1. Backup Files Every Day – As catastrophic as data loss is, the number of businesses that still are not backing up their network is unbelievable. According to the Symantec Small to Medium Size Businesses (SMB) data, only 23% of SMBs are backing up their data on a daily basis and fewer than 50% are backing up data weekly. Any number of events can result in data loss, so the importance of frequently backing up your network cannot be overstated.
2. Ensure Backup Procedures Are Checked Regularly – Many times business owners think that they have a backup system in place only to find out after it’s too late that it hasn’t been working properly. It may seem like your files are being backed up daily, however, the backup could have become corrupt or it is not backing up huge chunks of critical data. Check your backup procedures regularly to ensure they are working properly in order to be sure that ALL of your data can be recovered. In the age of BYOD (Bring-Your-Own-Devices) it is also important to frequently backup data on your employee’s personal laptops, iPads or Blackberrys, so make sure you have a procedure in place to check those backups as well.
3. Make Sure Updated Virus Protection and Firewalls Are Always Enabled – Far too many companies either have no virus protection, expired virus software licenses, or disabled virus programs that aren’t running at all. This makes their business technology vulnerable to virus attacks from emails, spam, data downloads, and unreputable websites. Further, because of inadequate firewall protection about 40% of small to medium businesses will have their network accessed by a hacker. Chances are, when these businesses are attacked they will be entirely unaware it is happening. In order to protect your valuable data and assets, ensure your virus protection is adequate, up-to-date and functioning properly and that your firewall is intact. Finally, don’t forget to update security patches and change passwords when an employee leaves in order to deter hacking attempts.
4. Monitor Server Drives – Dangerously full server drives can bring their own set of problems – ranging from program and server crashes to sluggish email delivery. Proactive monitoring and maintenance of your server can spare your business a lot of problems down the road.
5. Regularly Check Critical Built-In Logs – Very few problems with technology emerge suddenly. These problems typically progress over time and evolve into more serious problems. Frequently review your critical built-in log files to help identify the problem before it has gotten out of control and wreaks havoc on your business infrastructure.
Small and medium sized businesses today are relying more than ever on IT systems to efficiently run their business, support customers and optimize productivity. These systems house sensitive digital data ranging from employee and customer information, to internal emails, documents and financial records, sales orders and transaction histories. This is in addition to applications and programs critical to daily business functions and customer service.
While corporate-level data losses and insider theft are well publicized, many smaller businesses have also become casualties of data loss and theft. Following a significant data loss, it is estimated that a small-to-medium sized business can lose up to 25% in daily revenue by the end of the first week. Projected lost daily revenue increases to 40% one month into a major data loss.
According to The National Archives & Records Administration in Washington, 93% of companies that have experienced data loss, coupled with prolonged downtime for ten or more days, have filed for bankruptcy within twelve months of the incident while 50% wasted no time and filed for bankruptcy immediately. Finally, 43% of companies with no data recovery and business continuity plan actually go out of business following a major data loss.
Still, a survey conducted by Symantec SMB revealed that fewer than half of SMBs surveyed backup their data each week. Only 23% of those surveyed said they backup data every day and have a business continuity plan in place.
Businesses play on a much bigger playing field than they did two decades ago. Any disruptive technological event – even the smallest of incidents – can have an amplified impact on day-to-day business and profitability. Being proactive with data recovery solutions, and having emergency response procedures in place prior to a disruption or data disaster, is the only way to minimize downtime and soften the impact of such events.
According to Symantec SMB, 50% of SMBs admit to having no backup and disaster recovery plan in place. 41% of those surveyed confessed that they had never even given much thought to implementing a disaster recovery or business continuity plan. If you are one of them, then you really need to think about whether you can afford the status quo. Answering these questions will help you decide.
1. How often is employee productivity and customer accessibility or service stalled each day from a downed network or system?
2. How much downtime can your business truly afford and what kind of backup or recovery solutions are in effect when systems are unavailable?
3. What level of IT support can be accessed? Can it be accessed quickly enough to minimize damage? Are you confident that your business can either be back online or be able to access lost data with minimal disruption, no matter what?
4. Is your most critical data frequently backed up? Is the data on the personal laptops, iPads or Blackberrys of employees backed up? Are all backups stored in a location off-site and quickly accessible in the event of theft, fire or flooding? Are you using any custom installed software and is the supplier still in business should this software need to be re-installed or updated? Are account details, licensing agreements, and security settings somewhere on record, and is it duplicated off-site?
5. Are your systems truly protected from theft, hackers, and viruses? Are passwords to sensitive data changed whenever employees leave the company or business unit?
6. When was the last time you tested backup processes to ensure they are working properly? How quick were your back ups?
Answering these questions will help you understand if you are needlessly bleeding money every day by subjecting your business to the high hourly rates, service charges, trip fees and wait times of on-call IT support. If you are an SMB, you don’t have to fear technology failure. A trusted MSP can help you resolve these challenges in a more effective and efficient manner.
So, you made it back home from the show. You’re exhausted and work has backed up in your absence. Here is where the entire investment in the show can go down the drain. Follow-up is critical. Every one of those prospects need to have follow-up. Lots of it. One contact isn’t going to be enough.
First, send out a short email drip that includes a ‘thanks for visiting us at the trade show.’ The second should be a ‘call to action’ email. Send an invitation to meet via phone or in person, and add something for them to download. The download can be a whitepaper, or even just your brochure, but it is always good to attach something.
Now comes the really hard work. Contacting prospects. No one is going to just mail you revenues. You need to actively market to your trade show visitors. If some seem uninterested, put their names in a tickler file to try back in 6 months. Just be sure not to just let them drop; the situation may change in the future.
In summary, look at a trade show as a marketing event that goes beyond the time spent at a booth in some convention center. It is just a stage in a lengthy and important marketing campaign. Make sure you prepare for the show and do active follow-up afterward. Otherwise a trade show is just an expensive few days meeting lots of people you will never see again.
We’re back. In the last post, we talked about building momentum toward a trade show exhibition. Today, let’s look at your efforts during the show itself.
You already should have sent out a reminder the morning of the show in posts on all your social media accounts, an article on your website blog, and a general email that you’re exhibiting. Now it is time to work the booth.
First, recognize that your goal is to use this show to develop as large a list of prospects as possible. That means you not only want visitors at the booth, you need their contact information. The proven way to get attendees contact information is to offer them something for free, or run a contest for something worthwhile. Most booths will offer some giveway, coffee mug, etc. at the booth if visitors sign a contact info sheet. People can’t resist free stuff, no matter how muchthey don’t need another mug or could afford to buy them on their own by the caseload. Therefore, have giveaways.
You can also run a contest for those willing to take the time for a demo of your product or service. If they will take the extra step, enter them for a raffle for something of greater value, such as an iPad or tablet.
If anyone shows special interest, keep your non-exhibit hours open to schedule meetings for coffee or a demo.
Beyond getting prospects, use the show for broader networking. Work the other booths and introduce yourself to other exhibitors to get your name known. You can never do enough networking, and you never know when it might pay off. If the exhibitor entrance fee does not include entrance to other networking events such as meals and meet-and-greet-happy-hours, consider buying a ticket for access.These offer additional opportunities to network.
Finally, don’t forget social media. Throughout the show, post pics of yourself with clients or prospects who visited your booth. You can even use the event hashtag if they have one to help your business generate buzz!
Next time, let’s talk about what to do once you get back home.
Going to a tradeshow for the first time? Don’t make the mistake of viewing this as a 1-2 day discreet marketing event. Instead, view your exhibit at a tradeshow as the central feature of a much longer and holistic marketing plan that builds to the event, and then culminates in the successful postshow follow up that signs on new customers. In the next few posts, we are going to break down the tradeshow marketing plan into three bite size pieces. Today, the pre-show build up.
The goal of your preshow marketing is to attract visitors to your booth at the show. You want them to know about all about you before they take that first walk around the exhibit hall.
Take advantage of all the marketing opportunities that the show planner offers. This may include access to an attendees list. If so, use this to send out a few introductory emails prior to the show including your booth number. Send one the day of the show reminding the reader where you are.
Sponsorships are also an opportunity, if your budget allows it. This can be a small ad in the program or sponsoring an event or get-together during the conference. This is a bigger step and may be beyond the budget of a SMB.
Social Media: Use social media to introduce yourself before the show. This means an active presence on Facebook, Twitter, and Linkedin. Send a brief announcement of who you are and that you will be exhibiting at the show, and then a reminder the day of the show or the day before.
Website and blog: Post an invitation to the show on your website and your blog. This should go up about one week prior the to event.
These are just three simple steps you can take to build momentum before the actual exhibition. Next, we’ll talk about marketing during the show.
Smaller firms often struggle just to keep up with maintaining a website. Worrying about a scaled down version for mobile users seems like just too much trouble. Today’s blog is all about why this matters to you and why should you bother with a mobile version.
A bit of background: Mobile sites are versions of your website that can be easily read and used on a small mobile screen. What is readable on a laptop of desktop monitor can be too tiny to use on a small screen. Also, the buttons and fields on your forms become impossible to use.
Why does this matter? Three reasons
Showing up in search rankings. If you want to be found in a search and appear high in the ranking, you need to have a “mobile optimized” site. Google has now included the failure to have a mobile optimized site as a specific reason to lower a website in its search rankings. If you don’t have a mobile optimized site, you slip lower in the ranking. Slip lower in the rankings and fewer people ever find you in a search.
More search and web activity now occurs on mobile devices than standard PC and laptops. If you want attention, you need to be “mobile ready.” You can’t just write off those mobile users- there are too many of them.
If your site is too difficult to use on a phone screen, the user is just going to jump to another vendor. There’s nothing else to say.
So the summary is, if you haven’t already done so, you need to bite the bullet and get a mobile optimized site. The internet offers too much business to just ignore the issue.
You can have all the locks on your data center and have all the network security available, but nothing will keep your data safe if your employees are sloppy with passwords.
There are many ways data can be breached, and opening some link they shouldn’t is one of the most serious security sins employees can commit, but today we’ll just talk about passwords.
Here are some basic practices that you should require your employees to follow. These are basic tips. System administrators should implement other policies, such as those that forbid using passwords previously used and locking accounts after a few failed attempts to login. But just for you as a manager, here are a few tips.
Change Passwords – Most security experts recommend that companies change out all passwords every 30 to 90 days.
Password Requirements – Should include a of mix upper and lowercase, number, and a symbol.
Teach employees NOT to use standard dictionary words (any language), or personal data that can be known, or could be stolen: addresses, tel numbers, SSN, etc.
Emphasize that employees should not access anything using another employee’s login. To save time or for convenience, employees may leave systems open and let others access them. This is usually done so one person doesn’t take the time to logout and the next has to log back in. Make a policy regarding this and enforce it.
These are just a few basic password tips, but they can make a big difference in keeping your business’s sensitive data safe.
Losing an employee is not usually a good experience. If they leave voluntarily, you lose a valuable asset. If they have to be fired, you have the arduous task of the progressive discipline process and the final termination meeting. But there are other concerns that arise when an employee leaves. Those concerns are security and their access to company data.
Here are some considerations regarding passwords and voluntary termination (A.K.A. resigned) or involuntary termination (A.K.A. fired.) It is important you have a process in place so that whenever a termination occurs, nothing slips through the cracks regarding corporate data security.
When you dismiss an employee, you should immediately change out all passwords for anything the employee had access to. Because almost all terminations should be planned, you should also define the process for canceling access. It is unwise to cancel prior to the termination meeting. If you do that, you create the potential for a confrontation when they arrive at work and find their passwords have been disabled. Instead, plan ahead and assign someone to disable their passwords during the time you are having the termination meeting. Before the meeting, be sure you have a list of all access cards, keys, etc. prepared so they can be cancelled before the employee leaves the building.
Voluntary terminations - Different firms have different policies handling resignations. Depending on the specific position, an employee will be permitted to continue working during their 2 week notice period. In that case, you need to consider if there is any possibility the employee might get up to no good during the final days. That is something only you can judge.
In some cases, firms will ask an employee to leave the facility immediately. In that case, you need to have a plan in place. You need to have a list available of all of the restricted systems to which they have access for when this situation arises. The employee should not leave the building until all of their access has been canceled.
This all may seem a bit harsh, but things have changed. 30 years ago, for a disgruntled employee to steal files, they’d be carrying out large boxes of file folders. Now, not only can they empty the building onto a thumb drive, they can take nefarious action that wasn’t possible when data was stored on paper.
Hearing “all of your confidential information is extremely vulnerable, we know this because…” is bad news, but whatever follows the ellipses determines just how bad. Consider two scenarios.
“All of your confidential information is extremely vulnerable… we know this because a hacker took all of your customers’ credit card info and locked all of your files behind ransomware.”
“All of your confidential information is extremely vulnerable…we know this because we did a vulnerability scan of your network, and have some suggestions on how you can improve.” 61% percent of small businesses are victimized by cyber attacks each year, and one in five victims do not survive. It is financially worthwhile to make sure that you end up being the person hearing the latter sentence.
Scenario 2 describes the statement after you have had a vulnerability test conducted. A vulnerability test is a comprehensive audit of security flaws that a hacker could exploit, and the possible consequences. This is the equivalent of a doctor giving a physical examination. This information will allow you to know what your risks are and plan your security policies accordingly.
Vulnerability tests should be conducted quarterly, and can be done by in-house IT or outside consultants.They should be done quarterly, or whenever you are incorporating new equipment into your IT network.
What is a pen-test: A pen-test is a simulated attack on a network to test the strength of its security. Usually, the pen-tester will have a specific objective (e.g. “compromise this piece of data…) A vulnerability scan tells you “what are my weaknesses?” and pen-test tells you “how bad a specific weakness is.”
How often should you pen-test: Different Industries will have different government mandated requirements for pen-testing. One of the more broad reaching regulations, the PCI DSS, for example, requires pen-testing on an annual basis. However, it is prudent to go beyond the legal minimum. You should also conduct a pen-test every time you have
In our last blog we started talking about the different layers of security necessary to fully defend your data and business integrity. Today we will look at the human aspect of it, and network defenses. The human layer refers to the activities that your employees perform. 95% of security incidences involve human error. Ashley Schwartau of The Security Awareness Company says the two biggest mistakes a company can make are “assuming their employees know internal security policies: and “assuming their employees care enough to follow policy”.
Here are some ways Hackers exploit human foibles:
Guessing or brute-force solving passwords
Tricking employees to open compromised emails or visit compromised websites
Tricking employees to divulge sensitive information
For the human layer, you need to:
Enforce mandatory password changes every 30 to 60 days, or after you lose an employee
Train your employees on best practices every 6 months
Provide incentives for security conscious behavior.
Distribute sensitive information on a need to know basis
Require two or more individuals to sign off on any transfers of funds,
Watch for suspicious behavior
The network layer refers to software attacks delivered online. This is by far the most common vector for attacks, affecting 61% of businesses last year. There are many types of malware: some will spy on you, some will siphon off funds, some will lock away your files.
However, they are all transmitted in the same way:
Spam emails or compromised sites
“Drive by” downloads, etc.
To protect against malware
Don’t use business devices on an unsecured network.
Don’t allow foreign devices to access your wifi network.
Use firewalls to protect your network
Make your sure your WiFi network is encrypted.
Use antivirus software and keep it updated. Although it is not the be all, end all of security, it will protect you from the most common viruses and help you to notice irregularities
Use programs that detect suspicious software behavior
The mobile layer refers to the mobile devices used by you and your employees. Security consciousness for mobile devices often lags behind consciousness about security on otherplatforms, which is why there 11.6 million infected devices at any given moment.
There are several common vectors for compromising mobile devices
To protect your mobile devices you can:
Use secure passwords
Use reputable security apps
Enable remote wipe options.
Just as each line of defense would have been useless without an HQ to move forces to where they were needed most, IT defense-in-depth policy needs to have a single person, able to monitor each layer for suspicious activity and respond accordingly.