Years ago, it may have seemed like only government agencies with top-secret intel or wealthy international banks had to worry about hackers. Nowadays, even the smallest small business could see its reputation ruined by a data breach, while larger companies could have their sensitive data taken hostage in a ransomware attack that costs millions to resolve.

A cybersecurity assessment can help ensure that your business is taking the proper steps to protect itself. It can also give you a competitive edge by demonstrating to customers and prospects that you take data privacy seriously.

More tech, more risk

Many, if not most, of today’s companies are taking advantage of technologies that allow them to gather, track and analyze customer and financial data. This includes software for mission-critical activities such as payroll, accounts receivable and payable, supply chain management, HR and benefits, and on-site security.

If you were to ask your IT staff about how tech support for remote employees is going, they might say something along the lines of, “Fantastic! Never better!” However, if you asked remote workers the same question, their response could be far less enthusiastic.

This was among the findings of a report by IT solutions provider 1E entitled “2021: Assessing IT’s readiness for the year of flexible working,” which surveyed 150 IT workers and 150 IT managers in large U.S. organizations. The report strikingly found that, while 100% of IT managers said they believed their internal clients were satisfied with tech support, only 44% of remote employees agreed.

Bottom line impact

By now, over a year into the COVID-19 pandemic, remote work has become common practice. Some businesses may begin reopening their offices and facilities as employees get vaccinated and, one hopes, virus metrics fall to manageable levels. However, that doesn’t mean everyone will be heading back to a communal working environment.

Whether it’s a smart phone, tablet or laptop, mobile devices have become the constant companions of today’s employees. And this relationship has only been further cemented by the COVID-19 pandemic, which has thousands working from home or other remote locations.

From a productivity standpoint, this is a good thing. So many tasks that once kept employees tied to their desks are now doable from anywhere on flexible schedules. All this convenience, however, brings considerable risk.

Multiple threats

Perhaps the most obvious threat to any company-owned mobile device is theft. That could end a workday early, hamper productivity for days, and lead to considerable replacement hassles and expense. Indeed, given the current economy, thieves may be increasing their efforts to snatch easy-to-grab and easy-to-sell technological items.

Worse yet, a stolen or hacked mobile device means thieves and hackers could gain possession of sensitive, confidential data about your company, as well as its customers and employees.

Amateur criminals might look for credit card numbers to fraudulently buy goods and services. More sophisticated ones, however, may look for Social Security numbers or Employer Identification Numbers to commit identity theft.

If you’ve been in business for any amount of time, you probably don’t need anyone to tell you about the importance of cybersecurity. However, unlike the lock to a physical door, which generally lasts a good long time, measures you take to protect your company from hackers and malware need to be updated and reinforced much more regularly.

It’s every business owner’s nightmare. Should hackers gain access to your customers’ or employees’ sensitive data, the very reputation of your company could be compromised. And lawsuits might soon follow.

No business owner wants to think about such a crisis, yet it’s imperative that you do. Suffering a data breach without an emergency response plan leaves you vulnerable to not only the damage of the attack itself, but also the potential fallout from your own panicked decisions.

5 steps to take

A comprehensive plan generally follows five steps once a data breach occurs:

1. Call your attorney. He or she should be able to advise you on the potential legal ramifications of the incident and what you should do or not do (or say) in response. Involve your attorney in the creation of your response plan, so all this won’t come out of the blue.

2. Engage a digital forensics investigator. Contact us for help identifying a forensic investigator that you can turn to in the event of a data breach. The preliminary goal will be to answer two fundamental questions: How were the systems breached? What data did the hackers access? Once these questions have been answered, experts can evaluate the extent of the damage.

The COVID-19 pandemic and resulting economic impact have hurt many companies, especially small businesses. However, for others, the jarring challenges this year have created opportunities and accelerated changes that were probably going to occur all along.

One particular area of speedy transformation is technology. It’s never been more important for businesses to wield their internal IT effectively, enable customers and vendors to easily interact with those systems, and make the most of artificial intelligence and “big data” to spot trends.

Accomplishing all this is a tall order for even the most energetic business owner or CEO. That’s why many companies end up creating one or more tech-specific executive positions. Assuming you don’t already employ such an individual, should you consider adding an IT exec? Perhaps so.

Every business owner is aware of the threat posed by cybercriminals. If a hacker were to gain access to the sensitive data about your business, customers or employees, the damage to your reputation and profitability could be severe.

You’re also probably aware of the specific danger of “phishing.” This is when a fraudster sends a phony communication (usually an email, but sometimes a text or instant message) that appears to be from a reputable source. The criminal’s objective is either to get recipients to reveal sensitive personal or company information or to click on a link exposing their computers to malicious software.

It’s a terrible thing to do, of course. Maybe you should give it a try.

An upfront investment

That’s right, many businesses are intentionally sending fake emails to their employees to determine how many recipients will fall for the scams and how much risk the companies face. These “phishing simulations” can be revealing and helpful, but they’re also fraught with hazards both financial and ethical.

For several years now, cloud computing has been touted as the perfect way for companies large and small to meet their software and data storage needs. But, when it comes to choosing and deploying a solution, one size doesn’t fit all.

Many businesses have found it difficult to fully commit to the cloud for a variety of reasons — including complexity of choices and security concerns. If your company has struggled to make a decision in this area, a hybrid cloud might provide the answer.

Public vs. private

The “cloud” in cloud computing is generally categorized as public or private. A public cloud — such as Amazon Web Services, Google Cloud or Microsoft Azure — is shared by many users. Private clouds, meanwhile, are created for and restricted to one business or individual.

Not surprisingly, public clouds generally are considered less secure than private ones. Public clouds also require Internet access to use whatever is stored on them. A private cloud may be accessible via a company’s local network.

“Well, it still works, and everyone knows how to use it, but….”

Do these words sound familiar? Many businesses stick with their accounting software far too long for these very reasons. What’s important to find out and consider is everything that comes after the word “but.”

When business use of websites began, getting noticed was the name of the game. Remember pop-up ads? Text scrolling up the screen? How about those mesmerizing rotating banners? Yes, there were — and remain — a variety of comical and some would say annoying ways to get visitors’ attention.

Nowadays, most Internet users are savvy enough not to be impressed by flashy graphics. They tend to want simplicity and the ability to navigate intuitively. Most of all, they want to feel protected from scams and hackers. That’s why, when maintaining or updating your company’s website, trust is an essential building block.

Make it personal

Among the simplest ways to establish trust with customers and prospects is conveying to them that you’re a bona fide business staffed by actual human beings.

Include an “About Us” page with the names, photos and short bios of the owner, executives and key staff members. This will help make the site friendlier and more relatable. You don’t want to look anonymous — it makes customers suspicious and less likely to buy.

You’ve no doubt read articles or heard stories about how artificial intelligence (AI) is bringing sweeping change to a wide variety of industries. But it’s one thing to learn about how this remarkable technology is changing someone else’s company and quite another to apply it to your own. Here’s a primer on what AI might be able to do for your business.

3 technology types

AI generally refers to using computers to perform complex tasks usually thought to require human intelligence — such as image perception, voice recognition, decision making and problem solving. Three primary types of technologies fall under the AI umbrella:

1. Machine learning. This involves an iterative process whereby machines improve their performance in a specific task over time with little or no programming or human intervention. It can, for example, improve your forecasting models for determining which products or services will be in high demand with customers.

Device policies pertaining to smartphones and other technology tools continue to frustrate business owners as they try to balance their needs for security and functionality against employees’ rights to privacy and freedom. At some companies, loose “bring your own device” (BYOD) policies are giving way to stricter “choose your own device” (CYOD) or “corporate-owned, personally enabled” (COPE) policies.

CYOD: Their device, your data

A CYOD policy lets employees buy a device for combined personal and work purposes from an approved list of products. Generally, the employee owns the device with the business retaining ownership of the SIM card and any proprietary data. Many employers pay for the accompanying mobile plan. Sometimes, high-performance devices are made available only to “power users,” while employees with fewer tech-related job requirements must choose from lesser models.

Under a CYOD policy, you can:

• Ensure device compatibility with your systems,
• Require security protections on the devices, and
• Conduct ongoing security monitoring.

It also makes maintenance and support easier for your IT department, because IT staff will know exactly which devices they’ll need to handle.