BEI Blog

BEI has been serving the Ohio area since 1991, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

Are You Doing Enough to Protect Your Data this Data Privacy Day?

Are You Doing Enough to Protect Your Data this Data Privacy Day?

January 28th marked Data Privacy Day, a day intended to raise awareness of the importance of data privacy and educate users and business owners of its benefits. Spearheaded by the National Cyber Security Alliance, there are plenty of lessons the NCSA has to share with businesses as this day puts their, and their clients’, privacy in the spotlight.


The NCSA, in conjunction with the U.S. Small Business Administration, provides a few guidelines for businesses to follow in order to preserve privacy as far as company data and personal information are concerned.

Protecting Your Business

Nearly every business collects and utilizes personal information from its clients, employees, and vendors. Therefore, it is also the responsibility of the business to make sure that this data remains private and secure. In this digital age, businesses need to be transparent with their data privacy policies, as even the accusation of a data loss event or misusing their information in any way can be catastrophic. There should never be a time that a customer could accuse you of collecting more data than they consented to, without you having proof that they had been notified and provided their consent. A privacy policy should be available for you to provide to your clients.

However, this needs to be more than a policy. It needs to become a tangible part of your organization, and enforced as such. Not only should you frequently remind your employees of the importance of privacy and data security, it should become integral to your company culture. As the NCSA and the SBA say, you should “communicate clearly and often what privacy means to your organization,” as well as being sure to “educate employees about their role in privacy [and] security...”

Your diligence should extend not only to your internal employees but also to any external (or third party) resources you may use. You need to ensure any of your partners or vendors with access to your network and its sensitive data are taking your security as seriously as you are. Many businesses require all external resources to sign a network use agreement that holds them liable in the event their actions result in a breach of privacy.

Privacy in the Home

Data security does not just apply to work done within the walls of your offices, either. You need to cultivate an even greater awareness and respect for privacy at home or while traveling, as well. Any device that is used for work must be treated with the same security-minded processes that you and your employees would subscribe to in the office.

Remind members of your household that they need to be careful with their personal information as well. While they may not have a company to manage, there are still plenty of consequences to deal with if their data is breached. Therefore, the entire family needs to be mindful about what they share online, avoiding sharing too much and keeping personal details close to the chest. This is especially true if you have children and teens under your care and supervision, as they could face a lifetime of ramifications.

Additionally, BEI understands how important your privacy truly is. When you have built up and maintained a business, you want to protect it, and maintaining data privacy can help keep both it and you safe. We appreciate how big of a commitment it is to be entrusted with that responsibility, and we’d embrace the chance to live up to it with your data.

Please, lean on BEI for more assistance and advice. Call us today at (844) BIZ-EDGE.

0 Comments
Continue reading

Tip of the Week: Use the Lessons Learned in 2017 to Improve 2018’s Cybersecurity

Tip of the Week: Use the Lessons Learned in 2017 to Improve 2018’s Cybersecurity

2017 was chock-full of security threats, attacks, and breaches. Therefore, 2017 was also chock-full of lessons to be learned regarding business cybersecurity. For this week’s tip, we’ll review a few lessons that hopefully weren’t missed.


Lesson One: Keep Track of Your Data
When Yahoo and Equifax announced that huge amounts of their client data had been breached, it became clear that even some of the biggest organizations that are most reliant on security are severely lacking in their security, especially where their data is concerned.

As this was observed, it also became clear that small or medium-sized businesses need to be more careful with their data security. After all, if such large organizations were able to be breached--and for these breaches to have gone unnoticed and then unannounced for months--an SMB needs to make sure that its data is accounted for and secured against threats.

Lesson Two: Patches are Pretty Important
As we said above, 2017 saw plenty of breaches, a sizable amount of which could have been prevented by deploying patches in a timely manner, especially in the Equifax case. Patches are, appropriately enough, what developers create to resolve security issues, or ‘holes.’ However, as 2017 proved, everyone needs to do a little better where patches are concerned.

First of all, developers need to improve their turnaround when it comes to releasing patches. For instance, the patch for the bug that enabled the EternalBlue exploit wasn’t released until a month after EternalBlue was disclosed. Meanwhile, the exploit was used to enable attacks like WannaCry and NotPetya.

This brings us to businesses like yours. Without applying patches in a timely manner, any organization is leaving themselves vulnerable to attacks that leverage what a patch could have resolved.

While you can’t control when a patch for an issue will be released, you can control when that patch is applied to your systems. The longer the patch goes unapplied, the longer you allow yourself to be vulnerable.

Plus, let’s say Microsoft releases a patch for a security vulnerability that hasn’t been discovered by the public. Once the patch is out, hackers can take it apart and find out what the vulnerability is and use it to attack those who are slow to apply the fix.

Lesson Three: There are Plenty of Ways for Data to Be Stolen
If you were asked, between ransomware and social engineering (like business email and account compromise, or BEC, attacks), which was the more profitable approach for cybercriminals, which would you guess? If you were leaning toward BEC attacks, you’d be right--Cisco found that BEC attacks are five times more profitable than ransomware attacks. According to the Federal Bureau of Investigation, business email and account compromise attacks have lost businesses over $5 billion.

Businesses also need to make sure that all of their endpoints feature the same security measures, as it is much easier for a threat to gain access to your business network from a relatively unprotected endpoint that it would be for that threat to gain access to the highly-protected, real prize directly. Access controls can help prevent a threat from accessing everything from a single endpoint, and security training can help your business endpoints recognize threats and mitigate them.

There is no denying that 2017 saw plenty of stress via security issues. Learning from this stress and adjusting based on it can help 2018 be more secure. For more assistance with your security, reach out to BEI at (844) BIZ-EDGE.

0 Comments
Continue reading

Tip of the Week: 4 Dead Giveaways That an App is Fake

Tip of the Week: 4 Dead Giveaways That an App is Fake

The applications on a mobile device allow us to use that device in a number of ways, from productivity, to entertainment, to networking. However, despite the efforts of Google to keep out the riff raff, the Google Play Store has plenty of malware available to download in the guise of a desired app. Today, we’ll review a few tricks to help you spot them before pressing ‘Install.’


First, it may help to know how these fraudulent and malicious apps make it on the Play Store in the first place.

How These Apps Make it On the Play Store
It should go without saying that Google understands the importance of security, so it isn’t as though it is necessarily easy for malware to make it into the Play Store’s catalogue. However, in response to Google’s stringent standards, malware developers have gotten clever and devised a simple means of sneaking past the automated security. Instead of attempting to upload an app with malware already incorporated, these applications initially hold no real threats internally and, as a result, are able to pass by the Play Store’s security unhindered. However, once these apps are downloaded and installed on a user’s phone, they reach out to a third-party server and download the malware directly. Many malicious apps are added in this fashion, although many still sneak in full loaded and ready to go.

Spotting Fakes
While Google has made efforts to fight back against malicious and fraudulent apps with technologies like Google Play Protect, the thing that will keep you the most safe and secure is good, old-fashioned vigilance. When you decide to install an app in the future, refer to the following list to make sure that it is a legitimate, trustworthy addition to your device.

Name, Description, and More - The first signs that an app isn’t legitimate can be found in its name and description. Many malicious apps will mimic the name of the original application as closely as they can, skirting Google Play’s impersonation policy that would allow the original developers to complain and have the copycat pulled.

It is also important that you read the description. Many impersonated apps will feature broken English, or might seem to be written by a bot. The description is the best representation that a developer will have for their app, so a legitimate app will generally have carefully crafted and proofed copy. You should also double-check the images of the app that the developer provides to ensure that similar issues are not present there, either.

Checking the Reviews - One of the biggest benefits that the Google Play Store offers a user is the fact that these users can leave reviews. These reviews can often help indicate that an application is problematic. Granted, a fake app is often accompanied by fake reviews that sing its praises. However, looking at the negative reviews might provide some insight into whether or not the app is worth the download - and if the app is actually a disguised threat, someone else might have called it out to warn others.

Who Developed It? - Similar to seeking issues in the name and description, you should always check to ensure that an app was developed by exactly who it should have been. If the app is a well-known one, it should be pretty clear who it was that developed it, but some common sense may also be necessary. Would you expect the latest need-to-have business application to be developed by a reputable and recognizable company, or by someone who goes by “Super Developer2?”

To be especially certain, you can also check what else that “Super Developer2” has created by clicking on their name in the listing. Does the list of apps that they’ve developed make sense? This is another effective litmus test to base your decision upon.

Download Count - This factor will vary based on how common the particular app you’re trying to download is, but the most common apps have been downloaded billions of times. Therefore, if you’re looking to download a popular app, download counts in the hundreds, thousands, or even millions are low, and are likely fraudulent.

0 Comments
Continue reading

Is it Better to Shut Off Your Computer, or Just Put it to Sleep?

Is it Better to Shut Off Your Computer, or Just Put it to Sleep?

It’s the end of the day, and you’re faced with a dilemma - shut down your workstation, or simply put it to sleep for the night? This is a topic that is debated quite often. We’ll compare the positive and negative aspects of both approaches to identify which is the better option.


Understanding Shutdown and Sleep Mode
In order to better grasp the effects that each approach has, it helps to ensure that there is a clear comprehension of what actually happens during each.

When a computer is instructed to shut down, it starts with any software that is in use before moving on to the actual hardware involved. The operating system sends out a notification to any open programs to stop reading and writing files in preparation for the hardware to power down. Once this is accomplished, signals are sent to the physical components to gradually cut power. This keeps the components safe from damage, which is also why you shouldn’t power down your computer by just holding the power button.

When a computer is placed in sleep mode, its RAM stores any files that are open and runs in a low-power state, while other pieces of software and hardware are temporarily disabled, able to be reactivated at any time.

Each of these methods have their benefits, as well as their drawbacks, that need to be considered.

The Benefits of a Full Shutdown
Shutting your computer down completely has a few benefits to take advantage of, the first of which being the fact that a shutdown gives your operating system a chance to flush out minor system issues. These issues would otherwise accumulate and cause greater problems down the line. Furthermore, many updates to Windows require the computer to be restarted before they can take effect.

There are also power concerns that are reduced by shutting down your computer completely. As one might imagine, a PC draws considerably less power when it is off than when it is on - even if it happens to be in sleep mode. There is also the slim (but still present) chance of a power surge damaging a computer that has been left on, a chance that a complete shutdown reduces.

The Benefits of Sleep Mode
First and foremost, the biggest advantage of leaving your computer in sleep mode is clearly the convenience it offers when the time comes to use it again. While the time spent waiting for a computer to turn on may not seem like much on a per-case basis, it adds up quickly and takes away from your overall productivity. As a result, it helps that (rather than waiting for the entire system to turn on) a single keystroke is all it takes to return to full function.

On the more technical side of things, leaving your computer in sleep mode gives it the opportunity to run some basic maintenance, maintenance that your computer needs to remain secure, and maintenance that can’t be completed when the computer’s off.

Why Not Both?
Taking all of this into consideration, it makes the most sense to utilize a combination of the two methods by putting your computer to sleep when you walk away from it throughout the day and powering it down overnight. This way, you get the convenience of quick access during active work hours, with safety precautions in place when it isn’t in use during off hours.

Another consideration would be if you have security updates and patches being performed during non-peak hours. If your strategy is to automate these tasks to avoid downtime altogether, having your staff keep their computers on may be advantageous.

Which do you typically do? Let us know in the comments, and make sure you subscribe to be notified whenever BEI posts a new blog!

0 Comments
Continue reading

How to Avoid Becoming the Next Data Security Cautionary Tale

How to Avoid Becoming the Next Data Security Cautionary Tale

Data security isn’t a matter to be taken lightly, as too many businesses have found out the hard way. Unfortunately, there are far too many simple ways to correct common security issues - enough that it’s foolish not to do so. We’ll review a few ways to fix security issues, after discussing one of, if not the, most egregious security failings in modern history.


The Equifax Problem
Sometime between May and July of 2017, the credit-reporting giant Equifax suffered a massive data breach that, as of this writing, exposed 148.1 million records containing the personally identifiable information of their customers. In other words, this breach exposed the data of almost half of the population of the United States of America.

In the aftermath of the Equifax data breach scandal, former CEO Richard Smith was cross-examined by Congress. Upon hearing Smith’s defense of “human and technology errors,” Chairman of the House energy and commerce committee Greg Walden quipped, “I don’t think that we can pass a law that fixes stupid.”

How to Fix Your Business’ Security
While Walden may be correct that stupid can’t be fixed by legislation, it may be able to be mitigated through the faithful enforcement of certain standards and practices. These standards should be enforced both on an organizational level, and on a case-by-case, personal basis.

First, let’s review what you should enforce in your organization:

  1. Compliance should be the baseline - Unfortunately, compliance with regulations often does not equal true data security. Instead of looking at compliance as being the ultimate goal for your business, consider it the first step to your business security strategy.
  2. Vulnerabilities need to be promptly remediated - It is astounding that so many exploits rely on known vulnerabilities… a full 99 percent of them. Furthermore, other attack vectors often utilize vulnerabilities that are a half a year old at least. Patching these vulnerabilities as soon as possible will help cut down on threats to your business’ data and infrastructure.
  3. Data security needs to be centralized, organized, and assigned - While security should be a shared responsibility throughout the company, there needs to also be someone taking lead and accepting responsibility for ensuring that data is properly distributed in a secure fashion. Part of this responsibility should be to implement access controls, ensuring that the data only can spread to whomever it needs to and no one else.

Encouraging Your Employees’ Security
Of course, your employees are largely in control of how secure your company remains. This could be a bad thing, unless they are also held to certain best practices that keep data, and the accounts that can access it, secure. There are a few basic rules you can enforce among your staff to help encourage them to act securely.

  1. Lazy credential habits - There are a variety of behaviors to adopt that can better protect the accounts and solutions that your employees have. First of all, the classic password problem: reusing the same password for every account. If one or more of your employees does this, each one is essentially creating a master key that someone could use to access everything in their life, including your data. Neglecting to set a passcode of some sort for a mobile device can cause the same issue. An effective way to remedy this kind of behavior is to utilize a password management system. That way, your employee can reduce the number of passwords they have to remember, without sacrificing security.
  2. Oversharing - While you can’t necessarily control what your employees do in their off-hours, you should reinforce how easily a cybercriminal could piece together their passwords through some examination of their social media, especially if they subscribe to the lazy credential habits we just reviewed. See if they’ll avoid sharing personal anecdotes or information without first restricting the audience that can see that particular post. At the very least, they should have their social media accounts set so that only their approved friends can see their content. Furthermore, do your best to avoid oversharing from the office. Images can easily show confidential information if you aren’t careful, by accidentally capturing an invoice or your customer relationship management solution pulled up on a screen in the picture. Review what you are about to post before taking the image and before you share it online.
  3. Using the wrong Wi-Fi - While public Wi-Fi connections may be convenient, you should remind your employees that this convenience comes at a price: the security of public Wi-Fi is suspect at best. They should be warned against doing anything especially important over a public Wi-Fi signal, like banking or checking their email.

Data security is a critically important consideration, in part because there are so many ways that it can be undermined. We have some solutions to offer that can help keep your business secure (despite what may sometimes seem to be your employees’ best efforts). Reach out to BEI at (844) BIZ-EDGE today!

0 Comments
Continue reading

5 Basic Steps to Building a Better Backup Strategy

5 Basic Steps to Building a Better Backup Strategy

If you subscribe to Murphy’s Law, you understand why it is so crucial for every business to have a backup solution planned, put into place, and prepared for the worst. However, not every business should go about putting their backup strategy together in the same way. After all, their needs will be different, based on their industry, the data they store, and a variety of other factors.


Here, we’ll go over five steps you should follow to be sure you aren’t missing anything important from your backup strategy.

1. Figuring Out What You Need From Your Backup
Your first step is to determine what it is you will need from whatever backup solution you ultimately implement, because without this determination already made, you will not be able to narrow down your options enough to begin the process. Furthermore, it wouldn’t do to underestimate your actual needs and procure a solution that isn’t going to cut the mustard when you need it to.

The industry you operate within will influence the requirements of whatever backup solution you ultimately do select. Your particular vertical may inherently require vast amounts of meticulously organized data, which will mean you need a backup system that can accommodate that data in whatever format it is in. Is some of your data of particular importance? You may want to consider prioritizing that data, and finding a solution that allows you to do that. This includes also taking the potential risks to your data into account, including malicious actors and natural events, as you compose a list of security, usability, and reliability standards that your final choice must meet.

2. Establishing Your Budget
Now that you know your baseline requirements for your backup, you need to ensure that your business is financially prepared to implement it. Different approaches to backup will vary in cost and pricing structure, as well as potentially cost different amounts where employee training is concerned - after all, some options will require an employee to manage it, which will require an investment into properly training them to do so.

While it may be tempting to try and cut costs and minimize your investment as much as possible, this isn’t the place to do it. Your data backup, while it admittedly won’t generate you any profit, helps prevent your business from losing money through lost business and downtime.

3. Picking a Platform
It wasn’t too terribly long ago that keeping a backup just meant that you had an extra copy of your data saved in a spare hard drive. Now, there are more options to leverage.

For example, instead of a spare hard drive, there are software-based options available that act as a backup solution, as well as backup options available through cloud service providers. Many companies are now electing, however, to implement a hybrid solution. This combines the convenience of a software-based backup with the resilience of a cloud-based backup solution. Combined, this makes fully leveraging the capabilities of either backup method much easier, with practically ensured access to your stored data as needed.

4. Making a Recovery Plan
What good is a backup if it can’t be put into use, just because nobody knows how? No good at all.

This is why, in addition to your backup, you need to have a detailed plan written out that will allow anyone to enact it as needed. Make sure that this plan includes important details, like variables that could affect the recovery process, which data should be prioritized, and what to do after your data is restored. If there are other members of your organization who will have a role to play in the recovery process, they need to be familiarized with the processes and qualifications outlined within.

5. Testing it All Out
On a related note, what good is a backup if it doesn’t work? Again, it isn’t going to help you much, so it’s going to be pretty useless to you when you need it. In order to avoid heartbreak and devastation when you only discover a failed backup when you’re relying on it to work, you should regularly test your backup solution.

There are a lot of things to consider when testing your backup: that it works, that you can restore your data back from it successfully, that your employees know how to handle it, and that you’re testing it regularly to make sure something doesn’t go wrong.

BEI has quite a bit of experience in assisting small and medium-sized businesses with their data backup and recovery needs. To find out how we can help you, give us a call at (844) BIZ-EDGE.

0 Comments
Continue reading

News & Updates

BEI is proud to announce the launch of our new website at www.biz-edge.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for prospective clients.

Contact Us

Learn more about what BEI can do for your business.

BEI
4700 Rockside Road Ste 625
Independence, Ohio 44131