10 Cybersecurity Basics Every Employee Should Understand

Companies spend millions of dollars to protect its confidential information and customer data; the reality is that employees shoulder most of the responsibility. The weakest link in the security chain is always the human who looks for shortcuts, can be easily tricked, and sometimes doesn’t take or understand the cautions they should.

This is why it is important that employees to keep the company’s data and systems safe. Most are common sense, it’s fundamental that everyone is made aware of the rules and policies – not all employees in a company will have the same experience, so you need to start with the most basic. 

1. Confirm the identity of all that request information

Especially useful for receptionists, call-center employees or tech support, human resources, and other professionals whose work requires the handling of personal information. Attackers will take advantage of the naivety and good faith of these workers to get information in the simplest and most obvious of ways: asking for it. They do this by pretending to be providers, customers, or other members of the company that have a legitimate reason to require the information.

It’s very important to teach team members these tactics and that they make sure that the person on the other end of the phone or email is who they say they are before any information is shared.

2. Always keep passwords safe

Employees should protect their personal passwords that they use daily and give even more protection to the ones they use to access corporate information. If the employee is unsure of how to protect business owners should provide a primer like this Creating Strong Passwords for recommended steps to creating a secure passwords: also they should not use the same one for different accounts, avoid ones that contain obvious personal information (birthdays, phone numbers, pet’s name, favorite football team, etc.), and ensure that it is made up of numbers and letters, with a combination of upper and lower case letters for good measure.

Also, this may sound obvious, it is important that employees avoid keeping the Wi-Fi code written down anywhere (like on a post-it, for example). Lastly never reveal your password to anyone that asks for it by phone or email, even if they claim to work in the technical department of your company or the company, which provides the relevant service.

3. Your hard drive is foolproof

Saving information related to your business or customers on the computers hard drive is, in general, a bad idea and is the #2 cause of data loss just under accidently deleting files. Computers are prone to breaking down and are exposed to attacks that could lead to the loss of valuable information. Laptops are also susceptible to theft or loss. It’s better to ask employees to save files on the company’s servers or on a cloud service.

If they simply must save something on the hard drive, it is essential that they make a backup on the company’s servers or on a cloud service every so often to be able to recover the file should anything happen.

4. Security copies don’t mean a thing if they’re lost

This may seem like common sense, but I hear it at least 2-3 times a week. If workers are using a laptop and make copies on a USB, it is fundamental that don’t store them together or carry them around at the same time.

Just think about it, if you lose your backpack or it is stolen, and both the laptop and USB are inside, well then you’ve lost both copies. If you do carry them around together password protect the USB. 

5. Storage and sharing of information via the Internet

The best solution when a company does not have an internal server or can’t store internally is to look for a cloud service, be it for storing originals or copies. In general, if the business owner needs help they can use an article to like this to get a better understanding of using the cloud Understanding Cloud Service. Cloud Service Providers are better prepared than a small or medium business to face any type of incident, such as cyberattacks.

Security and confidentiality of data that is stored virtually depends on the password used by the employee, so it’s vital that this isn’t shared with anyone who may have malicious intentions. Also, documents should never be uploaded to personal accounts; the cloud service shouldn’t be accessed from unprotected computers or via insecure connections, etc.

6. Email

One of the most popular tactics that cybercriminals use to sneak into an organization and steal information is by email. If your employees have a corporate account, the first thing that you need to do is make sure that they don’t use it for personal reasons nor should they use it on public forums or public websites. It’s very easy for the email to end up on a spam list, which could mean receiving emails that are not only annoying, but could end up being dangerous.

In general and continually stressed, the best advice that the business owner can give your employees about emails is that they never respond to an email that comes from an unknown or suspicious source.

They should also avoid opening or downloading any attachments from these sources as they may contain malware, which can affect not only their computer, but also possibly the company’s entire network.

7. Don’t install programs from unknown sources

Only trust in what you already know. It’s normal that companies restrict what employees can and can’t install on their computers through the operating system’s permissions. However, if they are able to run new software on their computers, you must ask them to avoid downloading from suspicious webpages.

In fact, they shouldn’t even browse them. The web browser is also an access point for some criminals.

8. Be careful with social media

The most recent, and thus unknown, risk is social media. Most workers get on Facebook or Twitter while at work and in some cases causing damaging to the company, never mind resulting in lower productivity.

New tactics use selfies taken in critical infrastructures, Using Selfies for Cybercrimes, which are being found in rising numbers on Instagram.

9. A good antivirus protection on every computer of mobile device

Before using any computer or mobile device, the first thing you should do is install a good antivirus. If this step is important for home users, its importance for corporate users is enormous.

A security solution that is especially designed for businesses protects computers and company data in a multitude of circumstances, even when the employees commit an error.

10. The easiest way isn’t always the safest

This point isn’t just for the workers, but rather aimed at the employers: if you make things too difficult for them, they will find a way to work around your security measures.

One of the toughest balancing acts for business owners is to find a middle ground between security and complexity; it is necessary for you to listen to your employee and balance security with productivity. Remember business owners’ employees are either your greatest allies or your worst enemies.

Sources: Panda Security

2016 Cybersecurity Predictions

Key Cybersecurity Trends for 2016

After conducting research studies and gathering insights from sources listed at the end of this post. I have come up with 5 predictions in cybersecurity that I expected will surface in 2016.

Prediction #1 – Increase in Cyber Extortion in Wearables, Medical Devices and Gaming Systems
As an Internet of Things (IoT) usage quadruples by the year 2020 and the worldwide total of connected devices reaches 5.4 billion, wearables, medical devices, clinical systems, gaming systems, and smart home devices may be increasingly vulnerable to security risks.

IoT devices are a convenient target for fraudsters, especially those attempting ransomware, since 2012, the number of victimized small business enterprises has increased from 2.9 percent to 41 percent. Nearly three-quarters of IT professionals believe the likelihood of an organization being hacked via an IoT device is medium or high

Prediction #2 – Hackers Will Increasingly Target Cloud Providers


Increase of data being stored outside organizations through the use of hybrid and public clouds, 2016 will bring more opportunities for cyber attacks directed at gaining access to this information. Recent studies I have conducted show approximately 76 percent expressed concern about consumer-grade cloud storage, including file sync and share solutions.

Prediction #3 – Mobile Malware and Malvertising Will Cause Chaos
Increase in the number of services and advertising moving from the desktop to mobile devices will bring an increase in the frequency of malvertising (the practice of injecting malicious advertisements into legitimate online advertising networks) during 2016.

To date there has been an overwhelming majority of cyber experts (87 percent) speculating that mobile payment data breaches will increase over the next 12 months

Prediction #4 – Cybersecurity Will be the “It” Job of IT
One of our greatest threats to national and global economic security is the lack of skilled cyber security trained individuals and this will continue to worry CISOs and CIOs in 2016.

More than half of the global cybersecurity recruiters reported that less than a quarter of job applicants are qualified for the cybersecurity position they are seeking. These same global cybersecurity recruiters are justifiably concerned about the changing threat landscape of cybercrime: “Too few cyber teams are prepared for the new forms of attack. While phishing and malware remain problematic, IT leaders must quickly address new threats tied to IoT, mobile devices, the cloud and other evolving technologies.”

Prediction #5 – Arrival of Permanent Denial-of-Service (PDoS) Attacks, Albeit Very Slowly

PDoS, referred to in the Hacker community as phlashing, are attacks that can damage a system to the point where repairing the damage is not an option and only a replacement or reinstallation of hardware and software is required. PDoS can destroy the hardware and and operational ability of the system in contrast to the cousin of PDoS know as DDoS which overloads systems with requests meant to take the system offline.

Sources:

ISACA’s IT Risk/Reward Barometer

Osterman Research

ISACA and RSA Conference

Robert Stroud, CGEIT, CRISC, past international president of ISACA

The direction of computing is only going in one way—to the cloud

After a rocky start, open-source and hybrid cloud initiatives have righted the ship.

Playing catch-up in the cloud

It’s no coincidence that the first companies to make public cloud services available were those that had already seen these economies of scale first-hand. Amazon had to build its own vast data centres to manage its inventory and e-commerce needs, creating all the tools to manage huge and ever-growing amounts of networking, storage, and computation, before realising that it had built a giant general-purpose system that could do any company’s IT. Google had to manage enormous amounts of search data and create a platform that let it deploy new software internally to manage billions of requests—and then, after a little introspection, it realised it had the ability to pull customers away from in-house IT infrastructure and products that, rather fortuitously, were sold by Google’s competitors.

Because anyone can use OpenStack, a lot of software and hardware companies (Oracle, IBM, HP, Dell, et al.) combine it with their own products to create public cloud systems that are independent of the competition, or private cloud systems to sell to their enterprise customers. This attracts development effort and expertise within their customers and in third-party support companies, which also parlays into hybrid cloud implementations that work well with Rackspace’s own OpenStack-based public cloud. When lots of people do the same thing at a large scale, costs go down.

Because companies such as Amazon and Google had such a head start, it can be very hard for new cloud providers to get in on the action. As John Engates, Rackspace’s chief technical officer, told Ars in an interview, “The biggest challenges have been access to scalable software to build public and private clouds and networking technologies to connect them.” Rackspace started out as a hosting company, running traditional company IT in its data centres, before moving into cloud services; it found that creating software that anyone could use to build cloud-like services was a good way to get people on board. “To solve the software problem, we ended up building our own and eventually open sourcing it to create OpenStack. Today, we use that to run the largest OpenStack public cloud and numerous enterprise private clouds.”

Managing Common Cloud Cyber Security Pitfalls

1. Misstep: You lost control of your data because of the fine print in a user agreement. Solution: Many cloud services claim ownership of any uploaded data, even after you delete your account. These tricky rules are hidden in plain sight in the terms and conditions. Companies don’t expect you to read all the fine print, and I don’t either. 15 seconds of online research can go a long way before using a new cloud service. Google, “_______ shady user agreement.”

2. Misstep: You sent out a public link to a Google Doc so others could view and edit.

Solution: Creating a public link is a convenient way to share a common document, but this means literally anyone who guesses the link can view the document. You may not care about your grocery list getting loose on the internet, but even documents like a party-planning sheet may have your address or other information you want to keep private. To restrict access, invite email addresses instead.

3. Misstep: You’re a celebrity and had private information leaked from your iCloud.

Solution: This is the famous celebrity nude photo catastrophe. Attackers correctly entered their victims’ passwords, either by brute force (multiple guessing attempts) or with previously stolen passwords. You may not be a famous model, but hackers commonly rely on this same method to steal information from any given application.

iCloud, the service provider in this case, is not necessarily insecure, since attackers gained access in the same way the account owners do. It’s the user’s responsibility to confirm their identity, and sometimes a password alone doesn’t suffice. Multi-factor authentication can almost always prevent this type of attack and is a key measure for any service with sensitive information. You can follow these directions to set up two-factor verification for iCloud.

4. Misstep: You use the same password for every app on your phone.

Solution: The previous tip discussed how attackers can gain access to your sensitive information by guessing or using a stolen password. Don’t make it easy for them! If you use the same password for all online services, a breach at Twitter may give attackers entrance into your bank, Amazon, and corporate email accounts. Use a password manager to minimize the damage in the event a single service gets breached.

5. Misstep: Web trackers are storing information on the sites you visit online.

Solution: Just like any hunter, knowing where you like to go online helps hackers target and execute attacks. Visiting just a few web pages can attract nearly 50 different tracking services. Many web trackers are useful for the services you use, but they can also pose a security and privacy liability. Services like Ghostery let you selectively choose who can track you, so only sites you trust receive your information.

6. Misstep: You granted an application every permission under the sun.

Solution: Applications request authorization for device permissions, but sometimes these can overstep boundaries. Be discerning when services seem to overstep their bounds by requesting access to contacts or even your camera, for example. These permissions can cost you money by making phone calls, violate privacy, or make a malicious attack more dangerous. Look out for permissions that seem unnecessary for the application’s function.

7. Misstep: A small mobile app startup you know nothing about has access to your banking data.

Solution: Your bank spends hundreds of millions of dollars on protecting your account, but that brand new financial app may not implement the same level of security. When you give a service full access to your financial information, you’re essentially circumventing your bank’s security. Keep your bank account secure by applying the tips above to any financial app you use. You should also limit access to only the necessary services, some of which ask for more permissions. A good rule of thumb is to be extra discerning of any service that requires you to enter your online banking password within the app. On the other hand, services that send you back to your banking app to authenticate don’t have as much control.

The Bottom Line: Don’t be afraid of the cloud. On the contrary, the typical user is probably better off storing even sensitive information in the cloud. The human is almost always the weak link in security. Cloud services are designed to be easy to use, security features included. When you store data in the cloud, someone can’t get your information just by stealing your computer or phone. And it’s a lot easier to implement multi-factor authentication and encryption on a cloud service than on your own personal device. Plus, you get to take advantage of all the convenience and mobility of cloud. So enjoy those apps, but take a few extra minutes to reduce the risk that a cybercriminal will ruin your week.

Four Small-Business Lessons learned from the “The Hunger Games”

If you follow this lessons,perhaps the odds will be ever in your favor.

1. Know your strengths.
“There, resting on a mound of blanket rolls, is a silver sheath of arrows and a bow, already strung, just waiting to be engaged. That’s mine, I think. It’s meant for me.”

Katniss knows her strengths. As a gifted hunter, she realizes there is no one in the arena better with a bow. Likewise, be sure your business plays to your talents and interests. If you have no experience with computers,a tech company probably isn’t your best bet. Create a company in an area where you consider yourself ahead of the competition in experience and know-how — and you just might survive.

 2. Fill a need.

“Sitting on my sleeping bag is a small plastic pot attached to a silver parachute. My first gift from a sponsor! . . . I unscrew the lid and I know by the scent that it’s medicine.”

When Katniss’s sponsors see her suffering from terrible burns, they know immediately she will need medicine if she is to survive the night. They spring into action, sending her a soothing ointment to stop her pain. Before you start your new venture, you must identify an unmet need in the marketplace that your company can fill. Take a look around your community and see if there are any wounds on which you can put some entrepreneurialointment.

3. Master the basics.
“. . . he shows us a simple, excellent trap that will leave a human competitor dangling by a leg from a tree. We concentrate on this one skill for an hour until both of us have mastered it.”

When training for the arena, Katniss and her fellow tribute and ally, Peeta, opt to skip the more-advanced combat classes in favor of learning survival basics, such as snares and camouflage. This is an important lesson for an entrepreneur. Before starting your own enterprise, learn the basics. Take an entrepreneurship class and pick the brains of other small-business owners in your area. Those early lessons will help prevent easily avoidable and costly mistakes down the road.

4. Be yourself.
“Then I remember Peeta’s words on the roof. ‘. . .I’m more than just a piece in their Games.’. . . Rue was more than a piece in their Games. And so am I.”

At this key moment in the story, Katniss realizes that no matter what the outcome of the Hunger Games, she will be true to herself. So she promotes herself to the audience as not only a great fighter, but also a loyal friend. She chooses to honor her fallen friend Rue rather than flee into the wilderness. This noble action is rewarded with a much-needed gift of bread from Rue’s home district. As an entrepreneur, never be afraid to show your true self. Potential customers respond to a business they can relate to. So, if you’re young and hip, flaunt it. If your business is socially conscious, let it show. And like Katniss, you will be rewarded.

Thanks to Kara Ohngren

Download – Guide to Marketing Metrics and Analytics

files.me.com/robertdalejones/4v7xfk

In this guide you will learn:

• Want to know the right metrics for understanding and interpreting marketing results.
• Why measuring marketing programs is difficult, and how to do it correctly and efficiently.
• Revenue metrics that get the executives’ attention and prove marketing ROI.
• The critical elements of a marketing dashboard

Thanks Marketo

Social Media Case Study – Destination Hotel & Resorts

Courtesy of Casey Tilli and Isaac Gerstenzang who are part of Destination Hotels & Resorts and manage their online marketing, social media and public relations efforts.

At Destination® Hotels & Resorts we are embracing the power of social media and understand its importance in building an online presence and using it to create an online community. Each of our properties have their own distinct identity, therefore, we have created guidelines and a full social media manual to offer support and enhance the independent social media programs run by team members at each of our hotels and resorts. With such an independent and unique collection of hotels and resorts, we need more than a one size fits all approach. Destination Hotels & Resorts’ offers an unparalleled commitment to service, the finest attention to detail, world class cuisines, luxurious elegance and personal touches that create a singular experience unique to each of our destinations across the United States. We help each of our individual property’s team members to build successful social media programs by offering tools, resources and ongoing education that in turn, allow them to tell their individual story and build online communities.

The Destination® social media strategy filters down to our properties who adapt it to develop their own social media platforms which in turn support our overall Destination® Hotels & Resorts social media strategy. This overall strategy encourages our hotels and resorts to maintain their own identity and allows them to be the “experts” on their destination and experiences. Our goal is to provide guidance and support to the teams or individuals who manage social media at each of our properties. This is accomplished through open and ongoing communication. Webinar training sessions, community calls and email communications allow us to constantly educate our team and ourselves. We encourage our Destination® community to learn from each other through the sharing of best practices, case studies, new ideas and asking questions. We realize that we can gain a lot of insight from one another.

The three core elements of our social media strategy include:

• Reputation management and listening to our guests

• Establish our hotels and resorts as experts on their local markets

• Search engine optimization

In order to provide the best service possible to our guests, we begin with listening to what they have to say.  We provide our hotels and resorts with tools for listening and monitoring which include Revinate’s reputation management platform. We make a variety of resources available so that the properties can effectively listen to what our guests are saying and engage in the conversation, help them when possible, and offer information and support. We provide training as needed to ensure that these tools are used effectively.

We recognize that the staff at our hotels and resorts are the experts.  Whether it’s the geographic location, spa, golf, family activities or other highlights of our collection, the on-property team knows what’s going on better than anyone. Therefore, we encourage our social media team to provide guests with helpful, insightful and fun information about their hotel or resort and their destination. This is done through a variety of channels including but not limited to Facebook, Twitter, foursquare and blogs on their websites.

As often as possible, we encourage our properties to link their social media content back to their property website or blog. This all funnels into the Destination® Hotels & Resorts blog to create a rich library of travel content establishing us as the experts in meetings, spa, golf, culinary and recreational experiences within our local markets. Our blog posts which can now number up to as many as ten per day allow us to rank high in the search engines, a key element of our strategy.

We are excited about the evolving channels through which we can interact with our guests. Social media allows us to communicate with our guests to provide an unparalleled commitment to service and deliver distinct experiences whether our guests are staying with us or exploring our hotels and resorts online.

Download – The New Facebook® Pages Brand Timeline: Everything You Need to Know

files.me.com/robertdalejones/g15hvv

Thanks to HearSaySocial

Notorious Social Media Failures of 2011

NetFlix, did not secure the Twitter account before announcing the name of a new spin-off known as Qwikster. It did not take long for the media and the masses long to notice that it was owned by someone whose avatar was a pot-smoking Elmo and wrote content to match.

Chapstick, placed a controversial ad on Facebook that drew negative sentiment. Instead of a planned response or allowing their followers to take a positive defense the company pulled the ad, rather than posting a positive point of view or allowing the debate to play out. This caused their customer to feel like the company did not care about them.

ConAgra, sent out invitations to a group of food bloggers to have dinner with a celebrity chef, and at meal end they revealed that the dinner consisted of frozen Marie Callender entrees. The negative sentiment in the room ranged from shocked to humiliated. Needless to say the pen (Keyboard) was mightier that the sword. When bloggers feel cheated or conned they do what they do best BLOG.

Last, but not least there is Kennth Cole’s offensive tweet promoting the spring collection. The collection was released during the Egyptian stand-off of government tanks and protesters. What was the tweet you asked. “Millions are in an uproar in Cairo. Rumor is they heard our new spring collection is now available online”.

I have listed companies who have failed at Social Media due to not having a proper response plan, now lets look at an example of how to handle Social Media mishaps.

Red Cross, an intern accidentally tweeted something to the act of getting intoxicated from the Red Cross Twitter account. Instead of following the examples of the above mentioned companies they showed they were human and had a sense of humor at the same time with the following tweet “We’ve deleted the rogue tweet but rest assured the Red Cross is sober and we’ve confiscated the keys”.

Three suggestions for determining where you are vulnerable before starting your Social Media initiative.

* Hire someone who knows something about social media to tell you where your vulnerable.

* Create, implement and have a crisis communication plan in place.

* Find out where your customers are spending their time online and join them.

* Data collected from January 2012 – Social Media Monthly

What does a SMB Marketing Department Look Like?

Every Small and Medium Business needs to have at least one person perform marketing duties, but the department needs not be huge. Marketing departments cost money and marketing will not get your company a money infusion. Lets take a look at an idea SMB marketing department.

Marketing specialists will take care of your brand, ads, promotions, business cards, brochures, etc. However they won’t earn money. That’s not their role in your business.

So do you need them? Sure, you do. Because someone has to take care of all of that.

In my opinion the best marketing department for small businesses looks like that…

Marketing Specialist

Someone who’s responsible for:

• coordinating everything what’s related to SEO/SEM
• advertising (flash banners, static banners, text ads, etc)
• business cards, brouchures, roll ups, posters, etc
• events
• being listed in web directories, reports, showcases, etc
• finding interesting topics for blog posts, infographics, whitepapers, etc
• finding interesting blogs for guest posting

SEO/SEM Specialist

Someone who’s responsible for:

• taking care of your SEM
• everything what’s related to your products’ SEO

Important: you don’t need this guy in your office. That’s not a job for full-time employee.

Copywriter / Social Media Specialist

Someone who’s responsible for:

• your visibility in social media
• writing great articles, guest posts, press releases, etc
• taking care of your blog
• writing texts for your roll ups, brochures, banners, text ads, etc

Editor

Someone who’s responsible for:

• reading and fixing all of your blog posts, articles, press releases, etc

Important: you don’t need this guy in your office. That’s not a job for full-time employee.

Graphic Designer

Someone who’s responsible for:

• designing layouts of your websites, web interfaces, landing pages, etc
• designing banners, brochures, business cards, etc
• designing Word documents, PowerPoint presentations
• designing infographics, whitepapers, reports, ebooks, etc

Evangelist

Someone who’s responsible for:

• everything what’s related to public relations
• sending press releases, articles, reports, etc
• contacting media representatives
• speaking about your products on conferences and fairs
• buzz

Webmaster

Someone who’s responsible for:

• creating HTML/CSS/JS code

Important: you don’t need this guy in your office. That’s not a job for full-time employee.

and that’s all

Really. You don’t need any marketing directors, brand managers, product managers or flash designers. You don’t need anyone else. This team will be perfect for your small business!