2013-05-19T12:05:21-04:00 Matt Norris http://www.huffingtonpost.co.uk/author/index.php?author=matt-norris Copyright 2008, HuffingtonPost.com, Inc. HuffingtonPost Blogger Feed for Matt Norris Good old fashioned elbow grease. tag:www.huffingtonpost.com,2013:/theblog//3.2876725 2013-03-14T13:04:27-04:00 2013-05-14T05:12:01-04:00

Matt Norris http://www.huffingtonpost.com/matt-norris/

• Although these devices increasingly resemble mini-PCs, their security is almost certainly behind that of an average computer. This doesn't matter much if they simply want to play games on it or keep in contact with their friends. But it is a problem if they use it for work, because these devices can be much more vulnerable to hackers than a laptop.

• Cybercriminals are increasingly targeting mobile devices in the hope of stealing the owner's banking details. But if they hack into one of your staff's devices they might unwittingly find a wealth of confidential business data stored on it that could be far more valuable on the black market than the user's credit card number.

• If your staff use these devices for both business and pleasure then that can create problems too. I know of a company where one of its employees downloaded a social media application and as a result agreed inadvertently to transfer sensitive client information from his smartphone onto a social media site. It wasn't a malicious act, he just didn't think about what else was on it, apart from his photos, and so information would get posted on the site for everyone to see.

Therefore, it's important to establish some policies on the use of mobile devices to help you manage the fallout for your business if something goes wrong.

View a mobile device as a company PC or laptop
Whereas every work computer would have a secure login, mobile devices are unlikely to have passwords to authenticate their users and control access to the data stored on them. The devices have the technical capability - it's just their owners rarely bother to use it. So it can be a good idea to encourage your employees to use the same strength login on their mobile device and their work computer. That way, at least you can ensure the password on their device is just as strong as the one on their work PC, and it will be changed regularly.

Encourage all your staff to use the same device
It's much simpler for you to keep on top of security updates on iPhone or Blackberry handsets, for example, rather than several different makers' phones and tablets. If everyone has the same device, you know they will all need the latest security patch. Then you need send out only one email to every staff member with a link to download it.

Act quickly if a device is lost
If one of your devices goes missing, the simplest and most effective method of limiting the security risk to your firm is to wipe the lost device. You can send it a message to delete all the data contained on it, even if it's been stolen. But doing so would also erase all the user's personal files, such as their music and photo collections stored in the cloud. Make sure you tell your staff members that, as a last resort, you will have to wipe their device if they lose it - they might not be happy about it but it might make them take more care of it if they know what would happen should they lose it.

Remember your responsibilities to your clients
It would be highly embarrassing for your firm to admit to your biggest client that an iPad containing some of its confidential data has been lost. But, if you try to keep it quiet you might land yourself in bigger trouble with the information watchdog, whose job it is to make sure people's personal data is kept safe.

One solution, which many US firms have adopted, is to write a protocol explaining when customers will be informed if a device containing their data has gone missing. Most companies will not tell clients if the device was left in a taxi or stolen in a bar. Providing you have a protocol, and follow it if a device is lost, information watchdogs are unlikely to take action against your firm.

I'm not saying you shouldn't let your employees use a mobile device for work. They're great gadgets, which, for a small amount of money, can make your employees feel more positive about working for you, and allow them to work on the go. But it's worth being aware of the potential pitfalls of encouraging your team to use them, so you can prepare for any problems you might encounter.]]> tag:www.huffingtonpost.com,2012:/theblog//3.2166213 2012-11-20T12:42:41-05:00 2013-01-20T05:12:01-05:00

Matt Norris http://www.huffingtonpost.com/matt-norris/
Cloud computing is no different from the other risks your business faces. When you opt to put an essential element of your business in the care and control of an outsourced provider you need to have made that decision with due consideration to your business needs and the risks associated. Assessing and mitigating the risks involved, and anticipating problems such as service failure and associated loss, will go some way to providing peace of mind when opting for cloud data storage and management.

Your options - to cloud or not cloud
For a small or startup business there are a number of ways in which using the cloud could make a positive impact on the bottom line. For one, as a new company, you can set up your entire business online without high capital outlays in purchasing new computer infrastructure or licences to run software. Having cloud computing enables you to download and access information as and when you need it, providing you are connected to the internet. This enables cloud users freedom from the traditional desk bound business environment. Freedom can offer flexibility and make you available to partners and customers more readily - and more importantly, before a competitor can get there. It also frees up capital which would have been spent on office rent and utilities, to be invested in other areas of the business that need developing.

Hiscox research* shows that there is obvious concern from SME's that their IT systems are kept secure and up to date. Of those surveyed 41% said that a computer virus attacking their system was their biggest concern. This was followed by the theft or loss of actual computer or data storage devices (32%). Cybercrime was an issue for 27% of respondents. Being in the cloud gives SME business owners greater peace of mind. Cloud providers are building more technologically advanced data centres and can provide more up to date and regularly maintained security options which SME business owners often can't afford to implement themselves. The right cloud supplier will save the time and effort which would usually be spent setting up and maintaining anti-virus software, sorting out related IT issues, training staff, keeping abreast of latest IT developments, spending time backing up data, updating systems and so on. All of these aspects are already being developed and enhanced by the cloud provider so all you have to do, is plug in and enjoy the benefits.

However, in considering your options as a business owner you should ensure you choose the cloud supplier whom bests meets your needs. When buying any new hardware or service, you also need to think about what could happen if it didn't work properly.

Following storms across the East Coast earlier this year which knocked out Amazon's data centre and took down Netflix, Pinterest and Instagram to name a few, cloud providers seemed to be better prepared for superstorm Sandy. Some websites did go offline, but although impacted by Sandy, data centers in the US largely appeared to continue to operate. The benefit to an SME is that established data centers are staffed by experts who can work behind the scenes in such scenarios to keep the data centre up and running and providing customers with uninterrupted service levels. Stories of diesel shortages emerged after Sandy, with small businesses queuing at petrol stations for diesel to keep their generators going: it is worth checking, but your cloud vendor should be able to offer a more resilient contingency plan after such disasters.

Being a small company, you're likely to be most vulnerable to service disruptions because you're unlikely to have the spare capacity or cash to get you through a major problem. If your business suffers a service disruption, or worse, a data breach, you need to feel confident that your cloud supplier has your best interests at the heart of their service model.

Know your provider
While it less likely to happen as technology improves, if there is a service issue with your cloud provider that impacts your customers, the first action to consider is to reassure them that you are aware of the issue and are doing something to rectify the situation. You will need to explain to them what has gone wrong and what is being done to put it right but if the fault lies with your cloud service provider then you may not have any of that information.

Ask potential cloud computing suppliers what processes they have in place to handle outages or security breaches and how they work with you to help you handle the situation with your own customers. You want to have access to the provider and its crisis information in those critical hours. You need to have a clear understanding of who and how the vendor will be communicating to you if there is a problem. You need to see their security certifications for additional peace of mind and even go as far as researching the potential provided by looking online at reviews from existing customers. It's important to have a clear understanding of the offering, and to establish their service levels and track record.

* The findings come from Hiscox's fourth DNA of an entrepreneur study which researched 3,000 owners or partners in small and medium-sized businesses in six countries: the United Kingdom, the United States, the Netherlands, Germany, France and Spain. The full report is available here.]]> tag:www.huffingtonpost.com,2012:/theblog//3.1399037 2012-04-03T07:04:56-04:00 2012-06-03T05:12:01-04:00

Matt Norris http://www.huffingtonpost.com/matt-norris/
Cyber criminals don't only target giant corporations like Sony Playstation. Small companies - even start-ups with only a few thousand pounds of revenue - can also be an attractive target for hackers.

That's because in the internet underworld a stolen credit card can fetch up to £10. There are criminal sites - illicit versions of online auction sites if you like - where millions of credit card details are up for sale and can change hands at the click of a mouse. Snatching a few thousand credit card details from a small firm's server, which may not have the security safeguards of big corporations' systems, starts to look attractive to a hacker.

Understand the risks
Every firm that takes payments using credit and debit cards needs to comply with the Payment Card Industry (PCI) standards on data security. When a retailer agrees to accept these cards it must sign a contract with their bank. Many may not bother to read the full agreement, but they should, as it contains a couple of clauses that are potential dynamite to your business.

If payment card data is stolen from your business, it is likely your bank will ask you to pay for a forensic analysis of what happened. This isn't cheap. Investigations start at £5,000, but I know of a company that mislaid some back-up tapes and had a bill for forensic analysis of £8 million. The trouble is many companies are operating on such thin margins that one bank told me that two-thirds of firms couldn't even afford the cost of a basic investigation.

If the investigation reveals your firm does not comply with the PCI standards then you can be liable for the cost of all the charges racked up by fraudsters on those stolen cards. TJX, the owner of TJ Maxx clothing stores in the US - the victim of a massive hack attack in 2007 - was forced to repay $40million to Visa alone in respect of the fraud on stolen payment cards.

Protect your business
A small firm can transfer this risk by holding no customer credit card details on its system. It can ask its bank to handle all payments itself, so when you go to pay you will be transferred automatically to a bank's payment site.

But that may entail a charge from the bank. It might also be impractical for a company to hold none of its customers' personal details. In which case, it's worth investing in encryption software. It's easy to use and it's safe.

You press a button and all the credit card details are encrypted. That effectively renders the data dead once it's saved onto your servers. Even if hackers steal it there isn't much they can do with that data in its encrypted form.

The online world has created a whole new marketplace and is enabling more and more entrepreneurs to make their ideas a reality. There are steps businesses can take, no matter what their size, to protect themselves from cyber criminals and get on with what they do best - driving their business.
]]>