Blog Layout

ARE YOU PROTECTING THE RIGHT DATA?

Alex Payne • Apr 13, 2021

Data Protection

You’re ready to purchase a BDR. You’ve done all of the research, found a company you’re confident in and are excited to finally have peace of mind. But now you start thinking about exactly what you need to back up. Is all of your data necessary or should you salvage a little server room? All businesses want to back up everything, you never know when you’ll need it. It’s not always necessary to back up everything daily, but there are some you will want to consider. Depending on what kind of BDR you purchased you will first need to delegate what data is stored, is not stored, and how often. Notice that there are three different kinds of backup in today’s tech world. Those are; straight to cloud services, software-based products, and a hybrid approach that combines on-site hardware and software. By segmenting the market, you can quickly assess which approach will work best. Ideally, you will want to spend money on a company that specialized in a backup. However, keep in mind that the faster the solution is and the more automated, the more expensive it will be. Don’t feel bad if you went a little cheap in order to save money. You can still backup without automation or any third party, you will just need to remain diligent about it. If you are making sure to do a daily backup there are several business items you want to account for each day. First is credit card transactions or receipts. Your accounting software should keep an eye on this and automatically back this data up, but you can never be too sure. This also includes things like invoicing, receivables, payroll and just about anything that is financially related. All financials are incredibly important, even one lost invoice could really hurt your business. Next, you will want to backup any client files. Anything with hackable data or items that could be compromised need to be backed up daily as well. Not only is it invaluable to keep this information safe, but it would certainly affect your client confidence if anything was lost or stolen. Finally, we must backup any project management software. Anything that your business uses to keep track of daily activities and work being done needs backup. Just like financial software, usually, project management software will also back up and recover items if lost. But once again, that’s a chance you don’t really want to take. Then, of course, it affects communications, so you don’t want to want to maintain a log of communication or “paper trail” as people day. You want to keep all of these things intact. Not only your precious memories but also the really important stuff that your clients and customers trust from you. Keep these items in mind and you should never have to deal with business killing disaster.
By Alex Payne 20 Sep, 2021
Very few employees can honestly say they spend the entirety of their workday actually working. Whether it’s the 15 minutes you spend making your coffee in the morning, or the 10 minutes catching up on Facebook after lunch, the occasional work break is inevitable. A recent study showed that the average worker admits they waste three hours per eight-hour workday, not including lunch and scheduled break-time. However, a different study stated that workers only spent about 35 minutes, per day, not working. While concluding the exact amount of time workers waste during their workday might be difficult (because no one wants to admit they are looking for deals on patio furniture rather than writing that time-wasting blog they were assigned,) we can all say we have been guilty of frittering away some precious time during our workdays. Here are the top four ways employees are wasting their time at work and a few ideas on how to be more productive during your workday. Time Waster #1: Emails Emailing has become the top form of communication in the workplace. What’s the first thing most of us do when we come into work? Check our emails. Technological advances in the way we communicate have brought about the notion of having to be connected at all times. Our clients and even our colleagues tend to expect instant responses to each and every message, even when we are sick or on vacation. While email can be extremely beneficial, a lot of our workday is spent reading and answering emails. Many professionals have actually found they can get much more done during their workday if they don’t respond immediately to every single email. Solution: Try not to check your email first thing in the mornings. Instead, spend anywhere from 30 minutes to an hour working on something more important first thing in the morning. This allows you to fully concentrate on what you have to do without any of those unread emails distracting or stressing you. You can also increase productivity by simply turning off your email notifications for short periods of time during the course of your day. It could be 15 minutes, or it could be 60 minutes, but you’ll realize that during that distraction-less time you’ll be able to blast through your to-do list. Time Waster #2: Online Distractions The Internet is known for luring employees deeper and deeper into its web (no pun intended) with each and every click. It is said that 60% of online purchases are made during regular work hours and 65% of YouTube viewers watch between 9am – 5pm on weekdays when (presumably) at work. While social media outlets such as YouTube and Facebook can be a great platform for brand awareness and business growth, let’s be honest – how many times are you actually on these sites marketing for your company? You’re not, you’re wishing your uncle Brad a happy birthday. Some professionals have even admitted to spending time job hunting during work hours on company computer – shame on you! Solution: If you just absolutely can’t keep yourself from refreshing your Facebook feed every 10 minutes, simply block it. StayFocusd is an extension Google Chrome offers that allows you to set a certain amount of time to any website of your choice and once that time is up, it denies further access to these sites. If that seems too harsh, you can always better manage your lunch time. Take the first half of your lunch break to feed yourself and use the second half to completely indulge and get your daily fix of online distractions without feeling guilty. And if you still can’t get away from these Internet sites, well, you got a bigger problem, buddy. Time Waster #3: Colleagues Nobody enjoys spending their entire workday in silence. Humans are social creatures by nature. We all appreciate a little chat here and there during our workday. For that reason, co-workers can be awesome. But, they can also be a major time suck. How many colors does the printer have? Are we supposed to send this email this week or next? Where should I upload the document? Can you review this really quick? We have all had those colleagues that treat us like we are the employee handbook. While it can be very flattering being thought of as the expert of the group, the fact that you are constantly being asked repeating questions can quickly become irritating. Not to mention, it can take up a huge part of your workday. Solution: Headphones! Wear headphones while you work. Even if you aren’t listening to anything, having both of your headphones in will signal to your colleagues that you’re focused and in the zone. I understand some of us have very persistent co-workers who may still decide to come on over to your desk and give you quick tap on the shoulder. At that point, simply tell them you are glad they came by because you need help with [insert irrelevant work assignment here]. If they leave your desk with some work to do, they’ll think twice next time they come on over for a chat. Time Waster #4: Meetings Meetings are a necessary evil in most companies. 47% of professionals say their biggest time waster is having to attend too many meetings. On average, 33 minutes a day are spent just trying to schedule these meetings. You don’t always need to have a meeting, nothing makes an employee more frustrated than having their scheduled filled with unnecessary meetings. We have all been to those meetings where literally nothing pertained to you and absolutely zero words came out of your mouth. While communication in the workplace is extremely important, there are better ways of communicating information that doesn’t involve attending meetings every other hour. Solution: Next time you’re invited to a meeting, that you believe might be irrelevant for you, ask the host why they think your presence is needed. You can then set up some sort of system where your supervisor can go in your place and later simply cascade down that information to the rest of the team. If your supervisor is too busy to even attend themselves, then you could ask to meet with the host a couple minutes before to share your insight because you will not be able to stay the entire time. There are many other time wasters that we could discuss, but we’ll have to save that for another time – I have a meeting.
By Alex Payne 20 Sep, 2021
Everywhere you turn today you will find social media. People taking selfies at the grocery store, responding to Instagram while walking down the street, and of course checking Facebook status while clocked in at work. What do you do when social media use gets out of hand in the workplace? It can seem like a never-ending battle with employees, but it doesn’t have to be that way. Before you go any further, draft up a social media use policy. This will save you headaches and possible litigation. Employees can agree to it and follow it or they can find work elsewhere. Sounds harsh, I know, but your business’s reputation is not worth Mary’s selfie. Don’t get me wrong, the policy doesn’t have to be rigid and forceful. Your employees are adults and can handle responsibility. Similar to a job description, policies allow for clarification and accountability. Great for both employer and employee. To create a social media use policy, start by splitting the policy between company official accounts and personal accounts. Then take a look at rules and regulations. With this part, you want to clearly overview your brand as well as how you want it perceived. It is important that employees are on the same page for this. That way the message is consistent across all platforms, no matter who posts or comments, talk about confidentiality and what company info can or cannot be shared. It can be similar to the non-disclosure you had your employees sign when they got hired. Then, of course, outline the potential consequences to not following these guidelines. Ensure these are clear and concise because a loophole can be quickly manipulated. Then you can go onto the same steps but for personal use. Once you have that jotted down, you can move to the next part, roles and responsibilities. It is in this section that you have to figure out who will have access to the company’s social media or to any in general. Think about it, it might not be best to block it altogether. You can harness the power of social media for your benefit though if you play it smart. Your marketing team will need it, well, to market. Sales can keep in touch with prospects or members easily and it gives all parties conformation that you care. Beyond that, you may want to give your receptionist or office manager access in order to help with customer service on different platforms. While working on this, keep a few things in mind. Don’t discourage use, and ensure the language of the document sounds positive. Employees will get upset with a big change to what they’re used to. A list of don’ts is only frustrating and discouraging. Also, be transparent on why you have a policy. Let them know that productivity has been affected. Not only that, be clear with them about the potential security risks you are trying to avoid. Train the employees using company social media how to see security risks and what to look for. Then finally, explain how a policy keeps everyone honest and accountable. As long as you are transparent about the new policy, implementing it shouldn’t be a huge issue. If you have employees assist you in drafting this document, that’s even better. They are part of the change and not being steamrolled by it.
By Alex Payne 20 Sep, 2021
Most people are aware of terms like phishing and malware, but do you know those are a part of a larger scheme called social engineering? This is not a new kind of fraud, in fact, it’s been used for many years to manipulate a wide range of people into giving up important data about themselves or the workplace. A prime example of social engineering goes back to Greek mythology with the Trojan horse. They infiltrated the city of Troy with a “peace offering” filled with soldiers, thus winning the war. With technology at the forefront of our lives, social engineering has entered a new era. Physical human interaction is not necessarily required anymore. These criminals can gain information through emails, pop-ups, and public Wi-Fi networks, to name a few. The main objective is to influence, manipulate or trick users into giving up privileged information or access within an organization. They are doing this right under your nose, and if you’re not paying attention you will be a victim of this as well. External Threats With technology at the forefront of most businesses, external threats are becoming the benchmark for social engineers. They can hack into core business processes by manipulating people through technological means. There are so many ways for social engineers to trick people, that it is best to ensure you are well versed in some of the ways they can hack your system. BAITING First of all, baiting can be done both in person and online. Physical baiting would be a hacker leaving a thumb drive somewhere at a business, then an employee picks it up and plugs it into a computer. Could be curiosity, or simply thinking a co-worker left something behind. However, as soon as the thumb drive gets plugged in, it will infect your computer with malware. The online version of this could be an enticing ad, something to pique interest. Things like “Congrats, you’ve won!” Also, there is scareware, in which users are deceived to think their system is infected with malware, saying things like “Your computer has been infected, click here to start virus protection.” By clicking on it, you unintentionally downloaded malware to your computer. If you understand what you are looking for, you can usually avoid these situations. PHISHING This is probably one of the most popular social engineering attacks. Fairly generalized, this usually comes in the form of an email. Often, they ask the user to change their email or log in to check on a policy violation. Usually, the email will look official and even take you to a site that looks almost identical to the one you may be used to. After that, any information you type in will we transmitted to the hacker. You just fell for the oldest online hack in the book. SPEAR PHISHING Similar to generic phishing, spear phishing is a more targeted scam. This does take a little more time and research for hackers to pull off, but when they do it’s hard to tell the difference. They often tailor their messages based on characteristics, job positions, and contacts belonging to their victims to make their attack less conspicuous. This could be in the form of an email, acting as the IT guy with the same signature and even cc’s to co-workers. It looks legitimate but as soon as you click the link, you are allowing malware to flood your computer. Internal Threats Originally, social engineering took place in a physical setting. A hacker would do some preliminary research on a company structure or focus on behaviors in order to get that initial access into a building, server room or IT space. Once they have a “foot in the door” so to speak, obtaining pertinent data or planting malware becomes that much easier. TAILGATING Often, they will enter a building without an access pass by simply acting like an employee that left it at home, this technique is known as tailgating. The only credential they need is confidence. This can also include a hacker posing as an IT person and conning people into believing that to be true so they can gain access to high-security areas. This is far easier than it sounds too. You can find company shirts at your local thrift store, exude confidence and gain access. PSYCHOLOGY Another interesting process hackers use to con their way into a business is by creating a hostile situation. According to PC World, people avoid those that appear to be mad, upset or angry. So, a hacker can have a fake heated phone call and reduce the likelihood of being stopped or questioned. Human psychology really is a tricky thing, isn’t it? PUBLIC INFORMATION Then of course, the more you know about someone the more likely you are going to gain the information you need from them. This involves everything from scoping out parking lots, observing the workspace and even dumpster diving. Nothing is safe anymore and your life is not always as secure as you’d like to think. Something as innocent as a bill can be used to harvest more information about a person. PRETEXTING Similar to online phishing, pretexting is a popular fraud tactic for phone calls. Often, they will disguise themselves as an authority such as a bank, tax official or even police. They will probe you with questions that could lead to giving up information that could compromise your identity. This personal information can be used to find out a whole slew of things. Not only can they get away with your money immediately, but they can also easily steal your identity with pertinent information like social security numbers or banking information. Prevention Social engineering can be prevented by being educated in it. With so many different ways to steal your important data its imperative that individuals and businesses go through some sort of training regarding these issues. However, on a day to day basis, getting into certain habits can help. First of all, pay attention to your surroundings. Remember that physical social engineering still exists and you don’t want to be the one that caused your business corrupted data. Next, do not open emails or attachments from suspicious sources. Moreover, if a legitimate-looking email seems slightly suspicious, go to the source and find out for sure if they sent it. Also, multi-factor authentication can curb fraud immensely. One of the most valuable pieces of information attackers seek is user credentials. Using multifactor authentication helps ensure your account’s protection in the event of system compromise. Furthermore, if an offer seems too good to be true, it probably is. Don’t click the link, you didn’t win a cruise. Then finally, keep your antivirus and/or antimalware software updated at all times. This is the best line of defense if for some reason your system has been compromised. For the most part, use your best judgment and common sense. Social engineers have gotten very good at their jobs, but that’s okay because you’ve gotten very good at yours too and can combat these sneaky hackers.
Share by: