cyber security | ABG Capital's Blog

“The Cloud.” We’ve all heard the term. We understand it in the most abstract of ideas. We can store files in it, run programs from it, heck, my fiancé talks about setting up virtual servers (whatever that means). This digital storehouse of sorts can come in very handy; but what is it exactly and how can it be used to its best advantage? Does it have down falls? Let’s define “The Cloud” and what it can do for you and your organization.

What is it?

Most digital data is non-tangible but is stored on devices that are. As I type this post, the information is saved to my computer’s hard drive. The hard drive is a physical piece of equipment. It can be removed and placed into another device and the information on it accessed. With The Cloud, there is no physical device needed to reach your digital files. By using The Cloud, I am able to create and edit files from practically anywhere. It is a globally connected computer you always have access to.

How does it work?

Information is essentially stored “on the internet”. The Cloud is run by off-site servers that do the majority of the workload. Instead of having software loaded into multiple computers, it can be accessed from the servers by means of online applications. This allows the connection from any device with internet access.

Pro’s

Saves space: By operating office-site servers and not taking loading additional software onto hard drives, you don’t lose physical space in your facility nor storage space on your computers. This means less upkeep and less clutter on your hard drive.

Accessibility: Have an internet connected device? Great! You have access. You have the ability to work from anywhere, as do your co-workers, and you can all collaborate.

Cost: Before cloud computing, you would need to buy software for each computer and upkeep their licensures. Utilizing The Cloud can cut cost on the amount of software you purchase.

Con’s

Accessibility: Though accessibility is a strong point of The Cloud, it is also a downfall. If you have a subpar internet connection, good luck reaching your files. It’s in instances like this that having the software installed on your physical device would be more appropriate.

Security: The Cloud “lives” online and you can access it easily, which means if it is easy for you, it’s easy for others. You need to pay close attention to security protocols to make sure your information does not get into the wrong hands.

Control: Hosting servers off-site or contracting services from an outside source takes control away from your in-house tech team. You are no longer in charge of your own equipment and are unable to service it. You will rely on the integration of services from outside vendors, which can at times be tasking.

So what do you do with all of this information? How does this best work for your organization? What is the most cost effective? These are questions you need to ask before outlining how The Cloud will work into your business plan. If you are just looking to store a small amount of noncritical information or are just looking for email hosting, utilizing cloud services from an outside vendor may be beneficial. If you are looking to create a cloud computing system for a large amount of secure information you may want to look into buying and creating your own system so that you retain control and security options.

The Cloud is only growing. Figuring out how to utilize it in your business plan is essential. How do you already use cloud computing, or how do you plan to use it in the future?

In the past it was very unlikely to hear stories about the average American small business being a target for a sophisticated cyber attack. For obvious reasons; they have fewer financial resources and relatively unknown brand recognition. Fast-forward to 2016 and you’ll find that these assumptions have been flipped upside down.

The dam has broken for small companies when it comes to security. Smaller companies have become more and more attractive to hackers because they have weaker online security. Smaller companies, like most, are conducting almost all of their business online as well. Particularly, by using cloud services that don’t require encryption. This is every hackers dream. Unlimited information behind an easily-picked, locked door without a deadbolt. Even worse, say your clients are Fortune 500 companies. Your hacker just hit the jackpot.

“The dam has broken for small companies when it comes to security.” #cybersecurity #smallbiz

Click To Tweet

Although the public typically only hears about cyber attacks against high-profile companies, banks, and government websites, small businesses make prime targets for cyber-criminals, competitors, and disgruntled parties.

Unfortunately due to their lack of knowledge and resources, small businesses have the least-protected websites, accounts, and network systems making cyber attacks a walk in the park.

So what can small businesses do to further their protection? We asked two rock-stars from ABG Capital’s IT and Development Departments for some answers. We spoke with Chief Information Officer Adam Scott and Director of Development Jerry Eddy to discuss some of the best practices and tools to utilize for optimal security in your small business.

Right now, what is the biggest security threat to a small business such as ABG Capital?

Jerry: The biggest threat to small business is hackers looking for opportunities to obtain confidential information. Hackers will try to exploit any perceived weakness in the network as well as trying to obtain information via social engineering. They use social media sites and even contact employees and try to learn more about the staff and the company. By using that information, they attempt to gain access to confidential information through misrepresentation and trickery. It is important for the business to make their employees aware of this type of hacking, so they are able to defend it as much as possible.

Beyond anti-malware and anti-virus protection; where should a small business begin when implementing security programs to protect against these threats?

Jerry: They need to examine each step of every procedure that has something to do with a customers’ confidential information such as credit card and social security numbers. By examining each step, they need to make sure that they are doing everything possible to protect the confidential information through both technical and human means.

“They want what you’ve got. Don’t give it to them.” #cybersecurity

Click To Tweet

Are these services/tools affordable?

Jerry: One thing that can be done is use the controls of ISO/IEC 27002. It is a popular, internationally-recognized standard of good practice for information security.

Governance, risk management, and information security management are broad topics with impact throughout the organization. ISO/IEC 27002, is relevant to all types of organizations including commercial enterprises of all sizes, not-for-profits, charities, and government departments. The security risk and control requirements provide a common framework that any company can adopt, follow, and implement. It also addresses the need of the information security risks relating to their employees as well as contractors, consultants, and the external suppliers of information services.

The standard is concerned with information security, meaning the security of all forms of information (e.g. computer data, documentation, knowledge and intellectual property). It provides controls that can be measured and that outline a comprehensive review of things that every company should evaluate about information security.

Is two-factor authentication for an employee’s computer/emails/etc. a safe bet?

Jerry: It helps by adding authentication to the authorization process of logging in. When you login, you now need two independent pieces of information, so therefore, if I have your username and password, I still need something tangible such as your smartphone or key fob to further authenticate that the person logging in fact, is the actual person.

Hypothetically speaking, how would a company best protect itself if a cloud provider we use went up in smoke?

Jerry: With any information that you store on a cloud provider, you will want to see if they offer the ability to back up to a separate site and/or provider. Also try and use cloud providers that have a good reputation or that you have heard of before or have been recommended by others to minimize the potential for a loss of cloud provider.

What should a small business do to educate its employees regarding security best practices?

Adam: Make sure to use secure, complex passwords. Learn to protect your information, don’t leave PII (Personally Identifiable Information) laying around. Locking their computers when they leave.

Should companies develop a security policy that is ingrained into company culture?

Jerry: Yes, the company needs to get buy-in from every employee to make sure that every effort is being taken to protect any confidential information that the company possesses. When you engage employees in the creation, development and implementation of security policies you get better security.

Adam: Yes, you want to make your security polices and training as easy to remember as possible. Regular security emails to the staff is a good start. Then move on to videos or Lunch and Learns and encourage employees to attend.

How is ABG Capital’s policy tied to its culture?

Adam: Our C.O.R.E Values state it-

We Cultivate our employees by encouraging them to learn.

We Overcome the security hurdles that face us to improve data security.

We Respect our staff, and they give us the reliability that they are keeping our systems and data safe.

We Evolve by adapting to changing network threats to protect us against data losses.

Do you have an incident response plan, and do you practice it?

Adam: Yes, we have security meetings on a weekly basis where we discuss existing security issues, plan a path to correct them, and learn about new threats we need to protect against. We developed these plans and test them internally and externally using outside vendors for vulnerability and penetration tests.

Lastly, what security threat scares you the most? Any additional advice for preparation?

Adam: Data loss from a data breach would be #1. Having your systems crash is an easy fix; you repair the hardware, restore the data, and you’re up and running. But how do you get back all of your customers’ data once it’s out the on the web for anyone to see? We plan and test on a regular basis to prevent these losses. Intrusion detection systems, dual factor authentication, and employee training are just the start. You need to train your teams and work with the experts in the field to constantly prepare for the new threat coming down the road. Keeping up with the latest security blogs is a good start, but putting together an information security committee is probably the best first plan of action. Get the best minds together in your company, then you can bring together the skills of the best people to plan and protect your data.

Now ask yourself;

Is your small business ready for the unknown? Applying the insight given to us by Jerry and Adam is a great first step. However, it doesn’t stop there. Be proactive and do your research. Remember that educating your employees about security and compliance starts offline. As stated by author and security privacy specialist Bruce Schneier; “If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.” They want what you’ve got. Don’t give it to them.

“If you think #technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.”

Click To Tweet

ABG Capital's Blog

Enabling our companies to focus on growth by providing value through culture, expertise and resources.

Category Archives: cyber security

Small Businesses and Security – Are You Prepared?