Blog

September 11th, 2014

BI_Sep08_BWhen it comes to the success of your business, you likely rely, at least in part, on predictions made off of existing data. While simple forecasts are easy enough, it can be more difficult to set down long-term theories about what the future may or may not entail. That's why many businesses employ predictive analytics. While long used by enterprises, many smaller companies are also now starting to use these methods as well. At first glance, predictive analytics can be overwhelming, so, to help, here is an overview of the three main components.

Together, these three elements of predictive analytics enables data scientists and even managers to conduct and analyze forecasts and predictions.

Component 1: data

As with most business processes, data is one of the most important and vital components. Without data you won't be able to make predictions and the decisions necessary to reach desired outcomes. In other words, data is the foundation of predictive analytics.

If you want predictive analytics to be successful, you need not only the right kind of data but information that is useful in helping answer the main question you are trying to predict or forecast. You need to to collect as much relevant data as possible in relation to what you are trying to predict. This means tracking past data, customers, demographics, and more.

Merely tracking data isn't going to guarantee more accurate predictions however. You will also need a way to store and quickly access this data. Most businesses use a data warehouse which allows for easier tracking, combining, and analyzing of data.

As a business manager you likely don't have the time to look after data and implement a full-on warehousing and storage solution. What you will most likely need to do is work with a provider, like us, who can help establish an effective warehouse solution, and an analytics expert who can help ensure that you are tracking the right, and most useful, data.

Component 2: statistics

Love it, or hate it, statistics, and more specifically regression analysis, is an integral part of predictive analytics. Most predictive analytics starts with usually a manager or data scientist wondering if different sets of data are correlated. For example, is the age, income, and sex of a customer (independent variables) related to when they purchase product X (dependent variable)?

Using data that has been collected from various customer touch points - say a customer loyalty card, past purchases made by the customer, data found on social media, and visits to a website - you can run a regression analysis to see if there is in fact a correlation between independent and dependent variables, and just how related individual independent variables are.

From here, usually after some trial and error, you hopefully can come up with a regression equation and assign what's called regression coefficients - how much each variable affects the outcome - to each of the independent variables.

This equation can then be applied to predict outcomes. To carry on the example above, you can figure out exactly how influential each independent variable is to the sale of product X. If you find that income and age of different customers heavily influences sales, you can usually also predict when customers of a certain age and income level will buy (by comparing the analysis with past sales data). From here, you can schedule promotions, stock extra products, or even begin marketing to other non-customers who fall into the same categories.

Component 3: assumptions

Because predictive analytics focuses on the future, which is impossible to predict with 100% accuracy, you need to rely on assumptions for this type of analytics to actually work. While there are likely many assumptions you will need to acknowledge, the biggest is: the future will be the same as the past.

As a business owner or manager you are going to need to be aware of the assumptions made for each model or question you are trying to predict the answer to. This also means that you will need to be revisiting these on a regular basis to ensure they are still true or valid. If something changes, say buying habits, then the predictions in place will be invalid and potentially useless.

Remember the 2008-09 sub-prime mortgage crisis? Well, one of the main reasons this was so huge was because brokers and analysts assumed that people would always be able to pay their mortgages, and built their prediction models off of this assumption. We all know what happened there. While this is a large scale example, it is a powerful lesson to learn: Not checking that the assumptions you have based your predictions on could lead to massive trouble for your company.

By understanding the basic ideas behind these three components, you will be better able to communicate and leverage the results provided by this form of analytics.

If you are looking to implement a solution that can support your analytics, or to learn more about predictive analytics, contact us today to see how we can help.

Published with permission from TechAdvisory.org. Source.

September 11th, 2014

MobileGeneral_Sep08_BOur mobile devices are quickly becoming so highly integrated into our lives that it can be difficult to imagine life without them. But, there will come a time when you decide to upgrade to a new device. When this does happen, you may consider selling your old device. If you do decide to do this, one thing you should ensure you have done is to deauthenticate your apps.

What exactly is deauthentication?

Some apps, although not all, require that you authenticate your device in order for them to work. Many developers who ask users to authenticate their device do so in order to either prevent copies of the software from being created and utilized, or to ensure that the device and app can communicate securely.

Some examples of apps that ask for authentication include those that use multi-factor authentication, password managers, and apps that require a subscription or credit card information, etc. On some devices you even need to enter a code or key, much like installing software on a new computer, in order to activate all the features of the app.

The main reason many developers require authentication is connected to security. As security is becoming an ever more pressing issue, there is a good chance that we will see more apps asking users to authenticate their devices in the future.

The issue with this is that when you go to sell your device you will likely need to purchase the app again or the buyer of the device won't be able to set up their own account.

Common apps you should deauthenticate

Apps with subscription services: This includes apps like Google Play Music, Spotify, Office for iPad, cloud storage apps that you have linked your device to, etc. These apps are usually either linked with your device or your phone number so it is a good idea to deauthenticate them.
  1. Kindle app: The Kindle app is actually linked to your device and users who want to use the app will likely not be able to if the device is linked to your account. You can unlink devices by going to the Amazon site, logging in and selecting Manage your Content and Devices when you hover over your account name.
  2. Password management apps: These apps usually require that you authenticate your device to use a particular service. If you try to log in on a new device, these apps may not work properly.
  3. Chat apps: Some chat apps like WhatsApp or Line require that you register for the service using your phone number. If you are keeping your number, you shouldn't have to deauthenticate, but if you are getting a new number, you should go into the account settings of each app and unlink your number. WhatsApp for example has a feature that allows you to move your number to a new device.
  4. Any app or service that you have linked credit card information to: While you ordinarily don't have to physically deauthenticate these apps, as the information is usually linked to an account and password, it is a good idea to unlink your credit card with any app on your phone before you hand it over. This will help ensure that credit card information is not stored or accessible.
When it comes to the major app stores, e.g., Windows Phone Store, Google Play, and iTunes, you will often see that your device has been linked to your account. If you are going to sell your device, the best course of action is to reset using the factory reset option. This will delete all data and installed apps on the device. This will often be enough to deauthenticate all apps.

If you are looking to learn more about getting rid of your older devices, contact us today.

Published with permission from TechAdvisory.org. Source.

September 4th, 2014

Security_Sep02_BEveryone today seems to be constantly relying on their smartphones to help complete daily tasks which has resulted in the need to recharge subsequently increasing. And when you’re far from your charger, public charging kiosks can seem like a good substitute. However, this can lead to juice jacking of your smartphone. If this is news to you then let’s find out what juice jacking is and how you can avoid it.

What’s juice jacking?

Regardless of the kind of smartphone you have, whether it’s an Android, iPhone or BlackBerry, there is one common feature across all phones: the power supply and the data stream pass over the same cable. This setup allows for juice jacking during the charging process whereby user access is gained on your phone by leveraging the USB data/power cable to illegitimately access your phone’s data and/or inject malicious code onto the device.

The attack can be as simple as an invasion of privacy, wherein your phone pairs with a computer concealed within the charging kiosk and information such as private photos and contact information are transferred to a malicious device. However, on the other hand, it can also be as invasive as an injection of malicious code directly into your phone. According to security researchers at this year’s Black Hat security conference, your iPhone can be compromised within one minute of being plugged into a harmful charger.

Exposure to a malicious kiosk can also create a lingering security problem even without the immediate injection of malicious code. Once a device is paired to a computer, it can access a host of personal information on the device, including your address book, notes, photos, music, sms database, typing cache, and even initiate a full backup of your phone, all of which can be accessed wirelessly at anytime.

How do I avoid it?

The most effective precautions center around simply not charging your phone using a third-party system. Here are some tips to help you avoid using public kiosk charger:
  • Keep your devices topped off: Make it a habit to charge your phone at your home and office when you’re not actively using it or are just sitting at your desk working.
  • Carry a personal charger: Chargers have become very small and portable, from USB cables to power banks. Get one and throw it in your bag so you can charge your phone anytime you’re at the office or while on-the-go if you use a power bank.
  • Carry a backup battery: If you’re not keen on bringing a spare charger or power bank, you can opt to carry a full spare battery if your device has a removable battery.
  • Lock your phone: When your phone is truly locked as in inaccessible without the input of a pin or equivalent passcode, your phone should not be able to be paired with the device it’s connected to.
  • Power the phone down: This technique only works on phones on a model-by-model basis as some phones will, despite being powered down, still power on the entire USB circuit and allow access to the flash storage in the device.
  • Use power only USB cables: These cables are missing the two wires necessary for data transmission and have only the two wires for power transmission remaining. They will charge your device, but data transfer is made impossible.
Even the tiniest detail like charging your phone from a kiosk charger could affect the security of your device. While there are many substitutes to using a third-party system, ultimately the best defense against a compromised mobile device is awareness. Looking to learn more about today’s security and threats? Contact us today and see how we can help.
Published with permission from TechAdvisory.org. Source.

Topic Security
September 3rd, 2014

BCP_Sep02_BBusiness operators know that when it comes to business continuity, everything is about time. It doesn’t matter if you can recover your business activities if this isn’t achieved in reasonable time. But what is considered “reasonable”? This is what the business impact analysis (BIA) determines. The BIA aims to find out what the recovery time objective is for each critical activity within an organization. With that in mind, let’s take a look at five tips for reliable business impact analysis.

Five tips for successful business impact analysis:

  1. Treat it as a (mini) project: Define the person responsible for BIA implementation and their authority. You should also define the scope, objective, and time frame in which it should be implemented.
  2. Prepare a good questionnaire: A well structured questionnaire will save you a lot of time and will lead to more accurate results. For example: BS (British standard) 25999-1 and BS 2599902 standards will provide you with a fairly good idea about what your questionnaire should contain. Identifying impacts resulting from disruptions, determining how these vary over time, and identifying resources needed for recovery are often covered in this. It’s also good practice to use both qualitative and quantitative questions to identify impacts.
  3. Define clear criteria: If you’re planning for interviewees to answer questions by assigning values, for instance from one to five, be sure to explain exactly what each of the five marks mean. It’s not uncommon that the same event is evaluated as catastrophic by lower-level employees while top management personnel assess the same event as having a more moderate impact.
  4. Collect data through human interaction: The best way to collect data is when someone skilled in business continuity performs an interview with those responsible for critical activity. This way lots of unresolved questions are cleared up and well-balanced answers are achieved. If interviews are not feasible, do at least one workshop where all participants can ask everything that is concerning them. Avoid the shortcut of simply sending out questionnaires.
  5. Determine the recovery time objectives only after you have identified all the interdependencies: For example, through the questionnaire you might conclude that for critical activity A the maximum tolerable period of disruption is two days; however, the maximum tolerable period of disruption for critical activity B is one day and it cannot recover without the help of critical activity A. This means that the recovery time objective for A will be one day instead of two days.
More often than not, the results of BIA are unexpected and the recovery time objective is longer than it was initially thought. Still, it’s the most effective way to get you thinking and preparing for the issues that could strike your business. When you are carrying out BIA make sure you put in the effort and hours to do it right. Looking to learn more about business continuity? Contact us today.
Published with permission from TechAdvisory.org. Source.

August 25th, 2014

Security_Aug18_BThe idea of Internet security is almost always being called into question. It seems like nearly every month there is a security breach where important information like usernames and passwords are stolen. The trend appears to be increasing, with an ever expanding number of accounts being hacked. In early August, news broke of possibly the biggest breach to date.

The latest big-scale breach

In early August, it emerged that a Russian hacker ring had amassed what is believed to be the biggest known collection of stolen account credentials. The numbers include around 1.2 billion username and password combinations, and over 500 million email addresses.

According to Hold Security, the company that uncovered these records, the information comes from around 420,000 sites. What is particularly interesting about this particular attack is that such a wide variety of sites were targeted when compared this with other attacks which tend to either attack large brand names or smaller related sites.

How did this happen?

Despite what many believe, this was not a one-time mass attack; all sites that were compromised were not attacked at the same time. Instead, the hacker ring - called the Cyber Vor - was likely working on amassing this data over months or longer. How they were able to amass this much information is through what's called a botnet.

Botnets are a group of computers infected by hackers. When the hackers establish a botnet, they attack computers with weak network security and try to infect them with malware that allows the hacker to control the computer. If successful, users won't even know their computer has been hacked and is being used by hackers.

Once this botnet is established, the hackers essentially tell the computers to try to contact websites to test the security. In this recent case, the computers were looking to see if the websites were vulnerable to a SQL injection. This is where hackers tell the computers in the botnet to look for fillable sections on sites like comment boxes, search boxes, etc. and input a certain code asking the website's database to list the stored information related to that box.

If the Web developer has restricted the characters allowed in the fillable text boxes, then the code likely would not have worked. The botnet would notice this, and then move onto the next site. However, if the code works, the botnet notes this and essentially alerts the hacker who can then go to work collecting the data.

So, is this serious and what can I do?

In short, this could be a fairly serious problem. While 420,000 sites may seem like a large number, keep in mind that the Internet is made up of billions of websites. This means that the chances of your website's data being breached by this ring are small. That being said, there is probably a good chance that one of the sites related to your website may have been breached.

So, it is a cause for concern. However, you can limit the chance of hackers gaining access to your information and a website's information.

1. Change all of your passwords

It seems like we say this about once a month, but this time you really should heed this warning. With 1.2 billion username and password combinations out there, there is a chance your user name for at least one account or site has been breached.

To be safe, change all of your passwords. This also includes passwords on your computer, mobile devices, and any online accounts - don't forget your website's back end, or hosting service. It is a pain to do, but this is essential if you want to ensure your data and your website is secure from this attack.

2. Make each password different

We can't stress this enough, so, while you are resetting your password you should aim to ensure that you use a different one for each account, site, and device. It will be tough to remember all of these passwords, so a manager like LastPass could help. Or, you could develop your own algorithm or saying that can be easily changed for each site. For example, the first letter of each word of a favorite saying, plus the first and last letter of the site/account, plus a number sequence could work.

3. Test your website for SQL injection

If you have a website, you are going to want to test all text boxes to see if they are secure against SQL injection. This can be tough to do by yourself, so it's best to contact a security expert like us who can help you execute these tests and then plug any holes should they be found.

4. Audit all of your online information

Finally, look at the information you have stored with your accounts. This includes names, addresses, postal/zip codes, credit card information, etc. You should only have the essential information stored and nothing else. Take for example websites like Amazon. While they are secure, many people have their credit card and billing information stored for easy shopping. If your account is hacked, there is a good chance hackers will be able to get hold of your card number.

5. Contact us for help

Finally, if you are unsure about the security of your accounts, business systems, and website, contact us today to see how our security experts can help ensure your vital data is safe and sound.
Published with permission from TechAdvisory.org. Source.

Topic Security
August 22nd, 2014

Productivity_Aug18_BA common problem many business owners and employees run across with the Internet and smartphones is that the apps and programs are often too disparate, and not connected enough. This can be a drag for productivity, especially if you have to keep repeating the same tasks. One tool that may help automate these is If This Then That (IFTTT).

What is If This Then That?

IFTTT is a Web and mobile app that was developed to connect different Web apps like Google Apps, DropBox, Facebook, Instagram, etc, together into one general system. In general, the service runs on conditional statements - or recipes - that fit the IFTTT statement.

The service is set up on a number of different conditional statements that make up what the developers of the app call a recipe. Each recipe is broken down into two different sections:

  • This - Also referred to as a trigger. Each trigger in a recipe is kind of like a requirement in that the set trigger has to happen for the recipe to start working.
  • That - That refers to an action that happens when a 'this' condition is triggered.
Once you have set up a number of recipes, the app runs in the background to check for triggers and then will automatically execute the action when it notices a trigger.

Examples of IFTTT recipes

There are a wide variety of recipes out there that you can create. For example, some of the more useful IFTTT recipes for businesses include:
  • If a photo is posted on the business Instagram account, then it is shared with Twitter and Facebook.
  • If a Square payment is processed, then this creates a line in a specific spreadsheet.
  • If a contact is added to a phone's address book, then this information is placed on Evernote.
  • If an article is posted on a specific blog, then the post is shared on Twitter, Facebook, and Google+.
  • If an email is starred on Gmail, then a reminder is set on my phone to review starred emails.
  • If I enter the office, then my phone is muted.
  • If a client emails an attachment, then a copy is saved to DropBox.
  • If my device is in the office, then my office lights are turned on (if you have Phillips Hue bulbs).
There are a wide variety of supported apps that allow you to create recipes for nearly anything you can think of. The developers are constantly adding support for new channels (apps), including many from the Internet of Things.

How to sign up for this

Because you can access IFTTT from the Web and via an app on your mobile device, we recommend first thinking about how you are going to use it. If you are going to be using recipes for your mobile device, then we recommend downloading the app onto your device. Regardless of how you are going to use it, you can create an account by:
  1. Going to the IFTTT website (https://ifttt.com/)
  2. Clicking Join IFTTT.
  3. Setting a username and password and clicking Create account.
From there, you will be able to log in and start creating rules. If you do want to use your mobile device, you should then download the free app for your device - Windows Phone, Android, iPhone - and then log in using the account information you just created. When you first log in you should see a number of channels (apps) related to your system have been activated. This means you can now start creating recipes.

Creating recipes from your browser

  1. Go to the IFTTT website (https://ifttt.com/) and press Sign in.
  2. Press Create.
  3. Press This and select your trigger - try picking your app first, then click on it to get a list of actions.
  4. Press Create Trigger.
  5. Click That and select an action channel.
  6. Select Create Recipe.
You can also click Browse from the menu bar at the top to find and activate already created recipes.

Creating recipes from your mobile device

  1. Open the app.
  2. Press the mortar and pestle icon at the top-right.
  3. Press the + followed by the + besides If on the next screen.
  4. Select the app from the icons at the top of the screen, and select the related trigger.
  5. Tap the + beside Then and select an action or app.
  6. Press Finish to activate the new recipe.
If you are looking for a cool way to connect different apps, and even save yourself time, then this could be something worth looking into. And, if you are looking to learn more about how you can increase your productivity, contact us today to see how our systems can help.
Published with permission from TechAdvisory.org. Source.

Topic Productivity
August 21st, 2014

BValue_Aug18_BMany countries around the world require businesses to implement systems and tools, which often includes technology, that meets the needs of all employees. This includes employees who have disabilities or special requirements. Because of this, it has become nearly essential for companies to develop an accessible technology plan for when certain technology needs arise.

What is accessible technology?

Accessible technology, also commonly referred to as assistive technology, is the idea of creating or implementing technology and systems that cater to employees with disabilities. While not every company will have or require accessible technology, it is required by many countries that businesses meet the needs of disabled employees.

To that end, it is a good idea to develop a plan on how to implement accessible technology. To help, here are five steps you could take:

1. Defining your strategy

The accessible technology strategy should be the first thing you develop as it will be the foundation of the overall plan. When looking at your strategy you should define how accessible technology fits into your overall organization plan and how it will fit with your existing strategies.

What you are looking to do is to figure out how this form of technology will fit with existing systems and increase overall operating effectiveness. From here, you can define the overall objectives, budget, and vision for the plan.

2. Identifying requirements

In this step, you should look closely at existing technology in the organization and the needs of your employees. Because each company is different and the needs of employees are different you should be careful to also identify the technology needs of your employees.

When looking at both the needs and existing systems you can work to come up with an overall set of requirements, along with a general priority. For example, will you need to modify existing computers or purchase new ones?

The key idea here is that you need to figure out exactly what you need.

3. Picking the new technology

Once you have identified what changes you need to implement, what new technology you will need, and your budget, you can then begin looking for the best solutions. The most effective way to do this is to work with it experts like us who can help you find and integrate the best technology and changes that will meet your adaptive technology needs.

4. Implementing and training

Once you have defined the changes, and new technology to integrate, you need to implement it. This may include altering physical devices and machines where necessary, and then testing the systems to make sure they are working properly.

It is also be a good idea to train your employees who will be using the systems, and the team who will be managing the systems.

5. Maintaining

As with all tech systems, it is important to realize that the solution you implement will not work forever, and will eventually require maintenance, updating, or even replacing. You should take steps to audit systems on a regular basis to ensure they are still meet the needs of your company and employees.

This can be a time consuming and potentially costly step, especially if you neglect it. We strongly recommend working with a company like ours, who can help manage your solution and ensure that updates and any necessary changes are implemented when they are needed, and that should needs change, systems are subsequently updated to meet the new requirements.

If you are looking to implement accessible technology in your business, contact us today to see how we can help.

Published with permission from TechAdvisory.org. Source.

August 14th, 2014

Data is an integral component to any business. Without it we would not be able to make decisions, develop marketing campaigns, or even operate. The issue many businesses face however is that the amount of data they generate and capture is increasing exponentially and it can be a challenge to collect and leverage it. One solution is to integrate a data warehouse, but how do you know if your business needs one?

What is a data warehouse?

A data warehouse is a system used by companies for data analysis and reporting. The main purpose of the data warehouse is to integrate, or bring together, data from a number of different sources into one centralized location. The vast majority of the data they store is current or historical data that is used to create reports or reveal trends.

Possibly the biggest benefit of a data warehouse is that it can pull data from different sources e.g., marketing, sales, finance, etc. and use this different data to formulate detailed reports on demand. Essentially, a data warehouse cuts down the time required to find and analyze important data.

While not every business will need one right this minute, a solid data warehouse could help make operations easier and more efficient, especially when compared with other data storage solutions. That being said, it can be tough to figure out if you actually need one. In order to help, we have come up with five signs that show your business is ready to implement a data warehouse.

1. Heavy reliance on spreadsheets

Regardless of business size, the spreadsheet is among the most important business tools out there. Used by pretty much every department in a company, they can be a great way of tracking data. The problem many business owners run across however is that spreadsheets can grow to immense sizes and can become unwieldy.

Combine this with the fact that each department has spreadsheets that you will likely need to pull data from in order to generate a report. If this is the case, you are creating manual reports, which can take a lot of your time.

If you are struggling to find the data you need because it is spread out across different sheets, in different departments, then it may be time to implement a data warehouse.

2. Data is overwhelming your spreadsheets

Spreadsheets are designed to operate with a set amount of data (rows and columns). Reach, or exceed this limit, and you will find that the file becomes sluggish or will downright prevent you adding more data.

While it can take a while to get to this point, companies will reach it if they keep adding to their data. At this point you will see a drop in productivity and overall effectiveness in how you use your data. Therefore, a data warehouse that can combine data from different sheets may be a great solution.

3. You spend too much time waiting

If you set out to develop a report, only to find out that you need to wait for colleagues to provide the information on their spreadsheets, or to analyze their data, you could find yourself waiting for a longer than expected time.

This makes you highly ineffective and can be downright frustrating, especially if employees are too busy or just can't provide the information needed. Implementing a data warehouse can help centralize data and make it available to all team members more effectively. This cuts down the time spent actually having to track it down and communicating with colleagues.

4. Discrepancies in data and reports

Have you noticed that when team leaders or members in different departments create reports that the data or findings are different from yours, or other reports? Not only is this frustrating, it is also time consuming to sort out and could lead to costly mistakes.

This can be amplified if some departments have data sources that they don't share with other teams, as this can throw doubt into the solidity of your data and other reports. If you have reached this point, and realize that there are discrepancies in your data, it may be time to look into a data warehouse which can help sort out problems while ensuring mistakes like duplicate data are eliminated.

5. Too much time spent generating reports

Ideally, we should be able to generate a report using existing data almost instantly, or with as few clicks as possible. If you find that when generating a report you have to keep going to different sources to check if the data is updated, or to keep manually updating other sources, you could quickly see the amount of time needed to develop a report grow.

Because data warehouses consolidate data, you only have to turn to one source for data. Combine with the fact that many data warehouses can be set up to automatically update if source data is updated or changed, and you can guarantee that the data you are using is always correct.

Looking to learn more about data warehouses, or about the different data solutions we offer? Contact us today.

Published with permission from TechAdvisory.org. Source.

August 7th, 2014

Security_Aug05_BWhen it comes to business security, many small to medium business owners and managers often struggle to ensure that their systems and computers are secure from the various attacks and malware out there. While there are a million and one things you can do to secure systems, one of the most useful approaches is to be aware of common security threats. To help, here are five common ways your systems can be breached.

1. You are tricked into installing malicious software

One of the most common ways a system's security is breached is through malware being downloaded by the user. In almost every case where malware is installed the reason is because the user was tricked into downloading it.

A common trick used by hackers is to plant malware in software and then place this software on a website. When a user visits the site, they are informed that they need to download the software in order for the site to load properly. Once downloaded, the malware infects the system. Other hackers send emails out with a file attached, where only the file contains malware.

There are a nearly limitless number of ways you can be tricked into downloading and installing malware. Luckily, there are steps you can take to avoid this:

  • Never download files from an untrusted location - If you are looking at a website that is asking you to download something, make sure it's from a company you know about and trust. If you are unsure, it's best to avoid downloading and installing the software.
  • Always look at the name of the file before downloading - Many pieces of malware are often disguised with file names that are similar to other files, with only a slight spelling mistake or some weird wording. If you are unsure about the file then don't download it. Instead, contact us as we may be able to help verify the authenticity or provide a similar app.
  • Stay away from torrents, sites with adult content, and movie streaming sites - These sites often contain malware, so it is best to avoid them altogether.
  • Always scan a file before installing it - If you do download files, be sure to get your virus scanner to scan these before you open the apps. Most scanners are equipped do this, normally by right-clicking on the file and selecting Scan with….

2. Hackers are able to alter the operating system settings

Many users are logged into their computers as admins. Being an administrator allows you to change any and all settings, install programs, and manage other accounts.

If a hacker manages to access your computer and you are set up as the admin, they will have full access to your computer. This means they could install other malicious software, change settings or even completely hijack the machine. The biggest worry about this however, is if a hacker gets access to a computer that is used to manage the overall network. Should this happen, they could gain control over all the systems on the network and do what they please on it.

In order to avoid this, you should ensure that if a user doesn't need to install files or change settings on the computer, they do not have administrator access. Beyond this, installing security software like anti-virus scanners and keeping them up to date, as well as conducting regular scans, will help reduce the chances of being infected, or seeing infections spread.

3. Someone physically accesses your computer

It really feels like almost every security threat these days is digital or is trying to infect your systems and network from the outside. However, there are many times when malware is introduced into systems, or data is stolen, because someone has physically had access to your systems.

For example, you leave your computer on when you go for lunch and someone walks up to it, plugs in a USB drive with malware on it and physically infects your system. Or, it could be they access your system and manually reset the password, thereby locking you out and giving them access.

What we are trying to say here is that not all infections or breaches arrive via the Internet. What we recommend is to ensure that you password protect your computer - you need to enter a password in order to access it. You should also be sure that when you are away from your computer it is either turned off, or you are logged off.

Beyond that, it is a good idea to disable drives like CD/DVD and connections like USB if you don't use them. This will limit the chances that someone will be able to use a CD or USB drive to infect your computer.

4. It's someone from within the company

We have seen a number of infections and security breaches that were carried out by a disgruntled employee. It could be that they delete essential data, or remove it from the system completely. Some have even gone so far as to introduce highly destructive malware.

While it would be great to say that every business has the best employees, there is always a chance a breach can be carried out by an employee. The most effective way to prevent this, aside from ensuring your employees are happy, is to limit access to systems.

Take a look at what your employees have access to. For example, you may find that people in marketing have access to finance files or even admin panels. The truth is, your employees don't need access to everything, so take steps to limit access to necessary systems. Combine this with the suggestions above - limiting admin access and installing scanners - and you can likely limit or even prevent employee initiated breaches.

5. Your password is compromised

Your password is the main way you can verify and access your accounts and systems. The issue is, many people have weak passwords. There has been a steady increase in the number of services that have been breached with user account data being stolen. If a hacker was to get a hold of say your username, and you have a weak password, it could only be a matter of time before they have access to your account.

If this happens, your account is compromised. Combine this with the fact that many people use the same password for multiple accounts, and you could see a massive breach leading to data being stolen, or worse - your identity.

It is therefore a good idea to use a separate password for each account you have. Also, make sure that the passwords used are strong and as different as possible from each other. One tool that could help ensure this is a password manager which generates a different password for each account.

If you are looking to learn more about ensuring your systems are secure, contact us today to learn about how our services can help.

Published with permission from TechAdvisory.org. Source.

Topic Security
August 6th, 2014

BCP_Aug05_BMost IT experts will agree that in order for a business to survive, they need some sort of recovery or continuity plan in place. Regardless of the type of plan, or systems integrated, all systems need to have a back up mechanism. In the last article, we took a look at four tips to help improve your data backups, and continue this article with the final four.

5. Automate your backup

It can be tough to actually remember to back up your files, especially if your business is busy. Therefore, you could look into an automated backup solution. At the very least, you should set a schedule as to when backups are conducted and set what is being backed up. While this isn't a full automation, a schedule will help.

If you are using solutions like the cloud or NAS (Network Attached Storage), you can usually automate the process by selecting which files and folders to back up and when. The software that powers these solutions will then do this automatically.

Ideally, your backups should be carried out automatically to ensure your data is available should you need it. But you should check periodically to ensure that your data is actually being backed up. This is especially true if you are backing up other systems, as there have been cases where employees have become frustrated by the backup process and simply turned it off. The business owner, thinking their data was being backed up would be in for a bit of a shock when systems crashed, if this was the case.

6. Back up your backups

Redundancy of your backups is just as important as actually backing up your data. You should keep a backup of your backup in case something happens to your original backup. While this doesn't have to be carried out as often as the 'normal' backup, this should be done on a regular basis.

In order to really ensure backup redundancy we recommend that if your main backup is kept on-site, then the secondary backup should be on another storage medium that is kept off-site.

7. Don't forget data stored on non-physical drives

What we are referring to here is the data stored on different services like your email, social media, and non-physical locations. This is especially true if you say have you own servers. It's highly likely that there is data stored on these services as well, and should they go down and you haven't kept a backup, you may lose important information.

Essentially, think about critical data that is used in the company, but isn't physically kept on computers. It may feel like this is going a step too far with backups, especially for businesses who use email services like Exchange and Gmail. However, while the chances of these systems going down are incredibly rare, it could still happen. Therefore, you should conduct a monthly to bi-yearly backup just to ensure that data is there somewhere should something happen.

8. Test your backups

Finally, it is beneficial to actually test your backups from time-to-time to ensure that they are not only working but the data is actually recoverable. If you do a trial run on recovering your data, you can get a good idea of how long it will take to retrieve this information when you actually need to recover it. You can then take steps to optimize this and let the relevant people know.

Also, testing is a good way to discover any problems, e.g., if someone has disabled backups, or one solution isn't working. This will ensure that your data is there when you need it.

If you are looking to integrate a data backup solution, contact us today to see how we can help.

Published with permission from TechAdvisory.org. Source.