Year: 2020

Keeping your data safe: Access Control

Cyberattacks are a commonplace today. Malwares such as viruses, worms and more recently ransomwares not only corrupt your data or hold it hostage, but also inflict irreversible damage on your brand and business. As a norm, most businesses these days do invest in anti-virus/cybersecurity systems. But, is that really enough? The answer is–NO. Because, they often overlook one important aspect–access. Ask yourself, how easy is your data to access? How can you strengthen the walls that keep your data safe? Read this blog to find out.

Role-based access

Always follow a role-based access permission model–meaning people in your organization have access to ONLY the data they REALLY need. Generally, the higher the designation, the deeper the data access permission and stronger the rights. For example, someone at the executive level may not be able to edit your MIS spreadsheet, but a manager should be able to.

Formal password controls

No matter how good your cybersecurity, you need to ensure the protocols are followed at the ground level. Enforce policies regarding passwords strictly and hold violators accountable. Examples include-

• Password combinations – Ensure your staff follows the recommended best practices when selecting passwords so there are no ‘easy-to-crack’ passwords
• Password sharing – Thoroughly discourage password sharing across your organization. No matter who asks for it, passwords shouldn’t be disclosed unless authorized as per the protocols.

Don’t ignore physical security

Virtual security is a must, but so is physical security. Though there is only so much physical access controls can do in keeping your data safe in the BYOD era of today, don’t overlook this aspect. Installation of CCTV cameras on-floor, biometrics/card based access to your workspace/server rooms, etc. also have a role to play in data safety from the access perspective. 

Training & reinforcement

Finally, train…train…train. You need to train your employees on the protocols for data security and access so they don’t mess up accidentally. Conduct mock drills, refresher trainings, follow up with quarterly audits, and use positive and negative reinforcements to ensure everyone takes it seriously. Because, at the end of the day, no cybersecurity software is good enough, if the best practices related to data access are ignored.

Smaller firms less likely to keep up to date on the basics that protect them.

On the never ending problem of cyber security, small firms often do not have any/much in-house IT support. As a consequence, they may be less likely to be able to make sure their software is consistently updated to reflect any patches released by the product’s maker. This simple oversight, deliberate or not, is a major source of data breaches and ransomware attacks.
Think back many years to when Microsoft pulled the plug on maintaining Windows XP. Many users refused to upgrade because there were afraid of losing compatibility with other software programs, the unintended consequences of moving to a new OS, or just not being sure how to install an upgrade. Whatever the issue, it meant those users had an operating system that was no longer updated to reflect the latest security fixes. Their operating system became an unlocked gate.

You may not be scared of technology, but as a small business owner, tracking the release of new updates or taking the time to install them as soon as they come out probably just isn’t a priority. You have a business to run. Adding to this problem, you may also allow your employees to use their personal laptops, mobile devices, and tablets for work duties. If that is the case, then every program on each of those devices is subject to the owner’s willingness and ability to update everything in a timely fashion. If any single device accessing your corporate files and data misses a security patch and is breached, so is your business.

The lesson here is that you need to take action to implement a company-wide process for maintaining all of your software applications so they don’t become an unlocked door in the middle of the night. A managed service provider can develop a plan to address update and security fixes on all the devices that access your data. It can be more than a small business owner can handle, so instead of ignoring the problem, reach out to find real solutions that will protect your business.

Cyberattacks and the vulnerability of the small business

You cannot go a day without reading about some big name company or even government agency being hacked and critical data being compromised. What you don’t see in the media is that most of the attacks happen to small firms, and that this is where a lot of the cybercrime is occurring. What any business, but especially a small business, needs to be afraid of are cyber attacks that disable your operations, disrupt customer interaction, or breach your customer’s personal data. Contrary to what one might expect, smaller firms are far more likely to be targets of hackers than large firms. They are also likely to have less sophisticated security measures in place. Any firm’s existence can be threatened by these events, but smaller firms are often unable to rebuild after a major breach. Studies show that customers are less forgiving of smaller firms than larger ones when their personal data has been compromised. The lesson here is that smaller firms are more vulnerable and need to be extremely vigilant. Talk to a managed service provider about some basic steps you can take to protect your business.

Denial is not a solution: Something you owe your customers and your employees

Why do so many people procrastinate about making a will? Why is it so hard to get young people to buy health insurance? Because it is one of those “probably won’t happen–at least in the foreseeable future, and I‘ve got more interesting things to worry about or spend my money on” issues.

Small business owners tend to take the same approach to making business continuity plans in case of a disaster. They are usually fully consumed just running the business and keeping revenues steady and growing. Diverting energies and resources to a “what if” scenario just isn’t an imperative.

There are affordable, effective tools out there that will allow any smaller firm to develop effective business continuity plans, but they only work if you take action. Our best advice to overcome denial? Think of this scenario: If something happened right now and your entire operation came to a halt because of a cyber attack, a power failure, data loss, or a single point of failure hardware event, what would you do? Do you even know who you would call in for help?

It can be a scary thought, but one that merits your attention. Talk to a managed service provider about a proposal to develop a complete business continuity plan. You owe it to yourself and to all the employees who rely on your for their livelihood.

Limited investment capital and planning for trouble

Small businesses often fail to take the time to make business continuity plans. One aspect of a business continuity plan involves developing plans to handle the loss of physical infrastructure and hardware. Unfortunately, smaller and younger firms often fail to address these issues because they lack the necessary capital to invest in additional or supplemental equipment. Redundant servers, battery back systems or uninterruptible power supplies, and data backup systems that allow for offsite backup storage are the most obvious examples.

These can represent considerable capex for a small firm. However, these costs need to be weighed against the costs that would be incurred if a severe business interruption occurred. Encouragingly, new technology is creating tools for redundancy and data protection that don’t require additional hardware investments. The cloud is probably the single biggest savior for small businesses looking to defend against business interruption events. The cloud means you can offload many of your business processes and infrastructure to the cloud and sidestep creating expensive redundancies on your own. Offsite data storage, increased efficiencies as a result of shared data center costs, SaaS, and even data collaboration tools are added cost savings that can be provided by the cloud.

So before you throw up your hands and say you cannot afford to address business continuity, take another look. The cloud can redefine the paradigm of “business continuity.”