It’s common to see companies showing confidence in their security systems. Their networks are protected from external threats, which can often lead to a false sense of being secure. With this attitude, they may stop thinking about security and fail to establish internal measures within their networks, and this is a grave mistake.

In recent years the majority of security threats and compromises have come from within the company. A common threat to companies is the logic bomb - malware that targets IT systems and deletes data. As a logic bomb is introduced from within the network, the blame often lies with a disgruntled employee with full access to internal systems.

Insider threats Giving employees full access to the network when they don’t need it is a common mistake often made by companies. There’s little need for an employee who does graphic design to have access to weekly sales records. This practice could set your company up for a considerable security problem in the future.

Dawn Cappelli, an insider-threat expert at the Carnegie Mellon Software Engineering Institute stressed, "These types of insider attacks happen to businesses of all sizes, from small companies to very large corporations." This is an important issue businesses should be aware of if they want to remain secure.

Take Precautions Security threats can be a particularly harsh nightmare for small businesses, as many don’t have an IT department or staff with the technical expertise needed to maintain a secure network. If you’re one of these organizations, it’s a good idea to hire an outside consultant to help you with your network security. With consultants, it’s important that you maintain close contact with them to ensure any issues that crop up are dealt with expeditiously.

If you don’t work with an external company there are a few things you should do when you have an employee leave the company. First, their accounts should be deleted immediately and their access privileges should also be revoked. Second, if you have accounts with shared passwords, you should change them to ensure an ex-employee can’t gain access to the system.

If you’d like to learn more about internal security, and measures you can take to ensure you are safe, we are ready to help you. Please contact us.

If the past 10 years has taught us anything, it’s that many managers are woefully underprepared for disasters of any kind. We’re resilient though, and will always find a way to survive. One of the keys to a business’s survival during times of hardship is the Business Continuity Plan (BCP). A vast majority of organizations have one and believe it to be effective, but is it?

Here are six key non-IT functions and processes that need to be in place to ensure your company is ready to effectively execute your BCP.

Easy to use plans Many continuity plans have been developed mainly for the IT department, as such, they can be a little complicated to understand and follow if employees don’t have a technical background. You should aim to have a plan that’s easy to follow and can be understood by all employees.

Communicate plans Remember that your plan encompasses all facets of your organization. It’s crucial that every employee knows their role and the relevant actions to take when the plan is executed. To do this, you need to ensure that all employees have access to a copy of the plan and any changes or updates are clearly communicated.

Test plans Beyond communication, it’s important to conduct regular tests, with every quarter being sufficient. The tests should be as real as possible and span all departments within the organization. This will ensure that employees are aware of how they, and the systems, will react under duress. It’ll be beneficial to your business if the first time the employees execute the plan isn’t during an emergency.

Short term and long term plans Your BCP should consist of both long term and short term elements that can be easily adapted to meet changing business environments and the emergence of new threats. You should aim for an even mix of short and long term solutions that cover as wide a variety of situations as possible.

Ensure buy-in from all levels If you’re in the process of instituting a BCP you should ensure that the whole organization is onboard with the plan. If an employee is unsure about the validity of a part of the plan, take the time to find out why and ask for suggestions. An uninformed or uncooperative employee could be the difference between survival and failure in a disaster situation.

Update and Review After every test, staff turnover and technological update, you should review the plans and make changes if necessary. Essentially, if anything in the company changes, review and update the plan. Remember: just because you have an effective plan this month, doesn’t mean it’ll be so in the future.

Continuity plans are only as strong as the weakest link. In an emergency, the last thing you want is an employee following the wrong process or be unsure of what they should be doing. If this happens, you could see an exponential growth in recovery time and costs. We’re ready to tell you more, so please contact us if you would like to talk continuity planning.

There’s no doubt in the value of using social media to build your brand. But opinions differ in the use of social media by employees. It seems that companies are polarized in the issue, but are being slowly awakened to the fact that allowing employees to access social media at work has great benefits. Do you allow employees to access social media in your office?

There are four distinct advantages to allowing social media:

• Increased productivity. There have been a number of studies that have found that judicious use of social media in the workplace will actually increase productivity. A study conducted by the University of Melbourne found that employees with access to social media are 9% more productive than those without.
• Increased buy-in. Employees like to feel trusted and empowered. If they don’t you can expect to experience higher turnover and lower morale. A good way to gain trust is to allow employees to use social media in the workplace. If an employee feels like they are trusted, they’ll be more likely to stay with the company.
• Recruiting. Small businesses have started to use social media for recruitment, but limit efforts to one account. If you have 10 employees in your organization, each with a social media account with 100 friends, you have the potential to reach 1,000 people. This is achievable if employees are allowed to access social media at work and are encouraged to share posts.
• Identification of business opportunities. Through the use of social media, employees in charge of sales and business development can source new clients and build fruitful relationships.

There are many advantages to allowing access to social networks at the office. If you‘re hesitant to completely open the social media floodgates, try doing so in short periods, like the final three hours of the working day.

No matter what you decide, allowing access to social media is a good practice for your business. If you would like to learn more about social media and how you can leverage it in your business, we are happy to talk with you.

With the explosion of technological devices in recent years, companies have been given a golden opportunity to foster a more collaborative environment. This has not been lost on business owners, who have adopted tools that work best with a joint effort en masse. There’s a drawback to this however, many teams simply don’t gel well in the first place, and this makes the tools redundant.

Here are seven tips on how to improve collaboration within the office environment.

1. Open communication. One of the keys to successful teams is the adoption and encouragement of an open communication culture. With this, teams are better able to grasp what’s going on within the company, and be more efficient contributors and team players.
2. Use the right technology. It seems like there are a million different software and technology options out there. Some of the tools available offer some fantastic features and it’s easy to get sucked in by a flashy component. It’s important that when choosing a tool you pick one that meets your company’s needs and is easy to use.
3. Collaboration tools must play well with others. It’s beneficial to select systems that can be seamlessly integrated with other tools and software used by your employees. If your solutions don’t work together, all parties won’t be able to work together.
4. Employee learning is key. When you find the perfect tool to use, be careful to take time and learn how to effectively use it. Training for the users of the tool is equally important.
5. Work hard, play harder. Teams and departments should step away from their computers and actually have face-to-face meetings at least once a week. These meetings should be a mixture of formal and informal, and offer employees a chance to come together as a team, unwind and share ideas. A team that can interact well will always work together with greater efficiency.
6. Mobilize. The smartphone is here to stay and with each passing year the number of users grows exponentially. It’s beneficial to encourage the use of these devices, and look for mobile solutions that allow users to be a part of the group while out of the office. If you do allow mobile devices, be sure to establish a clear usage policy so employees know how and when they should be using their phones.
7. Don’t just focus on internal collaboration. One of the most common mistakes companies make is that they focus on group participation within the business, but don’t provide adequate support for external interactions. Be sure you integrate tools that provide stakeholders with a way to connect and work with teams within the company.

With a team that interacts effectively you’ll see happier employees and higher profits: a win-win situation. If you have any questions regarding collaboration tools, or other ways to increase business value please don’t hesitate to contact us.

One selling point of the Mac is that the OS, OSX, is more secure than a computer running Windows. Many Mac users have been lulled into a sense of complacency and have been taking inadequate steps to protect their systems. A recent trojan has shocked these users into reality and left many of them wondering if their systems really are secure.

If you mention “OS X” and “virus” in the same sentence, you’ll get some weird looks from Mac users. Traditionally viruses and trojans on OS X were near non-existent, but there’s a Mac specific trojan, codenamed Flashback, that has affected more than 600,000 computers. This is big news as it shows that machines running OS X may not be as secure as first thought.

Many Mac owners are unsure of what exactly the Flashback trojan is, what it does and how to ensure they’re not infected. We’re here to help clarify the situation.

What is a Trojan and What Does Flashback Do? In general terms, a trojan is a piece of malicious software that infects a computer and gives control of part, or the whole computer to hackers. The Flashback trojan takes advantage of an OS X Java vulnerability and infects computers by tricking them into downloading a fake Java update.

When the program is installed, Flashback will download and install the main trojan code without the need for permission from the administrator. From there it proceeds to hijack your browser, redirect search queries to websites developed by hackers, and then take advantage of pay-per-click advertising.

Why Should I be Worried? While this version hijacks your browser, there are far more sinister things it could do. As this trojan acts as a downloader, there’s nothing stopping the developers from updating the malware to steal passwords, banking information and other confidential information.

How do I Ensure My Mac is Clean? Apple has released an update for machines running OS X 10.6 and later. The first step you should take is to update your computer to patch the vulnerability. To update your Mac:

1. Press the Apple logo, located in the top right hand of your screen.
2. Select Software Update...
3. Press Install and Restart.

While the patch will prevent Flashback from working, it won’t delete the program if you’ve been infected. The Internet security company F-Secure has developed a script that scans your computer and removes Flashback if found. Once you have downloaded the script, open and run it. The script will search your computer and place the infected files in an encrypted ZIP folder labeled Flashback_quarantine.zip.

Flashback has infected a higher number of Macs than any other trojan to date and goes to show that Macs also have security flaws. This also serves as a reminder that you should have a virus scanner and security program running on your Mac. If you have any questions regarding the security of your Mac or other devices, please don’t hesitate to contact us. We are here to help keep your machines secure.

Business continuity planning - an important consideration companies have been looking into, and adopting in increasing numbers. It’s vital that businesses can operate in any condition and that they won’t be affected by disasters. One of the steps in implementing a successful protection strategy involves working out whether to use software or templates.

The decision between templates and software can be a tough one to make, as whichever one you choose, you’ll be using and relying on for a long time. To help you we’ve covered some pros and cons on both choices:

Using Software If you choose to go with a software program, you will be walked through the whole process allowing you to develop a useable plan. Another benefit of using software is that you’ll be able to develop reports if needs be.

The drawbacks of using software include cost, inflexibility and learning time. For the most part, business continuity planning software is not cheap, and at times can be inflexible due to limits within the program. If you have a niche need, the software may not cover it. In addition, as with mastering any program, the learning curve can be quite steep.

In general, using software would be advantageous for companies that have a bigger budget for the development of a continuity plan. Software is also a good bet if you don’t have staff who are experts in continuity planning, or if you operate in an industry where a continuity plan is necessary, e.g., companies working with healthcare insurance, or manufacturing companies that have introduced ISO 9000.

Using Templates If you feel that your company is not ready for software you can use templates to help you develop your plan. These solutions are mostly written plans that you adapt to meet your business needs. They’re useful if you’re just starting to do continuity planning, as they provide a normally solid foundation, and are generally a lot cheaper than software.

A limitation to using templates is that they can be a little too basic at times, and may not meet your needs. Granted, most plans will follow a basic structure and your developer will need to adapt some steps for your relevant region and industry.

As each industry is different, it’s hard to make a recommendation on what type of planning style companies should take. We recommend you take your time, do your due diligence and weigh out what’s best for your business. No matter which method you choose to go ahead with, ensure that it’s easy to implement, and that you’ll be able to teach your staff how to run the plan.

If you feel really lost or are not sure what to do, talking to professional consultants could go a long way in helping you develop a plan. If you’d like to learn more about business continuity planning please contact us - we are happy to help.

Peer-to-peer networking (P2P) and cloud storage services have both been hot topics in the news lately. Whether it’s about the seizure of servers or security threats, both have been causing businesses problems with regards to recoverability and security of data. Does your company use P2P or cloud storage? If so, there are a number of things you should be aware of.

With the seizure of a number of cloud storage and sharing websites, including Megaupload, and the seemingly omnipresent malware in P2P files and the shaky security in relation to P2P networks, businesses have had their hands full staying secure. Do you know what your options are when it comes to data security?

Cloud Services Knowhow The recent seizure of Megaupload’s files and servers by the US Government caught many people and businesses unprepared. While Megaupload’s main purpose was file sharing, it was found that a large number of organizations were using their services to store files. If you had files stored on Megaupload, the chances of getting the files back are non-existent.

It needs to be pointed out that many cloud services don’t guarantee that files stored on the service will be recoverable in the event of a crash, or disruption in service, e.g., a government seizing servers. If you read the user agreements of a number of major cloud services, they all have clauses stating that if data stored on their service is lost for any reason, it’s gone forever, and the hosts can’t be held liable for losses.

Risks of P2P With high speed Internet widely available at low prices, P2P file sharing has become incredibly popular, it’s almost uncommon to find someone who has never used a P2P service. If you or your employees use P2P at your office, there are a number of potential security threats you should be aware of:

• The unknown share: If you put a file in a folder that is shared on a P2P network, it’ll be shared with all other people connected to that folder and almost anyone can access it. This is normally done by mistake, i.e., not looking where the file will be saved when you save it. There’s also malware out there that will move files into a shared folder which the developer of the malware can find and upload with ease and without the user knowing it is happening.
• Open network: Typically P2P works on open networks: users give and share. What this means is that when using P2P on a poorly configured network, the whole network could be unsecure, allowing for access to other computers connected to the network.
• Untracked data: If you share a document with another person, and they then share it with others, there is potentially, an unlimited amount of people that can get the data. If you want to take it back, it can be impossible to do so, even if the original document is deleted.
• Storage hijacking: There’s news of malware that has been developed with the purpose of downloading illegal material onto your hard drive. This could pose a problem if the data is found, as you will be liable.

What Should I do? With regards to cloud services, as with anything that comes with a contract, the first thing you should do is gain an understanding of it by utilizing reading material such as blogs, news articles and Wikis. It’s a pain in the neck, but it’ll help you understand the boundaries of the program and your responsibilities. Remember that if you go to court to get files back from a company, and it becomes known that you didn’t read the agreement, you’ll probably end up losing that case.

Second, it’s not recommended to keep single copies of data on one cloud service. Chances are high that in your business, you store your data and backups in a place separate from the computer. This makes sense with the cloud as well - keep your data with a number of different cloud services. If it’s important enough, have physical backups of what you put in the cloud.

For P2P networks there are also a number of steps you can take to protect the data on your network:

• The most obvious one is to ban employees from using any file sharing services outside of your network.
• If you do allow file sharing, it’s a good idea to establish and strictly enforce a protocol for this. You should also set which users are allowed to share files, and what files are appropriate to share. Be sure that all staff are aware of your policy and the measures that will be taken in the event of any deviations.
• Develop a system to classify documents by whether or not they can be shared, and who they can be shared with.
• If you work in an office where you need to share files, but don’t want to use a P2P network or the cloud, and are unsure of other solutions out there, don’t worry. There are companies that specialize in document sharing solutions that should be able to provide you with assistance.

The most important thing is that whatever the situation is, you take action to try to solve the problem while frequently revisiting the actions to ensure that they are working. If you’d like to learn more about document sharing over the cloud, or via P2P networks, give us a buzz. We’re more than happy to help.

Social media has really become a major way for businesses to get their name out and gain exposure to the many different people on the Internet, build their brand and find new customers. With the large numbers of people currently using the Internet, it makes sense for businesses to have some form of online presence as they will be able to connect with more customers.

Social media, once called a fad, has become the norm and is going to be with us for some time. A large number of companies already have an online presence, and are taking advantage of the benefits that social media can bring. Here are a number of things you can do to get your social media adventures underway.

Be Clear on Social Media It’s important that before you start looking into the different forms of social media that are out there, you are clear on what social media is, and what it isn’t. Social media is a way to meet people, and share content and ideas with them. For companies it’s a form of non-traditional marketing - think of it as soft marketing - it’s not meant to be the place where you flog your products, rather a place to develop interest in your company, so people will want to do business with you. By using social media you can show people who your company is, and connect with them on a more personal level. If you are clear on what social media is from the beginning, there’s a higher chance that you’ll be successful when you develop your online presence.

Before You Launch Into Social Media There are a number of things that your company needs to have either already done, or considered, before you jump in:

• Have a website: It’s a good idea to have a solid website with information about your company, contact information, products and services. Most potential customers will look at your website after looking searching for you online, and before they choose to do business with you, so your website needs to provide the relevant information they are looking for. If you don’t have a website, or feel yours is lacking, it’s easier than ever to get a professional looking site. With a quick search you will be able to find some competent designers.
• Get educated: It will be beneficial to educate yourself on current trends regarding social media. This can be done by simply going to social media websites, taking the free introduction tours and reading blogs related to the sites. Beyond that you should also research your competitors’ websites and Internet presence. Observe what content they have online, and more importantly: what they don’t have. It will also help to connect with and observe industry experts, see what they post online, and note the style and tone they use. This will help provide you with a sound knowledge base from which you can then create a more effective online presence.
• Set goals: As with any step in business, you should have a plan with realistic goals. Aim for results that are achievable for your company. If you’re a small, local IT company that focuses on providing support for banks, don’t expect to have the same massive hype that Microsoft and Apple do. Clearly set objectives and review periodically.
• Develop a focus: In real life, you can’t be all things to all people. The same goes for social media. You need to develop a focus on what type of online content you would like to share. You should aim to create content that your customers will want to share with people.
• Stake a claim: You should to go to the main social media websites - Google+, Facebook, LinkedIn and YouTube - and reserve your personal and business usernames. This is important because it will make you look more professional by having the same username across all sites, and users will be able to find you easier.
• Ask for help if you need it: While some companies make social media sound easy, it can be deceptively hard to master. If you feel lost, or are having a tough time with it, there are knowledgeable consultants out there who are happy to help.

Time to Get Social When you feel you know what direction you will take, it’s time to start developing your online profiles. It can be tough to decide which social media tools to utilize. Unfortunately there is no right answer. Most small businesses follow the crowd, and this means having pages on Facebook and Linkedin. This does not mean that you should join these networks simply because they have the most users. It is recommended that you follow what similar businesses or direct competitors are doing. If they are on one service but not another, do the same to begin with, but be on the lookout for new social media sites, or features being added to existing sites.

One Thing to Not Forget There is one really important thing we can share with businesses thinking of pursuing social media: it isn’t a turnkey operation. You can’t just, “set it and forget it.” To be successful, you need to be active by posting updates, news, and above all interacting with the people who reach out to you. After all, they are your customers. If you do establish your social presence but forget to keep it up to date, you will be the company that’s forgotten.

If you would like help with your social media strategy, please get in touch with us. We’d love to hear from you.

Spring is almost here, and you know what that means: many companies and employees are looking for a fresh start. Chances are high that if your company is going to experience employee turnover, it will happen in Q2. This means that you will probably be conducting interviews, and one of the most convenient and popular ways of conducting an interview is via VoIP software - Skype, Microsoft LYNC, etc. Do you plan to conduct an interview using VoIP?

Let’s face it, there are very few people out there who love conducting interviews. The ones that do, are journalists, the rest of us see it as a means to the end. But that doesn’t mean that you should put interviews on the back burner. Remember, the purpose of the interview is to find an employee that meets your needs and is a good fit for your business. Many of us have watched or conducted interviews over VoIP, and have walked away unimpressed, or unsure of the results. Here are some tips to ensure you get the most out of VoIP while interviewing.

Remember the Rules Many of us have another identity or personality when we are online, it’s common to see people who are usually quiet and reserved in real life become very vocal when placed in front of a computer. This also happens when people conduct interviews online, another personality often comes out during the interview. Remember: even though you are conducting an interview over VoIP, it is still an interview, and as such, you need to follow the same rules and guidelines you would when conducting a face-to-face interview. One of the biggest things interviewers forget when they conduct interviews via VoIP is that you are a representative of your company and its brand, the interviewee will form their own opinion based on what you say and how you act. Adopt your face-to-face interview persona, not the online persona.

Lights, Camera, Office? When conducting the interview it is best to pick a well-lit spot, with minimal to no distractions. Your office may be the one with Nirvana posters on the wall - which is cool - but they’re probably not the best thing to have as your background during the interview. The best spot to conduct face-to-face interviews is in a conference room, so why not conduct the online interview there? If you don’t have a conference room, pick a quiet spot in the office. Wherever you settle, be sure you are comfortable there, as chances are you will be conducting more than one interview.

When you have found a good spot, be sure to turn off your cellphone, or at least put it on silent. Also be sure to turn the various sound alerts on your computer off. Nothing is more annoying to interviewees than being interrupted mid-sentence by a telephone call, or the ubiquitous IM alert.

Test the Tech Before you conduct the interview, ensure you are familiar with the program you are using. You don’t want to accidentally mute the interviewee, or even worse, hang up on them. It is a good idea to set up in the place you are going to be conducting the interview, and check that the internet connection is stable, or if you are using WiFi, that the signal is strong. Conduct a test call with a colleague or another person to ensure that your webcam is working correctly, and you can hear the other person. It is best to do this a few days in advance, so you can iron out any glitches or problems with lots of time to spare.

If a technological mishap occurs during the interview, or you lose your connection, don’t give up and walk away, simply call the interviewee back, apologize and carry on. Better still, establish at the outset that if there is a problem, you will definitely call back. This will ensure that the interviewee isn’t calling you when you are calling them.

The Interview Remember that you are using technology for the interview, and this technology has many useful features, the most pertinent being the ability to record. Being able to play the interview back later if you feel you have missed something, or want to know other employees’ opinions, is an excellent perk to using VoIP. Be sure to let the interviewee know that their interview will be recorded, as it could be illegal to record the person without their consent.

One common oversight by both the interviewer and interviewee is time. It may happen that you need to conduct an interview with someone in another timezone. It’s important to be aware of the time difference and ensure that both parties are on the same page. Also, if you’re in an area that has Daylight Savings Time, be aware that some places don’t observe it, and adjust accordingly. If you know the interviewee is in another timezone, clearly state when you are setting up the interview time, if you mean your time or the interviewee’s time.

Finally, when conducting the interview: be aware of where you are looking. Most programs will have the other person in a large image with you in a smaller image. Look at the image of the person when they are speaking, and at the camera when you are speaking. This is the best way to replicate eye-contact in a face-to-face interview.

When you remain professional and can execute a good interview using VoIP software, you can be sure that the interviewee will be impressed and will want to join your company. Good luck! If you would like to know more about using VoIP for interviews, or other business operations give us a call - we are more than happy to hear from you.

“Cybercrime”, “malware”, “hackers”. Three common buzzwords that have caused businesses untold amounts of lost profits, breached data and so on. As much as we would like to say that cybercrime is being eradicated, we can’t. It isn’t going to go away, but if you are aware of the common cybercrime trends, you can take steps to protect your business.

A quick Google search for “cybercrime trends” yields over 78 million results, the majority of which are likely to affect large enterprises or governments. While it is beneficial for all businesses to be aware of the major trends, there are a number of threats that will affect small businesses more than others. Here are some current cybercrime trends that SMEs should be aware of.

Mobile Malware Smartphones are becoming ever more popular, and with this popularity has come an exploding number of apps. Malware developers have been picking up on this during the past few years and there have been an expanding number of apps dedicated to attacking your phone or mobile platform. The most common type of malware on mobile devices is spyware, followed by SMS Trojans. SMS Trojans run in the background of some applications, and make international calls or text messages from the developers’ services causing huge phone bills. The final form of malware targets online payment apps on the phone.

One of the main reasons this form of malware has become so popular is due to the openness of some markets, such as the Android Market. The owners of the app markets are working to track down and get rid of the guilty apps on their marketplaces, but you still need to remain vigilant. while installing apps. Look at the developer of the app - how many times has it been downloaded? Maybe double check the app’s integrity online before installing and double check the app on the internet.

Open-Source Malware Kits A common thing malware developers do is write code for malware and then sell it to interested buyers. But a rising trend is that developers are writing malware that is open-source—any person can download and change it. The worrying thing is, many developers of already powerful malware have been releasing open-source versions of their software. This means that there will be an increase in the number of malware attacks out there, as devious developers can easily come up with more elaborate hacks.

Banking Trojans Along with the open-source malware kits, there has been an increase in the number of banking trojans—aimed at stealing account information and passwords. While these trojans have been a threat ever since banks first started offering online banking, they have become popular again as people and businesses are starting to move their online banking onto mobile devices, and the trojan software is easily accessible. This makes mobile banking apps an easy target.

With cybercrime on the increase, now is a good time to review your security, ensure its up to date and remind employees of your mobile device policy. If you don’t have a policy in place, or feel that your security is inadequate, give us a call, we are happy to help you. Remember: with good security and knowledge, there is no reason you should fall victim to cyber theft.