The 5 basic requirements of a culture of security

Securing your network and data isn’t just about a strong antivirus solution.  It’s a lot more than that.

It’s about employees.  It’s about leadership.  It’s about thought processes.  It’s about how all of these things tie into each other to create, support, and encourage a culture of security.  When you integrate these elements into your cyber-security strategy successfully, your business will be better off, and you’ll have a legitimate chance to fight off cyber-threats.

So then the question naturally becomes: Does your preexisting security solution take into consideration the human element or does it begin and end with software?

In other words, have you created a culture of security or are you just doing the bare minimum and hoping for the best?

Building an effective culture of security within your organization is not an easy thing to do.  It’s not a one-time thing.  And it’s definitely not something that can be accomplished within a month (or even a year – heck, who knows how long it takes).  It’s a process that never stops evolving and will never go away.

But when it comes to the most basic requirements for a culture of security, these things never change.  If you go about them the right way, they can be simple to achieve and accomplished in a far shorter timeframe.  Here are the five most basic requirements of a culture of security.

Everyone has buy-in.

If you’re struggling to build a holistic security culture, this might be the reason you’re struggling.  Everyone on your team has to offer up their ‘buy-in’ – or their unwavering support of the process as a whole.  If not, then what you’ll be greeted with is indifference and half-hearted attempts at maintaining standard security protocols.  Not a strong security culture.

Everyone knows the basics.

When it comes to online security, things can quickly get… complex.  But, nonetheless, everyone should (and can) be familiar with the basics – like phishing, corrupt ads, patching, viruses, and passwords.  If they don’t understand how these things work, then why would they ever worry about protecting themselves (and your data) against them?  Train your staff on the basics and make sure everyone in your organization understands what they are.

Everyone gets the why.

The ‘why’ of everything is incredibly important.  If people can’t wrap their head around the fallout of a successful phishing attack or if they just don’t get the point of patching outdated software, then, again, why would they worry about any of it?  Don’t be ashamed to reassert over and over again why security is important.  Explain what happens when cyber-threats are successful and what they can ultimately cost the business.

Everyone stays suspicious.

Suspicion is everyone’s greatest ally.  The more suspicious your employees are, the more likely it is that your business can sidestep potentially fatal cyber-attacks.  If your employee opens an email and thinks, “I don’t know who this is, so why would they be sending me an attachment?” then you’ve done your job.  But this ties into everything else – they won’t be suspicious if they don’t know the basics, and if they don’t understand the basics, then they won’t understand the repercussions.

Everyone follows the rules.

Obviously, if you’re going to have a legitimate culture of security, then everyone needs to follow the rules.  It’s simple really.  You establish basic protocols, and they follow these protocols.  And you probably know what comes next – none of this will be possible if your employees don’t have buy-in, they don’t understand why all of it is important, and they don’t know how to adopt a suspicious mindset.  Make sure you take the steps to lay out a solid foundation for a strong culture of security.  One missed requirement can mean the death of your network, your business, and your future.

Reusing a password is dangerous, but most everyone does it.

91% of people understand the risk of reusing a password.  Yet, 61% of people still use the same password or a similar password from one account to the next.

Why is this?

Well, according to LastPass, you can blame Cognitive Dissonance for that.  “You know it’s bad for you, but you do it anyways.”  Maybe you rationalize this behavior because you believe that no one would ever want to hack your accounts.  You’re nothing special…  Or maybe you rationalize this behavior because you think you’re way too organized to ever be the target of an attack.  No one could ever get past you…   

But nonetheless, a breach is a breach is a breach.  And if you’re reusing a password, you’re in for a world of hacking.

You get it.

LastPass asserts that 59% of people know how important a good password is, 91% of people know reusing passwords is risky, and 75% of people know what a strong password looks like.  So… you get it.  You know passwords are important, and you know what it takes to make your passwords secure.

We get it.

But even despite these rather positive statistics, you aren’t doing what you know to be right.  41% of people choose a password because it’s easy to remember, 61% of people reuse passwords, and the majority of people use personal information to create passwords.

But, still… we get it.

You have a million and one accounts… each with a desperate need for a new password.  If you create a new password for each account, you’ll have a million and one passwords floating around your head.  And even if all these passwords you create are “easy to remember,” they’ll still be difficult to recall just due to the sheer number of how many logins you’re required to remember.

Everyone can get it.

But at the end of the day, things really don’t have to be so difficult and all over the place.  You just have to be smart about things.

If you aren’t comfortable with a password manager (a solution that will remember all your passwords for you, like LastPass), then you need to find a simple way to create secure passwords.  This can be anything really, and if your strategy is reliable enough, you can streamline it across all your accounts.

For example, you can use the name of the website, a standard phrase, and a uniform string of numbers and characters. Here’s what that could potentially look like:

Netflix: PizzaisgreatNetflix930!

Hulu: PizzaisgreatHulu930!

Facebook: PizzaisgreatFacebook930!

Amazon: PizzaisgreatAmazon930!

This strategic password is easy to remember and would be incredibly difficult to crack.  It can work for each account you have, and it has everything a password needs to be secure and hard-to-crack.

Another option you have is to use Two-Factor Authentication.  Most major sites offer 2FA, and it provides an extra layer of security for your accounts.  Since 2FA usually requires a user to verify another source (through avenues such as text messaging or emailing), hacking an account with 2FA would be pretty difficult.  It would involve a skilled a hacker and a lot of time.


Whatever it is you decide to do, make sure you’re smart about it.  Don’t fall back on simple, insecure passwords just because you feel you’re not worthy of being hacked or because you think you can prevent a hack before it gets to you.  Keep your passwords strong, unique, and strategic.

It’s time you start thinking like a smooth criminal.

Let’s get one thing straight here right off the bat. Annie’s not ok.

She’s worried about the security of her data.

With the threat of hackers looming over her head, she’s concerned about keeping her client information safe and her business financials secure. So she invests the time in creating a business continuity plan and implements safety precautions to safeguard her existing technologies. Things are going great until a higher level executive steals an external hard drive containing confidential client information from the accounting office.

What went wrong? How did this internal threat slip by?

Annie was so concerned about outside threats, that she completely disregarded the possibility of internal data breaches. She didn’t protect the one area that most wrong-doers would consider first.

It’s simple really.

Annie wasn’t thinking like a criminal.

Are you?

If you think your business is protected just because you have a security policy in place to deal with hackers, you’re sadly mistaken. In order to be truly secure when it comes to your business, you have to have policies in place to deal with both internal and external threats, which includes physical theft.

A great example of this is the Lowe’s case a few years ago.

In an elaborate scam, three men reportedly stole more than $80,000 worth of merchandise from Lowe’s Home Improvement stores. Every day over the course of three months, the men would drive for hours going from Lowe’s store to Lowe’s store, stealing high dollar tool sets. One man would walk in, buy an expensive tool set, leave the store and hand his receipt to one of his cohorts. The second accomplice would walk in, get another package of the same tool set and leave the store with the package and the receipt, appearing to have legitimately made a purchase. After doing this at a couple of different stores, the men would then go to another Lowe’s, return the merchandise and pocket the cash.

Being the large-scale hardware chain that it is, I’m certain Lowe’s has some kind of security feature in place to deal with things like data hackers or breaches, but when it comes to physical security, these stores were clearly lacking. Perhaps if they had some way of marking the receipts to indicate that the item had been returned, a crime spree like this one wouldn’t have occurred so easily.


There’s no reason to be struck by a smooth criminal. It all starts by protecting your business both externally AND internally. Need a hand? Then give us a call today to speak to schedule a private briefing with one of our security experts. We’re here to help!

Three Reasons Technology Changes are Good for Business

There are very few things that can positively affect multiple facets of your business at once. Usually, the impact of changes made to your business is segregated by department, function, position, or service. In other words, these changes don’t have what it takes to influence other areas of your business. However, this isn’t always the case with technology.

With simple changes to your technology, you have the potential to make a large impact – an impact that will affect more than just one department, one person, or one function. A change as minimal as new software and something as unexciting as regular hardware maintenance can easily keep your business well-oiled and your staff thriving, paving the way to a steady future.

Here are just a few of the benefits that stem from a technology infrastructure that isn’t afraid to change.

You will attract better employees and retain them for longer.

Believe it or not, the status of your technology affects the relationship your entire staff has with your business. If you’re working with outdated or uncooperative technology, your employees will struggle to perform as expected. And if they’re struggling to perform as expected, how are they ever going to exceed expectations within their given position?  Your employees will likely feel overwhelmed and unsatisfied.

You will experience better customer service results. 

Updated, modern technology is really good at doing one thing – working exactly like it’s supposed to work. When you have technology that does what it should when it should, then your employees will have a legitimate shot at providing quality customer service on a consistent basis. And that’s all any customer really wants – consistency.

You will stand out from the competition and look more sophisticated.

The funny thing about technology is that it can make any style, brand, or size of business look more sophisticated than it might actually be. With the right IT solutions in place, your business will look like a well-oiled machine that knows what they’re doing at all times. Even if your competition is overflowing with talented, knowledgeable individuals, if their technology is poorly maintained and half-heartedly implemented, they’ll look sloppy in comparison.


Is your business in need of a technology upgrade? Well, you’ve come to the right place. We’ve helped local businesses build their competitive edge through modern technology, and we can do the same for your business. Give us a call today to learn more!

Want to protect the data on your mobile devices? Remember these 4 tips.

Data is a valuable thing for any business. Within it, is the past, present, and future of what your business is, what it does, and who it does it with. And there are pieces of this story that should never be shared with others. But unfortunately, sharing is just way too easy these day – especially when you consider that your business data can go anywhere, with anyone, on any device.

Just one of the many perks of modern mobility.

So for the sake of privacy and for hopes of avoiding data breaches, hackers, and snoops, here are a few quick tips to help keep your data private when it’s on-the-go and mobile.

Public Wi-Fi

Public Wi-Fi is great, but it’s not always friendly. There is such a thing as a malicious Wi-Fi hotspot, and if you connect to something like this, any number of things can occur. For one, the creator of this hotspot can potentially track everything you type and everywhere you go within that mobile device of yours. Or, they can just throw some nasty viruses in your direction. Either way, both situations are not pleasant.

If you must connect to public Wi-Fi, do so with caution. Make sure everything looks as it should and always stay away from private, sensitive data when you’re connected.

Locked Devices

One major issue with data being on mobile devices is that it can be lost or stolen with no hacking necessary. In other words, you lose the device, you lose the data. Someone steals your device, someone also steals your data. Because of this, you need to take a handful of proactive measures to ensure this data isn’t easily accessible when it is lost or stolen.

And the very first step you should take is locking your screen. Never leave your device wide-open to threats by keeping it unlocked. Whether it’s a pin-code, password, or fingerprint, something is always better than nothing.

Gadget-Finding Apps

While we’re on the subject of proactive measures, another one you can take is with a gadget-finding, device-turning-on, data-wiping app. These apps are great to have at your side for a variety of reasons – they can help you track down a lost device, lock your gadgets remotely, and even turn the camera on for you. However, when it comes to your data, things get even better.

Some of these gadget-finding apps are capable of remotely retrieving data for you, as well as wiping your device of all its data. So in other words, if your phone or laptop is stolen, all you have to do is tell the app to wipe the device and remove all its data. Sure, you’re device will still be stolen, and sure, you’ll be down a whole lot of data. But at the end of the day, this still beats some stranger creeping on your private data.

Some well-known gadget-finding apps are Prey, Avast Anti-Theft, Lookout, and Cerberus.

Saving Passwords

Hypothetically, say your phone or laptop is stolen and the person who steals your device does manage to get through the lock screen. If this happens, you don’t want this person to get into your accounts – for example, to log into any sensitive apps you’ve downloaded or hop onto any websites you have an account with.

To avoid a situation like this, you’ll need to make sure you always log out of your online accounts. Unfortunately, this means you shouldn’t allow websites or apps to remember your login credentials – even if it is convenient. Because remember… the website doesn’t remember the password for you… it remembers the password for the device – whether it’s in your hands or not.


Do you have employees that work from home or out of the office? Are you taking the necessary precautions to ensure the security of your company’s data?

You don’t need to sacrifice security for mobility! Give us a call today to learn how you can keep your business mobile and protected.

Three Areas You Should Include in Your Cyber-Security Strategy

It’s no secret… most small to medium-sized business don’t have a very elaborate cyber-security strategy. They might have a few areas covered, maybe a handful of items listed in the very back of the employee handbook, and probably a decent anti-virus solution installed to protect their workstations. But that’s where things end, and considering things didn’t go very far, that’s not a good sign.

So if you’re going to make strides to improve your cyber-security strategy this year (which you probably should), here are three critical areas you should consider.


The human element… this will always be your greatest security weakness. And this is because humans aren’t perfect. We mess up. We make mistakes. We do things we shouldn’t. That’s just how the cookie crumbles. However, with just a little training, the majority of these mistakes can be avoided or, at the very least, minimized.

Your employees should be trained on social engineering. They should be educated on prevalent cyber-threats. And they should know the ins and outs of things like password creation, phishing, and malicious ads. With minimal training in these areas, your business can avoid most security threats.


If you want to keep your network and all the accounts that fall inside it secure, then you need to have good, strong credentials to back them up. But you can’t just expect this to happen naturally – because it won’t. It’s just way too easy to create bad passwords… so unless there’s something set in place that tells people how to create their passwords, people will more than likely create passwords that are easy-to-crack.

To make sure this doesn’t happen, you must create, implement, and follow a solid password policy. This policy should cover topics like when to create new credentials, how long your passwords should be, and whether or not they should incorporate capital letters, symbols, and numbers.

Mobile Devices

Modern companies are mobile-friendly companies. Employees work on-the-go using the devices they’re most comfortable with – like laptops, tablets, and smartphones. While this behavior can improve productivity and maximize opportunities, it can also increase your odds of suffering from a data breach.

Unfortunately, though, it can be hard to enforce a policy that says, “You are not allowed to lose your mobile devices.” So because of this, you need to incorporate features like remote wiping, phone-finding software, and mandatory security patching into your Bring Your Own Device (BYOD) policy. And you should encourage people not to connect to public Wi-Fi, to never share devices, and to keep their devices locked with a strong passcode.


Do you have a plan in place for upgrading your security strategy? If you’re not sure where to start, then give us a call. Our team of security experts have kept local businesses safe from both internal and external security threats, and would love the opportunity to do the same for your business.

Keep your Technology Advanced but Reliable with these Tips

Businesses everywhere are realizing just how much of an influence technology can have on their ability to be successful. They don’t just need an advanced infrastructure but a reliable one, as well – which can be difficult to achieve.

The more advanced your technology becomes, the more difficult it can be to keep it reliable, working, and secure.

To combat this conundrum, here are a few ways to ensure that the technology you and your staff rely remains in prime working condition.

Train your staff.

If you want your technology to last, then you need to train your employees on how to properly handle and care for it. This isn’t a simple task and certainly isn’t a one-time-done kind of ordeal.  Provide routine meetings and trainings on security issues like social engineering, password creation, and phishing, and provide documentation on the best ways to keep your technology clean, your data alive, and all the connected pieces updated.

Partner with IT professionals.

Maintaining the status quo of your technology means you actually have to maintain it, and many people are not capable of doing this on their own – either they don’t have the knowledge and expertise to do it or they simple don’t have the time in their already jammed-packed schedule.  Partner with an IT company who knows your industry, your needs, and your aspirations, and let them manage all the stuff under the hood.

Update, update, update.

One of the quickest ways to a broken down infrastructure is through outdated equipment.  Whether it’s your software, security solution, or hardware, every piece of your IT should be fully updated at all times.  Always be on the lookout for updates and confirm with your IT provider to ensure all facets of your infrastructure are operating as they should.

Protect it no matter what. 

Technology is expensive and important.  Thieves, hackers, and spilled liquids are always looking for another way to take it, hack it, and destroy it.  Because of this, it’s crucial that you always protect your technology – from your network down to each and every connected device.  Invest in a high-quality security solution, employee training, and physical device protection.


Technology has the ability to either make or break your business, so it’s pretty important to make sure you have the right technology in the right places.

Not sure where to start? Need a second opinion to assess your current infrastructure? Then give us a call today! We’d be glad to answer any questions you may have.

Common Misconceptions about Phishing Attacks

The sending and receiving of malicious emails is a cyber-threat that all businesses should be on the lookout for. But, unfortunately, what most professionals know to be true about phishing attacks, isn’t always the most accurate information out there.

Here are four things that might happen within a phishing attack that most people don’t realize to be true.


Internal processes might be known.

When it comes to phishing, the attack can play out in a variety of ways, and if you’re lucky, it won’t involve your internal processes. When this happens, it’s very difficult to determine the legitimacy of an email (if that thought even crosses your mind to being with). As soon as content references your specific processes and policies, it’s hard to say that the email is fake.

Because of this, it’s important to remember that even if an email mentions your company’s internal procedures, there’s still a chance the email might be malicious. You must take additional steps to determine the legitimacy of the content, especially if it asks you for any sensitive data.


A coworker might be used.

Hackers and cybercriminals do their homework. They’ll research your company and get familiar with your processes, as well as your coworkers. In other words, they’ll figure out who works for your company, what position they have, and where they rank on the totem pole. Then, they’ll use this information and bounce it off your internal processes – which is where things really start to get scary.

To avoid being duped by someone pretending to be your coworker, you need to slow down and read over everything carefully. This means you need to make sure the request makes sense to the person – Would this person normally ask you to do something of this nature?

If the answer to this question is ‘yes,’ then next, you should make sure the address the email originates from is accurate. There isn’t much difference between and But again, to catch this difference, you’ll need to read things over carefully.


Grammatically, the email might be perfect.

Online users have always been told that phishing emails are going to be grammatically incorrect. It’ll read like it came from another country, and it’ll be littered with misspellings and forgotten commas. However, this isn’t always the case. In fact, this is far from the case.

More oft than not, a phishing email will look rather perfect. It won’t have grammatical errors, and it’ll appear completely normal. In other words, don’t bank your whole process of verifying emails based off grammar. It won’t work.

You won’t always be asked to download something.

Phishing attacks aren’t always about corrupt links and malicious downloads. Sometimes, they’ll just ask for something, like financial data, personal records, or login credentials. Or they might even ask you to do something – send over a document, adjust client records, or change company data.

Again, you need to slow down at this point and analyze what it is you’re being asked to do. Don’t rush into an action just because you can. Verify the request and the sender before you ever do anything.


Cybercriminals are much smarter than most people think, and with so much information available on sites like Google and LinkedIn on just about any company, their tactics to infiltrate your network are becoming much more precise and strategic.

If words like cybersecurity and data breach keep you up at night, then give us a call today! Let’s schedule a private briefing with one of our expert security consultants to discuss your network.

9 Reasons Employees Are Your Biggest Security Threat

With more and more data breaches happening to companies each year, many organizations are surprised to find out their weaknesses came from the inside. Your employees are hard workers with more than enough experience to get the job done. So where’s the problem? Here are nine reasons your employees are potentially your biggest security threat.


  1. The use of private devices.

These days, it’s almost impossible to keep employees from using their personal devices. Everyone stays connected, whether through a wearable or smartphone. But these devices can be a serious security risk when connected to your network, and it’s up to you to set standards on how employees should use their tech.


  1. Mobile working environments.

Offices are no longer stationary. Employees are working in office, out of office, at home, at the coffee shop down the street—the point is, you never know what network your staff is working off of and how secure it is to send your organization’s information.


  1. Free reign to surf the web.

Many companies allow employees to surf the web due to research needed for the job. Unfortunately, this means more opportunities to come across malicious websites—which is why antivirus software should be a strong part of your security platform.


  1. Third-party file sharing.

With so many third-party file sharing options out there—like Dropbox and other cloud-based sharing—it’s just another way for your employees to send important company information in ways that may not live up to your security measures.


  1. Emails sent incorrectly.

You always have to factor in human error. And with employees, sending an important email to an incorrect address could be a serious security fail. A similar threat is the possibility of your staff opening emails from unknown contacts.


  1. Removable storage.

You can’t control what kind of hardware your employees plug into their devices. Flash drives could be malicious, causing automatic downloads that you don’t even know about.


  1. Upgrades aren’t prioritized.

With busy projects and full to-do lists, it’s easy to ignore upgrade prompts. But the truth is, software updates are crucial in keeping your devices secure.


  1. Lack of security training.

While many companies don’t make it a priority, it’s important to have a security educational system in place, keeping your staff informed and empowered.


  1. No security policies.

With all of these potential security issues, a company-wide security policy should be in place to keep your staff on the same page and aware of the consequences if they don’t follow it.



Internal threats are often overlooked, but should not be ignored. Don’t let internal threats tear down your business! If you need assistance building up your defenses, then give us a call today. Our security experts are here to help!

Everyday Data Loss: 4 Ways Your Data Will Leave You

Tornadoes, hurricanes, and fires aren’t the only things that can forcefully rip data out of your business. Data loss can happen to any business, at any time, for a variety of completely random and entirely “everyday” reasons.

Here are 4 everyday situations that will play the most magical disappearing act on your data.



Unfortunately, the human element can do a lot of damage to your data… and it’s not always done on purpose. Accidents happen all the time. And when it comes to your technology – and your data – accidents happen more than all the time.

While you can’t exactly tell everyone they aren’t allowed to make mistakes, you can provide your employees with training to minimize the prospect of on-the-job data accidents. For example, train them on the negative impacts of data loss, how to avoid data loss, and what steps to take if data loss is encountered. Do this, and your employees are more likely to keep data loss top-of-mind and avoid the situation altogether.


Angry Employees

You may or may not be the kind of person that assumes their employees are out to steal from them, but this is definitely a potential scenario for data loss.

You fire someone, and they delete information from your database before you have a chance to change their credentials. Or an employee is denied a promotion, so they tamper with your contacts and mess with your documents. Both are situations that can easily happen to any company, of any size. But thankfully, there are simple ways you can avoid the data loss that could potentially stem from a vindictive employee.

For starters, you need detailed processes set in place that determine how network access and rights are handled before, during, and after employee terminations. And while we’re on the subject of network access, you should always be extremely careful with who you decide to give access to and why. Not everyone in your building needs access to everything.

Secondly, if your data is backed up, then data changed can easily be changed backed. While it’s not an ideal situation to need to recover lost data, it is better than not having the ability to recover it at all.


Lost or Stolen Devices

Again, it’s that human element that will get you every time. Lose a device or get one stolen, and this could end very badly for your business and all its data.

How many times in your life have you lost something? And how easy is it to set something down, walk away, and forever forget where you set that something down?

Well, when this happens to a phone, tablet, or laptop, it can and probably will result in lost data… because when you lose a device, you also lose everything that’s on it, too.

What about theft? If your employees work on-the-go a lot, this probably means they store data on their mobile devices. And if someone was to steal one of these devices, they could potentially gain access to all the data stored on it. That has “data breach” written all over it.

And again, you can’t exactly tell your employees to never have their devices stolen. They don’t want that to happen just as much as you don’t want it to happen. However, there are simple ways to minimize the impact of a lost device.

Thanks to gadget-tracking apps and software like Prey and Lookout, you can track lost devices and remotely wipe the data on those devices. This way, if your device is stolen, you can make sure the thief never taps into anything that’s on the device. Sure, at the end of the day, the device might still be stolen, but at least everything that’s on it isn’t stolen, too.



Whoops. Opened the wrong email? Downloaded the wrong attachment? Clicked the wrong link? That’s okay. Happens to the best of us. But unfortunately, your data won’t be too happy about that.

It’ll be corrupted, stolen, or encrypted before you even have a chance to hit the back button. So to ensure you’re prepared for a situation of this caliber, here’s what you need:

  1. A modern, multilayered security approach that keeps the threats out
  2. A dedicated resource for IT support to help you minimize data loss and downtime
  3. A comprehensive data backup solution to ensure your data is fully redundant and recoverable
  4. A strategic plan for internal cyber-security training and consistent upgrades, updates, and monitoring


Data loss is a situation that can and will happen to anyone, from any business, of any industry. This is why it’s so important to hold regular staff trainings and to enforce clear guidelines, to help mitigate these types of risk.

If you’d like to learn more about how you can keep your data safe from everyday disasters, then give us a call today! We’d be happy to answer any questions you may have.