Business Leader Primer On Cybersecurity Compliance

A wise leader has the capacity to synthesize challenges, concepts, and solutions for their business. Empowered, she develops a sense of urgency with her team and directs them to action.

The security of your digital assets is this kind of challenge. Getting your mind around security begins with understanding Cybersecurity Compliance. This helps you appreciate what’s at stake and lets you make the topic a priority for your business.

What is Cybersecurity Compliance?

At a glance, it’s a lot of acronyms, historical precedents, pitfalls, and penalties. Compliance focuses on understanding your digital footprint, assessing risk, planning, and executing a plan to mitigate that risk. At the heart of it, cybersecurity compliance is about the safety of your workforce and the privacy of your customer. And it’s about growth and success. When your company boasts compliance you’ve raised the bar against your competition.

Compliant To Who?

There are laws, frameworks, and penalties in place – plenty of them, and not all of them apply to you! Remember, compliance doesn’t excuse liability. Prepared businesses still get hacked – but they are prepared. When cybersecurity is understood, when best practices are in place, when a business is compliant with laws and frameworks, then issues are dealt with swiftly and professionally. Being compliant puts you on the same side as your customers, your employees, and the law.

HIPPA – Health Insurance Portability and Accountability Act

HIPPA ensures the confidentiality, integrity, and availability of Personal Health Information (PHI). HIPAA applies to healthcare providers, health clearinghouses, healthcare plans, and business associates handling personal health information.

GDPR – General Data Protection Regulation

The GDPR is a regulatory law focused on data protection and privacy in the European Union and the European Economic Area (EEA). The GDPR addresses the transfer of personal data outside the EU and EEA areas, having global implications (which applies to all of us).

FINRA – Financial Industry Regulatory Authority

This authority regulates fair financial markets. To protect investors and ensure the market’s integrity, FINRA is a government-authorized not-for-profit organization that oversees U.S. broker-dealers.

NIST – National Institute of Standards and Technology

NIST offers a Quick Start Guide/Framework that provides direction and guidance to improve cybersecurity risk management. It’s not a one-size-fits-all approach, but the framework helps to reduce and manage these risks.

The IT Services Model Where Everyone Wins – And The One Where You Lose Big

If you’re a business owner, there’s probably a good chance you spent time figuring out the IT needs of your business. It’s not as easy as searching online and picking the cheapest option or the company with the best reviews. The cheap option may not provide the services you need to keep your business at the top of its game, and the best-reviewed business may be too expensive or offer services that are completely unnecessary for your business.

To put it simply, if you want to get the most out of your IT support services, you must do some research. If you haven’t spent a lot of time in the world of IT, it can be difficult to figure out where to even begin with your research. If you’ve found yourself in this situation previously or are preparing to open a new business and are interested in your IT support options, we’ve got you covered. We’ve put together the three most common forms of IT support and explain the benefits and drawbacks of each so you can confidently decide on the best option for your business.

Managed IT Services

In this option, the IT services company takes over the role of your in-house IT department for a fixed and agreed-upon monthly rate. They’ll install, support and maintain all the users, devices and PCs connected to your network on a routine basis. They will even take care of your hardware and software needs for an extra cost. If you’re trying to plan for a monthly budget or want routine maintenance and IT support, this option will work wonders for your business.

It’s my sincere belief that the managed IT approach is undoubtedly the most cost-effective and smartest option for any business. With managed IT services, your business will be protected from IT-related problems, and they will keep your systems up and running. They can prevent common “disasters” such as lost devices, hardware failures, fires, natural disasters and a host of other issues that can interrupt or outright destroy your IT infrastructure and the data it holds.

Technology As A Service

Another option that might work really well for your business is using a company that offers technology as a service. With these companies, you’ll get everything that managed IT services offer but with the addition of new hardware, software and support. This service ensures that your business is always up-to-date with the newest software and hardware. The greatest benefit of technology as a service is that you’ll avoid the heavy cost of new hardware and software when you need it, but you will be paying far more for the same hardware and software over time. You’ll also need to pay attention to the services they offer to ensure they can provide what you need and that it does not cost extra.

Time And Materials

Time and materials are often referred to as the “break-fix” method. This essentially means that you pay an agreed-upon hourly rate for a technician to “fix” a problem when something “breaks.” It’s a simple and straightforward way to pay for IT services but often doesn’t work in your favor and can lead you to pay more for basic services.

I would only recommend the time-and-materials approach if you already have an IT team and you need additional support for a problem that your current IT team doesn’t have the time or expertise to handle. Under the break-fix model, the IT company has no immediate need to stabilize your network because they are getting paid hourly. The break-fix model is unable to supply ongoing maintenance and monitoring, which computer networks need to stay secure.

Choosing the right IT option for your business can take time and is certainly not something you want to rush into. Take your time and do your research to find the best option to fit your needs. If you’re unsure of where to even begin – or need some help navigating the sometimes confusing world of IT support – give us a call. We would be glad to help you find the IT support you need.

Your Last Password

Passwords, when used effectively can safeguard data and IT systems from unauthorized access. They’re kind of the atomic element of Cybersecurity. So why another article about passwords? Well, the average person has 100 them and if you haven’t come up with a strategy for creating, and managing strong passwords yet, you’re normal. But that doesn’t change the fact that a strong password is all that stands between you and a cybercriminal.

Let’s review some password basics:

  • Don’t make it too short – AAA, cat, qwerty, or 123 won’t cut it.
  • Don’t make it easy to guess
  • Don’t make it the same one you use everywhere else. This is a tough one and probably the rule we break the most.
  • Don’t write your passwords down. 
  • Do use special characters, numbers, upper, and lower case. This is another tough one because it leads to the final offending Don’t.

Here’s a proven strategy. Hackers hate this one weird trick. Also, I’m not going to give you a bunch of options. I’m just going to tell you what to do step by step. If you commit to this strategy, you will:

  • Be compliant with 99% of the strong password policies out there.
  • Have a unique password for every site and account you have.
  • Only have one password to remember, so, in theory, there is nothing for you to write down.

Too good to be true? Maybe, but that’s why I said 99% of the time. Let’s get on with it: 

Step One – Create a single strong core password

The best way to come up with a core password is to imagine a quote that you already know, love, and have in your memory. It could be a line from The Godfather, or a lyric from a Pink Floyd song. You already know this line, so you already know your core password.

Consider the phrase, “Keep your friends close but your enemies closer.” A memorable line from Michael Corleone in The Godfather Part II in 1974. Here’s the core password from this phrase:

k y f c b y e c 7 4 !

That’s most of the work. You’re almost done. You now have a core password. In this example, it’s the first letter of each word from The Godfather in lower case and I tacked on 74! because this is the year the movie came out and it was a REALLY good movie!. You won’t have to write this down, will you? Now let’s use that core password on your Gmail account and make it unique.

Step Two – Make it one of a kind

Add the first letter of the domain you are logging into as a Capital letter in front of your core. Even though the address for Gmail is mail.google.com, the domain is google.com. So put a Capital G in front of your core password. Now add the last letter of the domain as a Capital letter E  to the end of your core password and you are done. Here it is.

Gkyfcbyec74!E

That’s a pretty gnarly password, isn’t it? You can safely check the strength of your password at security.org. How did the Gmail password score? Well, we succeeded. It will take a computer about 2 million years to crack. Want a few more examples? This is what your password would look like:

Facebook.com  –  Fkyfcbyec74!K

YouTube.com  –  Ykyfcbyec74!E

Bankofamerica.com  –  Bkyfcbyec74!A

Step Three – Inventory your passwords and update them

A final note: You may wonder what to do when a password policy requires you to change your password periodically. This is a common cybersecurity practice. Won’t that mess this whole thing up. Kind of but not really. If you had to change your Gmail password you can continue with your core password and your domain First and Last capital letters. You may choose to modify the special character and update all of your passwords periodically, or you may keep notes on these changes because you can write down a new modified password using the word core as a placeholder and the number 2 as an update like this:

Facebook.com  –  FcoreK2

YouTube.com  –  YcoreE2

Bankofamerica.com  –  BcoreA2

Like any useful practice, this approach might require a second reading to understand. But think of how much time you spend resetting passwords when you can’t remember them. Good luck.

How Co-Managed IT Services Benefits Business

What has been on your technology to do list for a while? If there is a tech rollout, project, or expansion that you’ve been delaying because you don’t have the key players, we have the solution. Panurgy’s Co-Managed IT Services benefit businesses by providing a customized solution that combines the existing IT team with our experienced professionals to create streamlined operations. This a la carte option is cost-saving, scalable, and centered around your business.

Co-Managed IT Services

We don’t want to replace your current IT team. Our goal is to provide additional technical expertise in areas you need support today whether it’s to act as the employee help desk, 24/7/365 security monitoring, or patch and asset management. We want to be your trusted experts in Co-Managed IT Services.

Cost Savings

Sometimes it doesn’t make financial sense to hire more IT employees. The employee search and onboarding process can take weeks or even months. During that time, your team is missing the expertise and leadership our Co-Managed IT Services team brings to the table.

By adding to your company’s knowledge without being an employee, we prevent your business from having to pay full-time benefits while you get the same expertise needed to move the organization forward. We also offer flat-rate pricing which means you will always know what our service costs every month. That alone takes the worry from the bottom line.

Patch and Asset Management

Whether online or in-house, we offer our service so your IT team can offload the more mundane infrastructure management to focus on more complicated tasks. We take care of end-user devices, for example, so your team can focus on strategic initiatives.

Scalable

We supply scalable solutions depending on what your business needs today and in the future. Whether it’s a busy season or business is growing, we offer the technology and implementation expertise to support growth and build efficient systems and processes.

On-call Experts

When your IT team is overwhelmed or isn’t sure how to solve a tech issue, we’re here for you. Outlook isn’t working correctly. Server errors. The Internet is sketchy but you’re not sure why. These are a few of the reasons we get calls. Give yourself and your team a break when you hire Panurgy for Co-Managed IT Services.

Client-Centric Business

We care about your business as much as you do. We’re here to learn where there are successes, challenges, and changes in order to build and manage improved systems. Implementing pandemic-proof technology, securing technology, and constant monitoring are a few of the things we can do to earn your trust.

Co-Managed IT Services are meant to be a partnership with you and your current IT team. While we can do some work remotely, there may be times when we need to work in-house with key players in order to solve tech issues. Consider us your on-call experts who can take the stress of day-to-day technology management out of your hands so you can focus on strategy.

Contact us today to learn more!

It’s Time To Wake Up To The Reality Of Cyber Security In 2022

All across the world, hackers are targeting and exploiting security weaknesses and holding data hostage. In May, the Colonial Pipeline was hit by a cyber-attack that disrupted fuel supplies along the East Coast for several days. The company – and the FBI – paid hackers $4.4 million in Bitcoin to regain control of the system.

Colonial Pipeline was not the only corporation that paid hackers an exorbitant amount of money. The NBA, Kia Motors and JBS Foods have also been victimized by cyber-attacks where hackers demanded millions of dollars. CD Projekt RED, a Polish video game developer, was also a victim of a cyber-attack, but since they had backups in place, they never had to pay the demanded ransom.

While these are all big organizations, that does not mean that small businesses are safe. These stories made the news because companies paid millions of dollars to regain control of their data. When a small or mid-size business (SMB) gets attacked, they can’t pay millions of dollars to recover stolen information. Instead, these hackers will usually go after customer and employee information as well as financial records and statements. When a hacker attacks an SMB, it often ends in the business closing their doors for good.

The year 2021 set a record for cyber-attacks, and 2022 is shaping out to be no different. If you’re a business owner, you need to wake up to the reality of cyberthreats and cyber security before it’s too late.

Here are a couple of the best cyber security practices you should put into place immediately.

Hire A Managed Services Provider For Your IT Needs

Cyber security awareness has grown over the past five years, but there are still plenty of SMB owners who think there is no need for cyber security measures or that they’re too expensive. The simple truth is that every business can be a victim of cyber-attacks. If you think it’s too expensive to have your own IT team watching over your cyber needs, think again. Hiring an MSP is one of the best and most cost-effective ways to ensure that your network and information are protected.

MSPs can be incredibly beneficial to any business. They’re designed to recognize and fix weak points in your IT infrastructure. MSPs work proactively to ensure that your business is fully protected in the cyberworld. They offer around-the-clock monitoring, data backup and recovery, firewall and network protection, real-time threat prevention and so much more. MSPs provide you with a dedicated team of IT professionals who are available to assist with any IT needs. If you have not looked into hiring an MSP for your business, you need to consider it.

If you’re interested in hiring an MSP or want more information about the benefits, reach out to us and we will assist with any concerns or questions you may have.

Create A Cyber-Secure Culture

Many cyber-attacks stem from employee error or misunderstanding. You need to make sure that all of your employees are aware of the risks associated with cyber-attacks. When you first hire an employee, train them on cyber security. In addition to this, your current employees should go through a reminder course at least once a year.

You’ll need to inform your employees about the dangers of phishing e-mails and texts, downloading malware, social media scams and password protection. If you have employees working remotely, you should ensure that their devices have security measures built into them. If your employees are informed about the risks, they will be more observant so they can spot any potential threats. Your entire team needs to buy into the cyber-secure culture if you want your training to be effective.

In today’s day and age, you can never be too careful when it comes to your cyber security. You need to be proactive and put into effect all of the security measures you possibly can. The year 2021 saw cyber-attacks reach new heights, and it’s likely that these numbers will continue to rise even higher this year. Take preventive action and don’t let your business add to the cyber-attack statistics. If you’re unsure of where to begin when it comes to buffing up your cyber security practices, give us a call, and we will be glad to help.