All posts by adtack

How Much Would Network Downtime Cost Your Business? 4 Important Factors to Consider

As a business owner, you want to make sure you and your employees stay as productive as possible during working hours. When something goes wrong, it can cost you in a big way. 

Calculating the Cost of Business Downtime

When you calculate the cost of downtime, you need to look at more than just lost revenue. Your total cost also includes your recovery costs, the cost of lost productivity, and other intangible expenses. 

Lost Revenue

To calculate lost revenue, simply determine your weekly revenue and divide it by how many hours you operate each week. Multiply this by the number of hours your business was down and multiply your total by uptime. “Uptime” is simply the percentage of your business revenue that’s dependent on your internet access and other programs working correctly. For example:

$120,000 weekly revenue / 40 hours per week = $3,000/hr.

$3,000 x 8 hours downtime x 80% uptime = $19,200 in lost revenue.

Recovery Costs

Until you fix the problem, you will continue to lose revenue. Recovery costs include repair and replacement services, data recovery and other expenses. This can vary greatly depending on the situation.

Loss of Productivity

While your business is down, you won’t earn revenue, but you’ll still have to pay your employees. To calculate this cost, look at the number of employees you have, each employee’s hourly salary, and the percentage of each employee’s productivity that’s dependent on uptime. 

Assume you have 10 employees who each make $25 per hour and all of their jobs are 50% dependent on uptime. 

10 employees x $25 per hour x 8 hours downtime x 50% uptime percentage = $1,000 in lost productivity.

The Impact of Interruptions

You don’t need a full outage to experience a serious loss of productivity. Even if your systems are running slowly or are working intermittently, every time there’s an interruption, it costs you. This may include employees contacting you to let you know a system is down, taking calls from clients who would normally do their business online or stopping work to call your IT company.

Studies suggest after every interruption, we need approximately 23 minutes to get re-focused on the task at hand. This can add up quickly and end up costing your company greatly.

Intangible Costs

Your intangible costs can include the loss of a potential lead who has no patience for your 404 error, loss of customer trust, and issues with employee morale. If the interruption is serious enough, publicly traded companies may even see their stock prices plummet. 

Reduce Downtime with Proactive Measures

While some causes of downtime, like power outages or natural disasters, can’t be avoided, you can still take steps to reduce damage. One of the most common problems is a lack of updated software programs and computer equipment. Fortunately, this hazard is easy to reduce or eliminate. 

Many small and midsized business owners try to save money by avoiding investments in IT upgrades, but this can end up being a far costlier choice, as your data will not be protected, and your company will be vulnerable to cyber attacks. Contact us at 702-547-9800 to schedule a network security assessment.

What Is Two-Factor Authentication, and Does It Increase Your Network Security?

No business owner wants to deal with a cyber attack, but do you know how much damage it can really do? The average small business that experiences a network security breach spends close to $8,700 to repair the damage. And, if you don’t protect your customers’ data, you’ll lose their trust and likely their business.

There are many things you can do to improve your cybersecurity, and some are more complex than others. One simple solution is to add two-factor authentication to all of the websites accessed by you and your employees.

Two-Factor Authentication: The Basics

Two-factor authentication is also known as two-factor verification or 2FV. It adds a second layer of security to your accounts by requiring you to add another credential in addition to your username and password. 

In most cases, you’ll receive a code by SMS (text message) which is only good for a short period of time. Unless a hacker had access to your mobile phone, they wouldn’t be able to get into the site, even if they figured out your password. Some programs or websites use different methods for authenticating, including sending a code to other “trusted devices” or using an app like Google Authenticator. 

Is Two-Factor Authentication Worth It? 

According to the most recent Verizon Data Breach Investigations Report (DBIR), 80 percent of hacking-related breaches were caused by weak login credentials. 2FV significantly improves your network security by isolating access to individual users. As long as your employees have their phones locked down with security code, fingerprint or biometrics, it will be virtually impossible for someone to impersonate an authorized user and gain access when they shouldn’t.  

You might wonder whether adding 2FV eliminates the need for you to use a password manager. The answer is no. Long, complex passwords that are changed frequently are still your first line of defense. Using a good password management program helps you stay on top of this without having to store our passwords somewhere easily accessible by others. 

2FV Is Easier Than You Think! 

It’s easy to understand how some people would think that 2FV would be overly inconvenient. However, that couldn’t be further than the truth. Setting up 2FV only takes a few minutes and the login process is only extended by a couple of seconds. In many cases, you can also authorize certain devices, so you don’t have to complete the extra authentication as long as you’re logging in from that device. 

Increase your security game today by scheduling a Network Security Assessment. During this evaluation, we’ll evaluate your information security, data protection, compliance, and performance. Contact us at 702-547-9800 to learn more about how to bolster your network security

Security Training Is the Best Way to Prevent Computer & Network Security Breaches

What’s the biggest threat to your company’s computer & network security?

It might surprise you to learn that almost 90 percent of cyber-attacks are caused by human error – an employee mistakenly clicking on a phishing email or leaving their laptop out in the open is far more likely than a criminal cyber-attack. 

Once you understand the nature of the threat you’re dealing with, it’s much easier to address it. Here are some common issues that are easily avoidable:

Increased Threat of Phishing Emails

Phishing is the practice of sending an official-looking email in an attempt to get the recipient to enter sensitive information like login credentials, credit card numbers or even their social security numbers. The senders of these emails then use the information they’ve obtained to commit fraud. 

These emails have come a long way in recent years. They now look very official, and even highly-educated executives sometimes fall victim to them. In fact, several years ago, tech giants Facebook and Google were duped out of $100 million due to phishing scams! 

You can expect to see even more phishing scams coming to light over the next months and years. They’ll continue to get more sophisticated and the cost of dealing with the fallout will grow. As of today, it’s estimated that a phishing scam can cost the average medium-sized business around $1.6 million per occurrence. 

Other Common Cyber Security Errors

While phishing is a major concern, it’s not your only computer & network security issue. Many innocent employee behaviors can leave your company vulnerable and could lead to serious consequences. Some examples include:

  • Leaving work computers unlocked and unattended
  • Leaving notes, passwords and other sensitive documents out on your desk
  • Working remotely on unsecured networks
  • Failing to delete data from devices
  • Failing to encrypt data before sending

Security breaches caused by employees who are purposely engaging in malicious behavior are rare. In most cases, they’re caused by a lack of knowledge or simple negligence. You can address this by making frequent and consistent cybersecurity training part of your internal practices. 

The Value of Security Training

While firewalls, encryption and other security measures are critical for keeping your data safe, proper employee training is your number-one line of defense. The first step is to create a clearly defined written set of cybersecurity policies and rules and distribute it to all of your employees. The second is to institute a mandatory training program that occurs during onboarding and at least once per year thereafter. 

Some of the topics that should be addressed during a training session include:

  • Overview of threats (phishing, malware, etc.)
  • Password best practices
  • Safe internet habits
  • Social media safety and security
  • Device maintenance and security
  • Preventative measures

Between training sessions, regularly test your employees and require a remedial class for anyone who fails. This will help keep the information in the forefront of their mind all year long. 

Improve Your Company’s Computer & Network Security

The consequences of a security breach are serious and can devastate a small- to medium-sized business. Fortunately, most of the vulnerabilities are preventable. Network Security Associates can help implement systems and processes to bolster your computer and network security. Contact us at 702-547-9800 to schedule a network security assessment

3 Process Documentation Best Practices

Though comprehensive process documentation is beneficial for many tasks, it’s essential when implementing technology to enhance your network security. Your process documentation must report the required steps to successfully complete a task or project, and it should also state who is completing the necessary tasks to fulfill a process. Proper process documentation ensures there is a sense of standardization every time a task is completed.

3 Process Documentation Best Practices

If your organization is in the gaming or healthcare industry, efficient process documentation provides evidence that your organization strives to adhere to the guidelines set forth by gaming or HIPAA standards. Follow these best practices to thoroughly document your processes.

1. Implement a Variety of Tools for Documenting the Process

It’s important to integrate multiple types of media when documenting your processes for maximizing your network security and enhancing your technology. Don’t feel as if you must stick to written content when documenting or explaining a process. Videos, interviews, group collaboration, and photographs are just a few items that can assist with documenting how to complete a process and determine whether the proper protocol is being followed. If you feel like your process documentation is lacking, Network Security Associates can offer tips for enhancing your documentation procedures.

2. Check the Quality of Your Documentation

For process documentation to assist your company with bolstering its technology and network security procedures, it’s essential to use high quality documentation. Your documentation should be well-written, explain the purpose or goal of the task, and reiterate why the task is essential for a secure organization. You should also remove information that feels redundant or no longer applies to the process. 

Any documents and media should be well-organized; ideally, you should include a table of contents and written headers to make it easier for employees to efficiently use the document.

3. Re-evaluate the Process as Needed

Process documentation can also assist your company with revising or updating its procedures to boast a higher sense of network security. This makes it vital for your organization to periodically re-evaluate the process, using the documented procedures. It’s also wise to make sure your documentations contain only up-to-date information and don’t cover outdated or old procedures. 

You can eliminate or revise steps that aren’t efficient, or you might utilize steps that have proven themselves helpful in other processes. Thorough process documentation makes it easier to identify what is and isn’t working for your company.

Network Security Associates can help you develop or improve your company’s process documentation. Contact us today at 702-547-9800 to get started.

How to Prioritize Upcoming Technology Updates

Technology updates are never fun for any business, but they’re increasingly important to ensure your business’s systems are safe and secure. Unfortunately, upgrading everything all at once just to get it over with isn’t a safe approach.

The investment of time and resources necessary for any major upgrade, combined with the need to identify and resolve problems in training, implementation, and compatibility make it important you establish a strategy for prioritizing updates. 

Motivation for Updating Key Components

How to Prioritize Upcoming Technology Updates

While there are countless approaches to updating necessary business equipment, consider the key motivation behind the priority: modernization, maximizing user benefits, and matching company culture. Let’s take a closer look at each.

Updates Focused on Modernizing Architecture

Updates centered around modernizing the design of your IT solutions aim to eliminate the least flexible, most needlessly specific or complex pieces of technology you rely upon. This is often seen alternatively as updating in favor of simplification; modern IT solutions share standardized languages, components, and APIs, so even as the technology beneath the surface grows more complicated, and the experience as a company using the product grows simpler. 

Not only does modernized design make it easier for your company to leverage other cutting-edge technologies, such as machine learning suites, it also makes it easier for employees and customers to interface with your business with minimal learning curve. Network Security Associates can help your company identify critical areas for modernization and put together a roadmap for quick, efficient upgrades. 

User Benefits or Customer Satisfaction-focused Updates

Another approach places the emphasis on customer satisfaction or direct benefits to users and clients. By looking at the places where your technology fails to adequately serve clients, you can quickly put together a path for updating equipment that achieves optimal customer satisfaction over time. 

Of course, optimizing for user value doesn’t mean forsaking employees and convenience for your business; in most cases, the two concepts overlap significantly without conflict. Automation and cutting-edge IT solutions applied in the right places eases the load on team members and improve the customer experience. 

Unlike an upgrade priority based on modernization, which emphasizes architecture upgrades, upgrading for user benefit begins with day-to-day software, which interacts with your customers. The team at NSA can determine the minimum adjustments to architecture necessary before moving on to end-user improvements or recommend improvements which require no adjustment to your existing core architecture. 

Company Culture or Employee-focused Updates

The third way to think about and prioritize updates looks at the way you do business – your company culture, or the unique problems your employees face in using IT solutions. This might mean adjusting your update plans and schedule with a heavy emphasis on reducing the learning curve for new technology, scheduling with a strong emphasis on alleviating pain points for employees, or simply updating by matching the priorities of your core business values. 

This approach may not show immediate results with employees or your bottom line, but it can be excellent for morale, company cohesion, or even, in some cases, branding and image.  

NSA Can Help You Prioritize Your Updates

Technology updates are vital to the overall safety and efficiency of your business. NSA’s managed IT solutions can help you make the necessary improvements as quickly, painlessly, and efficiently as possible, minimizing downtime and ensuring they’re done correctly. Contact us today at 702-547-9800 to get started on a plan.

Social Hacks & How to Avoid Them

So-called social hacks, also known as social engineering, involves attacks on what is perhaps the most vulnerable, easily compromised component in any computer system: The user.

A social hack is any of a number of techniques, strategies, and tactics used to convince people to give up personal information, passwords, and all of the other information necessary to access private accounts without the technical knowhow or risk of true hacking. 

Social Hacks to Watch For

Social Hacks & How to Avoid Them

Here are just a few of the most common hacks you should look out for:

  • Pretext. Would-be social engineers will often wait for a pretext to reach out to a target or create one wholesale. For example, a power outage or internet outage at your building could give them an excuse to call or email you, pretending to be from your managed IT firm. 
  • Diversion. Some social hacks work via diversion of a target from legitimate points of contact to illegitimate ones. This includes tactics, such as phishing, where you are sent via email to a website identical to a real website you use, but wholly controlled by the hacker.
  • Baiting. Baiting relies on greed to get past your defenses. It can be a USB stick loaded with free stuff and a hidden computer virus, given to you at a convention or left sitting somewhere.
  • Authority. Feigning a position of authority to trigger a panic response and get you giving up answers is a favorite for social hackers. It’s most effective in large organizations.
  • Kindness. It’s easy to get complacent about security when someone is really nice to you—and hackers are happy to exploit that for all its worth. 
  • Vagueness. Some social hacks work on the power of assumption. Hackers may lead you to believe you’re talking to someone you know.

Avoiding Social Hacks

Don’t let emotional responses rush you. Fear, kindness, pity, and confusion all work for hackers, not you. 

Never assume something you don’t know for a fact. Do you know who this person is, truly? 

Trust your instincts. If something looks wrong, feels wrong or sounds wrong, it may be wrong. Taking a moment to confirm you’re on the real website or double check to make sure you’re answering a call from the real source can potentially save your company a lot of time and money.

Follow security rules. All the rules and guidelines your managed IT support team puts forth exist for a reason. Each extra security measure makes it exponentially more difficult for any hacker, social or otherwise, to compromise a system. 

Network Security Associates can secure your systems for you, help teach employees security best practices, and make it so a single successful social hack doesn’t get into your systems. Know the risks, know what to do about them, and make sure the human element isn’t the weakest link in your security. Contact us today at 702-547-9800 to learn more.

4 Debunked Myths About Cloud Services

The cloud has grown in popularity in recent years and continues to do so. However, there are some common misconceptions about cloud services that still prevent people from trusting this technology. Here are some of the top myths about the cloud you shouldn’t believe.

Myth 1: The Cloud Isn’t Secure

Don’t Believe These Myths About Cloud Services

There are a couple underlying concerns behind this myth. One contributing factor is the reality most companies will have to work with a third-party provider to receive cloud services. You may have concerns this company doesn’t take the necessary steps to secure your data. However, Network Security Associates utilizes multiple safeguards to make sure your information is protected, such as:

  • Data encryption
  • Firewalls
  • Monitoring 
  • An intrusion detection system
  • Antivirus
  • Anti-phishing

Address any concerns you have about data security with your potential cloud provider.

Myth 2: Cloud Services Are Too Expensive

Although cloud services may be costly upfront, it’s important to remember the benefits of the cloud exceed monetary savings. The cloud ensures your business always has backups of its data, software, and programs. If a natural disaster or device theft occurs, these backups mean your business will have minimal downtime. Cloud services also make it more convenient for your employees to work remotely; they can access the cloud from a secure connection and quickly pull up the files or programs they need. Downtime impacts profitability and revenue generation, which can be challenging to determine assign a dollar value to the impact.

Myth 3: Small Businesses Can’t Benefit From the Cloud

Businesses of all sizes, from sole proprietorships to large corporations, can benefit from using the cloud. Small businesses have many of the same needs as larger organizations, such as the need for reliable data and software backups, secure remote access to their information and multiple security initiatives to safeguard their valuable information.

Myth 4: You’ll Lose Ownership of the Data You Store in the Cloud

Most reputable cloud providers permit their clients to retain ownership of the data they store in the cloud. Make sure you read and understand the terms and conditions of your service agreement to ensure you retain all the rights to your information.

Help Secure Your Company’s Data With Cloud Services

Ready to learn more about how cloud services can benefit your business? Contact Network Security Associates at 702-547-9800 today to schedule a network security assessment.

4 Tips for Maintaining Small Businesses’ Network Security

As a small business owner, you know every dollar counts. Unfortunately, a single cyberattack can cost your business thousands of dollars and damage your reputation. This makes it essential for your business to achieve and maintain a high level of network security. Follow these tips to secure your business against cyberthreats.

4 Steps to Maintaining Your Network Security

Network Security Associates Will Help Prevent Cyberattacks on Your Business

1. Establish Written Guidelines for Maintaining Network Security

If your business doesn’t have written policies that address items like device usage, password creation, the proper handling of sensitive information, and best practices for securing data, now is the time to get these guidelines in writing. Putting your cybersecurity policies in writing makes it easy for your employees to understand expectations. It also helps ensure every employee adheres to the same standards for keeping your company’s data secure. With written guidelines, it’s easy to periodically review your policies to see which ones require updates or further clarification.

2. Educate Your Employees About the Threat of Cyberattacks

It’s important to inform your employees about the threat of cyberattacks and their lasting effects. They may not understand the consequences of a single successful attack, or they might mistakenly believe the threat of a cyberattack is overblown. When your employees understand why they’re expected to follow certain rules or guidelines, this makes it more likely they’ll adhere to your policies. Make sure to properly train all new employees and offer refresher courses for existing employees.

3. Secure Your Networks and Files

One of the most effective ways to keep your information secure is to only use secure networks to transmit, download or store information. If you aren’t sure if your networks are secure or what steps you must take to secure them, Network Security Associates can help. You should also make sure any employees who work remotely know they are only to use a secure network when working. We can assist you with implementing cloud-based storage to protect all your company’s sensitive information in a secure location.

4. Ensure Proper Protections are in Place

Every computer should have updated antivirus software and an enabled device firewall.

This will help virus and malware from propagating from one computer to another at your office and from remote computers. Wireless networks should not be “open,” but should be locked down to ensure malicious users are unable to access your network. It’s also important to ensure you have a modern firewall protecting your network from internet hackers. It’s imperative computers, software, and devices are updated regularly. Many companies overlook patches and updates, but they are critical to protecting your environment from malware and hacks.

Not sure what steps you should take for optimal network security? Contact Network Security Associates to schedule an in-person network assessment. Our team of experienced IT professionals will help you create a plan to secure your business’s networks and data.

HIPAA Data Security Breach Checklist

The Oregon Department of Human Services (DHS) recently reported a HIPAA data breach that exposed the personal information of more than 350,000 Oregon residents. The source of this breach was a phishing email with a malicious link that multiple employees opened and clicked.

If your organization is the victim of a HIPAA data security breach, there are specific steps you must take to handle the incident in accordance with HIPAA regulations. The below is a checklist to follow.

1. Identify and Stop the Breach

Once a breach occurs, it’s vital to act quickly and identify the source. HIPAA guidelines state you must act to mitigate the effects of the breach. The sooner you know how it occurred, the higher your chances of lessening its impact. 

How you stop the breach will vary based on its source. You may need to revoke access privileges for certain employees, download critical security updates to your company’s programs or change how you retrieve and send private patient information. 

2. Notify the Department of Health and Human Services About the Breach

HIPAA rules require you to promptly report data security breaches to the Department of Health and Human Services. All notifications related to the data breach must be done within 60 days of discovering it. When you make the report, have the following information on-hand:

  • The nature of the breach and what information it exposed
  • The individual responsible for the breach (if known)
  • Whether any sensitive information was acquired or viewed by unauthorized individuals
  • The steps you’ve taken to mitigate damage related to the breach

3. Notify Patients of the Breach

You need to issue notifications to the patients whose information was exposed by the breach. The notification should let the patient know what steps they can take to protect themselves from the potential exposure of their information. It’s also required you tell the patient what you are doing to investigate the breach and prevent future breaches from occurring.

4. Issue a Notice to the Media Regarding the Breach

If the breach exposes the information of more than 500 patients, you must issue a notice to the media about it. This increases the likelihood affected patients will learn about the breach and understand what steps they should take. 

Take Proactive Steps to Protect and Increase Your HIPAA Data Security

Though it’s important for your organization to know how to properly handle a HIPAA data breach, you should take steps to prevent a breach from occurring in the first place. Working with a company well-versed in HIPAA data security, like Network Security Associates, can help you identify steps to take to secure your networks and boost adherence to HIPAA guidelines. Contact us at 702-547-9800 to set up a network inspection. This will identify any problematic areas and offer suggestions for better securing your patients’ data. 

4 Ways to Bolster Your Network Security for HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) sets forth standards to govern the handling of sensitive patient information. These standards apply to hospitals, medical offices and companies that handle insurance and billing. For businesses that must meet HIPAA standards, the ultimate goal is to protect sensitive patient information.

To do this, your organization must implement physical and network security measures to protect data according to HIPAA regulations. However, it’s not enough to simply enact these safeguards; adherence is another piece of the puzzle necessary for your company to comply with HIPAA security regulations. Here are a few things your business can do to fulfill HIPAA network security requirements and work toward compliance:

4 Ways to Get Your Organization Closer to HIPAA Compliance

Increase Your HIPAA Network Security by Employing These Tactics

1. Educate Your Employees

It’s important for your employees to understand the importance of following the necessary HIPAA network security procedures when handling sensitive patient information. Some workers may dismiss HIPAA regulations as “red tape,” but following them is essential to shield your company and its employees from lawsuits, criminal charges, professional sanctions, and financial losses caused by mishandling information.

Employees who understand the importance of these policies and the consequences of non-adherence (either intentionally or accidentally) are more likely to follow security procedures, like making sure antivirus and work software are always up-to-date. 

2. Enact Written Policies

HIPAA security rules require businesses to have written policies regarding their HIPAA network security procedures. Make sure your company’s guidelines are clearly defined in writing. Review the policies to make sure they thoroughly state your expectations. As your business evolves, update your written policies to reflect your company’s changing needs.

Another benefit of putting your HIPAA network security policies in writing is it helps you prove your business strives to comply with HIPAA guidelines regarding the treatment of sensitive information; during a HIPAA audit, you need evidence your company has made a strong effort to maintain compliance. Written policies offer proof that your company has specific procedures in place to protect sensitive patient information.

3. Document Everything

Many security breaches occur because employees fail to follow the company’s written procedures. One way to ensure your staff are acting in accordance to policies that promote HIPAA compliance is to require documentation of their adherence. Your documentation should also include any HIPAA violations that occur and the resulting consequences. During a HIPAA audit, your documentation will demonstrate employees are following your organization’s written policies and striving to act in ways that are compliant with HIPAA guidelines. 

4. Utilize Encryption Whenever Possible

Encryption is the process of converting data into a code readable only by parties that have the “key” to de-crypt the code. Make sure all your company devices, including laptops, tablets and smart phones, are encrypted. When employees work remotely, they should only use encrypted devices capable of adding protection to sensitive information. 

Boost Your HIPAA Network Security

The above are just a few ways to help get your company closer to being HIPAA-compliant. If you’re in need of increased network security for HIPAA, contact the experts at Network Security Associates. Our technicians will consistently monitor your network to ensure your data is secure and all systems are up-to-date. Contact us today at 702-547-9800 for more information and to schedule a network security assessment.