Information security has become an even more critical factor of the business model, as it protects the most essential asset: information.
The post 5 steps to take after a company is infected appeared first on We Live Security.
Tag Archives: Business
ESET’s Mark James on addressing business security employee issues
ESET’s Mark James on the issues employees have with business security measures, and how to counter the difficulties without compromising safety.
The post ESET’s Mark James on addressing business security employee issues appeared first on We Live Security.
Why you need to protect your small business from hackers
IT pros have used Avast Free Antivirus at home for years. It’s not a huge leap to use free Avast for Business at their place of business.
Small and medium-sized businesses face a challenge when it comes to keeping their data secure. Many companies don’t have the budget to hire a Managed Service Provider (MSP) to take care of their IT needs, and often, they think they do not have enough knowledge or time to handle it themselves, therefore the path of least resistance is to not have any security at all. At the very best SMBs use a consumer version of antivirus software.
But these days, neither of those options is a good idea. Having no protection leaves you too vulnerable, and the problem with using a consumer product in a work environment is whoever is managing the network cannot look across all computers at once and implement policy changes or updates.
Do hackers really target small businesses?
The media coverage of big time data breaches like Target, Neiman Marcus, and Home Depot may have many SMB owners thinking that they are not at risk, but even small and medium-sized businesses need to make sure that their data and that of their customers is protected.
Here’s a statistic that should get your attention: One in five small businesses are a victim of cybercrime each year, according to the National Cyber Security Alliance. And of those, nearly 60% go out of business within six months after an attack. And if you need more convincing, a 2014 study of internet threats reported that 31% of businesses with fewer than 250 employees were targeted and attacked.
Why do hackers target small businesses?
Hackers like small businesses because many of them don’t have a security expert on staff, a security strategy in place, or even policies limiting the online activity of their employees. In other words, they are vulnerable.
Don’t forget that it was through a small service vendor that hackers gained access to Target’s network. Hackers may get your own customer’s data like personal records and banking credentials and your employee’s log in information, all the while targeting the bigger fish.
While hackers account for most of the data lost, there is also the chance of accidental exposure or intentional theft by an employee.
What can I do to protect my small business?
For mom-and-pop outfits, Avast for Business, a free business-grade security product designed especially for the small and medium-sized business owner, offers tremendous value. The management console is quite similar to our consumer products meaning that the interface is user-friendly but also powerful enough to manage multiple devices.
“Avast for Business is our answer to providing businesses from startup to maturity a tool for the best protection, and there’s no reason for even the smallest of companies not to use it, because it starts at a price everyone can afford, free,” said Luke Walling, GM and VP of SMB at Avast.
Some companies may still opt to pay for a MSP, and in many cases, especially for medical or legal organizations, handing over administration to a third-party may be a good way to go. Either way, our freemium SMB security can be used, and if you use a MSP then the savings can be passed on to you.
Is free good enough for a business?
Many IT professionals have been using free security on their home computers for years. It’s not such a huge leap of faith to consider the benefits of making the switch in their businesses as well.
“I have been using Avast since 2003 at home, with friends, with family. You really come to trust and know a product over the years. It lends itself to business use really well, nothing held back,” said Kyle Barker of Championship Networks, a Charlotte-area MSP.
How do I get Avast for Business?
Visit Avast for Business and sign up for it there.
From Nottingham to Barcelona in 17 Years
In my talk I spoke about how, 17 years ago, I started as a shop owner in Nottingham selling software and networking tools to small businesses. All those years later, I am General Manager of AVG Business and presenting at the world’s leading mobile show.
Of course, things have changed rapidly in this period, but one thing remains the same – my vision, which is the same as the AVG Business vision, namely to help businesspeople do what they do best – run their businesses.
Back in my Nottingham days, security meant four walls and a locked door. However, we all know that this has changed. Phenomena such as Bring Your Own Device and the so-called Consumerization of IT have changed everything.
Cloud apps and services made this happen. Businesspeople expect the connectivity and flexibility that the cloud delivers. In turn, cloud brings about security challenges. Staff handle business-critical and confidential data on an increasing number of devices, both company provided and their own. My old-fashioned four walls and a locked door no longer applies. How can this connectivity and flexibility be controlled and secured?
I said on stage that Bring Your Own Device (BYOD) is no longer a debate – it’s a responsibility. We are now at the point where BYOD has become “YOD.” Thanks to cloud computing, staff no longer need to bring devices into an office in order to access business data. The workplace is now everywhere, we live in an age of business without walls. Telling staff not to use their own smartphone for work purposes is not an option. Digital natives demand it.
Cloud is here, but it has made control and security harder – business owners are demanding solutions from their IT partners and providers, and this is where we come in.
I was delighted to be joined on stage by Shreyas Sadalgi, SVP Business Development at Centrify, market leader in Single Sign On technology. Together we unveiled a simple, affordable way for small businesses to help keep company confidential data safe, private and within their control even when shared with employee-owned mobile devices (such as smartphones and tablets) and externally hosted cloud services.
We’re making it simple for businesses. Through Secure Sign On, a new employee can have access to any of their employer’s apps through any device. When an employee leaves, access is removed very quickly. This simple solution solves the YOD question and puts control and security back in the hands of the business, as quickly as physically taking a key and locking a door.
It’s amazing how far you can go in 17 years!
Why IoT should stand for “Illusion of Trustâ€
Our always on, always connected world has fundamentally changed how businesses operate. Communicating with customers and employees will never be the same again.
Cloud solutions bring many benefits by making things easier for businesses, and it’s happening whether we like it or not.
But many businesses trust the cloud blindly without proper consideration for the challenges and deeper issues at hand.
The added convenience of cloud applications also comes with a potential downside, such as potential security threats and surrender of control.
Many people are familiar with the acronym “IoT”, and we understand it to mean the Internet of Things. This is a catch-all term for our world of cloud based information and smart connected devices.
I believe there’s another meaning for these three letters – “Illusion of Trust”.
I call it the Illusion of Trust because business owners don’t realise that cloud security is an issue.
The reality is that, through their T’s and C’s, cloud providers are limiting their responsibility for the data they create and manage. This means that interruptions to service or changes of policy can leave businesses in trouble. As we hand the control, we need to consider the trust – just as we do we with employees.
No so long ago, Facebook experienced a software flaw due to a seemingly simple error that cascaded into a much larger problem causing an major outage that lasted five hours.
I personally know a number of businesses impacted by this outage. It was unplanned, unscheduled and hugely inconvenient for the many thousands that rely on Facebook as a business tool.
Businesses around the globe trust Facebook to deliver – all the time. The same goes for other cloud-based services that millions of businesses rely on.
The following line is from the terms and conditions of a well-known cloud storage provider:
“We may add or remove functionalities or features, and we may suspend or stop a Service altogether”.
These T’s and C’s are not unusual. There are thousands of providers out there and many do not take any responsibility for losing data, for changing or suspending service, or for any outages that may occur.
Traditionally, if your employees suddenly decided to take five unscheduled hours off you’d be able to take action, wouldn’t you? This is within your control.
But when you adopt cloud solutions, you forgo that control in return for added convenience and cost efficiencies.
Businesses are still too eager to hand over their vital services and data to cloud providers. They are placing blind trust in a system that is not entirely reliable. Instead, I believe that cloud providers should have to win the trust of businesses before they take control over important business elements.
After all, who we trust with our data and our livelihood is now one of the most important business decisions we can make as businesspeople.
I hope, over the next few years, that we witness an evolution in cloud services that focuses on transparency, flexibility and reliability.
Trust is something that should be earned and not granted unconditionally at the onset.
Phishing, exploits and botnets – how can they affect your business?
How can phishing exploits and botnets affect a business?
The post Phishing, exploits and botnets – how can they affect your business? appeared first on We Live Security.
How BYOD is building business without walls
I’ve just googled “Bring Your Own Device” and “BYOD” and got more than 150 million results. It’s fair to say that this is a hot topic. The industry has long agreed – the BBC included Bring Your Own Device (BYOD) in its 2012 technology predictions (or at least one of its commentators did) and did so again for 2013.
In a relatively short period of time (Wikipedia claims the term was coined in 2009) BYOD has become a well-used business term – both at enterprise level and in the small- and medium-sized business (SMB) space where AVG Business operates. Many of us want to use our own device for work purposes, so businesses of all sizes need to allow their employees to do so. Consequently, it’s up to us and our partners to enable this by making the BYOD ecosystem secure.
I am old enough to remember when I had to crawl under a desk to plug an ethernet cable into the back of a PC tower. Security in those days meant four walls and a locked door.
Today users want the flexibility and speed that cloud apps bring, often on their own smartphone or tablet. As I said in my last blog, Dropbox, Gmail and Skype are very popular tools which help businesspeople do what businesspeople do best – run their businesses. But how secure are they?
Our job at AVG Business, through our partners is to give our customers the right tools to do just that, to make technology simple and secure, and to enable them to have control over their business.
I am hugely looking forward to presenting at AVG Business’s Mobile Security Forum at Mobile World Congress next week – I will be talking about BYOD in the context of the SMB community and discussing how we’ll introduce control and flexibility so that businesspeople can concentrate on their core business.
All roads lead to Barcelona
I’m excited about attending Mobile World Congress (MWC) in Barcelona in a couple of weeks’ time. Not only is Barcelona a great city to visit, but also if, like me, you love getting a new smartphone, take a quick look at this set of predictions as to what the handset manufacturers will be showcasing there.
MWC has quickly grown to be the world’s premier mobile industry event and I am looking forward to hosting AVG Business’s “Mobile Security Forum” on March 3rd with our Chief Technology Officer, Yuval Ben-Itzhak.
The session also features three guest speakers who will give their views on the importance of mobile security for smaller businesses – Shreyas Sadalgi, SVP Business Development at Centrify, Ronen Sasson, CEO of Communitake and George Georgiou, Sales Director at TIG.
Yuval and I will be making a major AVG announcement for small business at the Mobile Security Forum – we’ll be unveiling a simple, affordable way for small businesses to help keep company confidential data safe, private and within their control even when it’s shared with employee-owned mobile devices (such as smartphones and tablets) and externally hosted cloud services.
Why’s this important? Take, for example, Dropbox, Gmail and Skype which are popular with small businesses, indicating that small businesses want easy-to-use and ultra-effective cloud-hosted business tools. These sorts of services are often used outside a company’s formal IT set-up and the general lack of appropriate protection is putting small firms at risk of data breaches. According to research by PwC, a breach costs smaller firms between £65,000 and £115,000 on average.
Our solution will be taken to market via our partner network and I encourage all of our partners to act as enablers for this to support their small business customers. Our goal is to enable small businesses to use this new breed of business tool safely and securely, giving them the confidence to concentrate on their core business.
I look forward to seeing you in Barcelona.
For more information on our solutions for small business visit our new webpage.
Title image courtesy of TechRadar
Passwords aren’t enough for small business security
From Target to Sony Pictures, security breaches at businesses of all sizes were in the headlines throughout 2014. We are only in February but the data breach stories show no sign of abating.
Whether it’s a specific hacking attack on a British shoe retailer or hacktivism at companies with millions of online members, the loss or compromise of passwords is frequently a common factor.
Ever since they emerged in the late ‘90s, passwords have been our primary security measure. Fast forward to today and we often find that employees are still routinely using the same style of basic password – except now these passwords are required to protect smartphones and tablets carrying sensitive company-related data, as well as social media and cloud-based applications used regularly in the workplace.
It’s clear that conventional password use is no longer fit for 21st century purpose and businesses must adopt additional measures to ensure their passwords are up to the task.
Extra levels of authentication are needed to verify the identity of employees using their passwords, and businesses should start to enforce these as standard within their organization especially if they have in place bring your own device (BYOD) policies.
AVG has created this short eBook to help you develop a BYOD policy that fits your business:
In my view, many of the user identity breaches reported in the news could have been prevented with better password practices and stronger, multi-factor authentication methods.
Five top tips for more effective password management in 2015:
- Make sure security measures include formal staff training on password best practice. Passwords need to be strong, long and as secure as possible – complicate them by using “passphrases” rather than individual words – e.g. rather than “spotthedog” use “5p0tth360g”
- There is no harm in turning on “two-step authentication”. Most services are offering this now and is a simple code based system that send you a numeric password by SMS/Text to secure you login credentials
- Create a single profile for all corporate log-ins, with segmented privileges for individual employees within the same profile. This way, when someone leaves the company, they can be removed automatically.
- Some mobile phones now provide both identity and access management capabilities. Encourage employees to adopt these and incorporate them as part of your BYOD policy.
- To aid productivity, make it easier for employees to work anywhere, anytime with mobile technology by moving to a single sign-on environment where every employee has one-click to access to a secure area in the cloud containing all of their work accounts and applications.
This constant flow of data breach stories in the media has done much to raise awareness of the issues around passwords. Education is positive, of course, but action must be taken to foil the hackers.
If your business is supported by a mobile workforce equipped with either work or personal devices which provide ready access to company-sensitive systems and information, ask yourself that important question: what password practices do I need to implement to keep those devices and that data secure?
Don’t take it for granted that your people have the knowledge to handle this themselves. Instead make sure you equip them to help protect your company.
Infographic: Privacy tips for business
Privacy plays a growing part in customer buying decisions. With every data breach, trust is eroded further.
Privacy and security are intertwined when it comes to our individual information. Consumers are becoming increasingly aware of the value of their personal data, so that means that businesses have to step up and do a better job of securing that data. Identity theft is the #1 fear of consumers, but for your business the risk is loss of trust and brand damage.
Since trust is the core of any transaction it’s important to know how privacy factors into your customer’s buying decisions. Research shows that almost 40% of consumers made buying decisions based upon privacy. When looking at who these people are, it was found that these individuals are aged 46-65 and have the highest incomes. But don’t rely on the business of the younger generation to supplant that once trust is lost; 27% of millenials abandoned an online purchase in the past month due to privacy or security concerns.
To mark Data Privacy Day on January 28, the following Privacy is Good for Business tips were created by privacy experts in civil-society, non-profit, government and industry and aspire to help business address the public’s growing privacy concerns:
- If you collect it, protect it. Follow reasonable security measures to keep individuals’ personal information safe from inappropriate and unauthorized access.
- Be open and honest about how you collect, use and share consumers’ personal information. Think about how the consumer may expect their data to be used.
- Build trust by doing what you say you will do. Communicate clearly and concisely to the public about what privacy means to your organization and the steps you take to achieve and maintain privacy.
- Create a culture of privacy in your organization. Explain to and educate employees about the importance and impact of protecting consumer and employee information as well as the role they play in keeping it safe.
- Don’t count on your privacy notice as your only tool to educate consumers about your data practices.
- Conduct due diligence and maintain oversight of partners and vendors. You are also responsible for how they collect and use personal information.