Waypoint News

Data Security Best Practices and Employee Mistake Prevention

05.18.15

You know that feeling of dread you get when you realize you just deleted a file or program critical to your business? That client list, tax return, report code?

Everyone knows that feeling.

Over the last 10+ years we have helped many companies: large and small, in Miami, Charlotte and elsewhere, who experienced a critical data loss. In the majority of cases an employee was the root of the problem, and in some cases production came to halt until someone fixed the error.

Data Security Best Practices

We tend to think of cyber-security as protecting our company against the iconic “hacker” trying to break into our systems and steal our data. In fact, non-malicious employee errors and mistakes cause just as much data loss.

Note the “non-malicious” in the previous sentence. People on your team, just doing their jobs to the best of their ability and with no ill will, can cause your business harm and not even know it.

Data Security Best Practices

How They Do It

What’s going on here? How can employees, with the best of intentions, be just as big a threat as hackers? According to a survey commissioned by Cisco, employees engage in the following risky behaviors:

  • Unauthorized application use (e.g., I’ll just install this app I found on the internet. It will make my job so much easier!)
  • Misuse of corporate computers (e.g., sharing work devices)
  • Unauthorized physical and network access
  • Remote worker security (e.g., e-mailing files to their personal accounts so they can work on them at home)
  • Misuse or sharing of passwords

To this list we can add:

  • Leaving devices unsecured:  a three-person company being incubated from a shared space in downtown Manhattan fell victim when a petty thief managed to walk the three machines out the door.
  • Falling for so-called “social engineering” schemes. Check out this document for some examples. Some may be a bit dated, but the principals remain relevant.

What Can I do?

How can you guard against employee errors and other internal vulnerabilities? The first and foremost step: back up your data! Companies we’ve helped recover their data performed regular backups. And they not only created backups, they practiced restoring from those backups so they were ready when the time came. And that time will come. Count on it.

The second step is to educate your employees. Review (or create) your policies on:

  • Permitted software
  • Passwords
  • Who should access the company’s network and devices
  • Working at remote locations
  • Physically securing company assets

Then review them with your employees. Let them know you’ll help them comply with the policies. For example, if you require company laptops to be physically secured, distribute docking stations and cable locks. And let them know you’ll enforce these polices!

The next post in the series deals with “Email Dangers – Data Security Best practices for spam, passwords and more”. I’ll dive deeper into such items as phishing and strong passwords.

In the meantime, have you checked the cyber security vulnerabilities in your business? The IT experts at Waypoint would love to review your IT needs for free, please click hereto sign up for a free, no risk IT assessment.

 

 

The iOS Hack That Could Create Apple-Free Zones

05.15.15

Apple hasn’t historically faced the same malware threats as Windows, mainly because it was simply used by fewer people. But now that mobile Apple products are everywhere, hackers are figuring out ways to attack the platform. Most of these are frightening only if it’s your credit card details in the hands of the Russian mafia; otherwise, business as usual. They’re just the same hacks as those used on Android devices. But there is an Apple-specific attack, based on a weakness in the iOS operating system, that could render whole areas iPhone-free.

Weakness in the system

In a way, the devilishness of this hack relies on iPhone users being a little bit unscrupulous themselves. Hackers configure a wireless router in a particular way and then use it to start an unprotected network. Once an iPhone or other Apple device connects to the network, it crashes, and from then on it will crash every time it’s restarted, without giving the user time to disconnect from the network. The only solution is to physically move away from the network’s range. Of course, you shouldn’t really be connecting to other people’s unrecognised wifi networks anyway, but who can honestly say they’ve never done it?

Security makes it worse

The hack utilises SSL certificates to force apps that use these certificates to crash. This is particularly ingenious, as Skycure CTO Yair Amit blogged, because ‘SSL is a security best practice, and is utilized in almost all apps in the Apple app store, [so] the attack surface is very wide.’

Hard to guard against

One solution would be to simply set your device not to connect automatically to unprotected networks. Should be pretty simple, right? Trouble is, your phone actually talks to wifi networks without necessarily connecting to them. That’s how it knows where they are and what they’re called. And when it does that, a vulnerability called WiFiGate means an attacker can force a mobile device to connect to an unprotected network automatically. Add these together and it would be possible for attackers to create a situation whereby all iOS devices in a certain area became unsueable regardless of how they were configured.

The good news…

…is that for now, there are no known exploits of this weakness. Somebody could make it impossible for you to use your iPhone until you physically move, but otherwise the actual damage to targets is minimal – for now. As far as anyone knows, this hack hasn’t been used to steal information or threaten any confidential data. How long that will hold true is obviously unknown, but Skycure says it’s working with Apple on a fix and advises iOS users to update to iOS 8.3, which offers more protection, as soon as possible.

How to Connect With Customers on Twitter

05.13.15

While there are some obvious pointers that work across any channel, from the phone to a letter – relevance, value, engaging style – the social networks can’t all be approached in the same way. It’s not just that most of us have used them for personal reasons and it can come as a shock that all that experience sometimes adds up to not much when you have to use them for business. It’s that they have their own identities – their own cultures, ways of doing things and their own etiquette’s.

When you set out to communicate with customers over social media, you can’t treat the business-oriented, longform-friendly Google + (Soon to be Streams) the same as casual Facebook. And Twitter is just as individual.

Twitter is the ‘quickfire’ social channel. A tweet is just a few words, so if you have news, often that’s where it goes. It’s a busy channel, and a noisy one, and your tweets will sink without trace if you’re not careful: a tweet has a half-life of less than 20 minutes.

So how should you utilize this channel?

1: Speak the language

Speak the language of Twitter, by using native features: likes, re-tweets and favorites. Don’t try to use Twitter like Facebook. Re-tweeting is the Twitter equivalent of curating content on your blog, so find suitable brands to follow and re-tweet often. But you need to speak the language of twitters too. Learn it by reading tweets so you’re prepared to fit in!

2: Show appreciation

While this isn’t Twitter-specific as such, it does need to to be done in a Twitter specific way. Offer deals, discounts, special content, to your customers via Twitter. Yes, you’re showing customers that you appreciate them, but you’re also incentivising following you on Twitter, and your tweets are far more likely to be seen, liked and re-tweeted by followers.

3: Showcase your work

Twitter is really well suited to posting pictures with the tweet serving as a caption, using hash-tags to widen appeal and searchability. If your business doesn’t result in many photo opportunities, that’s not a big problem. Your twitter followers will understand that, so use the channel to boast of problems you have solved for clients. This works best when you re-tweet your customers’ comments, which you’re far more likely to see if you follow them, so don’t forget to follow in return!

4: Don’t tell: ask, and listen

Twitter is the channel people turn to to vent. Ask customers, either in groups or specifically, to comment on your service or recommend improvements. People love doing both these things, and you get retweetable recommendations and feedback from the exercise.

5: Tweet often – but not too often
Because Twitter is noisy and fast-paced people think the best way to use the channel is to pour tweets constantly,but actually just 2-4 tweets a day is best.

Social Death:What Happened To Google +?

05.08.15

You have a Google + account. You may not know it, but you do. Everyone who has a Gmail or YouTube account has one. Everyone who uses Google’s cloud productivity and storage suite has one. And everyone who has an Android phone has one. But the number of active users has always trailed far behind the number of accounts, drawing attention to the fact that Google’s venture into social hasn’t actually been very successful.

On Monday, April 27 this year, Google announced that it would be splitting its social network into two. Surrendering to the facts – Google + is a competitor for Facebook the way Bob’s Truck Shop is a competitor for General Motors – Google has broken the channel in two.

Speaking on April 28, Sundar Pichai, Google’s VP of products, told MWC that: ‘For us Google+ was always two big things: one was building a stream, the second was a social layer, a common layer of identity; how sharing works across our products and services.’ That mirrors criticism leveled at Google for inventing Google+ to solve the company’s own internal problems, meaning users of Google products needed only a single login, allowing Google + to function like a foyer. No-one wants to hang out in a waiting room,though, so while Mr Pichai points to ‘a passionate community of users’ for the social side of +, it was never a contender when ranked against Facebook and Twitter.

Clarifying the future of Google+’s component services, Mr Pichai said: ’we’re at a stage where use cases like photos and communications are big standalone use cases.’ The future of Google+’s services will be in three parts: Streams, Photos and Hangouts.

Photos will focus on Google +’s image service. Photos on Google + have always been far better quality than those on other social channels, but in some ways that’s been part of the problem: while Facebook and Twitter moved onto mobile right along with their customers, Google + was held back by file sizes so large they took forever to load on mobile devices. The service gets good usage but cutting it loose from the social network will probably make Streams easier to access.

Streams will be the social element of Google +, separated from the photos service and providing faster (and more mobile-friendly) access for that passionate community who really do prefer Google + to other social networks.
Finally, there’s the future of Hangouts. Hangouts has lost ground to other communications services, but Google’s VP of product Bradley Horowitz argued in December that ‘It’s texting, it’s telephony, it’s one-to-one, it’s many-to-many, it’s consumer, it’s enterprise,’ and stated that its comprehensiveness made it unique. Hangouts does have some great features – but all this was being said a year ago about Google +.

Mark Up Word Documents in Google Docs

05.06.15

Google Docs is most people’s first taste of the ease and convenience of cloud, though trends suggest it’s likely to become the norm soon. Meantime, many jobs that were once done on Microsoft’s productivity suite are moving over the Google. But one standby of the Microsoft system that we just can’t seem to quit is the ‘track changes’ feature. Sometimes ‘comments’ just aren’t enough. What happens when you want to track changes on a Word document in Google?

Fully integrated

When it was launched, Google didn’t offer track changes integration, pushing business users away. In mid-2014, that changed and full integration was rolled out. Here’s how it works.

When you upload a Word document that has tracked changes to Google Docs, the changes become ‘suggested edits.’ You can work in the document much as you would in Word. When you want to make a change or edit you can go to the ‘editing’ menu,under ‘comment’ and ‘share’ in the top right corner. Click on it and select editing > suggesting from the drop down, and you can insert suggested edits, just the way you would with tracked changes in Word. Then, when you export that same Google Doc as a Word file, your suggested edits will be saved as tracked changes.

And one better

Google Docs offers a feature that Word doesn’t, that makes the whole process of editing and revising a lot easier. No, I’m not talking about comments. Rather, it’s Google Docs’ Revision History function that stands to save many workers’ bacon. One of the reasons tracked changes exists in the first place is because without it, there’s no way to go back through a word document and see what changes were made, who by and when. But Google Docs has exactly that feature.
Revision History is accessed via the File menu. Scroll down the drop-down and you’ll see the option about midway down. Keyboard macro buffs may prefer to press command + option + shift + G on a Mac, or ctrl + alt + shift + G on a PC. Here’ you’ll see every major revision made on the document, who made it and when, and you’ll have the option to access that text or return the document to a previous version. And if you’re looking for a minor revision, they’re saved too, under ‘show detailed revisions’ at the bottom of the menu.

With these tools it’s easy to send documents back and forth between a Google Docs user and someone whose primary productivity suite is Microsoft Office, with no real synching issues.

Five of the Best Translation Services (That Aren’t Google Translate)

05.01.15

Most businesses have clients, contractors or offices in countries that don’t speak English as a first language. Even if you don’t, you’re going to need to translate a document sooner or later. Unless you happen to be a linguist, when that day comes you’ll probably reach for an online translation service. But there is more than one. Google Translate doesn’t always do a perfect or even a comprehensible job. Here are five alternatives that offer serious competition.

Google Translate has one major factor going for it – apart from the brand recognition that comes with that Google name. It’s free. Not all the alternatives are, but if you’re looking for a quality translation for professional purposes these are all a lot cheaper than hiring a translator!

UnBabel

UnBabel is free for the first 150 words. You insert your text into a field and select your target language. It uses similar machine learning technology to Google Translate but then sends the finished translation to a human translator to be proofed and corrected. If you want credible communication with non-English speakers, consider UnBabel. Of the options it’s probably the fastest and most efficient. However, it’s not the most in-depth.
Price: $0.03 per word

Gengo

Much like UnBabel, Gengo lets you insert text and then select your target language. It comes with the advantage that you can simultaneously translate text to multiple languages and has a very wide range of languages, though this drives the cost up fast. It also helps you select an appropriate tone, helpfully based on where you intend to publish the result. It’s more comprehensive than UnBabel; it’s also more expensive.
Price: $0.12 per word

Duolingo

Most of us know Duolingo as a language learning site. But it also offers translation services. You can have a document ‘crowd translated. It’s free for individuals, but businesses should email for a quote.
Price: email for by-the-job quote

/r/Translator

Yes, it’s a subreddit. Users will sometimes translate individual words or short pieces of text for free, and you can negotiate prices with individuals for larger pieces. Consider /r/forhire too, if this route interests you: you can find freelance translators who will quote you for your text.
Price: variable

Translate.com

Translate.com offers both machine translation and human translation. It’s free, but sometimes you don’t get what you don’t pay for: there’s no guarantee that a human translator will see your text. If they don’t you’re no better off than if you’d used Google Translate.
Price: free

Does Not Compute: The Missing Android App and How To Live Without It

04.29.15

Maybe you’re old enough to remember the internet without browsers. For everyone else, here’s how it used to work: you typed the address you wanted, then went there. No address, no page. Obviously, browsers brought the internet to the masses. And on the desktops of our devices there’s an app just like a browser for navigating the space inside the device. It’s called a file manager. But what do you do when your device (gulp) doesn’t have one?

Lacking a file manager makes even the most intuitive OS gradually get harder to use,because there’s no centralised way of finding files. It’s like the pre-browser internet days:no address, no file.

On desktop and laptop devices it’s relatively easy: Apple and Windows both come with file managers. Windows just updated from Windows Explorer in previous incarnations to File Explorer in Windows 8, while Apple uses Finder. But Android, while it has a file system, doesn’t have a file manager.

Obviously, that’s not as good as it could be, so what can users do to work around it?

Hit the Play Store

Just because a seemingly basic piece of functionality isn’t bundled with your OS, doesn’t mean you have to face life without it. Just head over to the Play Store and download the solution.

ES File Manager

Popular and free, ES covers the basics and comes with some impressive functions you didn’t know you couldn’t live without, like an archive creator. As well as arranging your files on your device it can also act as a cloud client for apps like Dropbox or Google Drive and supports App management.

Astro Cloud and File Manager

Another popular (and free) choice, Astro focusses more on cloud support than ES but otherwise they’re quite well matched. Astro uses a fullscreen viewer and contains other functions like an SD card optimizer and app management.

Solid Explorer

Solid Explorer comes with a free trial and costs a whopping $1.99 to unlock. Two separate explorer panes and drag and drop support means that hefty price tag might well be worth it, and Solid supports popular cloud options like Skydrive and Dropbox, has an indexed search function, and supports archived files like .zip and .rar.

AntTek Explorer Ex

You don’t need to use a paid-for app to get a full-featured, two-pane file manager. As well as the basics, AntTek supports streaming from a remote server, FTP and Samba, and Yandex, and if that’s not enough it also has built-in music and video players. And it’s free.

File management doesn’t bother some people, but if you live life through your phone – or if you BYOD to work – sooner or later, you’re going to need it!

You’ll Like These 5 Tips to Increase Clicks and Shares

04.24.15

Making a post or tweet ‘go viral’ has become the internet equivalent of the Philosopher’s Stone. Just as medieval alchemists labored over bubbling jars trying to find the magic formula to transmute base metal into gold, so modern marketers struggle over bubbling keyboards (OK,not quite) to find the right combination of words, images and ideas that makes people want to share content with everyone they know online. But we have things medieval alchemists didn’t have, like soap and teeth, but also like collaborations between analyser BuzzSumo and Content Marketers Fractl, who got together to analyse shares of over a million articles to find out what everyone should be doing to turn the base metal of a status update into viral gold.

1: Match the mood to the network

Different social networks have different ‘moods.’ LinkedIn is prevailingly positive: complaints don’t get much traction, but 70% of its top-shared articles were positive, while for Twitter, only 40% were positive, with 46% being negative and 14% neutral. On Facebook, still by far the biggest social network, the mood appears a bit negative – 47% negative, in fact, 36% positive and 17% neutral. (Once you correct for BuzzFeed and Upworthy’s relentless cheeriness it’s even darker: 30% positive, 57% negative.)

2: Facebook is where the sharing (mostly) happens

Facebook has about 62% of all the users of the top 5 social media platforms, but sees a disproportionate 82% of the shares. Either users are more engaged with Facebook, more likely to share content or possibly both: it’s not just that there are so many of them. Twitter has disproportionate virality too: it’s about the same size as LinkedIn but sees about four times as many shares.

3: Getting shared isn’t easy…

In fact,the vast majority of the most successful publishers manage only about 5, 000 shares per piece on average. Who does significantly better? Only Upworthy and BuzzFeed – but getting shares is basically their whole reason to exist. They do have some techniques we can all follow to get better results though…
4: Mystery and suspense, surprise and a twist in the tail

Posts that contain gems of unexpected information, or that trigger the ‘information gap’ effect (you won’t believe what that is) do best. We get hooked on stories quickly and the best simple narratives are already being told in headlines, making us want to click on them to find out how the story ends. This is in large part how BuzzFeed does it, though other factors like addressing news stories and social concerns is a part of their method too.

5: If you’re not killing it on every social network, that’s OK

…neither is anyone else. Most companies are really only succeeding on one or two social networks and for the majority, even that is a struggle. For marketers, it makes sense to figure out which networks clients stand to gain most from and focus, rather than trying to dominate across all networks.

Cyber Security and Small Business

04.23.15

Foodie-Call.com, a Charlotte, NC small business, suffered a data breach twice in 2014. Owner Anu Mehra was left with the bill for $10,000 in fraudulent transactions, and may lose her business if hackers strike again. She told WSOC-TV: “I’m a local business owner. I don’t have partners. I don’t have a franchise. There’s no deep pockets for me to go to and have some help with this.”

According to the North Carolina Attorney General’s office, 2014 saw 17 reported data breaches in Charlotte, affecting 3,370 persons. The Charlotte metro area saw an additional 14 data breaches affecting and additional 520 people. Many of the targeted companies are large, but a good number of smaller firms were hit. These smaller firms include CPA and law practices, car dealerships, small mortgage brokers, a child-care franchise, and a sign manufacturer.

What are they looking for?

Simply put, cyber criminals want your data. Passwords, account numbers, banking information, customer lists, employee information, financial records, you name it, they want it. Cyber criminals can attack your business using:

  • Viruses, worms, Trojans
  • Malware
  • Botnets
  • Web-based attacks
  • Stolen devices
  • Malicious code
  • Malicious insiders
  • Phishing & social engineering
  • Denial of service

And let’s not forget about a disgruntled employee. He or she can wreck your system and data from the inside.

The Challenge

In 2013, a witness before the House Small Business Subcommittee on Health and Technology said about small businesses: “…90% do not have an internal IT manager focused on technology-related issues; 87% do not have a formal written Internet security policy; 68% do not provide any cyber-security training to their employees; and 83% do not have an automated systems that requires employees to periodically change their passwords.” This shows the challenge you face as a small business owner.

The next part of this series focuses on data security and employee “mistake prevention”. In the meantime, here are some actions you can take now:

  • Physically secure your equipment. All the firewalls and anti-virus software in the world won’t help if a thief can just walk off with your laptop or tablet.
  • Get your data backed up and stored off-site.
  • Talk to any service providers you use, such as credit card processors, and find out what they’re doing to secure your transactions and data.
  • Does your office have its own WiFi network? Lock it down! Break out the manual and set a good, long password. Change it often.

Have you checked the cyber security vulnerabilities in your business? The IT experts at Waypoint would love to review your IT needs for free, please click here to sign up for a free, no risk IT assessment.

How SMBs Can Use Cloud To Act Big

04.22.15

SMBs often shy away from big tech changes more than their larger counterparts: after all, they can’t afford even a single Ford Edsel moment. The risks inherent in betting on unknown outcomes is higher. But cloud isn’t some dream of how computing could be. It’s not the future like jetpacks, it’s the future like central locking. And it carries far more benefits for the SMB than for larger enterprises. Why?Because large enterprises are benefitting from services they generate in-house,which smaller businesses often have to simply do without. With a good cloud provider you can contract out everything from security through business processes to data management and behave like a much bigger company, in a non-Edsel kind of way.

1: Hand Over Your Security and Compliance Concerns

CIOs of larger firms worry about regulatory compliance and data security, malware and leaks. For smaller businesses that’s even more of a worry because there’s less hardware and specialised staff to work on it. But there is someone who has loads of both: your cloud provider. Get your security and compliance backed by an SLA and it’s a problem you can tick off. Cloud computing gives SMBs a streamlined, efficient security and compliance concerns.

2: Better Collaboration Through Cloud

One of the big differences between a smaller business and a larger one is attention to working processes. As a result, larger businesses handle things like interdepartmental communications and keeping clients informed automatically while smaller concerns struggle to locate documents and juggle the phone, email and productivity. The more of that you can hand off to the Cloud the better, and managed cloud can take on the tasks that big companies handle in-house, letting you roll like a Fortune 500 company.

3: Data Control Becomes Easy

When you’re running to keep up with OS and hardware changes and shuffling documents and spreadsheets around multiple computers, you’re probably all too aware that a lot of that time and energy is wasted. If three or four people need to work on a project, as often as not the result is three or four mutually contradictory versions of it. Cloud makes this and other aspects of data control and management effortless for the business. You become the end consumer, soall you have to produce is what your business actually does. In the age of slick managed cloud, producing and servicing your own IT makes about as much sense as producing and servicing your own electricity grid. You (probably) don’t need a generator – and you probably don’t need a data center either.