Security

5 entryways for cyber criminals to access your business

Selling stolen IDs and other personal data is a lucrative trade for hackers. They are always looking for sources where vital information is stored. As a small-to-midsize business, you store your client’s personal information, collected from different sources, on your computers and servers. Your Point-of-sale (PoS) terminal and some website transactions can be completed by use of electronic banking, credit cards, or debit cards only. Your customers have to key-in their pins or passwords to make payments. That information has to be saved. Also, depending on the kind of services or products you provide, you may be collecting Social Security numbers, addresses, driver’s license numbers, and birthdates of your clients. Personal information is a gold mine for a hacker. All this means only one thing for you: A data security nightmare.

Here are the channels hackers can use to break into your IT infrastructure

  • Your website: Hackers have become very sophisticated in cyber attacks on websites. They can access specific information by targeting websites that have the information they are looking for. For example, if they want only financial information about their victims, they can use tools that will fish for the websites that carry that kind of information. Implementation of web-based applications has made it easier for cyber criminals to connect to your website database. They are able to find the loopholes and hack into systems. Your computers and servers: Your computers and servers are treasure-troves of information. By sending malware into your systems they can steal your admin passwords, and then login to your servers and other network devices. These hardware devices are the ultimate prize for cyber thieves because these devices not only hold important information about your clients, they also have all the information about your business and possibly about your vendors and associates.There is nothing about your business that these hackers don’t know. Imagine how devastating this attack can be.
  • Mobile devices used by your employees: If you allow your employees to use their mobile devices to conduct business, you have another security issue to worry about. You don’t know how secure their mobile phones, iPads, laptops, or tablets are against a security breach. You don’t know how hard or easy their passwords are to crack. Breach of security into those devices will lead hackers right into your networks where they can steal critical business data.
  • Unsecure Wi-Fi network: Most businesses keep their Wi-Fi networks well protected, but unsecured Wi-Fi is an open invitation to cyber criminals. If your Wi-Fi network is not secure, hackers are one step closer to breaking into your systems.
  • Your PoS systems: PoS systems are the prime targets for hackers who want to commit financial fraud. Cyber thieves know that PoS systems that come with preloaded software can be hacked using an unsecured, Wi-Fi network. This fraud has a direct impact on an individual’s finances because a hacker can make unauthorized credit card charges quickly and move on before anyone realizes what happened. Ruined credit can take years to mend.
  • Your email: Email is another venue that hackers use to infect computers with malicious software.They send viruses that replicate themselves in the host computers, performing various tasks such as denial of service to the users of your systems, spamming your contacts, and accessing data without authorization.

To handle all of these possible gateways, you need a comprehensive approach to data security. I can’t be done piecemeal. Plus the potential damage to your business and brand if you don’t address every possibility cannot be overstated. The best solution is to solicit the help of a managed service provider, who can design a complete security blueprint to address all of these areas.

Learn more about how our company can help. Contact us at or [email protected] .

By compuville 0 Comments

Anti-virus programs aren’t enough

Today many business owners install an antivirus program as their Maginot Line and call it a day. However, there are many ways to get into a network that circumvents anti-virus.

Hackers are creating viruses faster than anti-virus programs can recognize them (about 100,000 new virus types are released daily), and professional cybercriminals will often test their creations against all commercially available platforms before releasing them onto the net.

Even if you had a perfect anti-virus program that could detect and stop every single threat, there are many attacks that circumvent anti-virus programs entirely. For example, if a hacker can get an employee to click on a compromised email or website, or “brute force guess” a weak password, all the anti-virus software in the world won’t help you.

There are several vulnerabilities a hacker can target: the physical layer, the human layer, the network layer, and the mobile layer. You need a defense plan that will allow you to quickly notice and respond to breaches at each level.

The physical layer refers to the computers and devices that you have in your office. This is the easiest to defend, yet it is exploited surprisingly often.

Here are a few examples:

  • In 2015, 60% of California businesses reported a stolen smartphone and 43% reported losing a tablet with sensitive information.
  • The breaches perpetrated by Chelsea Manning and Edward Snowden occurred because they were able to access devices with sensitive information.
  • As an experiment, Comptia left 200 USB devices in front of various public spaces across the country to see if people would pick a strange device and insert into their work or personal computers. 17% of consumers fell for it.

For the physical layer, you need to:

  • Keep all computers and devices under the supervision of an employee or locked away at all times.
  • Only let authorized employees use your devices.
  • Do not plug-in any unknown USB devices.
  • Destroy obsolete hard drives before throwing them out.

In short, taking responsibility for data security involves a lot more than just a software program.

Learn more about how our company can help. Contact us at or [email protected] .

By compuville 0 Comments
lVfKVLEGwnOTcvXnqnUPquOVOYDIPSA

Finding the Right IT Support Company for Your Business

It can be a daunting task trying to find the best IT support a company has to offer and the right IT support services for your needs. There are so many factors to take into account, and it can often feel like navigating a minefield.

The truth is that if you want your business to operate at its peak potential, it’s a minefield you must conquer. One of the key factors in running a successful business, and optimising your activities and processes, is finding the right IT support company.

Here’s a rundown of the process of choosing, and the essential steps to getting it right.

Step 1: Assess your requirements in terms of IT infrastructure

This can be quite an involved process, but it’s pivotal that you get it right! Assess your current IT requirements and identify what you need right now, and what you’re going to need moving forward.

Step 2: Do some research

Make a list of prospective IT support companies and do some research. Be sure to get several references and, if you can, speak to someone at a company they’re currently servicing. Check out their customer reviews and client testimonials -They should have dedicated sections on their website where you can freely view these. Google the company and see if they have a Google business account – this includes reviews!

Step 3: Get in touch

Once you are crystal clear on what you need (now and looking ahead) and you have your list of possible companies, get in touch with them and tell them your requirements. Ask for an obligation-free estimate. Gather responses, and see what they come back to you with. Don’t be afraid to meet them in person and discuss your needs. Think of it like any other interview – if you were hiring a new assistant or manager, you wouldn’t rely on email or even phone calls, you’d interview the candidates in person. You need to see how you get on, personally, and whether or not you’re compatible enough to form a good business relationship. Get them into your office. While they’re there, assess their attitude and perspectives, bring up a specific issue or two that you’re having, or have had in the past, and see how they react.

Step 4: Read the fine print

A tedious but completely necessary step is to look at the fine print that comes with each of the companies you’ve met with. How good is their confidentiality agreement? What are their terms? How long would you need to give notice if you needed to change to a new company? Are there any ‘hidden’ charges that might apply to you? There are a myriad of small details like this that can sway your final decision. Make a pros and cons list for each company based on their estimates, your experience while meeting them, and the benefits and downsides of working with them.

Step 5: Make a decision

It’s time to be decisive! Making the final decision really comes down to a combination of price comparison, the benefits on offer, and gut instinct. When all else is equal, go with your gut!

Step 6: Choose a person

The work doesn’t stop when you choose a company to work with. It’s your responsibility to keep on top of things, take care of all the basics and liaise with your new support company to ensure you are getting exactly what you need. You should appoint a single person to act as the point of contact between your business and your IT support. One person who always deals with them and knows the workings of your relationship backwards. Any problems, on either side, they deal with them – it will make everything run a lot more smoothly!

Step 7: Start a fault log

This is a simple but often overlooked process. Start a log of all faults in your system. It ensures you have a record if you need it and will aid your new support company in looking after you as best they possibly can.

Contact Compuville Systems today to learn about our Managed Support plans. 1-866-300-5151

By compuville 0 Comments

5 Reasons Why You Need a Disaster Recovery Plan

For many years, a large percentage of businesses have operated day-in and day-out without giving a second thought to their data backup plan. As long as someone in the IT department was periodically performing tape backup then all was considered fine. The challenge today however is that businesses are dealing with unprecedented amounts of data – both from their own internal staff and that of their customers.

Planning for the unknown and spending money on something that you aren’t sure is going to happen can be a hard pill to swallow for many companies, but taking care of your business often means formulating strategies for ‘what if’ scenarios. Recent research by the University of Texas has shown that only 6 percent of companies suffering from a catastrophic data loss survive, 43 percent never reopen and 51 percent close within 2 years. So clearly being prepared is your best defense.

Still not convinced? Here are five reasons why a disaster recovery (DR) plan should be among your company’s top IT priority.

1. You may have compliance requirements
Many businesses today that deal with sensitive client data are required by law to ensure they have an adequate DR plan in place. For legal firms, their client data is the lifeblood of the organization. For healthcare companies, the thought of losing client medical records can not only compromise your business but as well create unwanted legal and public attention. The HIPAA (Health Insurance Portability and Accountability) Act of 1996 was devised primarily to protect the confidentiality and security of client healthcare information. As a result, HIPAA compliance requires businesses to have a DR plan that significantly reduces the risk of patient data loss.

2. This is one way to create competitive differentiation
In a recent business poll over 50% of businesses currently using a cloud-based DR plan feel that their DR strategy brings them a competitive advantage. Why? In a fast-paced competitive market with greater commoditization of products and services, getting back on your feet faster than your competitor after any natural disaster certainly gives you an advantage.

3. Stuff happens
Let’s face it. We have all heard or have experienced the horror of having our PC crash. Now exponentially grow that likelihood and the outcome of that catastrophe is unimaginable. On average, 15,000 hard drives fail every day somewhere around the world. Think about your finance or sales primes losing their hard drive and it’s not hard to understand how impacting that can be on your business performance.

4. Nature is unpredictable and so are humans
You don’t need to look farther then New Jersey to see the effects that a hurricane can have on businesses. Hurricane Sandy made it difficult for many of the businesses located in the 19-county impact zone in New York, New Jersey, and Connecticut to recover. All told, more than 1 million businesses (representing 1,000 different industries) that fell inside that zone experienced significant difficulty in recovering. Add in human error or deliberate sabotage and the negative implications rise exponentially. In airports, train stations, buses, restaurants and other public places, an average of 15,000 laptops go missing every week. Think about the intellectual property that disappears when that data is not backed up.

5. Customer re-acquisition is extremely expensive
With more competition and a shrinking global market, customers become savvier and less forgiving. Interrupt their service level once and they could disappear forever because your competitor is waiting around the corner to offer them a deal they can’t refuse.

Nobody is invincible from a disaster of small or large magnitude, so the key is to ensure that you not only have a plan in place to prepare your business in the event of a disaster, but that you also have a solid plan for recovery when you need it. You can bet that your customers and your business partners would agree.

Contact Compuville Systems today to learn about our disaster recovery and data backup plans. 1-866-300-5151

By compuville 0 Comments

How to choose a Business Security System

Every small business should take the time to evaluate their security systems and determine which areas need support and improvements. A quality security systems provider can help small business owners grow their business while maintaining the necessary support to watch over the business day and night. There are various approaches to small business security systems. Choosing what is best for each business requires research and planning.

What Are the Options?

Video surveillance is one option. The small business owner can work with security systems professionals to determine the best places to watch over. Small business video security systems protect the business owner in cases of theft, law suits, and help to monitor employees. Often video surveillance is set up to view the Point of Sale or other areas where currency is kept. Access control can be set up to monitor specific areas of your small business. With access control, a small business owner can limit access to inventory, specific offices, or other important areas where items of value or private information is held. An intrusion alarm system is very popular with small businesses. This will provide protection when the small business owner is not on the grounds. After hours protection is very important to maintaining a secure and safe work environment. Certain small businesses, especially those that deal with expensive items or the flow of currency on a regular basis, will find a Panic Alarm or Hold Up security system to be vital to their overall security system. They offer an added layer of protection should your small business ever be the victim of attempted theft.

Tips on How to Choose the Right Security Systems

Some small business owners are unable to be at the site as often as they would like. In order to maintain adequate customer service and to maintain the operations at the site, the small business owner may need additional help such as:

  • Alarm installation services
  • Video surveillance
  • Access control systems

Alarm installation services are important for after hours to maintain a secure business. Video surveillance can protect small business owners from a number of threats. Also, small business video security systems can help owners monitor how their employees behave and treat customers. Also, small business owners should remember to protect themselves from the inside out. While maintaining security of their physical domain is incredibly important. There are also digital threats to address. The Los Angeles Times reported that “the lines between physical and digital security having blurred over the last decade, it’s critical for small business owners to rethink their 21st century security strategies.” Pick a security system company that handles installation and maintenance of the security systems. Some innovative companies offer business owners access to alarms and video monitoring from their home or mobile devices. Do your research before you go with any security systems company!

To start, small business owners should contact an experienced small business security systems professional, such as Compuville Systems Inc., to get more information on what security systems will work best for their business.

By compuville 0 Comments

Why Vulnerabilities Bad for Business

Lately it seems almost impossible to read the news without being bombarded with reports about yet another security breach which has affected a large organization or business. And yet, with all of these warning signs, many SMBs are taking a “it doesn’t affect me” approach to their own business’ security. Unfortunately what many SMBs don’t realize is that their security vulnerabilities are often the welcome mat these hackers need to infiltrate the larger organizations that they partner with as vendors, suppliers or service providers. They may be unaware that this makes them a prime target for hackers. Worse yet, this may be costing them new business opportunities.

By compuville 0 Comments

How to Choose the Right Surveillance System

Having recently included network video recorders (NVRs) to our growing line of surveillance devices, we thought this would be a good time to offer an updated overview on selecting the right surveillance system for your home or office. Whether you have installed a home security system on your own before, the information that we are about to share will help you determine which surveillance system is right for you.

Wired vs. Wireless

One of the first things to consider when selecting a video surveillance system is whether you’d like to install a hardwired surveillance system or whether you prefer a wireless one. Both offer quality surveillance, which can be expanded to work with other devices (including alarm systems and intercoms). In order to determine which is right for you, however, think about whether you want to extend wiring behind your walls or how difficult or easy such a task might be. For structures made from concrete or brick walls, or even for homes with historic value, we recommend that a wireless system be strongly considered. On the other hand, homeowners who are building a home or who are in the midst of a major remodel may be able to pretty easily include a hardwired system into their plans.

NVR vs. DVR

As previously mentioned, we recently added network video recorders to our product lineup. A relatively new technology, it’s natural that our customers may have a few questions on the differences between NVRs and DVRs. While both offer excellent surveillance solutions designed to keep your home as safe as possible, the most major difference between these two surveillance products are the ways in which video is handled by the device. With a DVR, video is put into a capture card while an NVR puts video through your home’s existing network. The recording quality between the two is actually the same, so your decision will largely depend on which kit is the most attractive to you in terms of price and specific features desired.

How Many Cameras Will You Need?

Prior to selecting a new surveillance system, it helps to know exactly how many cameras are needed. Using a single security camera to surveil a room or a small apartment may be sufficient. In these cases, a single hidden camera may be all that’s needed to protect one’s valuables or to gauge a nanny or a housekeeper’s performance while you are away from home. In most other cases, however, we believe that a multi-channel system is in order. Multiple cameras placed around and throughout a home are one of the best ways of keeping prowlers and other criminals at bay.

Infrared Technology

When selecting a new surveillance system, be sure to choose one that can continue to record in dark conditions.

Environmental Considerations

Don’t assume that all cameras can be used at any location. For example, if planning to install surveillance cameras outdoors, be sure that the manufacturer has specified that it can be used as such. Just note that the highest IP rating that a product can receive is a 68, which means that it can be used in the most extreme weather conditions as it is protected against dust and liquids.

Your Field of View

Lastly, when searching for the right surveillance system, it is important to consider how wide or narrow your camera’s surveillance field needs to be. A lot of people make a mistake in buying the wrong mm camera. To avoid doing so, note that the smaller the millimeter of the camera’s lens, the lower the angle it will record. Cameras with high millimeter lenses will capture wider angles. Here, it really depends on on what you need your surveillance cameras to see. If you aren’t sure about the millimeter that you need (or even if you are, but want flexibility) we highly recommend vari-focal cameras which are equivalent to zoom lenses and can be manually adjusted to accommodate between 2.5 to 10 mm.

Contact Compuville Systems today to get the best advise on choosing your next Surveillance System.

By compuville 0 Comments

How to Choose a Secure Point-of-Sale System

Is the POS system PCI compliant?

The first thing to look for is whether your new POS system meets the required regulations for accepting credit cards.

“Any business that accepts credit card payments for goods or services must be PCI compliant,” said Tony Ciccerone, a Detroit-based territory manager for Heartland Payment Systems. This means that in addition to following the Payment Card Industry Data Security Standard (PCI DSS) rules for credit card processing, your POS itself must meet PCI standards for merchants.

This is important because if your customers’ information is leaked, you could be on the hook for financial damages, even if your company uses PayPal or some other third-party service provider to process your credit card transactions, said Vikas Bhatia, founder and CEO of cybersecurity firm Kalki Consulting. “Make sure to ask your service provider for proof that they passed their PCI DSS evaluations,” he said.

Update and maintain purchased technology

Technology is changing rapidly, and credit card payment processing systems are, too. When you choose your new POS system, ask the service provider about the maintenance schedule. An outdated system may put your business and customer credit card info at risk for a security breach.

“If you do buy technology (security or IT), make sure it’s maintained appropriately by having antivirus and anti-malware software installed and updated regularly,” said Bhatia.

That includes your firewall. “Consumer-class routers that are commonly used in SMBs generally include a firewall; however, it needs to be configured correctly in order to protect your network,” Bhatia said. It’s critical that you change the default login and password on every network device you purchase, including your new POS system, he added.

“The most advanced firewall is worthless if it has the default login and password in place,” Bhatia said.

In addition to ensuring your POS software is up-to-date, it’s important to check the changing PCI compliance rules regularly, to make sure your POS systems meet them, Ciccerone said.

“Visa and MasterCard, for example, change PCI rules and regulations about once a year,” he said.

Encryption services and fees

With security being such an important issue in electronic payment acceptance, it’s important to understand the encryption options available for a POS system.

Encryption is the process of changing information into a form that’s unreadable except to holders of a specific cryptographic key, according to the PCI website glossary. Using encryption protects your customers’ payment information from unauthorized access until it’s decrypted with the key.

Ask the POS salesperson if the system in question requires separate encryption services. Keep in mind that encryption could require an extra monthly fee. Also ask if they offer a system with end-to-end encryption, which can simplify the process, thus saving you time and money.

“Point-to-point encryption (P2PE) from the instant the card data is read, also called end-to-end encryption, addresses this risk by encrypting all the payment card data before it even gets to the POS,” Bower said. “If the POS is breached, the data will be useless to the attacker.”

For a handy list of PCI-compliant systems, see PCI’s Approved PIN Transaction Security Device page.

For more information on what to look for when choosing your first POS system, read the PCI DSS Quick Reference Guide.

Contact Compuville Systems today to get the best advice on choosing your Point of Sale System.

By compuville 0 Comments

Five Ways Your Small Business Data Security Can Benefit from Cloud Computing

If you’re considering tapping into cloud computing for your small business or are already there and are worried about how safe your data is, we have some reassuring news for you. There’s been a lot of debate about whether or not the cloud is safe but, for small to mid-sized businesses, the security is often much more robust than you can afford outside of the cloud in your physical data repository.

 Here’s five ways that your data may be more secure on the cloud than in your server room:

#1 Physical Security

When your data is in your server room, there’s likely a basic lock on the door (if that) and perhaps a basic security system in your building. When your data is in the cloud, it’s not floating out in space – it’s actually being stored remotely on enterprise-grade hardware inside a billion dollar facility guarded by barbed wire, state of the art security and guards who know what they’re doing. That’s a big plus.

#2 State of the Art Equipment

Small to mid-sized businesses just don’t have the budget to implement top tier solutions and purchase enterprise hardware and then upgrade it as needed. Companies that specialize in data storage and security in the cloud do so because it’s their bread and butter. You’ll have all the advantages of the best data security money can buy without bankrupting your budget to get it.

#3 Expert Data Management

Cloud data storage and security is way more complex and secure than a DIY solution at your office because the storage provider not only has great equipment and physical security, but they have expert technical staff. Servers and security programs need updates, patches and ongoing monitoring. The cloud storage provider will have pros working 24/7 to keep your data safe and secure.

#4 Focused Security

Patches, updates and pre-packaged security software and services that small to mid-sized businesses can afford are more general and don’t address targeted and trending threats. On the flip side, because data security is their stock and trade, cloud storage providers make it their business to not just react to data risks that crop up but to proactively be on the lookout for and developing safeguards against them.

#5 Secure Your Data Before You Store It

It’s true that cloud stored data has had some issues – Dropbox and iCloud both have had some breach incidences. But you can easily add one more layer of encryption to make your data not only safer in the cloud but less apt to be accessible to surveillance and spy programs. You can use a low cost program like Boxcryptor to encrypt your files prior to storing them in the cloud for a double layer of security.

If you’re concerned about the security of your data, network and systems, contact Compuville Systems for a free consultation on keeping your data out of harm’s way affordably so you focus on your business.

By compuville 0 Comments

Public WiFi Security: 3 Tips to Protect Your Company Data

Use of public WiFi is increasing at an exponential rate as virtually all hotels, airports, coffee shops, phone companies, libraries and public transportation spaces are offering free Internet hot spots to attract more customers. While having free Internet access on the go may appear as a convenience for our increasingly mobile lifestyles, it is important to understand that not taking precautions may lead to identify and personal data theft.

This trend also affects the security of small businesses around the country. A survey of 1,000 US office workers reveals that 95.6% of daily commuters acknowledge the use of public WiFi connections at least once a week to perform work-related tasks. Some survey respondents indicated that they connect even more than 70 times per week, which means that they increase the risk of malicious hackers to catch sensitive company data and passwords through packet sniffing and other forms of traffic interception.

While nobody can deny that mobile devices increase your productivity and that of your employees, it is important to take precautions to keep your company data safe. Here are 3 tips to protect your company data when using public WiFi.

1. Beware of Fake Hotspots

Creating a WiFi hotspot is very easy and several devices are able to create one. Hackers often lure victims by creating fake hotspots that request sensitive data such as credit card information or a combination of personal identifiable data (e.g. phone number, zip code, credit card information). Don’t fall into these traps and exit those connections immediately. Only connect to official WiFi connections that have been officially confirmed.

2. Consider Setting Up a Virtual Private Network

If you or your employees need to do some work while commuting and need access to the office network, then it is a good idea to look into setting up a Virtual Private Network (VPN). A VPN encrypts all traffic in a way that hides your data and hides the identity of the servers to which you are connected. While there are different kinds of VPNs, they all will protect the connection against other devices in the same public WiFi network.

3. Install and Update Antivirus Software

Installing antivirus software is the first step in protecting your company data against viruses, malware and spyware on public Internet connections. The second one is to keep it constantly updated so that it has the latest data from the developers. Nowadays there are even antivirus programs for tablets and smartphones, for example Norton offers mobile security apps for iPhone, iPad and Android devices.

Take Action Today

Did you know that a survey by the Identify Theft Resource Center indicated that 44% of respondents didn’t’ know how or didn’t believe that there are ways to protect their private information? Educate your employees with these 3 tips to increase their public WiFi security and avoid data theft.

If you have any questions about making your company data available to your employees off-site while maintaining high levels of security, contact Compuville Systems and we will show you how. Please contact us at (905) 842-6548 or (866) 300-5151

By compuville 0 Comments
Posts pagination
Send a Message