Category Archives: Security

Importance of a Business Continuity Plan

Security

disasterA business continuity plan is the equivalent of your strategy when the world goes into meltdown mode. It’s your version of the nuclear shelter. You might have your offices wiped out by a natural disaster or your servers taken down by a cyber-attack. No business is completely free from risk.

In the event something does happen, you need a business continuity plan. It needs to dictate what you need to do to get back in business again and what you need to do should you lose customer data or an entire database.

Here are some off the reasons why you need to ensure you have an updated business continuity plan.

Keep Going

Your business continuity plan will allow your company to get back on its feet again. It might not allow the entire business to recover right away, but you’ll be able to operate on a basic level.

It can be something as simple as installing a generator to restore power when the lights go out.

Operate Remotely

In some cases, you might have no choice but to relocate. This is possible if you live in states like New York, Louisiana, and Arkansas where natural disasters of all kinds can appear out of nowhere.

Operating remotely to a minor degree can enable you to do what you can for your customers and keep the general public updated about the situation.

For example, your staff might be able to work from home on tablet computers and laptops whilst your office is physically out of commission.

Protecting Data

Data is what allows a business to operate. Should you lose access to this data, for whatever reason, your business continuity plan will allow you gain access to it again.

This part of your business continuity plan will include your backup solutions. One example of a business continuity plan could involve storing data in a remote location on a remote device.

Reducing the Damage

Every minute off the grid is money lost and customer satisfaction shaken. Businesses that leave the public eye for just a few weeks may never open again. One of the reasons they never reopen again is a lack of direction. They don’t know what to do and they find themselves unable to recover.

Business continuity plans provide you with that vital direction you need to function. It allows you to reduce downtime and get back to business as soon as possible.

How Complex Does Your Plan Need to Be?

Despite the fact there are consultants charging thousands of dollars to form business continuity plans, these aren’t always necessary. Simple contingency plans are more than enough to ground the situation and get back to normality with the least hassle possible.

 

The Heartbleed Bug… Are You Vulnerable?

Security,

heartbleed logoThe Heartbleed Bug made international headlines when it was discovered that this security flaw could be exploited by hackers all over the world. Even though this OpenSSL vulnerability has a solution, there are still about 318,000 servers with Heartbleed in place.

The problem is that most people and businesses don’t know if they’re still vulnerable. If you’re unsure, check to see if you are vulnerable. It’s better to be safe than sorry, especially if you’re running a business with highly sensitive information on your systems.

Here’s how to tell if you’re exposed and what you can do about it.

What is the Heartbleed Bug?

OpenSSL is the primary encryption method used by websites on the Internet. The majority of websites have this form of security in place. The bug allows hackers to exploit Secure Sockets Layer (SSL). A hacker could read the system memory and uncover passwords and communications. In other words, they could bypass the main form of security used by the majority of the Internet’s users.

In a worst case scenario a company could have its customer’s information compromised; this could include personal details and financial data. For companies under the jurisdiction of a regulatory body, they could be found to have been negligent in their security arrangements. Such a ruling could lead to massive fines. In terms of the hassle, it isn’t worth it.

Act now to make sure you don’t fall victim to Heartbleed.

Are You Exposed?

Larger websites that have been exposed may already have their name on sites like Mashable and LastPass who took the liberty of listing the most prominent websites afflicted by the bug.

Kaspersky, a security firm, recommends using their free Heartbleed test.  People are also advised to visit www.heartbleed.com. This is a free information website filled with advanced data about the bug and its current status. It’s the best place to get the latest information on what’s going on.

What Should You Do?

Since it’s the OpenSSL that’s affected it doesn’t mean you have to spend long hours on maintenance. First of all, make sure your antivirus systems are completely updated. You don’t want to allow any further security leaks.

You should aim to change every password you have. The likes of Google have claimed they have already patched their services to make them safe, but there are no guarantees and Google won’t accept any liability either way.

Change your passwords to something more secure and this should be enough to protect you from any Heartbleed flaws. If you’re using any websites marked as vulnerable, take your data away from the site. This is especially true if you’re using an online cloud portal. An unpatched Heartbleed bug will make your data potentially visible to a third-party.

Email Archiving (2 Part Series) – The Risk of Having Email Archived on a Local Workstation

Security, , ,

email iconEmail archiving is an extremely efficient solution for dealing with large volumes of email. Even the smallest business can have thousands of emails every year they have to sift through. Think about what would happen if you had a multinational corporation.

Archiving emails is required by companies for both legal and regulatory reasons. Some information has to be stored for a certain period of time; usually about three years.

Local workstations are often used to store emails. This is a major security flaw. You’re risking everything by leaving a security loophole like this in place. To make matters even worse, only 32% of organizations have a data loss solution, according to SilverSky.

Here’s why you need to be careful about where your archive your emails.

Your Responsibility

A local workstation is vulnerable. Unless you’ve employed a team of security consultants to take care of your security, you’re vulnerable. Many corporations aren’t willing to do this, and so they hand the responsibility to a third-party specialist who can offer them a centralized location for archiving.

Taking responsibility for an archive like this reduces efficiency and increases how much you pay. And there’s still no guarantee of a hacker or other malicious virus not slipping through your nets.

Employee Security Failure

To make it even worse, a localized workstation exposes your emails to the greatest threat of all – the people already in your company. Take a look at some more startling statistics from SilverSky:

1. 78% of employees have accessed their emails from personal devices. There’s nothing stopping them from doing this because emails have been archived on localized workstations. They haven’t been hosted or stored on a large central computer.

2. 61% of employees have taken data away from their companies through emails in order to provide leverage for them to find another job. They have a real incentive to exploit security loopholes like this one, especially if you’re dealing with a disgruntled employee.

What’s the Solution?

Take email archives away from localized workstations. The fact is too many companies aren’t taking email security seriously. They automatically assume it’s a secure part of their network. Whilst they worry about antivirus systems, malicious attacks are being made through their emails.

Another factor you have to take into account is the sheer scale of email archives. Try to find a solution for reviewing the archives regularly. Instead of storing everything, store only what you’re bound to keep by law. Delete whatever you have no use for, but do it in a manner that’s secure.

In conclusion, email archiving is a great solution, but it’s also allowed for new methods of attack. Take your security seriously and ensure nobody manages to take advantage of this so often exploited security flaw.

 

 

 

 

Email Archiving – The Benefits of Centralized Email Archiving

Security, ,

email iconThe Radicati Group say there are 850 million corporate accounts across the world, and the average user sends about 110 messages each day. You need a lot of space to store these emails, or 30MB per user per week to be exact.

What’s the solution?

It’s email archiving, obviously. The problem with email archiving is too many people are storing their archives on a local workstation. They’re exposing themselves with this massive security risk. Localized workstations are vulnerable and can be attacked. It’s a common theme to see attacks being made through less secure localized workstations.

Instead, you need to search for a centralized email archive solution. It enhances your security and ensures you’re doing your duty to limit the potential for network breaches.

Removing the Holes

A centralized archive puts everything in a single location. It means there’s one location and one location only were an attacker would have to breach security. Spreading your archives around local workstations only provides additional opportunities for leaks. It’s simply a matter of numbers.

You’re spreading your resources thin by not opting for a centralized archive.

Easy Organization

Before the concept of centralized email archiving appeared, it was typical to store emails across multiple departments of a corporation. An office may have their own email archive, along with the office next to them, and the office after that.

Centralized archives will store everything in the same place in separate folders. This makes it easy to locate specific emails. It’s ideal when dealing with clients or regulatory boards because any information can be called up in a matter of minutes in a safe and secure manner.

Synchronized Security

Security solutions have to be updated on a consistent basis. It’s a huge job to do this across multiple departments. A lack of synchronized security means for a short time part of a company’s emails are protected, whereas the others are vulnerable. Can you imagine having to update your antivirus system section by section?

This doesn’t happen. You press a button and it updates everything at the same time. With a centralized email archive you can have this level of synchronized security. It’s safer for your network.

Space Saving

As well as reducing the number of access points, as described above, centralized email archives save space. They’re less bulky and take up less digital space. For any business of any size, they cost less. Anything that reduces the amount you pay will always be worthwhile for a business to invest in.

Conclusion

In short, what you have with centralized email archiving is better security and more efficiency. There’s no reason why localized workstations should play a part in an archiving solution. With the costs of a security breach running so high, it’s not worth the risk. Take control of your email security and make sure you don’t fall victim to a digital attack.