Dec 8, 2022 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
When it comes to cybersecurity, tools and technology help. What can help even more is making cybersecurity a part of company culture, to the point of safety becoming second nature. Read on to learn more about establishing a culture of cybersecurity. The Vital Importance of Cybersecurity The attacks just keep coming. In recent years, SolarWinds and Colonial Pipeline are just a couple of well-known incidents. According to statistics, more than half of cyber attacks result from human error–weak or poorly managed passwords, susceptibility to phishing schemes, perhaps even ignorance of company policies and of best practices. The cost of attacks is supposed to continue increasing, to over $10 trillion by 2025. The Cybersecurity Conversation It’s never too late–or too soon–to openly discuss cybersecurity in your organization. Your executives, both in your IT department and outside of it, can set the tone for your company’s cybersecurity culture. For example, sharing learning from past experiences can show your workers that anyone can learn from mistakes. More than technology and tools, cybersecurity training needs to be an integral part of company culture–it saves costs, preserves your company’s reputation, and keeps your company in business. You can freely discuss cybersecurity in team meetings and everyday work conversations. Ideally, this will get workers of teams talking about ways to keep your company safe and may reach the individual level, encouraging them to evaluate their cybersecurity savvy and improve it. Regular training and retraining should also be part of the organization’s culture of cybersecurity. Staging mock “phishing” attacks to test workers’ knowledge and ability to act, will help to make training...
Dec 2, 2022 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
What if you could deduct technological expenses, reducing your taxes and availing your business of new technology? According to the IRS, you can deduct a portion of your tax expense for products (sometimes even services) if you deploy the tech in the current tax year. Read on to learn more about defraying expenses and even gaining a competitive advantage, too. Tax Deductions for Technology Purchases Your company may be considering what technological purchases to make in the near future. What if you could get the technology assets you need, while lightening your tax bill? According to the IRS tax code, Section 179, small to medium-sized businesses can deduct the entire purchase price of both new and used equipment from what they pay in taxes. To be eligible, the business must meet any one of three requirements. The business must be in operation, or set to start operating, and have purchased IT assets throughout the year. Types of purchases to which the deduction applies are on-premise improvements like security systems and security systems; devices like computers and laptops, tablets and phones; and software, servers and networking equipment. A business must earn no more than $2.5 million annually, as well as deploy the technology within the same tax year as purchased. Equipment purchases arising from an IT services contract can be deducted, but not the service itself. Business Benefits and Considerations Who doesn’t want to pay less in taxes? Aside from this obvious benefit, the budgetary burden for purchasing even new equipment is lightened. Your company can perhaps even launch a new initiative like unified communications (allowing...
Nov 10, 2022 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
Many companies, while they have defenses against cyberattack, still fight to keep ahead of cyberattacks. What if your company is one of these, and could find a better way to protect your technological assets–data, applications, your network itself–from attack? Read on to learn more about “defense-in-depth” and how your company can use it to build a robust defense in all parts of your network. Definition of Defense in Depth Simply defined, defense-in-depth is a cybersecurity approach in which independent layers of controls are employed to build redundancy. If one control fails, another will take over. If an intrusion occurs, the bad actor can go only so far and will be dealt with before they cause serious harm. All the way from your perimeter to the most sensitive data at the core of operations, controls will keep your data and applications safe from loss and compromise. A first layer is detection, which catches anomalies and reports them to cybersecurity personnel, stopping them from intruding further into your network. Evaluating Your Current Cybersecurity Posture How do you know what an anomaly looks like, and whether it is a cyberattack in the making? Before making the transition to a multi-layered cybersecurity structure, knowing your current cybersecurity posture is important. One thing to consider is what a possible attack might look like. Viewing intelligence from past activity logs, especially when an intrusion occurred, should show you what unusual activity looks like. A next step is identifying your mission-critical data and applications, not to mention your most sensitive data, to determine which assets need the greatest protection and should be...
Nov 2, 2022 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
Any time of year, a disaster can happen, disrupting business operations and even threatening your company itself. Statistics show that some small to medium-size businesses close after a disaster; even some of those that reopen may be out of business in a year. Having a plan for disaster recovery can help your business defy the statistics. Read on to learn more about preserving your company’s data, reputation and bottom line by having a disaster recovery plan in place. Why You Need a Disaster Recovery Plan A Disaster Recovery (DR) plan outlines how to protect your data and other technological assets during and after a disaster. Since data is the lifeblood of your business, a DR plan can make a difference between staying in business and having to close. In the shorter term, it can save you money that you might lose from an unacceptable amount of downtime. Costs can escalate to $100,000 per hour from an infrastructure failure, and a critical application failure can cost up to $1 million. Aside from financial damage, a data breach resulting from a disaster can cost a business its reputation. Apart from cyber threats that affect any organization, your location may be subject to natural hazards like fires, floods or earthquakes. Even equipment failures resulting in unacceptable downtime can be costly. Disaster Recovery is Part of an Overall Business Continuity Plan While a Business Continuity (BC) is an overall plan for keeping your business going during and after a disaster, a Disaster Recovery plan deals with protecting your company’s data from loss and compromise. It’s a part of your...
Oct 12, 2022 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
As we know, October is Cybersecurity Awareness month. There is much to be aware of, including how to prepare for an attack, current threats, how well your data is protected, and who has access to it. Read on to learn how following rigorous compliance standards helps your cybersecurity efforts. Rigorous Standards Aid Cybersecurity Efforts Currently, new standards are being drawn up in the form of the Cybersecurity Maturity Model Certification, a Department of Defense program that applies to Defense Industrial Contractors and by extension to those businesses doing business with defense contractors. According to CISCO, the CMMC is designed as a unifying standard to ensure that contractors properly protect sensitive information. Three levels exist, with Level One containing seventeen practices to follow. Level 2 is more stringent, and Level Three is the highest. Domains within the model include Access Control, Identification and Authentication, Incident Response, Awareness and Training, among others. A few of these domains (like Identification and Authentication) could incorporate zero-trust, a paradigm gaining ground in the cybersecurity community. Considering Zero Trust as a Cybersecurity Model “Trust, but verify” as the saying goes. However, in cybersecurity efforts it should be “Verify, then trust.” Zero-trust is the practice of identifying each request for access to the network, and authenticating or verifying the request as a prerequisite for access to systems. The zero-trust paradigm still is a work in progress, because it’s a different way of thinking about cybersecurity, one that includes all of the organization and influences workforce and workflow decisions. The Cybersecurity Maturity Model Certification has the idea of zero-trust built in, and even...
Oct 7, 2022 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
Readers are likely aware of some of the headline-grabbing cyber attacks in recent years–WannaCry, SolarWinds and Colonial Pipeline, just to name a few. But what about the attacks–and resulting loss of revenue and reputation–that don’t make the news? What is your organization’s cybersecurity posture, and how can it be improved? Read on to learn about cyber threats and how to protect your business. Threat Awareness and Intelligence Cyber attacks continue to occur, and to become more sophisticated. No longer coming just from lone hackers, attacks come through email and text (“phishing” and “smishing”, respectively). Supply chain attacks are also on the rise. The global cost of cyber incidents are about 6.1 trillion, far outstripping cybersecurity spending. Often, cyber threats are viewed as something “outside” the organization. The tendency is to treat symptoms and not possible root causes like a lack of threat intelligence. How well do you know what threats like malware and ransomware could do to your business if you’re attacked? According to the 2022 State of Cybersecurity report, businesses are aware of threats, but are not necessarily looking within the organization for vulnerabilities. Cybersecurity Awareness Throughout Your Organization More than simply a component of IT function, cybersecurity needs to become a business imperative, with deep awareness on the part of the C-suite and newest employees alike. For example, do your employees know how to recognize a phishing email designed to get them to give up confidential information? For managers, how does the adoption of new technology (along with the cybersecurity challenges it might represent) help with reaching business goals? Often, despite the...
