcoin Bomb Threat Emails?

Bitcoin bomb threat emails are an obvious extortion scam. No bombs have gone off in any location where the threats have been received.

The scammers aren’t completely unsophisticated, although the threats are poorly-worded and no hacking is involved. Each email security experts have examined uses a different Bitcoin address to send the demanded payment. This is not quite as convincing as the “sextortion” emails, which included a real password that targets had used at some point in the past.

Paul Bischoff, a privacy advocate with Comparitech.com, said: “even though bomb threats are scary, this is amateur scamming.”

After multiple evacuations, the FBI and local police have failed to find any explosive devices. Most law enforcement officials termed the threats “not credible.”

The likelihood of a bomb being present in any building receiving the threat is low.

What Are The Real Costs Of The Bitcoin Bomb Threat Emails?

Scams like the “sextortion” emails and the rash of Bitcoin bomb threats threaten to dull awareness to concrete security threats. They also demand attention and safety precautions even though they are nearly 100% certain to be fake.

Multiple threats received in Toronto brought police out around the city and shut down the King subway station. Schools and colleges in New York and several other U.S. cities shut down early after receiving the threats.

The Bitcoin bomb threat extortion likely yielded no cryptocurrency for the scammers. Costs in law enforcement investigative time, lost instructional time at closed schools, and lost business at commercial locations which were forced to shut down add up to far more than what the scammers could hope to obtain from recipients who don’t follow NCCIC’s instructions.

Unlike the “sextortion” scams which were alarming but personal, Bitcoin bomb threat emails to organizations have to be taken seriously enough to confirm that employees and customers — or students, faculty and hospital staff and patients — are safe from harm.

The identical, amateurish emails are sent to thousands of targets, so in one sense, there’s safety in numbers. It’s highly unlikely any email scammer could plant C-4 explosives in thousands of locations around the world.

Bitcoin email bomb threats are very unlikely to be serious, real bomb threats, yet no organization can afford to take a bomb threat lightly. As long as they continue, they will remain a costly and aggravating nuisance.

Outsourcing IT services involves hiring third-party IT companies or specialists to handle IT-related tasks. A growing number of companies are opting to outsource their IT department to experts who can fully focus on a company’s IT needs while company employees concentrate on promoting the company’s goods and/or services, generating sales, providing customer service and other essential tasks.

There are numerous outsourcing business models to pick from, enabling a company owner to select the best option to meet his or her company’s specific needs. Some companies opt to outsource one-time IT tasks and then handle their regular IT tasks internally. Other business owners have found that outsourcing some ongoing IT jobs while keeping others in-house is the best option while still other businesses opt to outsource their entire IT department to a reliable third-party service.

What IT Tasks are Typically Outsourced?

Almost any IT job can be outsourced, but some are more frequently outsourced than others. These include:

• Website design, development and hosting
• Technical support for company staff members
• IT security, including the provision of back-up and recovery services
• IT training for in-house employees
• Helpdesk services
• Network management
• Application and database development
• Telecommunication services
• Cloud storage

What are the Benefits of IT Outsourcing?

Companies that specialize in offering outsource IT services have trained, experienced experts who can handle a company’s IT issues quickly, efficiently and with relative ease. The ability to obtain expert services without having to pay for and train fulltime workers enables many companies to save money that can then be used to generate revenue and/or attract investors.

IT outsourcing enables a company to use cutting-edge IT equipment and technology without having to regularly update computers and software programs to stay in step with new technological developments. What is more, outsourcing saves time because business owners do not have to learn about IT hardware and software options; instead, IT management is handled by those who have the skills needed to make wise, well-informed decisions.

Many companies that handle outsourced IT jobs offer scaled services to enable business owners to select the services that meet a company’s needs at any given time. A business that needs more cloud storage space, for instance, would simply need to rent this space from its IT service provider. An entrepreneur who needs additional customer service assistance on a seasonal basis can obtain it by asking the IT company to assign more representatives to his or her business for a particular period. Conversely, a company can easily eliminate specific IT tasks without having to lay off employees and/or sell IT equipment.

IT outsourcing also improves IT security. Third-party service providers stay abreast of IT security developments and can help any company to prevent malware and ransomware attacks, breaches and other issues that would slow services and damage a business’ reputation. Furthermore, IT experts can train a company’s employees in IT security issues such as proper email management, internal and external communications procedures and file storage and backup procedures.

However, the best reason for a company to hire outside experts to handle a company’s IT services is that proper IT management can mean the difference between success and failure for any business in any industry. Just about every company relies on IT technology to manage customer databases, track inventory, manage company websites and other integral tasks. This technology needs to be regularly maintained, checked and updated by an expert whose sole job is to keep IT operations running as they should. Dedicated third-party IT service providers are experts in their field who can keep any company’s IT department running at optimum speed and efficiency levels. Without their help, it would be impossible for many business owners to stay a step ahead of the competition. This is particularly true for small to medium-sized businesses that cannot afford to hire experienced, full-time IT workers.

Are There Any Disadvantages to IT Outsourcing?

While IT outsourcing has much to offer any business, there are some pitfalls that business owners need to be aware of when choosing an IT service provider. These include:

• Hiring a company that is based overseas. IT offshoring may result in language and cultural problems as foreign IT professionals who aren’t familiar with a company’s business model will need training in how to adequately handle company data, equipment and/or services. Furthermore, time zone differences can make it hard for a company’s employees to communicate with overseas IT personnel as needed.
• Choosing a company that does not have the expertise needed to take on specialized IT services. Healthcare organizations need to work with an IT company whose technicians are familiar with local compliance regulations. Companies offering legal services will require an IT company that specializes in legal matters.
• Picking an IT service provider based on price rather than the quality of service offered. A good IT company will offer an uptime guarantee. Furthermore, it will offer in-house assistance rather than outsourcing its own services to contractors.

Is outsourcing IT services to a third-party provider a good idea? Many business owners have found the answer is a resounding yes. The advantages of outsourcing far outweigh the disadvantages. Even so, it is important to choose an IT service provider with care. Doing so will enable a company to obtain the best possible assistance both now and in the future.

December 31st is Make Up Your Mind Day

As New Year’s Eve approaches, it’s time to remember its other name: Make Up Your Mind Day. As the last day of the business year for most companies, it’s also a vital point for putting your plans for the next year into action. Unfortunately, creating a business technology strategy can be a complicated process for many IT professionals. Which way will your company go in the new year?

December 31 is Make Up Your Mind Day.  So have you made up your mind regarding your 2019 technology plan?

Here are a few ideas to keep in mind as you work on developing your business technology plan for 2019:

Have You Made Up Your Mind Regarding Your 2019 Technology Plan?

• Look at digitizing: The process of turning your organization from a traditional one to a digital enterprise is a complex process and requires a great deal of thought and investment to pull off well. Companies that lack a solid understanding of the challenges and opportunities are among the reason why 84% of attempts at digitization end in failure. Make sure you prioritize this vital part of your company’s growth for the upcoming year.
• Consider legacy assets: Will that old server holds out a few more years or is it time to upgrade the aging sales software instead? Though legacy assets can be challenging to incorporate into your existing scheme, it’s much easier than it was just a few years ago given the prevalence of solution-based software. However, there’s a particular point where it’s just more straightforward to say goodbye to these old classics. Fortunately, there are a few easy signs to help you recognize whether that time has come.
• Contemplate what tech employees use: Should you dictate to employees the technology they should use when at work? Considering the prevalence of mobile devices and the focus on specific brands, the iOS versus Android battle may appear front and center at your workplace very soon. With 38% of employees resenting management dictating what tech they can use on the job, it’s important to consider more comprehensive solutions that allow employees to work more productively.
• Take a look at the long-term goals: Trying to bring your business into the fourth industrial revolution without long-term goals to guide you would be like Columbus taking off across the Atlantic without an astrolabe. You know you’re following something, but you waste a lot of time and effort trying to get there. Our friends at Hacker Noon have a great article on how to break down large, seemingly impossible goals into shorter goals, allowing you to navigate from one point to another without being lost in an ocean of planning.
• Consider upgrades: What condition are those old workstations in? What about that series of laptops that you’re continually making repairs to or sending out for warranty work? When you have the budget available, upgrade or replace poor-performing assets in your system to improve your overall uptime and reduce the amount of work that needs to happen to keep things rolling. This gives you more free time for strategizing to get your business ahead.
• Make it mobile: If you’re not mobile by this point, you’re missing out. There are so many tools available to help you improve productivity, whether it’s connecting social media accounts, communicating with teams, taking remote payments or having music while you’re wrapping up quarterly reports. Adding mobile capability means your entire team can be more productive on the go, whether waiting for the VP for the meeting or dealing with an emergency from around the globe.
• Contemplate automation: What does your workflow look like? If you still have manual processes that can be automated, you’re wasting money. Whether it’s marketing tasks that can be more easily handled by a bot on Facebook, a tracking system for your warehouse to make your pickers more efficient or any number of other tasks, automation keeps your business rolling smoothly and efficiently while making your operation more flexible.

With digitization breathing hot down the necks of most IT professionals, having a solid technology strategy in place can make the difference between success and failure of the business as a whole. As IT shifts from an ancillary department to the central core of a company, it’s important to make sure that the leadership is in place to strategize this shift and ensure that it can be made successfully without costing the business more than necessary to provide an excellent outcome.

If there’s one thing that most small businesses have in common, it’s a limited budget to invest in infrastructure. Yet failing to devote any resources to securing your technology can put the company itself at risk. Understanding the specific ways that small businesses are vulnerable to cybercrime — and how these dangers can be combatted even on smaller budgets — can make the difference in whether or not the company can survive attempted cybercrime.

How does small business cybercrime affect individuals?

Small businesses generally keep digital information on customer transactions and for employee records. Both of these databases are vulnerable to small business hacking. Cybercriminals are typically interested in access to bank accounts and credit card information, to drain those accounts. But they may also use social security numbers, physical addresses, and even medical insurance and employee benefit plan information to attempt more elaborate identify theft fraud.

How does cybercrime affect small businesses?

Exactly how hard a small business will be hit by a data breach depends not just on the extent of the episode, but on state laws which dictate how a company must respond to the incident. A study conducted by the Ponemon Institute estimated that, for every breached record, the small business employer was forced to pay up to $200 in the recovery process. This per-record cost takes into account the investigation, notifying the affected parties, paying for any litigation or liability, and the cost involved in stemming the breach.

Small business cybercrime can also damage the store or office’s reputation with its business partners. Hackers are often looking for ways to gain access to more heavily-protected information from larger corporations. Potentially, a small business that contracts with larger companies can offer a “backdoor” to those entities. Should that illegal access happen, the larger company is likely to recover from the breach — but also be reluctant to do more business with the small business that failed to protect the information.

Why should small businesses be especially concerned?

Small businesses are both more vulnerable to cybercrime incidents, and more likely to be disproportionately impacted by a single incident. In fact, an alarming 66 percent of small business will go out of business less than a year after a “significant” breach, analysts have discovered.

Why? That high per-breached-record cost is one key reason. Perhaps even more importantly, customers have less confidence in a small business’ ability to protect them from future incidents than they would be following notification of an incident from a major national chain.

And customers have good reason for this waning confidence. They understand that major companies have the resources to both protect themselves from phishing expeditions, and to recover from the breaches that do happen. Small businesses simply don’t have the financial or employee resources to devote to installing elaborate security systems that flag potential small business hacking attempts.

What are the leading causes of data breaches?

Surprisingly, only about one-third of small business data breaches came about through deliberate cybercrime, according to a recent study. The other two-thirds were almost equally divided between human error and technology glitches. Of course, these initially non-deliberate breaches are still causes for concern. Although hackers may not be the ones to “knock the door down” in the case of accidental breaches, they’re certainly on the lookout for these vulnerabilities to take advantage of the valuable data.

What can small businesses on a limited budget do to protect data?

Because two-thirds of data breaches come from human error and system glitches, small businesses have an opportunity to tighten these up, even on a limited budget. In fact, there are several budget-friendly ways small businesses can begin tightening up their data:

• Consider the cloud. Perhaps because of high-profile celebrity hacking cases, many business managers are hesitant about storing data in “the cloud.” Yet these off-site storage systems are actually much safer options, especially for small businesses. Industry analysts warn that most cybercrimes or data breach scares came about because of printed material that was misplaced, or devices that were lost or stolen. Ensuring that important information can’t be found directly on employee devices or through discarded paper records is the first step toward keeping would-be cybercriminals at bay.
• Designate an employee to do a quarterly data audit. Given the hectic nature of running a small business, it’s not unusual for department heads to lose track of where they’re actually storing the data. Have one or two team members regularly ensure that all of the information is being stored where it should be — and move it when it’s not. It’s also a smart idea for all relevant parties to receive an audit report on any ongoing mistakes that are happening.
• Schedule regular training sessions. Company-wide meetings can be hard to organize for small businesses. Yet it’s crucial that every staff member know the mistakes and scams that various departments are vulnerable to. Whether it’s a restaurant’s credit card scanner or a payroll manager’s email inbox, different systems are vulnerable to different kinds of both deliberate and inadvertent breaches. Whether you arrange for company-wide seminars or separate department meetings, make sure to regularly train all employees on the latest vulnerabilities happening to your industry — and how to prevent them.
• Inventory all network devices. As more employees bring their work home with them, the greater the number of privately-owned devices that interact with your network. It’s important to keep track of all of these tablets, laptops, and cell phones to install a mobile device monitoring tool. This will help authorize these devices, and keep them — and the business — better-protected.

Not every internet scam needs sophisticated software to put into action. In fact, one of the most successful ones going on right now is incredibly simple in operation, while being quite sophisticated in its psychological tactics. It is the psychology of it that gets people to send the scammers money.

The concept of the latest scam is simple. The scammers send emails to potential targets telling them that their computer has had malware installed on it and that the malware has recorded them using online pornography. The email includes at least one of the target’s online passwords and tells them they will send the proof of their pornography use to their friends, families, and employers unless they send payment in Bitcoin.

It is the use of the passwords in the emails that makes this scam stand out from previous similar ones. These are passwords the targets have actually used, though may not be currently using. It is the inclusion of the passwords in the emails that make the targets believe they may genuinely have been hacked.

The Truth of the Scam

In truth, of course, no one has been hacked with the supposed malware. Instead, all the scammers have done is to gather passwords obtained in other data breaches, and use them. Many cybercrime experts believe the majority of passwords being used in this scam came from the 2012 LinkedIn data breach, in which 117 million passwords were stolen and sold on the dark web. Those who have been targeted by this scam often point out that the passwords they have been sent are old ones they have not used in a long time, making the proposed origin of these passwords a stronger possibility.

Though most people ignore emails like the ones the scammers have been sending, the addition of passwords the potential targets have actually used makes these emails far more psychologically effective. This is why the scammers have been able to extort so much money out of their targets with this scam.

Other Elements of the Scam that Make it Effective

Scammers are spoofing the intended targets’ email addresses, as well, making it seem as if the emails are coming from the targets’ own accounts. This is an additional psychological tactic that makes the scam quite effective with a lot of people. Thus far, people in 42 countries around the world have reported receiving the scam emails, and scammers have been able to collect around $4 million from their intended targets. Around one-third of the targets have been people in the United States.

It is easy to tell just how much Bitcoin scammers have been able to collect because most of it has been requested to be sent to one Bitcoin address: 1JsACYBoRCYkz7DSgyKurMyibbmHwcHbPd

Since Bitcoin addresses and the amounts in them are all publicly available and listed on the blockchain, it isn’t a mystery where the money is going. However, the anonymity of these Bitcoin addresses makes the owner of the address a mystery. The way the blockchain is set up, there is no sure way to find out the identity of the owner, either.

What to Do if You Receive One of These Emails

If you or someone at your company receives one of these emails, here is what you do:

• Do not believe your computer has had malware installed on it.
• Do not make any Bitcoin payments to anyone.
• If you are still using the password that was sent to you in the email, change it.
• Make sure you aren’t using any passwords that may have been exposed in a data breach.
• Keep your passwords safe by using a password manager.

Do these things, and you need not to be concerned about becoming another victim of this online scam.

It is a scary fact that one out of every three business employees will open a phishing email at work on any given day. Phishing emails are created explicitly by hackers to try and convince you to give up pertinent information about your business or inadvertently make your data vulnerable. Therefore, it is critical that you know all you can as a business owner about email phishing practices. Take a look at some of what you should know about phishing emails, what they look like, and the steps you can take to protect your business.

A Closer Look at Phishing Emails

Phishing emails are specifically designed to trick users into revealing sensitive information. The emails most often look like they are coming from a legitimate sender and contain links that an unwitting user may click on. When these links are clicked, the user is led to a spoof website that is set up to appear as an authentic site. Once on the site, the user is asked to enter credentials, this could be login information, banking details, or other sensitive information. When the user performs these actions, the data given is captured by the spoof website system, and then later, the credentials can be used by the criminals to access real accounts.

A Look at Why Phishing Emails Are a Common Threat

According to a study done in 2017, there are a whopping 269 billion emails sent every day around the world. When you put that into perspective as a business owner, you see that this adds up to a lot of potential opportunities for criminals to attack your business through your employees. The APWG (Anti-Phishing Working Group) says that it is estimated that $9 billion will be leeched from companies and organizations through phishing in 2018.

Hackers who send out phishing emails either have the goal of stealing information and using it themselves or stealing the information to make a profit in another way. Sensitive financial data is often bought and sold on the Dark Web for a hefty sum.

The latest wave of phishing scams has shown up on social media sites like Facebook, Twitter, and Instagram. Direct links to spoof websites are created and proposed in a way to look legitimate, so users click on these links and believe they are being routed to legitimate websites.

Problems with phishing have become so prevalent that reports are gathered consistently to warn the public. APWG’s Phishing Activity Trends Report For The 1st Quarter Of 2018 stated:

• 263,538 phishing emails were detected
• The number of phishing emails was up 46 percent from Q4 in 2017
• At least a third of modern phishing websites had HTTPS and SSL certificates

Phishers are primarily posing as payment services, but they have also been known to target webmail services, financial institutions, cloud and file hosting sites, and other industries.

Most Prevalent Phishing Email Subject Lines in 2018

Phishers use phrases and terms in subject lines of their emails that would demand attention from just about any email user. The most common phishing subject lines in the second quarter of 2018 can be narrowed down to ten phrases.

1. Password Check Required

2. Security Alert

3. Email Deactivation Warning

4. Urgent Information for Employees

5. Update to Company Policies

6. Revised Policy Information for Employees

7. Staff Review

8. Mail Label Delivery

9. Change Your Password

10. Delivery Attempt Made

Even though these were the ten most common subject lines used, not all of them were effective at garnering clicks. “Password Check Required” accounted for about 15 percent of clicks. “Security Alert” was also at the top of the list of subject lines clicked with that phrase accounting for 12 percent of clicks. There were relatively the same (between 7 and 11 percent) amount of clicks on most of the other email subject lines.

Avoiding Phishing Scams in the Workplace

• Train employees to understand HTTPS certifications do not always mean they are on a secure site
• Instruct employees to alert someone immediately if they believe they have received a phishing email or have been fooled by a phishing email attached to a spoof site
• Make sure all user passwords are complex and fully encrypted
• Avoid clicking links in emails unless absolutely necessary, and you are certain the email is legitimate
• Train employees on how to recognize a bogus phishing email
• Employ the two-factor verification capabilities every time it is possible on a site

When it comes to phishing emails and scams, a little education will go a long way to protect your business from an attack. If you feel your business is being targeted by phishing emails, make sure you alert everyone in the workplace of the situation and work with your IT service to add extra security.

If you own or manage a small business, you’re undoubtedly concerned about how to keep your customers’ personal and your business’ proprietary and financial information secure. While you may not think that you have much to steal, since you are a small operation, a cyber thief misappropriating your customers’ credit card and bank account information could cause your business and its reputation to take a big hit. It’s not an exaggeration to say that such a breach has the potential to put you out of business. One surprising resource for tips on keeping your information safe is the U.S. Department of Homeland Security.

What you can learn from Homeland Security about cybersecurity

According to the U.S. Department of Homeland Security, nearly half of all small businesses will be the victim of cyber theft, and each incident costs the company an average of $9,000. This government agency has a wealth of information to help small and medium-sized businesses prevent such criminals from invading their computer databases. They offer a toolkit to help smaller enterprises assess their risk level as well as more than a dozen downloadable resources. They also provide a list of tips to help business owners and managers prevent cybercrime.

Tips for combating cyber theft

The Department of Homeland Security recommends that all businesses take at least these necessary precautions:

1. Install an anti-virus software program and update it regularly.

2. Make sure your WiFi network is secure by using a firewall and encryption software.

3. Set up company systems and procedures to keep sensitive information safe.

4. Educate your employees about how to keep data safe and then hold them accountable for any breaches.

5. Require that your employees create strong, unique passwords and that they change them often.

6. Spend a little money on data loss protection software. Use encryption to protect data you are sending out of your network, and use two-factor authentication, whenever possible.

7. Protect all of your website pages that are accessible to the public, not just the checkout or sign in pages.

To learn more about cybersecurity and how you can keep your company’s and your customers’ sensitive information protected from cybercriminals, give us a call at {phone} or send us an email at {email}. That way you don’t have to worry about remembering all of these tips; we’ll take care of it for you and allow you to concentrate on your customers.

Many business owners don’t realize that new laws are in place surrounding data breaches. On November 1st, 2018, these new laws went into effect for all Canadian business owners. These laws will affect thousands of businesses now, so it’s essential for all business owners to be aware of the changes and be prepared to comply. If these laws are not followed, businesses could be fined up to $100,000.

Breaches Must Be Reported to the Government

If you collect customer data such as banking information, legal or health info or such things as SIN’s, and your database is breached, you must report this to the government. The new law outlines reportable breaches like those that create “a real risk of significant harm to individuals.”

How Will These Changes Impact My Company?

You must report a breach like this to the Office of the Privacy Commissioner of Canada, along with the individuals who were affected. All those whose private legal, health or financial information was lost must be informed. They need to know precisely what information was lost, how many records were impacted and what caused the breach.

Companies must also show that they have taken the appropriate measures to prevent future breaches. If the prescribed steps are not followed correctly, the company can be heavily fined. In many cases, data breaches also damage the company’s reputation and affect consumer trust.

What Are The Specific Laws Changing?

This new law governing data breaches is not a stand-alone law. It’s an amendment to PIPEDA, the Canadian Personal Information and Electronic Documents Act.  For a summary of Canada’s privacy laws, please visit here. The specific laws related to digital information can be found here. It’s important to understand and comply with both.

Many experts have pointed out that the wording in PIPEDA does leave room for interpretation. It covers situations where “…it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to the individual.” This wording is somewhat vague and may be interpreted in various ways by the Canadian courts.

Steps to Follow If There’s A Breach

Below, is a brief outline of the steps to follow if you experience a breach:

• The nature of the breach and what specific data was stolen
• What your organization has done to reduce risk and harm
• How those affected can protect themselves and reduce their risk
• Information about the organization’s contact information
• The procedure for filing complaints

How Did the Breach Occur?

Once the source of the breach has been identified, the vulnerabilities must be repaired. Some breaches occur due to employee carelessness. Perhaps an employee clicked on a link in a phishing email. With so many workers now using their own devices, this opens the door to breaches if a device is lost or stolen. The way to handle this issue is with a Remote Management and Monitoring (RMM) program. This can be set up and managed by {company}. This offers multiple benefits including:

• Compliance to regulations
• Remote wipe if a device is lost or stolen
• Find my device technology
• Application management such as updates and patches

{company} can monitor and manage all your technology on a 24/7 basis.  With Managed IT Services you can prevent downtime and keep your technology running smoothly. We can notify you of areas where we believe your database might be at risk and suggest ways to repair this vulnerability.

Other Ways to Mitigate Vulnerabilities

Having data stored and managed in the cloud is a good method of decreasing your company’s liabilities. The cloud offers many benefits including better security, scalability, plus it’s flexible and allows your workforce to be mobile.

How To Protect Your Data From Intrusion

With hackers around the world now scaling up their attacks, businesses must be thoroughly prepared. Simple firewalls and antivirus software are no longer enough. Most security experts recommend a layered approach to security. Follow these guidelines to protect your data from future data breaches:

• Policies-Create and enforce security policies for your company.
• People-Make sure your employees know what a phishing email looks like. Most workers need periodic regular training in this area, so they don’t get careless.
• Technology-Make sure you have the right technologies in place to prevent a cyber-attack from occurring in the first place.

In Conclusion

Canadians want to know how their personal information is being used. And they have a right to know what information is being collected and how it’s being used.  In the future, these laws will most likely get even more strict for several reasons. Data breaches cost companies around the world billions of dollars each year. Cyber thieves are becoming more and more clever. They have fine-tuned their approach and figured out how to get people to open phishing emails. They can mimic the look of major companies like Spotify, Paypal, Apple and Microsoft.  Ransomware scams have been highly successful and hackers are often able to earn thousands of dollars per day by taking over a company’s database and then threatening to destroy all the information unless a ransom is paid.

What Can You Do?

There are numerous ways to protect your data from a breach. {company} can help you assess your current security protocols and create stronger measures. We can also advise you on how to proceed if a data breach has already occurred. It’s essential to determine exactly what happened and notify those affected along with Canadian authorities as quickly as possible. By waiting, you risk hefty fines and your company’s reputation could be ruined.

Things like Proactive Monitoring can help. We will continually scan and track the stability and security of your IT system for maximum uptime identifying any security issues.

The new year is already upon us, but it is not too late to put together a solid, sensible information technology plan for 2019. Strategic planning in all areas of operation—including technology—helps organizations budget for and efficiently manage day-to-day requirements while investing in long-term projects and solutions.

As your business evolves, so will it’s IT requirements. Likewise, as technology advances, your company will also have to adapt to stay viable and competitive. For 2019, your top concerns regarding technology likely will include:

• Upgrading software
• Making data and systems more secure
• Preparing for structural changes
• Responding to threats and emergencies
• Supporting business growth—locally, nationally, and/or globally

A vigorous technology plan should address these concerns, as well as those unique to your business and industry, and provide a framework to guide IT-related decision-making, prioritization, and task-implementation. If you have not yet started, here are a few ideas for how you can start putting together a robust technology plan to support the success of your company in 2019.

What should a technology plan account for?

Anticipated changes within your company may impact what items are necessary for your strategic technology plan to address for 2019 and the years beyond. Having a clear picture of where your company or organization is headed will help make it easier for you and other members of the IT team to determine which new technologies and upgrades are necessary and/or preferable for your specific business strategy. For instance, you should consider whether your organization plans to add or eliminate a notable number of employees within the fiscal year. Another question to address: Are you are planning to acquire any additional companies or provide new products or services? All these considerations will factor into your technology requirements. As you determine which new software, hardware or other IT solutions you may need in 2019, make sure they will integrate well with your existing IT environment.

Additionally, your technology plan should include arrangements for support services, including installation, maintenance, upgrading, and troubleshooting. Most business operations for companies across a range of industries are severely limited when technical issues arise, making it vital for you to preempt possible IT disruptions and have a plan for dealing with them.

How can companies deal with IT security threats?

It is common knowledge that cyber-security threats are continually evolving, along with the IT defenses needed to prevent and mitigate the risk. According to the Information Security Forum, an independent research organization, companies should stay well-informed about emerging technologies and corresponding threats to position themselves to make the best business decisions.

Information Security Forum’s Threat Horizon for 2019 reports on nine major threats that companies should expect to face in earnest over the coming year or two.

The first category of threats pertains to disruption from an over-reliance on fragile connectivity. The cyber-security threats in this category include:

• Premeditated Internet outages
• Hijacking from ransomware
• Privileged insiders aiding in cyber-attacks

The second category covered by the Information Security Forum’s report deal with distortion, which occurs when trust in the integrity of information is lost. The risks in this category include:

• Automated misinformation gaining undue credibility
• Falsified information compromising performance
• Subverted blockchains

In the third and final category are threats that have to do with deterioration, or controls eroding because of regulations and technology. These threats include:

• Surveillance laws exposing corporate secrets
• Privacy regulations impeding how organizations monitor insider threats
• Overly enthusiastic deployment of AI (artificial intelligence) leading to unexpected outcomes

The proliferation of smartphones, tablets and other mobile devices being used in professional environments only increases the amount and varies the types of cyber-security risks that companies face. As a business of any size, your goal should be to protect your systems and networks from data loss or malicious attacks, both internal and external.

Should you invest in Cloud technology?

Compelled by factors such as profitability, efficiency, and gaining a competitive advantage, about 71 percent of small-to-medium-sized businesses (SMBs) intend to increase their investment in cloud-based technologies in 2019, according to survey data from Bill.com, a company that creates digital business payment solutions. The three primary areas for anticipated investment, according to respondents, include marketing software, sales software, and payments software. Cloud computing allows for streamlined operations, connected through a sort of virtual office accessible to employees and clients. While it comes with some risks, especially about privacy and security, cloud technology is definitely trending for the capabilities it provides, such as flexibility, potentially lower IT costs, collaboration efficiency, access to automatic updates, and business continuity.

Bill.com’s Chief Marketing Officer Yael Zheng reportedly stated, “These businesses are now developing a clear understanding of how technology can help them streamline processes and ultimately power business growth, which I anticipate will lead to even more investment in the future.”

As you put together and implement a technology plan for 2019, consider whether further embracing and investing in cloud-based technologies can help propel the growth of your business.

What changes are coming to Windows?

Beware: Jan. 14, 2020, is an essential date for Microsoft users for a couple of reasons. At that time, Microsoft will end support for Windows 7 software systems, as well as Windows Server 2008 and 2008 RS. If you have not already formulated a plan to upgrade to Windows 10 systems and new server technologies, 2019 is your opportunity to do so. Microsoft’s options for new server systems include upgrading to Windows Server 2016 or migrating your company’s workloads to Azure. Replacing outdated software and server systems is critical to protecting your infrastructure, applications and information. Even as early as April, your outdated Microsoft system may not receive critical security fixes, as new systems are moving over the to the more secure SHA-2 algorithm in the future. Keep in mind this transition may take some time, making it imperative to start the process sooner rather than later.

Is technology planning an easy goal to accomplish?

As the year progresses, you may have to work with IT consultants and other department heads within your company to update or tweak your technology plan to address unexpected costs and events or to take advantage of current opportunities in the marketplace. Once you start a project outlined in your plan, you may also have to adjust cost estimates or deadlines to have a more realistic framework to guide progress. Just because adjustments might need to be made down the road, however, that does not negate the prudence and benefits of engaging in a formal strategic planning process at the start of the year. Doing so can help you optimize IT spending and proactively invest for the future, creating a culture of continuous improvement rather than merely trying to stay on top of day-to-day technology needs.

From the get-go, and along the way, your organization should take advantage of the knowledge and expertise of IT consultants and advisors who are more well-versed on current market trends, innovative technologies, and emerging cyber-security threats.