iTunes Going Away?

July 5th, 2019 by Julie Lough

What You Need to Know About Backing Up iTunes and What’s Next for Apple Music and Other Media

Many iTunes users were shocked on June 3 when Apple announced that iTunes would be phased out. First things first: the iTunes store won’t be going away. All of the music people have bought from the store will still be there.

iTunes Library

What is Apple actually doing with iTunes?

Because people are increasingly streaming, not downloading, Apple is breaking the iTunes store up into separate segments for music, podcasts, and video/television. Each of the media will have its own app on the Catalina Mac OS.

What iTunes apps will be affected?

The iTunes store will still be available as a music store. The other media, including video/TV and podcasts are being spun off.

The new iTunes store will be more closely aligned with Apple’s streaming music service. Apple is looking to rebrand itself as a streaming entertainment service. Other streaming content Apple is either developing or currently offering include Apple Music (streaming), a new TV streaming service, and a magazine subscription service.

What will I do to save my iTunes library?

First, the change affects desktop computers only. If you’re using iTunes on any other device, it won’t change. Second, the change will only affect you if you’re upgrading to macOS 10.15 Catalina.

Apple’s iTunes change is intended to conform the way digital media is stored on desktops with all other devices. If you are upgrading to macOS 10.15 Catalina, after the change, you will locate your iTunes library using Finder.

If you look at one of your mobile devices, you can see what will happen – the format on your desktop in macOS 10.15 Catalina will be similar to the format for media libraries on the iPhone or iPad. Mobile IOS devices have apps for Music, Videos, and Podcasts.

What if I can’t find the iTunes store?

The iTunes store on a desktop or laptop will be located in a sidebar within Apple Music. You can use the sidebar the same way you have always used it. Individual songs and albums will continue to be available for purchase and download.

How can I make sure my iTunes library is backed up?

You can back up your Mac using Time Machine. Your iTunes library will be backed up automatically as long as the library is included and it’s a full Mac backup.

If you want to use Time Machine to store a copy of the library outside Apple storage, connect a storage device to your Mac. When Time Machine prompts, choose the device as the backup disk.

If you only want to back up your iTunes music, not your whole computer, make sure that your iTunes music is on the local computer.

If there are any songs you’re concerned you may have missed, choose the Account menu at the top of your iTunes screen, then choose “Purchased” and “Music.” Re-download the songs you want to make sure you have saved.

Next, you need to organize and consolidate your library. Click “File” on the top of the iTunes screen. Choose “Library,” then “Organize Library.” At that point, pick the first option: “Consolidate files.”

This puts your files together and keeps them organized while also leaving originals in place.

You can then use the consolidated iTunes Media folder to make a backup onto any external drive or memory device.

Apple’s support page on how to back up and restore your iTunes library can also help guide you through the process.

ITunes isn’t really going away and neither will your downloaded and purchased music. Apple is just adding streaming capabilities for music, videos, podcasts, and television. Look for the changes this fall when Apple releases Mac OS Catalina. If you won’t be upgrading to the new operating system, you will not notice any changes at all on your Mac, MacBook, iMac or Mac Pro.


Happy 4th of July Everyone!

July 3rd, 2019 by Julie Lough

Got Your Sparklers Handy?

The Fourth of July falls on a Thursday this year, but we aren’t letting the fact that it’s a weekday stop us from celebrating.

 

 

Of course, just because it’s a holiday, that doesn’t mean you’ll have to make do without us. You’ll be able to reach us at (616) 7760-0400 if any technical issues arise, and our on-call technicians will be more than happy to resolve those issues for you.

Happy 4th of July


How Can You Focus Your Company on Reliable Anti-malware Strategies?

July 1st, 2019 by Julie Lough

antimalware

Organizations across the country are learning from cyber attacks perpetrated in Atlanta, Newark, and Sarasota. Similarly, large targets such as San Francisco’s transit authority and Cleveland’s airport have also been targeted. The growing threat from ransomware, which locks up the victim’s device and files, is hard to track down to the source. Fortunately, many attacks are preventable with the right training and compliance with company policies.

Where to Focus Cyber Hygiene Efforts?

Cyber hygiene involves putting processes into place to make it more difficult for hackers to attack your network. First, use two-factor authentication. Also known as dual-factor authentication, this creates an additional layer of security since it requires two proofs of identity. The most common method includes both a password and a one-time code texted to the user. Individual users should also back up data offline using an external hard drive or another device.

Internal firewalls deter malicious actors attempting to access your computer. When suspicious activity is detected, the suspect device is locked and denied access to the rest of the system. It’s similar to quarantining sick people to protect healthy ones.

Require staff members to regularly update passwords since cybercriminals can sometimes buy stolen passwords through the dark web. Take special precautions for remote access, which creates unique vulnerabilities. Make sure that your IT team has a process for detecting and eradicating threats associated with remote access to the company’s network and data.

How Can Staff Members Reliably Detect Phishing Emails?

Most ransomware attacks begin with what’s known as a phishing email. The hacker tries to get users to open attachments or links — which install ransomware on the computer. Here are a few tips on identifying phishing emails:

  • Strange word choices
  • Odd links
  • Misspelled words
  • Weird attachments, especially .exe or .zip files

If an odd-looking email seems to be coming from a friend, verify its validity before opening the email.

How Does Updating Your Software Help Prevent Infection?

Hackers exploit vulnerabilities in software, and patches are released to fix them. When your computer prompts you to update the software, do it.

What’s the Best Way to Stay Prepared?

According to a recent 60 minutes episode, hackers shut down systems at a hospital in Indiana. The hospital had to pay a $55,000 ransom to unfreeze its systems. Other organizations should learn from this experience and establish a robust security protocol.

How You Can Prevent Astonishing Impacts of Scareware?

Anti-malware programs cannot scan your PC without permission. No reputable company sends you scary emails or pop-ups as a marketing ploy. These messages are scams and are commonly referred to as scareware. They may even introduce infectious viruses on your computer. Avoid opening emails from senders you aren’t familiar with. Never give your computer credentials, personal information or credit card information to these bad actors.

There are things you can do to avoid scareware threats. First, avoid programs that pester you to register your device or buy software to clean up your computer. You could end up paying to clean up your working computer. Even worse, you could end up giving unknown cybercriminals access to your personal information. When you want to purchase malware protection, go directly to a reputable provider. Many companies offer free software to scan your system from their home page.

What are the Dangers Associated with Bundled Software?

Sometimes, when you download software, you get a prompt asking if you wish to download toolbars or change the home page of your browser. Don’t do it. Even though this is becoming common with legitimate software, it puts your system at risk. Known as “crapware,” these extras are often harmless and may even be quite helpful. However, there are times when adding these components open you up to cyber theft. It can also display annoying pop-ups and impact your computer’s performance.

You can avoid these attempts to bundle software. Extra apps that companies sneak onto your device aren’t always malware initiatives. They are, however, very annoying. Your computer can become so bogged down it’s practically inoperable. If you download the latest version of software such as Adobe Flash, reach every screen during the installation. Uncheck all boxes regarding additional toolbars.


Ransomware’s Cruel Greed: Proven Security Protects Your Business

July 1st, 2019 by Julie Lough

Ransomware

Cybercriminals lock victims out of computer and network files – sometimes destroying data – and extort cash to get that data back. That’s a ransomware attack, costing businesses billions worldwide.

Ransomware can spread by the simplest of user actions. Email phishing, or Business Email Compromise (BEC) – fraudulent and deceptive emails posing as legitimate messages – is perhaps the most common propagation method. Social media clickbait, particularly using fake accounts masquerading as friends or colleagues, is common also. Simply visiting an infected website can corrupt your system, even if the user doesn’t click anything on the web page.

How common is ransomware? There’s bad news and good news. The bad news: attacks are extremely common, with thousands of organizations being probed every day. The good news: savvy IT professionals are fending off attacks, so infections are still comparatively rare. However, attacks are on the rise and cybercriminals are growing more sophisticated.

Ransomware attacks are hitting businesses of all sizes, from a few employees to enterprise corporations. Individuals get infected also, especially those without good antivirus protection. Government agencies and health care organizations have become prime targets.

Data Loss and Financial Risk

Ransomware encrypts computer files and network drives, then demands a ransom in exchange for a decryption key. Most victims end up paying the ransom. Ransomware can be difficult, if not impossible, to crack, and paying the ransom can be the only way to get data back.

Costs of recovery can be enormous. The ransom itself can run from thousands to hundreds of thousands of dollars, even approaching $1 million dollars. The real cost of recovery runs easily into the millions. FedEx reported losses of more than $300 million before operations were fully restored. The total cost to US business is estimated at $75 billion or more per year, with downtime costing around $8,500 per hour.

Cybercriminals typically demand payment in Bitcoin. Cryptocurrency affords substantial anonymity, making it nearly impossible to track perpetrators. Even if they could be identified, cybercriminals often work over international borders. Jurisdiction issues makes prosecution almost impossible.

Preventing Ransomware

Ransomware protection is a complex endeavor involving technology, education and best practices. You need the right tools – the right information – and the right business processes.

Key steps to protect your data include:

  • Maintain up-to-date antivirus/malware protection, especially on email. Do your research for best programs, including buyer reviews on popular online retail sites.
  • Perform regular external backups, and quarantine them from your network as soon as they’re completed. Keep archival history as much as possible.
  • Train employees. Malware is most often spread by human behavior, e.g. clicking an email phishing link or social media clickbait. Proper training can minimize risk by educating staff about the risk of suspicious links.
  • Maintain strong firewall protection to minimize the risk of a single infected machine spreading malware into your network.
  • Keep all enterprise software updated with the latest releases and patches. Software firms are constantly improving security, and outdated software is riskier.
  • Administer IT user permission security so employees have access only to the software and functionality required for their job roles.
  • Disable macro scripts on files shared via email – an important component of training.

Along with preventative measures, create a contingency plan. If you are hit with ransomware, you’ll be better prepared to cope if you have plans in place to continue operations and speed up recovery.

Setting up a cryptocurrency wallet should be part of the contingency plan. If your business is hit – and you decide to pay the ransom – you’ll be able to pay much sooner if you already have this in place.

See these resources for more detail on what you can do to protect your business.

What to Do If Infected

More than half of targets don’t report ransomware attacks, according to FBI estimates. This is likely driven by concerns over bad publicity. Financial and business process recovery is bad enough without adding in a PR nightmare.

However, it’s critical to notify the FBI if your systems are infected. The FBI is the lead federal agency for cybercrime. Their investigative and technology capabilities are state-of-the-art, and no one is better equipped to help you understand your options and recover your data.

The FBI suggests that you do not pay the ransom. The decision is up to your company leadership, and it’s true that most victims do pay. In many cases, the cost of paying the ransom is far less than the potential losses from operational downtime.

Ransomware removal often involves wiping systems clean and restoring uninfected files from backups. It’s a delicate business best left to a professional cybersecurity company.

It Can Happen to Your Business

Ransomware and cybercrime are on the rise. Costs to businesses are going up.

Education and preparation are the best defenses against cybercrime. Responsible management needs to be proactive. Threats are real, cybercriminals are serious, and today’s IT professionals are armed with the tools and the knowledge to keep their companies safe.


9 Cybersecurity Terms You Need To Know

June 28th, 2019 by Julie Lough

Every business should have a comprehensive cybersecurity plan and a competent team that can execute that plan. Otherwise, cybercriminals and malicious actors can and most likely will take advantage of security vulnerabilities to access company data and cause damage. But as important as it is to have skilled IT professionals looking out for your business, it is equally important to educate yourself in the basics of cybersecurity so that you can avoid compromising your valuable information accidentally.

The following list of cybersecurity terms is one that every business owner, manager, executive and other professional should be aware of. The more you understand the basics of cybersecurity, the better equipped you will be to protect your valuable business data and personal information moving forward.

Cybersecurity Tips

9 Cybersecurity Terms Every Business Professional Should Know

1. Malware

From the time the average family had a personal computer in the house, most people had heard of computer viruses. Today, it is still common for many people to think of all types of attacks to computer systems and networks as viruses. In truth, a virus is only one type of attack that you need to be aware of. There are many other types of attacks, which along with viruses, fall under the umbrella of malware. Anything that is made to access your network or data—or cause damage to your network or data—is referred to as malware.

2. Phishing

Like the common term it comes from, phishing can be thought of as throwing out attractive bait in hopes that someone will bite and give up their valuable information. Phishing involves making a website or application that looks just like a site or app that people trust. You might get an email from Google or the IRS that looks legitimate. It could claim that the company needs you to update your information or your password and then take that info and give it to a cybercriminal.

3. Antivirus

An antivirus program is just like it sounds—a program for fighting computer viruses. What it is not is a program that will handle all of your cybersecurity needs. It will search for common viruses and eliminate those viruses, but it will not necessarily protect against other types of malware. Your antivirus can only scan the drives it has access to, and can only identify viruses that have already been identified by the company that makes the program.

4. Social Engineering

Social engineering refers to deceiving people instead of computers. While creating malware requires focusing on technical aspects, social engineering focuses on ways to manipulate people into doing what you want them to do. The scams where people ask you to cash checks on their behalf and send them the money because they are out of the country are an example of social engineering.

5. Ransomware

A common type of malware being put out by cybercriminals is known as ransomware. Ransomware takes some of your sensitive data and encrypts it so you cannot access it. The cybercriminal then demands a ransom for you to get access to your data. All of the cybersecurity terms you see that end with ware are types of malware.

6. Zero-Day Attacks

One of the biggest weaknesses of antivirus programs or other anti-malware programs is that they can only detect and protect against malware that has already been identified. Cybersecurity experts are constantly on the lookout for new malware, but they are not able to catch every piece of malware before it compromises systems and networks. There are always holes in the protective layers offered by cybersecurity teams. When a piece of malware compromises a hole, or vulnerability, in standardized security layers, it is known as a zero-day attack.

7. Redundant Data

While cybersecurity experts and your IT team are always striving to protect your system and network from attacks, sometimes your data can still become compromised—like with a zero-day attack. The reality of cybersecurity is that there is always the possibility of compromise, which is why backing up your data is a necessity. Not only does backing up your data protect against cybersecurity threats, but it also protects against equipment failures.

A quality backup will be quarantined in a facility that is not in the same location as your business.

8. Patch

A patch is what software developers send out when they discover a gap in the security of their programs. You should download available patches regularly to ensure optimal protection.

9. Intrusion Protection System (IPS)

An IPS is placed between your firewall and your system to identify intrusions and stop them before they cause damage.

For more information about cybersecurity for your business, please contact our team.


Do You Really Need To Eject That USB Drive?

June 28th, 2019 by Julie Lough

Eject USB

USB drives offer so much convenience. A little storage device as big as your finger, you can carry it around without even noticing it—and with every passing year, the amount of data they can hold grows and grows. These small storage devices are so easy and convenient to use that they are found everywhere in the business world, from desk drawers to branded swag drives on keychains. And since they are so easy to pop in and out of your USB drive, if you are like many people, you probably do not even bother to eject them before you take them out of your drive. Is there really any problem with not ejecting your USB drive properly? Unfortunately, the answer is a definite “Yes.”

From losing data to ruining the drive, failing to properly eject your USB drive can lead to real issues. Read on to discover the way your USB drive works and why it is so important to go through the ejection process on your computer.

Removing a USB Drive Without Ejecting—What You Need to Know

How USB Drives and Computers Communicate

Using a USB drive is such a seemingly simple task. But when you look more closely at what goes on with your drive and your computer when they interact, you will discover that the way they work together involves a lot more than just plugging in and unplugging.

When you plug a USB drive into your computer or laptop, the first thing that happens is the computer delivers power through the USB port to the USB drive. The drive does not have its own power source, so it requires power from the computer to operate. After the computer has supplied power, the computer and the drive must communicate with one another.

Proper communication between a computer and a drive requires having the right drivers installed on your computer. Fortunately, today’s drives come equipped with drivers that your computer can download to allow it to communicate with the drive—which is why modern USB drives are considered “plug-and-play.”

When the computer and the drive have established communication, the computer does what it needs to do to figure out what is on the drive. There are multiple steps to just this process, including reading the directory structure, Master Boot Record or Partition Boot Record (the process can vary by drive).

Every one of the things described above happens before you are able to see your USB drive contents on your computer—all within a matter of seconds. There are numerous other things that go on behind the scenes as you use the USB drive as well. While it may seem like the changes you make to your drive happen instantly, in reality, there are multi-stage processes occurring that may take longer than you realize.

Alterations to Your Drive Happen in Batches

As your computer is reading your drive, it is changing the information in the metadata on the files, such as changing the time and date that the file was last modified. Then, when you make changes to files, such as adding or deleting a file, the changes you make will first occur in your computer’s cache. Eventually, your computer will make the actual alterations to the information on your drive. Again, these things happen quickly, but it is important to understand that they do not happen instantly, which is one of the reasons why pulling the drive out can cause problems.

Other Programs May Be Using Your Drive

You see a very small portion of what actually happens with your computer at any given moment. While you may not be interacting with your drive right now, other programs on your computer could be doing so. For example, your antivirus and anti-malware programs could be busy scanning your drive while you are doing other things. Removing the drive while such programs are doing things on your drive can cause the files to be corrupted.

What Happens When You Eject the Drive?

Your computer and your drive have to go through a process to say goodbye just like they had a process to say hello. By pressing the eject button in your system you are telling the computer to start this process and finalize everything so that the drive can be removed safely. The computer will make sure that all of its interactions with the drive are completed before it says that you can safely remove the drive—like waiting until the antivirus is done scanning the drive.

Always Eject the Drive to Avoid Damaging Files or the Drive

Failing to properly eject your USB drive can damage files or corrupt the entire drive. That is why you always want to go through the proper ejection process. Failing to do so could cause you to lose your data on the drive or cause you to lose the ability to use the drive at all.


What Is The Fake DHS Phishing Email Going Around?

June 24th, 2019 by Julie Lough

How Can You and Your Employees Avoid It?

The Cybersecurity and Infrastructure Security Agency (CISA) is warning about an email phishing scam that tricks users into clicking on malicious attachments that look like legitimate Department of Homeland Security (DHS) notifications.

The email campaign uses a spoofed email address to appear like a National Cyber Awareness System (NCAS) alert and lure targeted recipients into downloading malware through a malicious attachment.

DHS Phishing Emails

CISA says that users should take the following actions to avoid becoming a victim of social engineering and phishing attacks:

  • Be wary of unsolicited emails, even if the sender appears to be known; attempt to verify web addresses independently (e.g., contact our helpdesk or search the internet for the main website of the organization or topic mentioned in the email).
  • Use caution with email links and attachments without authenticating the sender. CISA will never send NCAS notifications that contain email attachments.
  • Immediately report any suspicious emails to our helpdesk.

What Is A Phishing Attack?

Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem.

When users respond with the requested information, attackers can use it to gain access to the accounts. Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as:

  • Natural disasters (e.g., hurricanes, earthquakes)
  • Epidemics and health scares (e.g., H1N1)
  • Economic concerns (e.g., IRS scams)
  • Major political elections
  • Holidays

Why Can Email Attachments Be Dangerous?

Some of the characteristics that make email attachments convenient and popular are also the ones that make them a common tool for attackers:

  • Email is easily circulated. Forwarding email is so simple that viruses can quickly infect many machines. Most viruses don’t even require users to forward the email—they scan a users’ computer for email addresses and automatically send the infected message to all of the addresses they find. Attackers take advantage of the reality that most users will automatically trust and open any message that comes from someone they know.
  • Email programs try to address all users’ needs. Almost any type of file can be attached to an email message, so attackers have more freedom with the types of viruses they can send.
  • Email programs offer many “user-friendly” features. Some email programs have the option to automatically download email attachments, which immediately exposes your computer to any viruses within the attachments.

DHS Phishing

How Do You and Your Employees Avoid Being a Victim?

  • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
  • Don’t provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
  • Don’t reveal personal or business financial information in an email, and don’t respond to email solicitations for this information. This includes following links sent in an email.
  • Don’t send sensitive information over the internet before checking a website’s security.
  • Pay attention to the Uniform Resource Locator (URL) of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
  • If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Don’t use the contact information provided on a website connected to the request; instead, check previous statements for contact information.
  • Ask us to install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic.
  • Take advantage of any anti-phishing features offered by your email client and web browser.

Get New School Security Awareness Training

You must train your employees to be constantly vigilant to identify attackers’ attempts to deceive them. New-School Security Awareness Training will provide the knowledge they need to defend against these attacks.

What Is New-School Security Awareness Training?

More than ever, your users are the weak link in your IT security. You need highly effective and frequent cybersecurity training, along with random Phishing Security Tests that provide several remedial options in case an employee falls for a simulated phishing attack.

With world-class, user-friendly New-School Security Awareness Training, you’ll have training with self-service enrollment, completion logs, and both pre-and post-training phishing security tests that show you who is or isn’t completing prescribed training. You’ll also know the percentage of your employees who are phish-prone.

And with the end-user training interface, your users get a fresh new learner experience that makes learning fun and engaging. It has optional customization features to enable “gamification” of training, so your employees can compete against their peers on leaderboards and earn badges while learning how to keep your organization safe from cyber attacks.

With New-School Security Awareness Training You’ll…

Have Baseline Testing to assess the phish-prone percentage of your users through a free simulated phishing attack.

Train your users with the world’s largest library of security awareness training content; including interactive modules, videos, games, posters and newsletters, and automated training campaigns with scheduled reminder emails.

Phish your users with best-in-class, fully automated simulated phishing attacks, and thousands of templates with unlimited usage, and community phishing templates.

See the results with enterprise-strength reporting that show stats and graphs for both training and phishing, all ready for your management.

New-School Training…

  • Sends Phishing Security Tests to your users and you get your phish-prone percentage.
  • Rolls out Training Campaigns for all users with automated follow-up emails to “nudge” incomplete users, as well as point-of-failure training auto-enrollment.
  • Uses Advanced Reporting to monitor your users’ training progress, and to watch your phish-prone percentage drop.
  • Provides a New Exploit Functionality that allows an internal, fully automated human penetration testing.
  • Includes a New USB Drive Test that allows you to test your users’ reactions to unknown USBs they find.

Plus, you can access Training Access Levels: I, II, and III giving you access to an “always-fresh” content library based on your subscription level. You’ll get web-based, on-demand, engaging training that addresses the needs of your organization whether you have 50, 500 or 5,000 users.

Keep your business from being victimized by phishing attacks.

We can tell you more about New School Security Awareness training for your employees.


What Can A Business Impact Analysis Do For Your Organization?

June 21st, 2019 by Julie Lough

Business Impact Analysis

When a company functions at a high level, productivity and profitability appear seamless. But it’s also incumbent on decision-makers to understand the potential ramifications for business disruption. Without a working knowledge of how a breakdown in one area of an operation impacts the other moving parts, viable solutions remain out of reach. Determined industry leaders take proactive measures to conduct a business impact analysis (BIA), so they are prepared for adversity.

Importance of a BIA

One of the primary reasons that some organizations fail to conduct the initial and subsequent BIAs is that it seems abstract. It’s common for CEOs and other decision-makers to have earned their position through experience and expertise. That offers a sense of confidence they can captain the ship during a crisis. A decade or two ago, that may have been sound thinking. However, today’s technology-driven companies are far removed from nuts and bolts fixes.

Data loss, hackers, malware infiltration, or just lost connectivity between departments can down an outfit’s productivity. Such realities create a burden to have multi-level solutions available that often are outside a CEOs area of expertise. Business leaders are wise to tap department heads to review likely and even unlikely vulnerabilities and develop a contingency plan for as many critical interruptions as imaginable. Consider this pair of foundation ideas in terms of your operation.

  • Idea 1: Your company functions like a living organism with each system relying on the others for its health and vitality.
  • Idea 2: Certain parts of the whole are more crucial to survival and long-term success. These areas require heightened resources.

With this anatomy analogy in mind, consider your operation with the perspective that specific departments and systems are vital. If the heart, brain, or lungs of your operation shut down, so does the entire company. Stubbing your toe, on the other hand, may only slow things. The point is that certain aspects of any business are critical, while others are support.

Once department heads are tapped to conduct a BIA due diligence and submit a report, leadership is tasked with understanding how all the moving parts work. With this in mind, first-run BIAs generally require interdepartmental meetings or communication to ensure key stakeholders are on the same page.

Motivation for Conducting BIA Due Diligence

Having the support and blessing of the leadership team remains critical to a thorough BIA. When such stakeholders view this as just an additional duty impeding their daily, profit-driving work, potential challenges are unlikely to get the due diligence necessary for improved success when a crisis occurs. Before moving forward, direct communication and articulation of why thoroughness is a priority must be established. Clarifying the following benefits of a BIA early in the process may improve team motivation.

  • BIA delivers management with vital data to make real-time decisions to ensure business continuity
  • BIA delivers insight about interdepartmental reliance
  • BIA provides a playbook for employee roles in critical situations
  • Identifies company-wide priorities for sustaining operations during crisis
  • Provides a tangible road map to restore full operations

At the end of the day, the BIA removes the fear of the unknown and puts guidance in its place. That offers otherwise panicking employees the confidence their jobs are secure and empowers them to work through adversity.

Working through the Tedious BIA Process

Getting leadership and rank-and-file employees on board to undertake a BIA is not a difficult sell. The bottom line for everyday workers is that it provides a rare level of job security. Infusing that positive attitude will likely go a long way toward working through the sometimes tedious information collection process. For each department or aspect of the company, data collection is necessary.

  • Lead function of a process or department
  • Detailed analysis of department function and processes
  • Disruption analysis and timetable regarding increased impact
  • Identify interdepartmental disruption
  • Analysis of the financial, legal and regulatory impact of disruption

With a detailed report, departmental leaders garner an enhanced understanding of impacts across the organization. Each department head can identify likely and unlikely disruptions and craft realistic solutions or ways to bridge crisis. This information can be compiled and shared with the goal of building a final report.

Value of a Comprehensive BIA Report

The final report moves beyond the data collection and single department solutions. The concept is to deliver a company-wide plan of action. It generally proves beneficial to make a hardcopy or online report that articulates reasoning, goals, strategies and empowers employees during duress. These are headings often found in a comprehensive BIA report.

  • Executive Summary
  • Analytic Methods Used
  • Potential Department or Function Disruption
  • Impact of Disruption
  • Protocols to Mitigate Disruption
  • Guidance for Organization Restoration

CEOs and other decision-makers generally enjoy enhanced confidence in their leadership abilities following a comprehensive BIA. It’s also imperative to set a schedule for BIA updates and create a policy that requires emerging technologies, business developments, and other evolutions to be included in the report. In many ways, a BIA gives everyone in your organization security.


Cyber Security Advice: 6 Crucial Strategies

June 21st, 2019 by Julie Lough

Computer Security Tips

Cyber security is more important than ever before. The news is full of stories of leaks and breaches large and small. Some of these result from sophisticated, targeted hacks, and others occur thanks to enterprising hackers taking advantage of security holes in insecure or out-of-date software.

At the end of the day, though, just about every organization has the same weak link: its employees. The finest security tools are no match for bad (or just naïve) behavior from your employees. With that in mind, today we’ll review 6 strategies and tips crucial to improving your employees’ cyber security behavior.

1. Use Long, Complex Passwords

People tend to be lazy. It’s a part of human nature. If your IT policies allow people to set their passwords to “password” or “12345”, you can be assured some of your employees will do just that. Short, simple, easy-to-guess passwords are a security threat to your business. Not only can passwords like these be easily guessed by a human, they take next to no time to be brute forced by hacking tools.

Encourage (or, better, require) your employees to use long, complex passwords. A phrase that’s memorable to the employee is a good start. Add in some complex characters (symbols, mix of capital and lowercase) to increase the complexity further.

2. Understand That Everyone Can Be Targeted

Don’t think of cyber crimes in the same way people used to think about military conflict: as something that occurs between large entities with high-powered offensive and defensive capabilities. Yes, it’s the Targets and Experians of the world that make the national news when they are breached, but those high-profile cases are the exception, not the rule.

Smaller hackers aren’t going after hard targets, like governments or Wall Street. They’re going after soft targets: small and medium businesses that think they “can’t afford” good cyber security. In other words, they’re going after you.

3. Don’t Go Swimming and You Won’t Get Phished

One of the best tools hackers use is phishing. Phishing starts with your employees receiving a fake email. It could look like a legit business message or like a message from a vendor or service that you’re already using (like Microsoft Office 365). In other cases it looks interesting, tantalizing, or even salacious. These emails will contain a link or an attachment and will encourage users to click the link and log in or to open the attachment.

But the links and attachments aren’t what they appear to be. Once users do those actions, their credentials or devices are compromised.

Our best advice here is don’t go swimming so you won’t get phished. Don’t click on suspicious links, no matter how interesting they look. Don’t open attachments from unfamiliar accounts. If the email looks to be from a legit service (like Office 365), navigate to that service manually instead of by clicking the link. Lastly, if you’re not sure about an email, check with your IT group before continuing.

Computer Network Security

4. Consider the Security of the Network You’re Using

One of the advantages of cloud services is the ability to access many work systems from anywhere. As more and more firms move to cloud software and cloud services, those firms’ users need to stay up to date on security best practices. Employees dealing with sensitive company information or accessing customer data should only do so on secure networks. Public computers, free Wi-Fi at the corner café, and your cousin’s open Wi-Fi network are all examples of insecure network environments. Save the sensitive stuff for a more secure environment like the office.

5. Be Physically Aware

Many cyber attacks are perpetrated through actual, physical access to systems. Employees can be shockingly careless with company tech. If you walk away from your computer, phone, or tablet — even just for a second — lock the device. This is true even in your own cubicle or office. You never know when a disgruntled coworker might attempt to compromise something while posing as you.

Also, make sure employees understand that devices can be compromised by anything that’s plugged into them. Computers can be compromised by plugging in a flash drive or SD card that’s infected with malware. Be sure you trust the source of any external device that’s coming into your company.

6. Beware Social Engineering

Employees also need to watch out for social engineering schemes. These are similar to phishing schemes, but instead of stealing credentials using a fake form or website, thieves convince employees to hand credentials over outright. Don’t be afraid to hang up on (or stop emailing with) someone claiming to be from an important vendor (we’ll use Microsoft again). If anyone is asking an employee to supply credentials or to take actions on your computer or network, that’s a huge red flag. Legitimate vendor contacts likely wouldn’t need the employee to do this for them. Employees can call back directly using a number they know is legitimate. If the concern is real, the real support team will know about it.

Conclusion

These 6 strategies will help your employees resist cyber intrusions, but there is so much more for your team to know. For more comprehensive help with your cyber security strategy, contact us today.


How CEOs Can Use Their Blog To Communicate With Staff & Customers

June 18th, 2019 by Julie Lough

CEO Blog

As a CEO, you have tremendous influence over your company’s brand, messaging, values and strategies. You also have a personal brand that increasingly today needs its own shaping, nurturing and feeding.

One powerful way to improve your personal brand and your company’s messaging is to have your own blog. Your voice, insights, opinions and news needs a vehicle that can project your thoughts across multiple channels.

Knowing why a blog makes sense and best practices is an ideal way to get started.

Why Should I Create a CEO Blog?

First, consider the multiple audiences to which your voice matters. There are stakeholders and in some cases shareholders that value your communication.

Internal blogs allow you to communicate to employees in a very different way. The benefits include:

  • Providing an up close and personal insider perspective on work, values and messages you want to convey
  • Promoting your internal persona
  • Promoting and reinforcing key messages
  • Building and celebrating a positive company culture
  • Fostering two-way communication between the c-suite and other employees

What Is the Difference Between Internal and External CEO Blogs?

External blogging has its own advantages. The tone and content of internal and external blogging likely will be different but the tone, themes and messaging should remain consistent. The advantages of external blogs are:

  • Thought leadership. Insights on industry trends, needs, challenges and transformation help establish you as a leader in your field.
  • Valued added. Customers and potential customers are more likely to choose your business if you can provide them with valuable, needed information that helps them do their business better.
  • Authenticity. Build authenticity with external stakeholders with consistent valued content, especially in challenging times or crises. That’s when your voice should be loud, not silent.
  • A face with a brand. Too often companies, especially as they grow larger, become faceless. A blog helps put a human face on your business and brand. Your blog helps keep your business front of mind, especially when they see your information popping up regularly in email inboxes and on social media.
  • Brand loyalty. Customers are going to come back when the products and services they receive are of high value. A blog can help in reinforcing your commitments to quality, customer service and continuous improvement.
  • Spreading your message. When your content is compelling, readers will like, share and forward it to others. This viral marketing, at no additional cost to you, spreads your brand and your thought leadership.
  • Beating the competition. It’s likely some of your competitors are blogging. Get ahead of them with better, regular and more valuable information.

In a 2016 New York Times article, Microsoft founder Bill Gates, who focuses much of his energy now on his philanthropic foundation, spoke about why he blogs. “It … helps to have a platform for talking about the work I’m doing, both through the foundation and separate from it, because I find people are curious about it,” Gates said.

What Makes for a Successful CEO Blog?

The best CEO blogs are authentic. They don’t just regurgitate press releases or quarterly results. They inject humanity and persona into the work that your company does and gives you a visible, recognizable brand. Here are some other elements of a successful CEO blog:

  • Personalization to a point. This is not the place to talk about your son’s high school graduation. However, personalization is important. Instead, offer glimpses behind the curtain about why and how decisions were made or what you see as key issues or opportunities in the industry.
  • Design matters. You want your blog to be easily readable, especially on mobile devices.
  • Onmichannel. Content is valuable … and you and your marketing team should strategize about how to get the most out of what you provide. Longer blog posts can be followed up by other content — written by you or others — that points back to your hub information. Posts should be teased or delivered via multiple social media platforms. Depending on your business, that may include LinkedIn, YouTube, Facebook, Instagram or Twitter.
  • No jargon. Inside baseball is cool, but not when no one can understand what you’re writing. If you’re going to use jargon, be sure that it commonly used within your industry. Otherwise, you could alienate existing and potential customers.
  • Focus on customers. All of your blog content should have a singular focus: What do our customers need? Whether it’s product information, industry news or company information, be sure that it is written to help customers solve problems. Ideally, those problems are those your company is uniquely qualified to address.
  • Use humor … if it’s funny. Humor is a lot harder to write than you would think. Written words cannot easily express tone, pace and intent. Humor adds a personal element to your writing, but it has to be done with care and strategically.

Where Can I Find Good Examples of CEO Blogs?

Looking for inspiration for your own blog? There are plenty of sources of great CEO blogs and leadership blogs from which to take inspiration. Here are a few examples to review:

CEO blogging can have a deep impact on internal and external messaging. With a clear understanding of goals and tips, your blog will be ready to be published.