by Felicien | Jul 3, 2019 | Education
Buying a company is no small undertaking, even if the company is considered “small” by industry standards. Due diligence is a huge part of the process. Anyone considering purchasing business must review a whole host of issues with the company to ensure that they are making a good decision. Things like accounts receivable, market position, and vendor relationships should all be considered, just to name a few.
Potential buyers sometimes get so caught up in the financial side of purchasing a business that they may overlook a company’s technology, including their cybersecurity and related issues. Sometimes a business’s technology can end up having a huge impact on whether it will be viable moving forward.
5 Must-Ask Questions Regarding Cybersecurity When Purchasing a Business
There is a tendency to avoid taking an in-depth look at cybersecurity when purchasing a company because threats vary so significantly over time. In fact, something that was not a threat the day that negotiations began may be a serious concern on the date of the sale. It is tempting to just review cybersecurity after the fact because of these unique challenges. However, there should at least be some investigation into potential problem areas with cybersecurity long before the sale.
Below are a few questions to consider while working through the due diligence process.
What are the company’s significant digital assets?
Digital assets are sometimes overlooked not only in terms of value for a company but also for security purposes. Knowing what potential assets need protection, how important they are to the company, and the ramifications, if that information is released to others, is an essential first step in assessing cybersecurity risk.
Has the company been a victim of previous breaches?
Data breaches can result in serious problems with a company’s reputation and revenue stream. However, they can also signify a bigger security problem as well. Ask whether there have been any breaches and how they were addressed or corrected.
Can the company bounce back after a cyber attack?
Some companies are so dependent on their technology that a breach could result in a complete failure of the business. Consider what a security breach will do a company from a variety of angles—from small, minor breaches, to serious breaches that affect virtually every aspect of the business. Is there a way to stop breaches once they start? What protocols are in place to deal with a breach?
Is the business compliant with industry-standard cybersecurity?
Every industry has its own requirements or minimum standards for security. A financial business, for example, is likely going to have higher standards than the average manufacturing company. Is the company following at least the lowest benchmarks? Are there legal compliance requirements that must be met? If there is some misalignment with requirements, what are the consequences of failing to comply? How difficult will it be to change the company to ensure that it complies?
What policies are in place or what software is used regarding cybersecurity?
Some companies, especially smaller ones, do not have much of anything implemented in the way of security. They may have a simple virus protection program, for example, when they should be using higher level encryption. Take an inventory of everything that is used within the business and have it reviewed by a professional who knows the types of security that this type of company should really have in place—do not assume that the previous owner was doing things correctly.
One of the Biggest Threats: Employees and Cybersecurity
Perhaps one of the most significant threats to cybersecurity are actually the employees within a company. In fact, employee negligence is one of the biggest cybersecurity risks for many companies.
All of the protocols and tools in the world cannot protect against employees who do not care or are not adequately trained on protocols regarding cybersecurity. A company’s culture regarding cybersecurity and willingness to make changes is a huge part of whether a company can adapt to operate safely in the future.
Surveying current employees regarding their willingness to make changes and their current standards can go a long way in understanding several things, including:
What current policies and procedures are in place
What training they have done or are required to do as a part of their employment
Whether employees are following those procedures (or even know about them)
Whether employees will be willing to make changes to increase security down the road
Resistance to change requires more than just purchasing software—it requires leadership and training that can take a significant amount of time and effort.
by Felicien | Jul 3, 2019 | Education
Got Your Sparklers Handy?
The Fourth of July falls on a Thursday this year, but we aren’t letting the fact that it’s a weekday stop us from celebrating.
Of course, just because it’s a holiday, that doesn’t mean you’ll have to make do without us. You’ll be able to reach us at {phone} if any technical issues arise, and our on-call technicians will be more than happy to resolve those issues for you.
by Felicien | Jul 2, 2019 | Education
Your small business needs a cybersecurity strategy, but beyond that, it also needs security awareness training. These two areas are not one and the same. There are important, distinct differences.
The Importance of a Cyber Security Strategy
First, let’s talk about cybersecurity in general. By now you likely understand the importance of cybersecurity for your small business. If not, here’s a brief overview. Joe Galvin, chief research officer for Vistage, writes over at Inc. on some of his firm’s recent research. 62% of small and medium firms admit to having an out-of-date, inactive, or nonexistent cybersecurity strategy.
This is highly problematic, he says, because small and medium businesses are huge targets for cybercriminals. These companies tend to have weaker security and less skilled security personnel (if they have any security personnel) than larger companies do. Yet they often store huge treasure troves of valuable data, like credit card numbers and other personally identifiable information.
Cybercriminals see this as a win-win. Security is lower and easier to beat, and the data available is often just as valuable as what they could get going after a bigger company.
Further, the stakes are so much higher than just a momentary loss of productivity. Many firms that undergo a cyber attack never recover and are out of business within a year.
Clearly, cybersecurity is of utmost importance for small businesses like yours.
The Importance of Security Awareness
Cybersecurity is important, yes. However, the best, most robust, most secure cybersecurity plan won’t protect you from your most dangerous threat: your own employees. That’s a blunt and surprising statement, but bear with us.
You need to be protected against traditional, “movie style” hacking, where bad actors infiltrate your systems from some faraway location. That is a real thing, certainly (though we can’t say it looks anything like it does on TV). It’s just not as common (or as easy to do) as the movies suggest.
In the real world, most of the cyber threats you’ll encounter don’t look like the movies. Instead, they look more like phishing and social engineering. That’s where security awareness training comes in.
What’s the Difference?
We’re arguing that both a cybersecurity strategy and security awareness training are essential for your small business. In case it’s not clear yet quite what the difference is between the two, we’ll restate it this way. Security awareness training handles the human component, while your cybersecurity strategy covers the digital component. Both are important, but they follow very different processes.
What Security Awareness Training Looks Like
Security awareness training can take a few different forms. Some security awareness training is done online. Your employees read materials or watch static videos, then they take assessments to gauge what they have learned.
The convenience factor with this method is nice: employees can work at their own pace and at any time of the workday. There are some trade-offs with this method, too. The training can be a bit stuffy, and it’s not interactive. If employees need help or clarification, it’s hard to get it. Hands-on learners may struggle with this method, too.
Some companies also offer a hybrid approach, where static courses are combined with live webinar-style classes. Some employees will benefit from the immediacy of a live teacher, but the trade-off there is that all employees must be present at the same time.
Some companies also offer live, on-site instruction, either as a standalone or as a premium add-on to their basic package. This can be a great option for single-location organizations.
Available Courses
A firm that specializes in security awareness training won’t take a one-size-fits-all approach. As your organization grows in complexity, varying business areas may need differing instruction. Certainly, some fields have specific, unique needs, too. Organizations that work in the health care orbit will have HIPAA rules to contend with, while those in education or finance will have their own.
Some firms offer 50 or more different courses as a part of their security awareness training protocols. Make sure that the providers you consider have courses that fit the needs of your business and industry.
Cost of Security Awareness Training
The cost of security awareness training varies based on many factors. The number of users receiving training is often the starting point. $1000 per year for an organization with 50 employees is a common starting point, but understand that program customizations and add-ons can increase this figure.
Other factors influencing costs include industry requirements, languages needed, and whether certification is desired. The number of courses each user takes may also affect cost.
Ask the providers that you are considering for a custom quote that breaks down the costs you can expect to see and which services those costs are associated with.
Conclusion
Having a cyber security plan and providing security awareness training are two vital components to your business’s digital security strategy. If you’re ready to explore what security awareness training should look like in your business, contact us today.
by Felicien | Jul 2, 2019 | Education
Social media is an incredible chance for your brand to interact directly with your audience and grow it even further. If you’re not able to manage your social media marketing properly however, you’ll simply waste time and resources, or worse, actually harm your brand’s reputation. Here are five key social media marketing mistakes that your business must avoid at all costs:
1. Discussing Hot-Button Topics
Some topics, especially political and religious ones, are simply not worth bringing up. This is especially true in today’s divisive political environment. You’ll end up dividing your audience and perhaps even bringing negative attention onto your brand. It’s better to avoid these issues altogether and playing it a bit safer with your choice of topics.
2. Winging It
Social media marketing is the same as any other digital marketing strategy. You need to know what you want to get from it. If you don’t have specific goals for your social media strategies, you’ll never know exactly what to do or when they’re successful. Take the time to think about what you really want from each social media platform, and brainstorm about what you must do to get there.
3. Posting For the Sake of It
Research has found that the number of social media posts you need to be making on a daily and weekly basis is quite frequent in order to truly engage with and grow your audience. On Twitter, for example, you may need to Tweet up to 15 times per day. However, this doesn’t mean that you need to simply fire out meaningless Tweets all day to keep your numbers up. Each post needs to be meaningful and engaging. If you’re just posting low-quality content over and over again to meet a minimum criteria, your audience is going to see through it and will most likely unsubscribe. It’s important to post frequently, but only as often as you have something important to say. You cannot forego quality for the sake of quantity.
4. Treating All Platforms the Same
It’s likely that you have a presence on a wide variety of social media platforms. At the very least, Facebook and Twitter, and then probably a couple out of Snapchat, Instagram, YouTube, Pinterest, etc. The problem is when you treat all social media platforms the same. The average audience on Facebook and Twitter are much different. People use Instagram differently than they use Pinterest. If you want to truly thrive on social media, you need to understand each platform and what your audience is looking for on it. If you’re struggling to do that, you may want to focus on establishing a strong presence on just one or two platforms at a time.
5. Ignoring Negative Activity
It’s critical that you don’t get defensive on social media, but you cannot simply let negative feedback go unanswered. Not only does it further harm the relationship between you and the individual complaining, but it also adds some legitimacy to the complaint for everybody else to see. After all, if you had a reasonable response to the complaint, why wouldn’t your company voice it? Make sure that you have dedicated customer service resources handling your social media comments in a professional, expedient manner.
By avoiding the key social media marketing mistakes listed above, your business will be in a great position to not only survive on social media platforms, but thrive on them. Your audience will be engaged and energized, and you’ll reach more people than you ever thought possible!
by Felicien | Jul 2, 2019 | Education
As in so many areas, Canada is now pushing to make the online world a more equitable one. It also wants Canadians to have their privacy online instead of having their information sold by whoever can get ahold of it. The use of the data that companies do collect about you is now being regulated by the expanded Canadian Digital Charter. Here’s how it seeks to create a better experience for Canadians.
Technology in Canadian Ecommerce
Using up-to-date technology is increasingly a part of daily life, and innovators who don’t have it will be left behind by those who do. Canada’s Digital Charter is a way to protect Canadians from some of the ways their data could be used as well as to make it easier for everyone in the country to have internet access. E-commerce is a larger and larger portion of the economy all over the Western world, and Canada would fall behind this march to the future if Canadians had trouble getting online and feared for their very privacy if they were to do so.
Canadian Access to Internet Connectivity
With so much of the world now online, keeping Canadians able to connect is a key factor in keeping them competitive. Part of the Canadian Digital Charter is to give universal access to all Canadians, no matter where they live or how much they know about computer use. The charter seeks to ensure that every Canadian is not only offered connectivity but is given the computer literacy they need to be able to use one. In addition, the charter rolls out a new standard for safety online. With so many new internet users about to join the online sphere, the government is focused on making sure they don’t get taken advantage of, threatened or targeted with scams. To help create a better atmosphere of safety, the government plans to put multiple laws in place to deliver punishments for breaking cyber-safety laws.
Data Privacy Compliance in Canada
The charter further calls for every online user in Canada to have their privacy protected by the sites they use. If a company wants to use their personal data for any reason, the internet user should know exactly what it will be used for and must consent to share it for that purpose. In addition, Canadians are declared to be free to see their own personal data as well as to move it or share it easily. Websites that have Canadian visitors must comply with these privacy laws in order to stay compliant and available to online users in Canada. Clear, open disclosure of data collection, usage and storage will be needed to maintain that compliance.
Free Speech Online for Canada
As in most countries, free speech is not an absolute right in Canada. The charter spells out the kind of speech that Canadians shouldn’t have to come across online. These include hate speech, threats, extreme views advocating violence and content that is otherwise illegal. The government also seeks to keep false news stories away from readers who may not realize that what they’re reading isn’t factual. Keeping Canadians safe from these problems is considered a right that Canadians have in order to create a better online experience and to encourage more people to use the internet to make their lives easier.
With this charter, Canada is expected to become more competitive on a global scale. Unburdened by false news stories and hate speech, the government hopes that the online atmosphere will be more conducive to Canadian innovation.
by Felicien | Jul 2, 2019 | Education
Cybersecurity incorporates a number of technologies to safeguard digital data. Threats come from unauthorized access and internal missteps lead to increased risks that hackers take advantage of. Healthcare is increasingly the target of cybercriminals as bad actors learn how to successfully target unguarded or insufficiently guarded data. This includes data sharing, digital health records and medical devices that send data to hospital systems without protecting the data in transit.
Health informatics makes the process more efficient. The threat of cyber attacks makes technology less reliable than it would otherwise be. At the same time, healthcare professionals rely on technology to retrieve, send and share healthcare data. Due to various cyber threats, every organization needs to invest in solutions that keep data secure without compromising access to technology for those fighting to save lives.
How Has the Digital Revolution Changed Healthcare?
Not too long ago, doctors had to limit their time with patients due to a mountain of complicated paperwork. The digital revolution has helped solve that problem. With fewer handwritten notes and more direct entry into electronic patient files, paperwork and the amount of time devoted to it have decreased dramatically.
This is a crucial advancement as the global population soars and the number of healthcare data becomes more difficult to secure. Cybersecurity in healthcare needs to secure the network and database without slowing down the process of providing efficient care.
Does Cybersecurity in Healthcare Save Money?
Cybersecurity saves millions of dollars in the healthcare industry. The industry has grown rapidly in the last two decades. Now, healthcare providers deal with many more patients in an 8-hour shift than they used to in a 12-hour one. This is largely due to the reduced paper trail made possible by digital technology.
With cloud-based computing, providers can share information with patients, colleagues and other departments in seconds. At the same time, safely storing and accessing patient data is also much easier.
How Important Is Cybersecurity to Patients?
Patients have the biggest stake in cybersecurity. After all, it’s their data and privacy that are at risk — and possibly their health. Hackers leak private information on the dark web, where it may be picked up to commit identity theft, Medicare fraud, and other crimes. Advanced cybersecurity allows medical professionals to ensure privacy and peace of mind for their patients. This also prevents legal issues related to hacked patient data.
Healthcare practices are at a disadvantage due to the many endpoints in the system, including the Internet of Things (IoT) devices that feed data into the network from various endpoints. Specifically, tablets introduce vulnerability because they hold patient health records or are used to access them. No matter how much administrators shore up the network, it only takes one outdated device to open the healthcare provider up to an attack.
What’s the Cost of Leaked Patient Data?
Healthcare providers need to protect their practice as well as those they serve. This requires robust cybersecurity that prevents the leaking of patient data. When information is leaked, legal costs can skyrocket and even bankrupt a practice or provider.
What Improvements Need to Be Made?
Healthcare organizations can take the following steps to secure their data:
Patch systems based on the recommendations of system and application vendors
Open only required ports
Scan systems to identify vulnerabilities
Prioritize system vulnerabilities based on risk severity
Enable SSL certificates and test to ensure they’re working as expected
