The Biggest Security Risks A Business Faces Today

The Biggest Security Risks A Business Faces Today

Data breaches make the news on a regular basis. Yet despite the regularity of security leaks and repeated attacks hitting businesses we know and use regularly, there’s always a sense of “that won’t happen to me.” Many businesses choose the “head in the sand” approach and are still not adequately protected against some of the most common security threats.

Every business has sensitive data. It may be client files. It may be trade secrets. Knowing where your greatest risks lie can help you take action and protect against them.

Risk #1: Unhappy Employees
You don’t have to worry about someone breaking into your systems if an unhappy employee is already in place and capable of destruction. Rogue employees can cause serious damage, especially if they are in sensitive departments with extensive computer knowledge and have access to networks, data centers or administrative files.

The first step is monitoring employees according to their level of sensitivity. The more access they have, the more censoring should take place. When highly sensitive employees quit, access should be removed immediately. Having an infrastructure in place to track, log and record activity is vital for quick response.

Risk #2: Unthinking Employees
Often, people don’t think about being careless; they’re simply looking for the easiest path. They leave phones, tablets and laptops unlocked. They create easy passwords and never change them. They leave sensitive data out in the open. Yes, they have too much trust. Yes, they don’t consider the risks they are leaving wide open. Yet you may end up paying the ultimate penalty.

The best place to start is with a strong security policy that employees understand and use. It’s up to management to do its due diligence to ensure policies and procedures are being met. Encryption is also essential. Even if an employee hasn’t taken personal precautions to protect data, your IT team can remotely handle problems should they arise.

Risk #3: Unpatchable Devices
It’s difficult to stay up to date with the latest technology. After all, there’s a lot to purchase, a lot to control. Routers, servers, printers, software, old devices – all of it can easily allow a data breach if it’s vulnerable to outside sources. This leaves you ripe for attack.

To counter and protect yourself from holes, it’s important to have a patch management system in place. This ensures all devices and software are kept up to date at all times. This also ensures that vulnerabilities are shut down before they become a problem. If a program or a device is no longer fixable, it can be retired, and a new selection can be put into place instead.

Risk #4: Third Party Service Providers
Companies rarely handle all systems internally. They outsource to many vendors for support and maintenance. One service provider might provide their point-of-sale system while another supports customer management. These third party systems typically use remote access tools to connect with a company’s network, but may not follow the same policies your company has in place. They may cause easy side doors for hackers to enter.

What many companies fail to realize is that by buying into these third-party systems, they must validate their policies as if they were their own. Do they follow best practices? Do they enforce multifactor authentication? How do they track remote access activity? If you question it within your company, you should ensure third-party systems have similar values. Otherwise, the consequences can be severe.

Hate BYOD? CYOD May Be The Answer

Hate BYOD? CYOD May Be The Answer

At first glance, there appears to be little difference between the concepts of “bring your own device” BYOD and “choose your own device” CYOD. Yet as you begin to marry the concepts of productivity and security together, it becomes apparent that certain guidelines have to be in place to keep efficiencies within the workplace.

In a BYOD environment, individuals already have their own personal devices. They’ve purchased them, use them, are comfortable with them, so it makes sense to allow them to incorporate work-related apps and programs to make getting down to business even easier. Still, keeping policies in place to keep every type of device safe is nearly impossible, and only around 44 percent of employees regularly think about their responsibility to protect corporate information on their personal devices.

To eliminate some of the variability, a CYOD policy may be a better option.

With CYOD, employees choose from a list of preapproved devices. This gives the IT department the opportunity to understand each system, select appropriate security products, and have administrator, firewall and network settings that can quickly be loaded on the device.

It is important to offer variety to ensure employee buy-in, selecting many of the top products already used in the general population.

Choose products and devices focused on responsiveness and productivity. Asking employees before the final selection is made can open up the playing field to concepts that are already in play. Then test products as an end user, making sure they work in a satisfactory way for both production and security.

Realize you may need several approaches to security to keep all information secure. Operating systems have different characteristics, different needs. Choosing popular products and designs can ensure you the largest selection of security measures that fit your needs, making integration and compliance that much easier.

Also, remember to assemble the right team to set up, implement and maintain the process from beginning to end. Anyone with a vested interest – from IT, to legal, to HR – should guide the most important requirements to ensure needs and desires meet expectations and reality.

If we can help you implement the process and make it smoother for your organization’s transition, give us a call.

How To Solve Disagreements Without Conflict

How To Solve Disagreements Without Conflict

Poorly managed conflict and disagreements can kill effectiveness and efficiencies within a workplace. Then fester, build up and completely overwhelm an office to the point where it stops you in your tracks.

Conflict is inevitable. But if you take a “head in the sand” approach, you’ll likely face even bigger problems down the road.

If part of your job is to oversee a group of people, conflict will arise from time to time. Having tactics available to help bring resolution back quickly will allow you to work through those time periods and get back to doing what your workplace does best.

Get To The Issue

There are really only two issues that cause all conflict within an office: communication and expectations.

Communication issues start when there is a misunderstanding about what was said. Or in some cases, what was left unsaid. Expectation issues always stem from a misinterpretation of the end goal or result. When conflict begins, it’s a matter of bringing all parties to the table and discovering the root problem.

  • What was said that caused hurt feelings?
  • What goal wasn’t met?
  • Were all aspects of the project clearly identified upfront?

Dig down to where the disagreement began and you can usually find where the confusion began. Then it’s a matter of moving forward and not getting lost in playing the blame game.

Where Personality Comes Into Play

Introvert. Extrovert. Thinkers. Feelers. Millenial. Baby boomer. Chances are you’ve taken a personality test or two, and have been labeled many things based on your results. All of that comes into play when a disagreement occurs.

It starts with self-knowledge about what motivates and frustrates us. It also takes learning the same about others you deal with every day.

The key isn’t thinking about what the person has done. Instead, it’s about taking in how a person’s personality is factored into the way they handle the situation.

As humans, our first instinct is fight-or-flight. We either dig in for the fight or back away altogether. That can cause more than its fair share of tension, especially when you bring a lot of personality types into one situation.

No matter where you fall on the scales, if you learn to respect situations based on how others view it, it can help you take a step back and say “how would she view this?” One simple question can completely defuse a situation.

Rip The Bandaid Off

Conflict is never fun. But the faster you deal with it, the less time it festers, the smaller the chance it has of stopping production in your workplace. As soon as you discover a disagreement, jump in and work to find the solution as fast as possible.

While conflict will always exist, it’s the leadership team that acknowledges it and finds ways of working through it that will lead the way. Find what works best for your office, lead by example, and don’t let conflict hold you back.

Establishing Service-Level Agreements For Shadow IT

Establishing Service-Level Agreements For Shadow IT

A Service-Level Agreement (SLA) is a part of a service contract where the service is formally defined. It includes certain aspects of the service, such as scope, quality and responsibilities. Common features include the contracted delivery time, definition or services, and termination agreement.

SLAs by nature are output based, meaning the result of the service received by the customer is the subject of the agreement. After the service provider demonstrates their value in what they have to offer, the customer agrees to the terms and the contract begins.

All of this works well when a company’s IT team is involved in the decision-making process, and hand selects the services they are willing to bring on board. Yet every IT team knows employees don’t operate solely with pre-approved services. If a job needs to be performed, an employee will find the best way to accomplish it, even if it means selecting another service to do so. They agree to whatever SLA is in place, and use the program with all of its risks as a part of the business process.

The risks of shadow IT have always been a concern for IT departments. And in most cases, these informal IT relationships are springing up even more than IT leaders realize. A report in 2015 by Cisco indicated that unauthorized use of cloud-based applications was 10 to 15 times greater than what the CIO estimated.

Shutting down this growing trend of shadow IT operations isn’t an option. Instead, IT leaders can take a different track that embraces the culture of finding applications that meet immediate needs, eliminating risks by wrapping formal standards around its delivery. When you recognize it’s happening and the benefits associated with it, it’s easier to make sure all procedures are handled in a beneficial way.

One way to do that is to take the same approach as companies providing SLAs. Building an SLA framework for services selected can help measure and report on their performance.

Start by defining the framework for shadow IT

Ignoring it won’t make the issue go away. Instead, take the time to quantify and qualify how it will be introduced and assessed within the organization. When employees select a program to meet their needs, not only should they have guidelines to follow to make sure it meets company requirements, but also have tools to assess how well it meets needs as it’s being used. Measurements can help both the employee and the IT team evaluate whether a program is a good fit to get the work done.

Incorporate shadow IT into all phases of management

IT clearly defines standards and policies around all forms of technology used within the organization. Those same policies should be used when establishing a shadow IT plan. Every request, problem, incident, and event should be clearly recorded for further analysis and measure down the road.

Establish SLAs for shadow IT

By clearly defining delivery capabilities, you begin creating operating level standards. It helps align overall goals and targets, and can help create 100 percent compliance with company procedures.

Align performance reporting to ensure shadow IT is effective for the organization

This will help the IT department show transparency in the delivery of all services throughout the organization. With increased visibility, it’s easier to use scorecards and work performance statistics to show what’s working, what’s not. It increases recognition of the value of outside services, and where improvements can be made to the business as a whole.


Are you worried how shadow IT is impacting your workplace?