by Felicien | Jul 3, 2019 | Education
Assassins for hire, drugs by mail order, and fake passports: What do all these things have in common?
You can find them all on the dark web.
“Okay …” you may be thinking, “Sounds like a blast — but how does this affect me and my business?”
Well, most likely, you’re not surfing the dark web for fake travel documents and drugs by mail. But as it turns out, the dark web can affect you and your business. Most notably, your information can end up there — and that’s exactly where you don’t to find it.
Below, we’ll learn more about what the dark web is, how it came into existence, and how you can protect your business from the trouble that lurks there.
First Thing’s First: What Is the Dark Web?
The dark web began much more innocently than one might assume. In fact, at its very beginning in the late 1990s, it was the brainchild of a government entity, the U.S. Naval Research Laboratory (NRL).
The NRL’s main goal was to cloak their online presence, effectively protecting their clandestine communications online while also anonymously monitoring the world market and getting access to hidden data without a trace. The software development stage went by the name The Onion Routing Project and resulted in the creation of Tor (The Onion Router).
Whether you’d call these beginnings “innocent” or not, to be sure, the NRL never anticipated their creation to morph into the toxic netherworld it is today. During the late 1990s and early 2000s, the software was for government use only, but in 2004, it was open-sourced and went public, effectively creating an anonymous web browser for anyone and everyone to use.
What Is Tor?
Tor or The Onion Router is the software program used by the dark web. Normally, when you surf the web, you can be traced wherever you go because you always have an IP address trailing your clicks and searches.
Tor facilitates an Internet browser that messes with your device’s IP address, effectively enabling you to travel around the Internet anonymously. It does this by bouncing your IP address to a multitude of diverse locations. As a result, if someone were to attempt to track your site visits when you were using Tor, it would be an impossible challenge to pinpoint your exact location. For Tor to work, individuals from around the world “donate” their Internet browsing devices (computers, tablets, etc.) so that the bouncing IP addresses have more places to land.
So, the Dark Web Provides Anonymity and Privacy – How Does That Put My Business at Risk?
While Tor and the dark web can be used for good (namely, identity protection, which is often beneficial to whistleblowers or journalists, for example), it can also protect criminals. And it does protect criminals — lots of them.
Cybercrime is the number one thing going on on the dark web, and unless you have good reason to require the benefits of The Onion Router, the dark web is definitely not a place you want to find your information. This is what we mean by being wary of your business getting mixed up with the dark web.
There are numerous threats that the dark web poses to businesses of various sizes, industries, and backgrounds. This is where cybercriminals can learn how to obtain information such as access codes and passwords, credit card information, gift card information, customer data, and more. It’s also where they can sell such information to third parties who can then do with it what they please.
In other words, you should want to know the moment your company name, address, or other company-related information is noticed on the dark web because what happens next is bound to be bad.
How Can Businesses Protect Themselves From the Dark Web?
Essentially, you can protect your business from the dark web by doing two things: Ensuring a strong setup of cyber privacy practices (hiring a cybersecurity-savvy IT company) and monitoring the dark web so that you’re notified the moment your information is found there.
The latter can be a part of the services you outsource to your IT company because actual dark web monitoring involves getting dark web access and knowing how to accumulate, parse, normalize, validate, refine, and enrich what you acquire. If you don’t know how to do that yourself, professionals can come to your aid.
While the dark web may be a place that helps good journalists and few others stay hidden and anonymous, it’s predominantly a place of crime and misdeeds. Keep your business safe from the dark web by knowing the risks and taking the appropriate precautions.
by Felicien | Jul 3, 2019 | Education
Buying a company is no small undertaking, even if the company is considered “small” by industry standards. Due diligence is a huge part of the process. Anyone considering purchasing business must review a whole host of issues with the company to ensure that they are making a good decision. Things like accounts receivable, market position, and vendor relationships should all be considered, just to name a few.
Potential buyers sometimes get so caught up in the financial side of purchasing a business that they may overlook a company’s technology, including their cybersecurity and related issues. Sometimes a business’s technology can end up having a huge impact on whether it will be viable moving forward.
5 Must-Ask Questions Regarding Cybersecurity When Purchasing a Business
There is a tendency to avoid taking an in-depth look at cybersecurity when purchasing a company because threats vary so significantly over time. In fact, something that was not a threat the day that negotiations began may be a serious concern on the date of the sale. It is tempting to just review cybersecurity after the fact because of these unique challenges. However, there should at least be some investigation into potential problem areas with cybersecurity long before the sale.
Below are a few questions to consider while working through the due diligence process.
What are the company’s significant digital assets?
Digital assets are sometimes overlooked not only in terms of value for a company but also for security purposes. Knowing what potential assets need protection, how important they are to the company, and the ramifications, if that information is released to others, is an essential first step in assessing cybersecurity risk.
Has the company been a victim of previous breaches?
Data breaches can result in serious problems with a company’s reputation and revenue stream. However, they can also signify a bigger security problem as well. Ask whether there have been any breaches and how they were addressed or corrected.
Can the company bounce back after a cyber attack?
Some companies are so dependent on their technology that a breach could result in a complete failure of the business. Consider what a security breach will do a company from a variety of angles—from small, minor breaches, to serious breaches that affect virtually every aspect of the business. Is there a way to stop breaches once they start? What protocols are in place to deal with a breach?
Is the business compliant with industry-standard cybersecurity?
Every industry has its own requirements or minimum standards for security. A financial business, for example, is likely going to have higher standards than the average manufacturing company. Is the company following at least the lowest benchmarks? Are there legal compliance requirements that must be met? If there is some misalignment with requirements, what are the consequences of failing to comply? How difficult will it be to change the company to ensure that it complies?
What policies are in place or what software is used regarding cybersecurity?
Some companies, especially smaller ones, do not have much of anything implemented in the way of security. They may have a simple virus protection program, for example, when they should be using higher level encryption. Take an inventory of everything that is used within the business and have it reviewed by a professional who knows the types of security that this type of company should really have in place—do not assume that the previous owner was doing things correctly.
One of the Biggest Threats: Employees and Cybersecurity
Perhaps one of the most significant threats to cybersecurity are actually the employees within a company. In fact, employee negligence is one of the biggest cybersecurity risks for many companies.
All of the protocols and tools in the world cannot protect against employees who do not care or are not adequately trained on protocols regarding cybersecurity. A company’s culture regarding cybersecurity and willingness to make changes is a huge part of whether a company can adapt to operate safely in the future.
Surveying current employees regarding their willingness to make changes and their current standards can go a long way in understanding several things, including:
What current policies and procedures are in place
What training they have done or are required to do as a part of their employment
Whether employees are following those procedures (or even know about them)
Whether employees will be willing to make changes to increase security down the road
Resistance to change requires more than just purchasing software—it requires leadership and training that can take a significant amount of time and effort.
by Felicien | Jul 3, 2019 | Education
Got Your Sparklers Handy?
The Fourth of July falls on a Thursday this year, but we aren’t letting the fact that it’s a weekday stop us from celebrating.
Of course, just because it’s a holiday, that doesn’t mean you’ll have to make do without us. You’ll be able to reach us at {phone} if any technical issues arise, and our on-call technicians will be more than happy to resolve those issues for you.
by Felicien | Jul 2, 2019 | Education
Your small business needs a cybersecurity strategy, but beyond that, it also needs security awareness training. These two areas are not one and the same. There are important, distinct differences.
The Importance of a Cyber Security Strategy
First, let’s talk about cybersecurity in general. By now you likely understand the importance of cybersecurity for your small business. If not, here’s a brief overview. Joe Galvin, chief research officer for Vistage, writes over at Inc. on some of his firm’s recent research. 62% of small and medium firms admit to having an out-of-date, inactive, or nonexistent cybersecurity strategy.
This is highly problematic, he says, because small and medium businesses are huge targets for cybercriminals. These companies tend to have weaker security and less skilled security personnel (if they have any security personnel) than larger companies do. Yet they often store huge treasure troves of valuable data, like credit card numbers and other personally identifiable information.
Cybercriminals see this as a win-win. Security is lower and easier to beat, and the data available is often just as valuable as what they could get going after a bigger company.
Further, the stakes are so much higher than just a momentary loss of productivity. Many firms that undergo a cyber attack never recover and are out of business within a year.
Clearly, cybersecurity is of utmost importance for small businesses like yours.
The Importance of Security Awareness
Cybersecurity is important, yes. However, the best, most robust, most secure cybersecurity plan won’t protect you from your most dangerous threat: your own employees. That’s a blunt and surprising statement, but bear with us.
You need to be protected against traditional, “movie style” hacking, where bad actors infiltrate your systems from some faraway location. That is a real thing, certainly (though we can’t say it looks anything like it does on TV). It’s just not as common (or as easy to do) as the movies suggest.
In the real world, most of the cyber threats you’ll encounter don’t look like the movies. Instead, they look more like phishing and social engineering. That’s where security awareness training comes in.
What’s the Difference?
We’re arguing that both a cybersecurity strategy and security awareness training are essential for your small business. In case it’s not clear yet quite what the difference is between the two, we’ll restate it this way. Security awareness training handles the human component, while your cybersecurity strategy covers the digital component. Both are important, but they follow very different processes.
What Security Awareness Training Looks Like
Security awareness training can take a few different forms. Some security awareness training is done online. Your employees read materials or watch static videos, then they take assessments to gauge what they have learned.
The convenience factor with this method is nice: employees can work at their own pace and at any time of the workday. There are some trade-offs with this method, too. The training can be a bit stuffy, and it’s not interactive. If employees need help or clarification, it’s hard to get it. Hands-on learners may struggle with this method, too.
Some companies also offer a hybrid approach, where static courses are combined with live webinar-style classes. Some employees will benefit from the immediacy of a live teacher, but the trade-off there is that all employees must be present at the same time.
Some companies also offer live, on-site instruction, either as a standalone or as a premium add-on to their basic package. This can be a great option for single-location organizations.
Available Courses
A firm that specializes in security awareness training won’t take a one-size-fits-all approach. As your organization grows in complexity, varying business areas may need differing instruction. Certainly, some fields have specific, unique needs, too. Organizations that work in the health care orbit will have HIPAA rules to contend with, while those in education or finance will have their own.
Some firms offer 50 or more different courses as a part of their security awareness training protocols. Make sure that the providers you consider have courses that fit the needs of your business and industry.
Cost of Security Awareness Training
The cost of security awareness training varies based on many factors. The number of users receiving training is often the starting point. $1000 per year for an organization with 50 employees is a common starting point, but understand that program customizations and add-ons can increase this figure.
Other factors influencing costs include industry requirements, languages needed, and whether certification is desired. The number of courses each user takes may also affect cost.
Ask the providers that you are considering for a custom quote that breaks down the costs you can expect to see and which services those costs are associated with.
Conclusion
Having a cyber security plan and providing security awareness training are two vital components to your business’s digital security strategy. If you’re ready to explore what security awareness training should look like in your business, contact us today.
by Felicien | Jul 2, 2019 | Education
Social media is an incredible chance for your brand to interact directly with your audience and grow it even further. If you’re not able to manage your social media marketing properly however, you’ll simply waste time and resources, or worse, actually harm your brand’s reputation. Here are five key social media marketing mistakes that your business must avoid at all costs:
1. Discussing Hot-Button Topics
Some topics, especially political and religious ones, are simply not worth bringing up. This is especially true in today’s divisive political environment. You’ll end up dividing your audience and perhaps even bringing negative attention onto your brand. It’s better to avoid these issues altogether and playing it a bit safer with your choice of topics.
2. Winging It
Social media marketing is the same as any other digital marketing strategy. You need to know what you want to get from it. If you don’t have specific goals for your social media strategies, you’ll never know exactly what to do or when they’re successful. Take the time to think about what you really want from each social media platform, and brainstorm about what you must do to get there.
3. Posting For the Sake of It
Research has found that the number of social media posts you need to be making on a daily and weekly basis is quite frequent in order to truly engage with and grow your audience. On Twitter, for example, you may need to Tweet up to 15 times per day. However, this doesn’t mean that you need to simply fire out meaningless Tweets all day to keep your numbers up. Each post needs to be meaningful and engaging. If you’re just posting low-quality content over and over again to meet a minimum criteria, your audience is going to see through it and will most likely unsubscribe. It’s important to post frequently, but only as often as you have something important to say. You cannot forego quality for the sake of quantity.
4. Treating All Platforms the Same
It’s likely that you have a presence on a wide variety of social media platforms. At the very least, Facebook and Twitter, and then probably a couple out of Snapchat, Instagram, YouTube, Pinterest, etc. The problem is when you treat all social media platforms the same. The average audience on Facebook and Twitter are much different. People use Instagram differently than they use Pinterest. If you want to truly thrive on social media, you need to understand each platform and what your audience is looking for on it. If you’re struggling to do that, you may want to focus on establishing a strong presence on just one or two platforms at a time.
5. Ignoring Negative Activity
It’s critical that you don’t get defensive on social media, but you cannot simply let negative feedback go unanswered. Not only does it further harm the relationship between you and the individual complaining, but it also adds some legitimacy to the complaint for everybody else to see. After all, if you had a reasonable response to the complaint, why wouldn’t your company voice it? Make sure that you have dedicated customer service resources handling your social media comments in a professional, expedient manner.
By avoiding the key social media marketing mistakes listed above, your business will be in a great position to not only survive on social media platforms, but thrive on them. Your audience will be engaged and energized, and you’ll reach more people than you ever thought possible!
