Posts

11 ways business owners can keep an eye on their IT

There are two critical mistakes that I see business owners and executives make when it comes to their company’s information technology, both of which can cripple a thriving business in the matter of minutes.

Mistake #1- Thinking a data security breach or system failure can’t happen to you. It can, it does, and if you let your guard down, it will. We see data breaches happen to small and medium size businesses every month, and business owners or CEOs all say the same thing—”we didn’t think it could happen to us.”

Mistake #2- Assuming that everything is set up properly, up-to-date, or that your employees are following the rules. It’s imperative that you are familiar with your IT so that you can make sure everything is in place and working the way it should. It’s just as important to educate your employees on best practices so they don’t do anything to jeopardize your network’s security.

Below are 11 critical IT components that you need to be sure are in place and working properly.

  1. Backups: Be certain your backups are doing their jobs. Know how to test them and be an active part of the process. This exercise will show you how long it would take to recover.
  2. Incidence Response: If there were to be a breach where is it most likely to occur? How will you recover? Who will it affect (which business operation(s)? How much downtime/data loss are you looking at? Is the sensitive data of your customers at risk? If their data is compromised what will you need to communicate? Will you need a layer? Will law enforcement be involved?
  3. Sensitive Data: What kind of data does your company store? Where is it stored? Is remote sharing like Dropbox™ allowed? Is it controlled, or is data being shared over hundreds of personal accounts?
  4. Licensing: Is all your software licensed? Compare agreements to all user accounts.
  5. Inactive users: Make sure inactive users are disabled and not continuously logged on. Make sure to review this periodically
  6. Permissions: Make sure users only have permission to access the data critical for their jobs. Review this periodically as well.
  7. Be Proactive: What steps are you taking to be proactive in ensuring a breach or data loss doesn’t occur? Are you providing user-awareness training? Do you use MultiFactor Authentication for all remote applications (e.g., VPNs, Office365, SalesForce, all web logins, etc).
  8. Patch Reporting: Make sure to receive and review all patch management reports. These will show the machines that have been updated monthly.
  9. Vulnerability reports: Review these at least monthly to assess vulnerabilities in your network and find resolutions.
  10. Review elevated credentials: Ensure only appropriate people have elevated credentials and that they don’t log into these account 24/7/365. Elevated permissions are for making changes only; not for everyday logins.
  11. Engage a 3rd party to do a best practice audit: This is not to question or discredit your IT team, but simply to get additional sets of eyes on your systems. IT systems can almost always be improved but there are costs involved. IT managers will often let items go after being told “no.” You can also think of a 3rd party audit as a proofreader for your network. Great writers never proof their own work. Why? Because it’s extremely difficult to catch your own mistakes.

If you have questions or are interested in having a professional team of experts “get eyes” on your IT, give me a call directly at (330) 572-7526 x 1001 or email me at pat@pcrbusiness.com.

Pat Carroll_PCR Business Systems

Pat Carroll
President, PCR Business Systems

PCR Business Systems is the leading technology solutions provider for small and medium size businesses in Northeast Ohio. We are currently offering a free Network & Data Security Check-up for area businesses who want to be certain their network is set up and working properly.

In-House or Outsourced IT: what’s right for your business?

PCR Business Systems provides outsourced IT services for business that don’t have their own IT department. Each of the businesses we work with find that outsourcing their IT is more cost-effective and also more comprehensive as we have an entire team of dedicated professionals (and the most current IT tools) to help manage their IT.

Yet even though our business focuses on providing outsourced IT, that doesn’t mean that outsourced IT is right for everyone. Some businesses may find that having their own in-house IT department makes more sense for their them.

We’ve created this questionnaire to answer that question for you—what’s right for your business, in-house or outsourced IT? These 11 questions will provide you with an unbiased opinion of what we think will work best for your business at this time.

Click here to begin

Best Practice Approach to Data Security

Below is a summary of the presentation given by PCR Business Systems president, Pat Carroll, at the 2019 Day Ketterer CyberSecurity Seminar. For more information on protecting your business from cyber attacks, or if you have any doubts about your network security you can contact Pat directly at pat@pcrbusiness.com or (330) 572-7526 x 1001.

PCR is also offering Northeast Ohio businesses a free network security audit to make sure you have the proper cybersecurity measures in place. Remember, it’s much easier to prevent a cyber attack than it is to recover from one.


Simple things that companies can do to guard against cyber attacks. These items need to be in place before anything else:

  • Centrally controlled, monitored Antivirus
  • Device control with routine patching – not just Windows, all programs – java, adobe etc
  • Unique user IDs with central control
  • Modern Backup – no tapes

Preventative measures that all companies need to implement:

  • No users with admin rights to computers
  • No elevated permissions logging in for normal computer use – domain admin or 365 admin etc
  • User awareness training – people are the easy target
  • Best in class, properly configured email security – .js, .exe, .zip should never get through
  • Multifactor authentication on all web facing logins – Office365 is a must

Know your risks and review at least annually:

  • Where is sensitive data stored?
  • Typical – PII, EHI
  • Trade Secrets
  • Non-Typical

In addition, schedule periodic reviews of accounts, permissions and don’t allow access if it is not needed.

Know how an attacker is most likely to strike:

  • Use information
  • Trick users to send money
  • Demand a ransom
  • Expose your information?

You have been attacked, what will save you?

Properly configured backup

  • Test it
  • Attack it – test permissions, try to get to it

Properly configured firewall

UTM FEATURES

  • Intrusion Detection with alerting configured
  • IP Reputation
  • Content Filtering
  • Look for suspicious activity leaving the network

Misc:

  • Banking – Know your exposure. Consider Positive Pay on checks and ACH
  • Cyber Liability Insurance
  • Be careful on the questions they require
  • Know what they won’t cover

 

 

 

Pat Carroll 

pat@pcrbusiness.com  (330) 572-7526 x 1001

 

 

Network Security Risk Assessment

Is your business at risk for a Cyber Security Attack?

Our questionnaire will assess your Cyber Security risks and help prevent attacks from ever occurring.

Prevention… In the NFL, it’s a defensive scheme designed to guard against the big play. Except, it seems every time I watch a team go into the prevent defense the opponent drives down the field in a matter of seconds and kicks the game-winning field goal.

Maybe I’ve watched too many Browns games over the years, but this conservative approach to winning always seems to end poorly. I like a coach who goes after the quarterback when the game is on the line—a coach who brings the heat and always keeps the offense off-balance.

I feel the same way about defending against hackers. As soon as you relax your cyber security defense, hackers will find a way to attack where you’re most vulnerable.

 

Free Cyber Security Assessment for Small Businesses

Prevention is key to preventing a cyber attack, but it’s not as simple as putting a few security measures in place to guard against the big attack. You must have a proactive prevention plan in place, you must stay up-to-date on the latest cyber security risks, and you must keep the pressure on hackers by constantly updating and monitoring your network to let them know not to mess with your business.

As we’ve written about in our Cyber Crime Files, cyber attacks can happen to any size business. That includes yours.

So what can you do to actively prevent a cyber attack? You can start by taking this cyber security network assessment to see if your business is prepared.

We designed this high-level cyber security assessment exclusively for small businesses owners so that you can assess your cyber security risks and conclude if you have the proper preventative measures in place.

We hope you find value in our cyber security assessment. If you have any questions please feel free to reach out and we’ll be happy to help your business set up the best defense against cyber criminals.

Should you allow employees to check social media at work?

Here are 4 reasons why we think you should!

Several studies have been conducted on the amount of time employees “waste” on social media at work. One study estimates that over $15 billion in productivity is lost annually due to workers flipping through Instagram photos or browsing Facebook updates while on the job. Additional research concludes that employees between the ages of 18-34 spend 70 minutes EACH DAY on their mobile devices!

These numbers are downright alarming to a small business owner.

But do these studies mean you should rush out and purchase the latest software to monitor and regulate your employees’ social media habits? We say “not so fast.” There are other factors to consider before pulling the plug on social media in the workplace. In fact, we’ve found that you can use the time your employees spend on social platforms to actually promote your company. You just need to offer a little guidance on how it should be done.

Here are 4 reasons why we think it’s wise to allow your employees to check social media at work.

1). They’re Going To Do It Anyway

Let’s be honest, for many of us browsing social media has become a part of our daily lives. We wake up, hop in the shower, have a cup of coffee, and click on our favorite social app to see if we have any important updates.

If we went all day without checking social feeds our heads would likely explode. Employees need their fix so that their minds aren’t distracted thinking about all they’re missing. Give them a few minutes a day of “free time” to log on and see what’s happening in their digital worlds. But encourage them to be brief.  Having an open dialogue with your employees about social media at work can go a long way in boosting employee morale.

2). Create Brand Ambassadors

Most small businesses do not have large marketing budgets. So why not allow your employees to promote your business for you? According to Shannon Gausepohl, “content shared by employees gets eight times more engagement, on average, than content shared by brand channels- and is re-shared 25 times more frequently.”

That’s because posts shared by personal accounts often reach a higher percentage of people than messages shared on your business page. Furthermore, people tend to respond better towards personal endorsements than they do sales pitches from companies.

Just be sure to coach your employees on what they should and should not post to prevent sensitive company data and private information from being shared. (Read more about having the proper social media privacy policy in place).

3). Recruit New Talent

Employee-oriented platforms such as LinkedIn offer valuable personal networking assets not only for people searching for jobs, but also for companies looking to hire the right employees. Social media platforms allow you to reach a large audience through your job postings and can also help you zero in on specific candidates.

Your employees are likely already networking with like-minded professionals in their similar fields. So if you’re looking to hire a new outside salesperson, for example, look no further than your current outside sales team and their social media connections. Your employees already know the right people to recruit through their online social interactions with peers at other businesses.

4). Focus On Your Own Work

Trying to monitor the time your employees spend on social media at work can being expensive and tedious. Your time is much better spent growing your business and building your client base than babysitting your staff’s online behavior.

By putting the proper social media privacy policies in place, coaching your team on what they should and should not post, and giving them a little leniency when it comes to allowing them to spend a few minutes seeing what their friends are up to, you’ll have more time to dedicate to running your business.

For more small business tips please check out the PCR Business Systems blog.

Business Continuity For Small Businesses

What is your plan if your business gets hit by a natural disaster? Now what about if your network gets shut down because of a data breach? The recovery process can be very stressful, expensive, and may leave your operation out of commission for extended lengths of time. On top of that, you’ll need to worry about supporting your employees and serving your customers. These hiccups pose a lot of uncertainty, which can be a nightmare for young business owners and entrepreneurs to deal with. These are just some small factors that show why it’s important to establish a business continuity plan.

Whether you are dealing with the attacks of a natural disaster or a cyber attack, a business continuity strategy will be a solution that will help pull you out of the dark. Business continuity management (BCM) is a practice that expands on the efforts of your disaster recovery strategies. While your business is dealing with a crisis, data backup support will be streamlined so you can focus on getting your operation up to speed again. This is a great way to preserve the lifeblood of your organization so you can get back to doing what’s most important – serving your customers.

If you are still on the fence about establishing a BCM plan, then there are several factors that might put things into clear perspective. These are some of the key reasons why it’s best for businesses to define business continuity strategies in the early stages:

Millions Of Threats Are Always On The Horizon

Unfortunately, your network is always at risk. There are millions of cyber dangers swirling around the world wide web. Disaster can strike at any moment, from nearly any angle. Just one malware virus can yield enough power to wipe away your entire network. When it comes to business continuity, you can never be too cautious. Even if you have the strongest layers of firewall protection and a stable disaster recovery plan in place, business continuity is a surefire way to keep the business process of your operation running smoothly.

Any Downtime Can Be Extremely Costly

If your network takes a hit, then you may need to take some time to evaluate what to do next. Unfortunately, any downtime will keep you from running a productive operation. This can prevent you from serving customers, which will ultimately keep you from generating revenue. What’s even worse is that you’ll probably have to make expensive purchases on repairs and maintenance. This can rack up the costs and lead to failed business opportunities.

Data Backup and Disaster Recovery Is Not Enough

Risk management is about much more than just restoring your data. It’s about keeping things intact, and when a disaster ensues. If you are a business owner, there are many factors that you’ll need to gain control over. While your sensitive information like business data is certainly crucial, it is not the only worry that you should have. Fortunately, business continuity stimulates the effects of your cloud devices, helping you secure lost information faster. This will help you get your business back to peak form much more quickly.

You Will Deliver a More Positive Business Impact

Business continuity does more than just restore your data. The right technology will keep you clear of cyber dangers and make sure all our critical IT functions are on line. This gives you a leg up as it clears a pathway for you to focus your attention on customer services and other crucial business decisions. Finally, the right business continuity program comes with complimentary risk assessment software, so you are able to detect, prepare, and defend off any hazards much more efficiently.

Rely On PCR Business Systems

Our professional, experienced team will help you develop a business continuity strategy that promotes the growth and sustainability of your business. We will work alongside your team to determine your current needs and ensure all team members are educated on the necessary precautions and policies. To find out more about how a partnership with PCR business can benefit your business, contact us today!