I.T. Deidre Frith I.T. Deidre Frith

A How-To-Guide for Multi-Factor Authenticiation

Multifactor authentication (MFA) is defined as a security process that requires more than one method of authentication from independent sources to verify the user’s identity. In other words, a person wishing to use the system is given access only after providing two or more pieces of information which uniquely identifies that person. 

How To Guide for MFA_Page_1.jpg
Read More
I.T. Deidre Frith I.T. Deidre Frith

Vendor Management Tips for Small Business

Selecting the right partners and application providers is critical to your success. This becomes even more important for smaller business as a huge percentage of your business may flow through one or more partners that provide critical services to your business.

What steps can you, the small business owner, take to reduce the chances of ending up in a bad business relationship that slows down, or worse, prevents you from serving your own customers?

Inside are some strategies that RealTime has pulled together from various sources to include the vendor management programs that RealTime and some of our clients in compliant industries have followed for decades.

Vendor Management Guide.jpg
Read More
I.T. Deidre Frith I.T. Deidre Frith

WHY CYBERCRIMINALS ARE ZEROING IN ON SMALL BUSINESSES

Small Businesses (SMBs) have neither the money nor the manpower of large enterprises and can’t afford the same level of security. Very few SMBs have full-time IT dedicated personnel on hand to run routine security checks. Even those who do have in-house IT support often find that their internal resources are too bogged down with other tasks to properly address security upkeep.

RealTime IT Cloud Backup Service.jpg

Large corporations have the resources to invest heavily in the most sophisticated security strategies and successfully stop most cybercrime attempts. A typical large enterprise may have over twenty inhouse IT dedicated employees ensuring that every device connecting to their network is adequately protected.

In comparison, Small Businesses (SMBs) have neither the money nor the manpower of large enterprises and can’t afford the same level of security. Very few SMBs have full-time IT dedicated personnel on hand to run routine security checks. Even those who do have in-house IT support often find that their internal resources are too bogged down with other tasks to properly address security upkeep.

RealTime IT Business Protection_blog.jpg

SMBS ARE NOT “TOO SMALL TO MATTER”

Since most cybercrimes affecting smaller businesses go unreported by the media, there is no sense of urgency by SMBs to prepare for cyber attacks. Too many SMBs mistakenly view their operations and data as trivial to hackers. They feel that large online retailers, global banks, and government entities are much more attractive targets for hackers.

The goals and methods of cyber attackers are evolving and will continue to evolve. The era of one “big heist” for hackers is over. Cybercriminals today often prefer to infiltrate the data of many small businesses at once, stealing from victims in tiny increments over time so as to not set off an immediate alarm. This method takes advantage of those SMBs who are especially lax with their security processes and may not even realize there has been a security breach for days or sometimes even weeks.

REALTIME IT SMALL BUSINESS.jpg

SMBS - THE ACCESS RAMP TO BIGGER & BETTER DATA

Many breaches are the result of good employees making mistakes or of technology failure. SMBs don’t necessarily need a large budget or dozens of employees to adequately protect sensitive data. A secure environment is possible even on a SMBs budget.

SMBs, however, are often the inroad to larger better-protected entities. They are often sub-contracted as a vendor, supplier, or service provider to a larger organization. This makes SMBs an attractive entry point for raiding the data of a larger company. Since larger enterprises have more sophisticated security processes in place to thwart cyber attacks, SMBs often unknowingly become a Trojan horse used by hackers to gain backdoor access to a bigger company’s data. There is malware specifically designed to use a SMBs website as a means to crack the database of a larger business partner.

For this reason, many potential clients or business partners may ask for specifics on how their data will be safeguarded before they sign an agreement. Some may require an independent security audit be conducted. They may also ask SMBs to fill out a legally binding questionnaire pertaining to their security practices.

Moving forward, a SMB that is unable to prove they’re on top of their infrastructure’s security will likely lose out on potentially significant deals and business relationships. More large enterprises are being careful to vet any business partners they’re entrusting their data.

REALTIME IT GOOD CYBER DEFENSE.jpg

TO STAY SECURE A GOOD DEFENSE IS THE BEST OFFENSE

SMBs must understand that the time has come to get serious with their security.

Cybercrime is only one cause of compromised data. There are 3 primary causes of breached security at businesses according to the Symantec Global Cost of a Data Breach study. Only 37% are attributed to malicious attacks. The remaining 64% are human error and technology errors.

Data breaches aren’t always about bad people doing bad things. Many are the result of good employees making mistakes or of technology failure. SMBs don’t necessarily need a large budget or dozens of employees to adequately protect sensitive data. A secure environment is possible even on a SMBs budget.

REALTIME CAN PUT TOGETHER A GREAT DEFENSE FOR YOUR BUSINESS

Contact RealTime now to discuss a great defense for your business. Email us here or call us at (334) 678-1417.

Read More
I.T., Blog Deidre Frith I.T., Blog Deidre Frith

ARE YOU A SMALL BUSINESS LOOKING TO BUILD REVENUE?

For a small business owner like you, building and supporting a baseline IT infrastructure that provides reliable 24/7 services to you and your customers can be forbiddingly expensive. Even a wobbly, poorly supported infrastructure can be a budget breaker.

LET’S BUILD SOME REVENUE USING THE CLOUD…

Do you want to save money and direct your time and energy into boosting profits? We suggest updating your infrastructure to include the cloud.

For a small business owner like you, building and supporting a baseline IT infrastructure that provides reliable 24/7 services to you and your customers can be forbiddingly expensive. Even a wobbly, poorly supported infrastructure can be a budget breaker.

REALTIME CLOUD HOSTING is a great way to eliminate a lot of headaches for your business.

Large capital expenditures, high fixed-labor costs, and endless spending for upgrades don’t have to be your fate. The cloud offers a way out it can not only save you money, it eliminates a lot of headaches and can spur growth and boost profits. Let’s look at just a few things the cloud can do for you.

Capex: Most of the expenses of hardware disappear into the cloud. Servers, cabling, all the redundant equipment needed for backup can be handled by a cloud Service provider.

And more importantly, if you need to ramp up quick for an unexpected surge in business, a cloud service provider can easily accommodate your demands as needed.

Disaster recovery is simplified: While you always need disaster recovery plans, the biggest head- aches disappear. When you handle everything in-house, considerable expenditures arise if you want high reliability. Redundant equipment, fully loaded with software is required in case of hardware failure. Uninterruptible power supplies to support the full load of all your servers and backups can be extraordinarily expensive. And even if you keep a lot of your infrastructure on-site, the cloud can be used as a reliable data backup system

Labor: The cloud can cut and/or re-allocate your IT labor costs. The benefits of the cloud in the area of IT resources are twofold.

First, you eliminate the need for 24/7 resources to support your infrastructure. Even if you have only minimal in-house support, emergency on-call break/fix services come at very high hourly rates, and cannot always respond fast enough to eliminate downtime. Of course, your cloud fees include the labor needed to support your infrastructure, but you are sharing that labor cost with all the other renters. Economies of scale really step in when it comes to labor, and this is a condition a small business can’t create on its own.

Second, when you migrate to the cloud, your in-house IT resources can be re-directed to strategic IT planning for future growth and boost profit. This staff can now be used for innovation, not just housekeeping.

And finally, the cloud isn't blue- It's green. While big server farms use enormous amounts of energy, they are a more efficient method than equipment dispersed in offices worldwide.

Other unexpected benefits: As you move your IT into the cloud, some unseen expenses go away. The extra office space that houses equipment no longer needs to be leased, or can be used to house other revenue producing resources, like a few new salespeople. The electric power to drive it all doesn’t come free, and the cooling power to keep everything from overheating is often an overlooked cost of in-house infrastructure.

Read More
I.T., Blog Deidre Frith I.T., Blog Deidre Frith

5 FOUNDATIONS OF A SOLID CYBERSECURITY PLAN

Do you know the five steps to create a solid cybersecurity plan? Continue reading to find out what steps to take and other resources for your business.

5 FOUNDATIONS OF A SOLID CYBERSECURITY PLAN

RealTime Cyber Security Plan.jpg
  • Identify - Define your business assets and what you need to protect.

  • Protect - Operate securely and actively protect your valuable information.

  • Detect - Observe and alert on bad behaviors and other indicators of compromise.

  • Response - Guide your actions with your response plans.

  • Recovery - A safety net is imperative for a solid Continuity and Disaster Recovery Plan.

CRAFTING A SOLID CYBERSECURITY PROCESS

The first steps in crafting a solid cybersecurity process for your business fall under the IDENTIFY domain: perform a Risk Assessment, a Vulnerability Assessment, and an Impact Analysis on your business to help document your business risks. 

Let’s dig into this a bit. Beware, lots of links ahead!

Here is a great resource that you’ve already paid for with your tax dollars – the NIST Small Business Cybersecurity corner, https://www.nist.gov/itl/smallbusinesscyber. NIST has a roadmap, https://www.us-cert.gov/sites/default/files/c3vp/smb/DHS-SMB-Road-Map.pdf to help visualize the journey to improved cybersecurity for your business. This guide covers the five foundations discussed earlier in a user-friendly format -https://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.7621r1.pdf.  

  • Risk Assessment – compare proven best practices against how your business approaches various actions/processes that can impact your security. RealTime has a shortened Risk Assessment to get you started, all based upon the NIST Cybersecurity framework. Save some time by calling us to review your processes or use the full assessment using the NIST framework tools provided below:

  • Vulnerability Assessment – Test your network inside and out for technical holes using this assessment. A competent professional should perform this step and RealTime is available. You can do this yourself, but it’ll be faster, cheaper, and better to engage a professional to perform this step.

  • Business Impact Analysis – Outline the most important things your business does and technologies or systems used to perform these important functions. This will help you focus your resources where you can get the most positive impact to your business. A Business Impact Analysis is definitely a DIY step – no one knows your business better than you. RealTime can help guide the process and the risk discussion if you need it.

IDENTIFIED RISKS AND POTENTIAL IMPACTS

After you’ve gathered this information, prioritize your findings to help make educated decisions on

  1. What risks you need to mitigate now;

  2. What risks to plan to address in the future;

  3. What risks you choose to accept for now.

    The goal is for your business to understand what your identified risks are and the potential impacts; this allows you to prioritize and begin mitigating those risks. Most small businesses find that many risks are process/procedure oriented. These things can largely be addressed internally with proper staff training on new processes.

    Additionally, it is likely that there will also be technical risks and these will need to be addressed by your Technology Department or an outsourced provider like RealTime.

 ARE YOU GOING TO SLEEP WELL TONIGHT?

We hope this piqueS your interest in getting on the path to improving cybersecurity for your business. EVERY business, small or large, needs a comprehensive cybersecurity program now more than ever. Call us if we can help or fill-out the form below, (334) 678-1417.

Pro tip – this is part of RESPOND, but is something you’ll want to have in place sooner rather than later – Cyber liability insurance. Talk to a qualified insurer, ask lots of questions and make sure the policy is going to be effective in providing the coverage your business needs. 

[Guest post written by RealTime VP Todd Swartzman]

WANT ADDITIONAL RESOURCES?

We have resources such as a Business Impact Analysis spreadsheet and other items to help your business. Just fill-out the form below and we will help you out.

Read More