Governments and regulatory agencies have established compliance standards for the financial, legal, healthcare, and energy sectors. Other organizations abide by best practices for data protection and improving system security. Whether mandated or not, the goals remain similar:

• Improve security protocols.
• Identify vulnerabilities.
• Prevent breaches.
• Reduce losses.
• Increase access control.
• Educate employees.
• Maintain customer trust.

Shortcomings can mean compliance concerns, industry fines, customer churn, and brand reputation damage. Being proactive about these four common issues can benefit companies in any industry sector

Companies with Bring Your Own Device (BYOD) policies save $350 annually per employee, according to CISCO, but cost savings aren’t the only reason organizations are embracing BYOD. Letting people use personal mobile devices at work improves productivity and engages employees.

Yet allowing BYOD in the work environment can make the organization more vulnerable. There is greater risk of:

• spread of malicious applications or viruses;
• employees accessing business materials using unsecured Wi-Fi;
• people who have left the company continuing to have access to proprietary systems.

None of these are good from a compliance point of view.

Personal portable devices may not have the same access controls as business computers, which makes them more vulnerable if lost or stolen.

This brings us to a second common compliance concern: physical security. A business may do a brilliant job of securing its devices on-site. It has firewalls, patches security regularly, and asks employees to update passwords, but what happens if a laptop, mobile phone, or USB drive is stolen or lost?

All devices accessing business systems and networks from off-site should use encryption. With remote monitoring and management, IT staff can control security configurations regardless of the end-user environment. Mobile device management allows your IT team to secure, locate, or erase any mobile device used for business.

Another area of concern is third-party connections. Again, your business may be top of the class as far as the five core functions of cybersecurity – Identify, Protect, Detect, Respond, and Recover – are concerned, but what if your vendor’s security isn’t up to snuff.

Do you have business partners that are storing your sensitive data? Or does a supplier have access to personally identifying customer or employee information? Third-party risk is a real thing – ask Target. Cybercriminals stole data for 40 million debit and credit cards via the retailer’s HVAC company.

Cybercriminals could use a third party’s lax security to target you. Make sure that your vendors are taking cybersecurity as seriously as you do.

Even in your own business environment, cut the number of people who have access to sensitive data. Obviously, you’ve hired people you think you can trust, but you can still better ward off the insider cybersecurity threat by:

• educating employees about the importance of strong passwords, securing devices, and physical security;
• informing people about social engineering (e.g. phishing emails or fraudulent business communications);
• limiting personnel access to data, network, or systems based on necessity;
• having a policy to revoke access permissions and reclaim devices from any employee leaving the company.

Ensuring compliance takes technological know-how and awareness of the evolving threat landscape. This vigilance, communication, and education require time and effort. Put the right policies and procedures in place with our help.

Contact us today at (651) 686-0515 or fill out our contact form!

Generally speaking, SPAM is any unwanted message that lands in your email, comes via text, social media messaging, or other communication platform. It might be sent to your main business account, e.g. your ‘contact us’ email, or direct to your employees.

Most of the time, SPAM is annoying but relatively innocent messages from another business inviting you to buy/do/see something. They’re newsletters, reminders, invitations, sales pitches, etc. You may know the sender and have a previous relationship with them, or they might be a complete stranger. Occasionally, SPAM may even be part of a cyber attack.

Maybe you or your employee signed up for a newsletter or bought a $1 raffle ticket to win a car. Perhaps you got onto the mailing list accidentally after enquiring about a product, not knowing that simply getting a brochure sent through would trigger a SPAM-avalanche.

Often there’s fine print that says they’ll not only use your details to send you their marketing, but they’ll share your details with 3rd parties so they can send you messages too. That single email address can be passed around the internet like wildfire, and before you know it, you’re buried under SPAM.

Sometimes, and more than we’d like to think, your details are found illicitly, perhaps through a hacked website for example, like the recent LinkedIn leak. More often though, your email is simply collected by a computer ‘scraping’ the internet – scouring forums and websites for plain text or linked emails and selling them as prime SPAM targets.

It’s easy to see how individual office employees receive an average of 120 emails daily, over half of which are SPAM!

We all know SPAM is annoying, but did you know it’s also resource hungry? Your employees are spending hours each week sorting their email, assessing each one for relevance and deleting the SPAM.

Too often, legitimate emails from clients and customers get caught up and are accidentally deleted. Add in the temptation to read the more interesting SPAM emails and productivity drops to zero. On the other side of the business, your email server might be dedicating storage and processing power to SPAM emails, occasionally to the point where inboxes get full and real mail is bouncing out.

While most SPAM is simply an unwanted newsletter or sale notice, there’s also the risk that any links may be a cyber-attack in disguise. After all, one click is all it takes to open the door to viruses, ransomware, phishing or other security emergencies.

The 2003 CAN-SPAM Act (a global set of anti-SPAM laws) requires all marketers to follow certain rules, like not adding people to mailing lists without permission, and always including an ‘unsubscribe’ link.

So firstly, make sure you’re not accidentally giving people permission to email you – check the fine print or privacy policy. Next, look for the unsubscribe link at the bottom of the email.

Unfortunately, not all of them include the link, or they hide it somewhere impossible to see. The worst SPAMmers take that ‘unsubscribe’ click to confirm that your email address is valid/active and then sell it on.

Contact us today at (651) 686-0515 or fill out our contact form!

Cybercriminals don’t care about business size. In fact, according to Accenture, 43% of cyberattacks were aimed at small businesses, and only 14% of the SMBs were prepared for defending their networks and sensitive data.

In fact, a small business can be a particularly appealing target. Hackers will exploit a small business as part of a campaign to attack a larger business. They know the SMB is less likely to have the same level of security as the bigger target in their sights.

Accenture’s 2019 study found that more than half of all small businesses had suffered a breach in the last year. These attacks can be crippling for SMBs. According to insurance carrier Hiscox, the average cyberattack costs a business $200,000. That figure can be a killer blow for a small business. Some 60% of SMBs hacked go out of business within six months of the attack. Even if they can survive the financial hit, damage to brand reputation and customer goodwill is devastating.

You may not have a clear picture of your cybersecurity status right now, but by working with a managed services provider (MSP) like Sovran, you’ll get one. Your partner will conduct an informal audit of your current technology and learn your short- and long-term goals.

Your small business, for instance, may not have a data protection procedure. You might be thinking you don’t have a lot to backup and store. But the quantity may not be the primary concern. Can you recover if your business loses an email chain it was keeping for legal or compliance reasons? What would happen if the computer holding your accounting database died? An MSP can identify where tech changes can better ensure business continuity.

When you outsource, your partner will also inventory all your tech assets. They’ll need to know everything about your infrastructure and your business’s technology capabilities. Your current team may recognize the importance of securing the business’s intellectual property, but are they also protecting customer data and employee records? Your business needs to be intentional about confidentiality, availability, and safety. An MSP can help.

The cost of outsourcing is often a stumbling block for the budget-conscious SMB. Managed IT services can often lower costs for clients by streamlining processes, managing vendor relationships, and ensuring that the business technology is best suited to current needs. And you’ll pay a fixed regular fee for a technology team member who will help you avoid big, costly tech surprises.

No business is too small to outsource IT. Having access to a full-time IT professional via a managed service provider can improve your operations, enhance productivity, and lower cybersecurity risk.

Partner with a technology expert like Sovran to review your needs and set you up for future success. Contact us today at (651) 686-0515 or fill out a contact form!