If your business is just getting started, or if you’re considering expanding, it’s important to think about what you can do to ensure that your data – and your client or customer data – remains secure. Below, you can learn more about how much SMBs really spend on cybersecurity. This can help you make better choices for your own business’s needs.
Many small to medium business owners make the mistake of believing that because their companies are not as large as some of their competitors’, they are simply not at risk for cyber threats. This couldn’t be further from the truth. Numerous reports show that about half of all cyber attacks aimed at business are aimed at small business and 68% of all small businesses experienced a cyber attack in the last 12 months. Because of this, every business needs to budget for cybersecurity. Viruses, phishing scams, and ransomware are all very real threats regardless of your company’s size, age, or revenue.
For most companies, cybersecurity budgeting is part of IT budgeting; managed IT service providers often offer security in the form of antivirus programs and even email security as part of their packages. On average, SMBs spend 5% to 20% of their total IT spend on security. This means that if your company spends $5000 a month on IT, you should expect to spend $250 to $1000 on cybersecurity alone.
Whether you should spend 5% or 20% depends on a wide variety of factors, too. These include:
Like many SMB owners, you may feel that $250 to $1000 per month is a lot of money to spend on cybersecurity. However, rather than viewing it as an additional expense, it’s better to see it as an insurance policy against a data breach. IBM’s 2019 Cost of a Data Breach Report shows that, on average, data breaches cost companies $3.92 million. Small business breaches can cost an average of $120,000 to $1.4 million – and many don’t survive. A breach can not only drain your bank account, but it can also close your business.
If you still view cybersecurity measures as a luxury rather than a necessity, now is the time to reconsider. No matter how small your business might be, no matter what industry it’s in, and no matter how careful you and your employees might be, if you collect, manage, or share customers’ information, you can be a target.
If you are still running QuickBooks 2017, you may have recently noticed an alert within QuickBooks or received an email stating that the 2017 version will be discontinued on May 31, 2020. Intuit regularly discontinues any products older than three years and this typically happens in late May of each year. This year, it applies to the following versions of QuickBooks:
With the 2017 version expiring, your access to QuickBooks payroll services, technical support, online banking, online backup, and any other services will stop working after May 31, 2020. This also means you will no longer receive critical security updates and patches starting June 1, 2020. If you receive any security updates before this date, we recommend installing them as soon as possible. Please note, if you don't use any of the add-on services in QuickBooks Desktop 2017, your product will still continue to work.
In order to prevent problems associated with the service discontinuations and lack of security updates, you should consider either upgrading to the latest version of QuickBooks Desktop or migrating from QuickBooks Desktop to QuickBooks Online. With QuickBooks Online, you will always have the latest updates to QuickBooks, but it can lack some of the features of the Desktop version. At the time of writing, QuickBooks 2020 is the most recent Desktop version.
After you have made the decision to upgrade QuickBooks, you will need to purchase a new license. We recommend purchasing it directly from Intuit, a QuickBooks ProAdvisor, or another trusted vendor. Once you have purchased the new license, you should receive a license key and product number. These will be necessary to install QuickBooks, so be sure to hold onto them! We highly recommend you keep a copy in a safe place or document them in case the software needs to be reinstalled at some point.
If you purchased a physical copy of the software, you should receive a DVD with the installer on it. If you purchased a digital copy, you will probably need to download the QuickBooks desktop software. You can also use the previous link to download the QuickBooks installer if you have lost your physical copy or need to download an older version.
Once you have the installer ready, we recommend making one last backup of your company file before proceeding. After the backup, proceed to install the software and enter your license key and product number. Express setup is usually fine for upgrading QuickBooks or usage on a single computer. More advanced setups or multi-users will probably require a custom or network install.
Once QuickBooks has finished installing you will need to activate your copy of QuickBooks. This typically involves signing in with your Intuit ID to activate the product. If you don't already have an Intuit ID, you will have the option to create one and tie it to your installed copy. After you have activated QuickBooks, you will then be ready to open your company file. QuickBooks will proceed to make one last backup of the company file and then perform an upgrade of the company file itself to make it compatible with the version you have installed. You can also check to see if there are any updates available by going to the Help Menu and selecting Update QuickBooks Desktop.
If you need any assistance with upgrading your copy of QuickBooks, please reach out to us and we will be happy to assist. We also handle new installations, off-site backups for QuickBooks Desktop, QuickBooks Cloud Hosting, and optimization of existing QuickBooks servers and setups.
Numerous reports from companies like Verizon and even Symantec show that small businesses are the targets of nearly half of all cyber attacks, but at the same time, more than half of all small business owners believe that their companies are too small to be victims. With this information in mind, it’s crucial for businesses of all sizes to ensure they are safe, and there are several ways to determine whether your company might be at risk.
One of the most important parts of protecting your business from cyberattacks involves understanding the most common kinds of threats and what they could mean for your business. The three most common are:
If you don’t regularly take the time to talk to your employees about network and email security, there’s a good chance your business is not as protected as it should be. Once a week during your employee meetings, make sure that you are reminding everyone with access to your network about the dangers of ransomware, phishing, viruses, malware, and more. In fact, you can even test your employees with fake phishing emails that will help you discover how diligent your employees really are.
Finally, one of the absolute best things you can do to protect your data and network is to have regular security assessments conducted by professionals. These rigorous and in-depth assessments go through your entire network looking for potential issues. Things like your firewall, server, password vault, and more can all provide hackers and cybercriminals with the entry point they need to place viruses or ransomware in the system, and while the best way to prevent this is to reinforce the areas where criminals are most likely to enter, it’s impossible to do this if you don’t know which areas need reinforcement. That’s exactly what network assessments do.
Cyber threats can have a tremendous impact on your business. In fact, with roughly 83% of small businesses lacking the funds to deal with the repercussions of a cyberattack - which has an average price tag of about $3 million - it becomes clear that the best course of action is prevention, and thanks to today’s advanced technologies, there are plenty of ways to secure your network - and keep it secure.
You went into business because you have an interest and expertise in some particular product or service. You began the firm to offer that product or service, but a dirty little problem came along with that new company. IT requirements. You need equipment, and you need networks, printers, and data storage to keep the company up and running. As a consequence, you've become responsible for managing something you probably don't care very much about or even understand especially well.
Managed Service Providers can be a solution. A small business can off load a variety of IT tasks that are becoming a distraction to everyday business operations and strategy.Here are just two examples.
Software updates and security audits: Your present in-house staff may be spending most of its time fixing everyday problems. As a result, they may have to delay vital security measures, such as applying tested security patches or updating virus software programs. Working with an MSP will eliminate much of the work overload that leads to system or security vulnerabilities.
An end user help desk: If you have any in-house staff, they are probably well-trained and very qualified. Are their skills being wasted on all the little daily issues of cranky printers and broken keyboards? MSPs can offer an end user help desk that can handle all those calls that pull your own staff away from larger efforts that can enhance productivity and move the business forward.
You use the cloud and don't even know it. Do you go to Amazon and create a wish list? Do you have an email account on Yahoo? That is cloud computing. All your emails are stored on Yahoo servers somewhere. They are on physical servers, of course, but they aren't on your laptop. The advantage is that when you spill your coffee onto the laptop keyboard, you haven't lost all your emails even if you never backed up your hard drive. ( If you haven't, shame on you, by the way.)
Here is a simple analogy to explain how the cloud works and why it might be a very useful part of your business model. Picture the small, very cramped office space of a little start-up. You and a few coworkers sit in tight quarters with messy desktops buried in mounds of papers, files, and pizza boxes. There is absolutely no room for storage. (Throw the boxes out yourself. There are limits even to cloud technology) It will be a long time until you can afford a larger office space. Your building manager offers to rent you an empty file cabinet in the basement. Although the basement space is shared with other tenants, only you and your team have keys to this locked cabinet where you will store all those piles of paper. Your rent is relatively cheap compared to other tenants since you're only paying for the cabinet and not the larger lockers they have leased.
Suddenly, those once covered desktops are clean, leaving space to work. More importantly, the papers are all nearby, each of you has a key, but they are safe from everyone else in the building or outside. They are also safe from spilled coffee and pizza crumbs. You've avoided the dramatic jump in fixed costs required to find bigger office space when all you needed were several feet of filing cabinets. Even better, the money saved is put back into the core goal of providing a product or service to a customer.
The cloud does the same thing. You rent only the space you need, it is safer from hackers than your on-site server will ever be, secure from thieves, and protected from accident-prone employees. Unlike the rest of us, cloud service providers don't have coffee cups near their keyboards or forget to do monthly backups. In short, the cloud provides scalable storage without large incremental leaps in fixed costs you really can't afford.
Email us at email@example.com or use our contact form to see how Pennyrile Technologies can help your business today.
The adoption of technology from the simplest of matters to the most complex problems has rendered us heavily dependent on it. We love paying our bills minutes before they are due. We enjoy seeing loved ones face-to-face on our computer screens. We can access and print our extremely sensitive records from government and financial websites in a matter of minutes instead of waiting for the mail for days. The time and resources that technology saves are invaluable, but this convenience has a very ugly side. This convenience brings costs, which could include irreparable financial, professional, and social damage. The technology that is designed to make life easier can also wreak havoc when criminals use it to breach secured, personal information. So how do we tame this beast called 'breach of data security'?
Background: The gravity of the problem: To look for a solution, we first need to understand how serious this problem is. Breaches in data security and loss of data could spell imminent demise for many small companies. According to the National Archives & Records Administration in Washington, 93% of companies that have experienced data loss resulting in ten or more days of downtime have filed for bankruptcy within a year. 50% wasted no time and filed for bankruptcy immediately and 43% that have no data recovery and business continuity plan go out of business following a major data loss. In the past, small- to medium-businesses (SMBs) thought that data security problems were reserved for large corporations, but cyber criminals are finding out that SMBs are more complacent in securing their data thus making themselves easier targets. More importantly, the lightly guarded SMBs can provide backdoor access to the large entities hackers really want to hit. Fewer than half of the SMBs surveyed said they back up their data every week. Only 23% have a plan for data backup and business continuity. That is why the number of cyber attacks on SMBs has doubled in the recent past.
Causes of lost data: Loss of data can be attributed to two factors.
Five ways to minimize data loss
To conclude our conversation, it is very important to understand the causes and consequences of data loss. Be proactive and minimize the likelihood of a data breach and data loss, so you can stay in business without interruption. Make sure you have a solid data recovery and business continuity plan so you don't become another statistic about small firms who didn't make it.
Email us at firstname.lastname@example.org or use our contact form to see how Pennyrile Technologies can help your business today.
For small to medium-sized businesses (SMBs), an IT network failure can be devastating because they don't have the resources of large corporations to bounce back from such disasters. Preparation against such devastation may be the only course for them to avoid failure and survive with the least damage if failure occurs. SMBs must be proactive in recognizing the eventuality of a cyber attack or human error that can cause data loss and disrupt business continuity. This is what needs to be done to help prevent a potential failure.
Be prepared: Being proactive is an essential step for preparation against a disaster. There are two ways to determine how to best prepare to prevent potential failure of your infrastructure. First, you need to identify the weaknesses throughout your systems, and second, determine how you are going to eliminate those weaknesses and protect your network.
Identify the weaknesses: Determine how and why your system could fail. Examine all aspects of your hardware and software. Assess all the internal and external factors that could contribute to failure of your networks. Here are some questions you need to know the answers to.
The answers to all these questions should give you a clear picture of your network's ability to survive in case of a catastrophe.
Here are five steps that you can take to protect your networks
Summary: We now know IT system failures have very serious consequences for SMBs. We also know that they can avoid such failures by being proactive. Many SMBs are now turning to cloud-based services and virtualized backup solutions to mitigate downtimes and network failures. Virtualization and cloud computing have enabled cost-efficient business continuity by allowing entire servers to be grouped into one software bundle or virtual server - this includes all data, operating systems, applications, and patches. This simplifies the backup process and allows for quick data restoration when needed. See how our backup and disaster recovery solution can help you.
Email us at email@example.com or use our contact form to see how Pennyrile Technologies can help your business today.
Not too long ago, the New York Times’ website experienced a well-publicized attack, which raises the question – how can this happen to such a world-renowned corporation? If this can happen to the New York Times, what does this bode for the security of a small company’s website? What’s to stop someone from sending visitors of your site to an adult site or something equally offensive?
The short answer to that question is nothing. In the New York Times’ attack, the attackers changed the newspapers’ Domain Name System (DNS) records to send visitors to a Syrian website. The same type of thing can very well happen to your business website. For a clearer perspective, let’s get into the specifics of the attack and explain what DNS is.
The perpetrators of the New York Times’ attack targeted the site’s Internet DNS records. To better understand this, know that computers communicate in numbers, whereas we speak in letters. In order for us to have an easy-to-remember destination like nytimes.com, the IP address must be converted to that particular URL through DNS.
Therefore, no matter how big or small a company’s online presence is, every website is vulnerable to the same DNS hacking as the New York Times’ site. The good news is the websites of smaller companies or organizations fly under the radar and rarely targeted. Larger targets like the New York Times, or LinkedIn, which was recently redirected to a domain sales page, are more likely targets.
There is no reason to panic and prioritize securing DNS over other things right now. But there is a belief that DNS vulnerability will be something cybercriminals pick on more often down the road.
Here are a few ways to stay safe
Select a Registrar with a Solid Reputation for Security
Chances are, you purchased your domain name through a reputable registrar like GoDaddy, Bluehost, 1&1, or Dreamhost. Obviously, you need to create a strong password for when you log into the registrar to manage your site’s files. Nonetheless, recent DNS attacks are concerning because they’re far more than the average password hack.
It was actually the security of the registrars themselves that was compromised in recent attacks. The attackers were basically able to change any DNS record in that registrar’s directory. What’s particularly frightening is the registrars attacked had solid reputations. The New York Times, along with sites like Twitter and the Huffington Post, is registered with Melbourne IT. LinkedIn, Craigslist and US Airways are registered with Network Solutions. Both had been believed to be secure.
So what else can be done?
Set Up a Registry Lock & Inquire About Other Optional Security
A registry lock makes it difficult for anyone to make even the most mundane changes to your registrar account without manual intervention by a staff registrar. This likely comes at an additional cost and not every domain registrar has it available.
Ask your registrar about registry locking and other additional security measures like two factor authentication, which requires another verifying factor in addition to your login and password, or IP address dependent logins, which limits access to your account from anywhere outside of one particular IP address.
While adding any of these extra safeguards will limit your ability to make easy account change or access your files from remote locations, it may be a worthwhile price to pay.
Many SMBs don’t realize it, but the path to some grand cybercrime score of a lifetime may go right through their backdoor. SMBs are commonly vendors, suppliers, or service providers who work with much larger enterprises. Unfortunately, they may be unaware that this makes them a prime target for hackers. Worse yet, this may be costing them new business.
Larger companies likely have their security game in check, making it difficult for hackers to crack their data. They have both the financial resources and staffing power to stay on top of security practices. But smaller firms continue to lag when it comes to security. In many cases, the gateway to accessing a large company’s info and data is through the smaller company working with them. Exposed vulnerabilities in security can lead cybercriminals right to the larger corporation they’ve been after.
Cybercriminals Target Companies with 250 or Fewer Employees
Research is continuing to show that cybercriminals are increasingly targeting smaller businesses with 250 or fewer employees. Attacks aimed at this demographic practically doubled from the previous year. This news has made larger enterprises particularly careful about whom they do business with. This means that any SMB targeting high-end B2B clientele, or those seeking partnerships with large public or government entities, must be prepared to accurately answer questions pertaining to security. This requires an honest assessment of the processes taken to limit security risks.
View Security Measures as Investments
CEOs must start viewing any extra investment to enhance security as a competitive differentiator in attracting new business. Adopting the kind of security measures that large enterprises seek from third-party partners they agree to work with will inevitably pay off. The payoff will come by way of new revenue-generating business contracts that will likely surpass whatever was spent to improve security.
Would-be business partners have likely already asked for specifics about protecting the integrity of their data. Some larger entities require that SMBs complete a questionnaire addressing their security concerns. This kind of documentation can be legally binding so it’s important that answers aren’t fudged just to land new business. If you can’t answer "yes" to any question about security, find out what it takes to address that particular security concern.
Where a Managed Service Provider Comes In
Anyone who isn’t yet working with a Managed Service Provider (MSP) should consider it. First, a manual network and security assessment offers a third-party perspective that will uncover any potential business-killing security risks. A good MSP will produce a branded risk report to help you gain the confidence of prospects to win new business.
An MSP can properly manage key elements of a small company’s security plan. This includes administrative controls like documentation, security awareness training, and audits as well as technical controls like antivirus software, firewalls, patches, and intrusion prevention. Good management alone can eliminate most security vulnerabilities and improve security.
It’s a fast-paced world. Not only do people want things, they want things right now. This sometimes-unnerving need for instant satisfaction has only intensified now that we have Wi-Fi and mobile devices that keep us connected regardless of where we are, what we’re doing or the time of day. There is no longer any tolerance whatsoever for waiting. A business with a website that fails to load, or loads too slowly, will lose customers and leads to competitors.
So what has your business done to address this need for constant accessibility and optimal uptime? Do you feel you’re doing enough to meet the demands and expectations of your customers, new business prospects and those who have just now found you on Google?
If you’re a small-to-medium sized business owner, do you have confidence in your technology infrastructure? Can you say with certainty that your website, internal server, and mobile applications function smoothly, efficiently, and correctly?
When your IT team leaves work to go live their lives, are you confident that things won’t go bump in the night? That you won’t be ringing their cell phone while they’re out having dinner with their family, or worse yet, sleeping?
If you answer no to these questions, you may be one of the many small business owners who could benefit from cloud monitoring. And you’ll be pleased to learn that cloud monitoring can significantly improve all facets of your business – especially your service, productivity, reputation, and profitability.
What is the Cloud?
According to a study conducted by Wakefield Research, 54% of those questioned responded that they’ve never used cloud technology. However, the truth is that they’re in the cloud every day when they bank or shop online and send or receive email.
Business owners, specifically nontech savvy small business decision makers, are still apprehensive when it comes to moving their server and web monitoring services to the cloud. But FDR’s famous quote, “The only thing we have to fear is fear itself,” definitely applies here. The cloud is nothing more than moving the storage and access of your data programs from a computer’s physical hard drive to the web. There is nothing to fear.
Benefits of Cloud Monitoring
Obviously, these physical and virtual servers, their shared resources, and the applications they run on, must be monitored. This can be done from multiple remote locations and it’s called cloud monitoring.
Cloud monitoring makes it easier to identify previously unseen patterns and potential problems within your infrastructure--issues that may be too difficult for any in-house support staff to detect. For instance, monitoring ensures that your site is delivering accurate page content and is meeting anticipated download speeds. It can detect unapproved changes, website tampering, and compromised data.
The continuous analyzing and testing of your network, website, and mobile applications can reduce downtime by as much as 80%. The speed and functionality of e-commerce transactions are also optimized. Additionally, cloud monitoring tests your email server at regular intervals, which minimizes failure deliveries and other issues pertaining to sending and receiving emails.
Clearly, all of the above, along with the alerts that help identify and fix issues before they become catastrophes, make cloud monitoring an attractive way to gain insight into how end-users experience your site, while also enhancing their overall experience.