Our sixth 2018 WHACC AM Learning Series Round Table discussion was held on Tuesday, September 25 and focused on Technology.
Small to medium-sized businesses have a burden on them to handle cyber security and technology research. Sometimes, solutions can be cost-inhibitive, but as long as businesses are smart about budgeting their money appropriately and contracting out work when necessary, business owners can be successful in precautionary measures.
Internet of Things
Howse explained that the Internet of Things (IoT) is something in which we all participate. Technology is supposed to enhance our lives, but there is a privacy piece to it that can be concerning. Google Home, Alexa, Amazon Echo – these technologies are convenient, but are also constantly recording information.
Bringing that down to the business level, Devese added that the more technologically connected businesses are, the more holes go into your network. Holes make it easier for hackers to compromise your business. Once the Internet is set up, business owners rarely look back at their devices. Devese suggested that you update workstations, routers, and check on your firewalls quarterly at the very least, if not monthly.
Hiring someone to come in and monitor your solutions is not only a smart business move from a safety perspective, but you can write off these costs on your taxes as business expenses, Devese explained.
When you email sensitive data on devices that are not encrypted, that information can be easily intercepted by people who would like to do you harm. Devese suggested spending the extra money to get an encrypted email service solution. Although a fully secured organization is an unattainable goal, you are capable of avoiding obvious pitfalls and slowing down the rate of attack.
Consider getting someone’s IP address when they want to use your network; when you have that information, you are able to control who is using your Internet and kick people off who do not belong there.
Change your wifi password every six months. If you do not do that, once someone has been in your facility, they can simply pull up outside and use your Internet as they wish. Change any default passwords like the administrator password and router passcode, especially if you have a high volume turnover in staffing.
Devese urged that business owners provide training to staff so they do not click on anything and everything that lands in their inboxes. Having a policy in place with consequences if someone is considered a serial clicker that pokes holes into the organization’s security could largely prevent business vulnerabilities.
Do not keep routers for years and years. Go to your internet service provider (ISP) and ask for the most efficient piece of equipment every few years. Disable any ports you do not use in your routers, or make them password protected so individuals cannot walk in right off the street and plug in.
“Hacking is so easy today because we’re lazy,” Devese said, “Business owners think the problem is happening with the big guys, but most attacks affect small organizations that can’t afford or don’t value technology.” That being said, Howse adds that these attacks are affecting large municipalities, too, which is why backups are so important.
“Even if you are not a technology company, you still have to pay attention,” Howse explained. If you are not backing up your data, you could lose important business documents that are extremely expensive to recover (up to $10,000). Spend a couple hundred dollars to get an external drive.
Decide if paying for Cloud storage is a reasonable solution for your business. Although the Cloud has some safety precautions in place, business owners are not able to get details of everyone who accesses their files on the management end, because your data could be handled in another location, not locally. That is why Devese suggested not using Cloud storage for sensitive information. There are local solutions such as AT&T in Brookpark, Ohio. You can also pay an individual to set up a custom backup solution.
Howse suggested having three backup solutions with some extra precautions in place:
- Save all your documents periodically in case of a power outage.
- Email files to yourself that are particularly important.
- Do not worry about backing up programs like Microsoft Windows, which you can easily download again.
- If you decide to use an external hard drive or a flash drive, make sure it is not always connected to your computer; if it is, it could become compromised.
- Keep backups in a fire safe cabinet or off site.
One major challenge is preparing for widespread lack of awareness. Employees and business owners need to get stakeholders to comprehend the risk of unsecured technology. The main risk of not following the proper safety precautions is that the stakeholders, not the employees, will be held accountable for anything that goes wrong.
Devese urged that passwords be different for sensitive information. If you want to save your passwords on something like Google Chrome, be aware that although the saved data is encrypted from end to end during the transport process, data may not be encrypted when it gets to the server. This was the problem that Equifax has with its data breach. All of the information they were storing was unencrypted in their server, when it is at rest. Government versions of data storage are not only encrypted from end to end during the transport process, they are also encrypted within the server.
When considering what your passwords should be, have levels. If you need a password for silly sites that do not require any sensitive information, you can use that same password again and again (e.g. Shopping sites in which you’re simply browsing). On sites with sensitive information, create a heftier password, and do not use the same password among those. If someone hacks you, they would have access to your whole life.
You can use solutions like Keeper® or a password protected Excel spreadsheet to save difficult-to-remember login information.
“Think about your house,” Howse added, “We put security bars on doors and maybe have alarms in place. We do the best job we can to protect our homes, but if someone really wants to get in, they can find a way to get in. Our job is to make it not so easy that the average knucklehead can just get in.”
Devese told us that having the latest version of everything is not necessary when your current version is working just fine. Oftentimes, new versions do not have that many updates, so older versions have virtually the same functionality. You do not have to be on the cutting edge of technology, especially since new technologies often come with a great deal of problems initially, before companies work out the kinks.
Spend the money to get an effective solution upfront that will last you five to six years before you have to reinvest so you can get all the equity out of that solution before you have to revisit it. Basic computers work for many businesses that are mostly creating documents and sending emails. Extra money that you do not spend on fancy computers can go to your operations budget. Howse added that the level of technology needed depends on the business owner, so he recommended to get the highest level of technology that your budget will buy so long as you will be able to use the full functionality of a given technology.
Create a fund specifically for technology that your business can use a few years down the line to purchase new equipment so it does not hurt your bottom line as much. Devese also advised buying the warranties on any technology, just in case.
AM Learning Series Round Tables are absolutely free and open to the public. The goals are to incorporate networking, open discussion, and include valuable content for all WHACC members as well as kick off a committee to answer questions in the future.
However, the number of attendees is limited to 20 to ensure a robust and worthwhile discussion. So be sure to register for our future round tables as soon as you see the link in your inbox!
Veronica Devese and Chris Howse have joined our new committee on Technology. Click here to pose any questions on this topic.