News

Cybersecurity Employee Training – SMB

In today’s fast-changing digital world, small and medium-sized businesses (SMBs) are becoming more vulnerable to cyber threats. One of the most effective ways to reduce these risks is by focusing on the human side of cyber security—employee training. This article explores the vital role that training employees plays in strengthening SMBs’ defenses against cyberattacks.

Understanding the Cybersecurity Landscape for SMBs

1.Assessing the Unique Challenges in SMBs

First, it’s important to understand the unique cyber security challenges faced by SMBs. Unlike larger corporations, SMBs often don’t have the resources to build extensive security infrastructures. Despite this, their data can be just as valuable, which makes them prime targets for cybercriminals.

2.The Vital Role of Employee Training

Next, let’s focus on the heart of the issue: employee training. Employees are often the first line of defense against cyber threats. When properly trained, they can recognize, avoid, and report potential risks, effectively acting as human firewalls.

While employee training is crucial for safeguarding your business, a comprehensive cybersecurity strategy goes beyond just internal education. To fully protect your organization, it’s essential to also address other aspects of cybersecurity, including measures to mitigate the financial losses from cyberattacks.

3.Strategies for Effective Cybersecurity Training

Effective cybersecurity training goes beyond one-time sessions; it requires ongoing education and awareness. This includes regular updates on emerging threats, simulated phishing exercises, and training on secure password practices and data handling.

4.The Impact of Ongoing Training

Ongoing training also helps keep cybersecurity a consistent topic of conversation and awareness within an SMB. In an era where cyber threats are constantly evolving, this continuous vigilance is essential.

5.Incorporating Practical Scenarios

Practical training scenarios can greatly enhance the effectiveness of cybersecurity education. By simulating real-life situations, employees gain a clearer understanding of the impact of cyberattacks and their role in preventing them.

6.The Role of Leadership in Cybersecurity Training

Leadership plays a vital role in the cybersecurity process. Management must not only provide the necessary tools and training but also foster a culture of security throughout the organization. This includes leading by example, setting clear expectations, and encouraging open communication about potential cyber threats.

7.Measuring the Effectiveness of Training Programs

Evaluating the effectiveness of training programs is also crucial. Regular assessments help identify areas for improvement and ensure that the training stays relevant and effective over time.

8.Encouraging a Proactive Cybersecurity Mindset

Promoting a proactive approach to cybersecurity empowers employees to take an active role in protecting the business. They should feel confident in recognizing suspicious activities and know the proper channels for reporting them.

9.The Financial Implications of Cybersecurity Training

Investing in cybersecurity training can have significant financial benefits for SMBs. By preventing cyberattacks, businesses can avoid the costly consequences of data breaches, such as loss of customer trust, legal fees, and downtime.

A Call to Action for SMBs

The message is clear: SMBs must prioritize employee cybersecurity training. It’s not just an IT issue—it’s a business imperative. By investing in comprehensive, ongoing training, SMBs can strengthen their defenses against the constant threat of cyberattacks, protecting their assets, reputation, and future.

InfoTech Innovators is here to help SMBs establish and deliver effective employee cybersecurity training. We offer both in-person and online classes designed to enhance employees’ cybersecurity knowledge, helping to better secure your company and protect your customers.

Contact Us Today !

Why Should I Care About Third Party Risk

With most organizations relying on outsourcing to handle at least some aspects of their day-to-day operations, third-party risk should be front of mind. This is especially true given the rising number of security breaches that are arising from third-party relationships.

A recent study shows that almost a third of third-party vendors would be considered a material risk if a breach occurred. Furthermore, another study revealed that 80% of surveyed organizations experienced a data breach originating from a third party in 2020.

Ultimately, your organization’s board of directors and senior management are responsible for managing third-party relationships. The identification and control of associated risks should be held to the same standard as activities that were handled from within the organization.

Despite the numerous risks that arise from third-party relationships over the vendor life cycle, many organizations still do not manage third-party risks as diligently as internal ones.  

Failure to manage these risks can leave organizations exposed to regulatory action, financial action, litigation, reputational damage, and can impair the organization’s ability to gain new or service existing customers.

Third Party Risk

InfoTech Innovators can provide consulting assistance to help an organization to develop their Third Party Risk Management (TPRM) strategy and approach. It is also important that supplier agreements/contracts contain language to limit risk liability with third party vendors, insure an organization has the right to audit a vendor to insure security compliance , insure a vendor is performing their security due diligence internally to protect their environment ( and their client) and much more. Developing a sound foundation and framework to address TPRM is vital to insuring security and business goals are meet for an organization.

Reach out to us today to learn more about our Third Party Risk Management services and how we can help!

Third Party Risk Management

Real Estate – Cyber Security

Hackers work 24 hours a day, 7 days a week and 365 days a year trying to break into your business. Cyber crime in the real estate industry is on the rise. As this video from the National Association of Realtors describes, Cyber Crime, Cyber Security and the Real Estate Professional, this topic is very important to real estate professionals. As the video recommends, improving your brokerage’s cyber security starts with a cyber security assessment to uncover areas for improvement and cyber security awareness training for all real estate professionals. InfoTech Innovators can help!

InfoTech Innovators is located in Forked River NJ. We provide a wide range of cyber security services and solutions, including cyber security assessments and cyber security awareness training. Contact us today for a free initial consultation or to arrange for us to be a guest speaker at your next brokerage staff meeting to discuss cyber security. Virtual sessions are available too!  sales@infotechinnovators.com .. Learn more about us at InfoTechInnovators.com

Dispel some myths about cyber security for small and medium size businesses

Lets dispel some myths about cyber security for small and medium size businesses.

1. YES, hackers do care about your business no matter how big, small, significant or insignificant YOU might think your business is.

2. YES, proper cyber security hygiene is important to all businesses and YES proper cyber security hygiene is more than just anti virus software.

3. YES, remediating after a cybercrime incident is hard and expensive. Sometimes too expense and/or hard for a business to recover. Yes, prevention via proper cyber security hygiene can help, is cheaper and easier. If you lock your doors, it is the same principle. The lock is cheaper than replacing all your stuff if stolen ( and less painful). So if it helps to combat bad guys and/or helps to minimize break-ins / damage .. its a good thing. Ounce of prevention is cheaper than a pound of cure!

4. Yes, you are never 100% cyber secure. The human element coupled with constant changes in technology threats makes being secure a moving target. Best course of action is make cyber security part of how you do every day business and stay vigilant / current related to your defenses.

InfoTech Innovators can help! Contact us today!, sales@infotechinnovators.com, www.infotechinnovators.com

InfoTech Innovators is an IT Consulting firm located in central NJ that specializes in cyber security services for small and medium size businesses, as well as NJ state government and municipalities (Towns,Cities, Counties, etc.)

Hackers are targeting small and medium size businesses

Hackers are a constant. Exploits, security holes and attack vectors  are changing daily giving hackers greater opportunities to break in. Every small and medium size business should be executing network vulnerability scans regularly, in addition to fortifying their cyber security posture in general (e.g. Anti Virus, security education, applying manufacturer software updates/patches, etc).

Hackers are targeting small and medium size businesses. Small and medium size businesses sometimes feel that they aren’t likely to be a target due to their size and that hackers couldn’t possibly be interested in what they do – but in reality the exact opposite is true. Hackers prey on the knowledge that small businesses tend to have lower defenses than larger organizations, usually due to lack of financial and human resources. By their very nature, thriving small businesses are innovative and niche, which again is very attractive to the bad guys who may be interested in customer data and intellectual property and know exactly how to pick out the weak targets. Burying your head in the sand may save money in the short term, but the cost of hacking could range from minor inconvenience, reputation damage, loss of customer data, fines and ultimately company closure.

There are a few prevailing “false narratives” that many small and medium size businesses dangerously believe.

  • Many  believe that because they hired a company to install a website, install a network, install computers, install software that this magically makes them secure forever ( or that a third party company is somehow responsible for on going security without a contract that says so).
  • Their in house IT technicians are performing proactive security issue discovery. Many technicians are very good at what they do, but to assume they have time/skill to perform proactive security technology auditing can be a dangerous assumption.

InfoTech Innovators offers internal and external network vulnerability scanning services that inspect the potential points of exploit on a computers, servers, or network to identify security holes. A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures. Armed with the vulnerability report our service produces, a small business can then take steps to fortify their network security technology posture.

As referenced in this article on Forbes.com “More than half (55 percent) of the nearly 600 small- and medium-sized businesses surveyed by the Ponemon Institute reported being hit by a cyber attack in the past year, and 50 percent said they experienced a data breach involving customer and employee information over the same time period. It cost these companies an average of $879,582 in damage to or theft of IT assets and an average of $955,429 due to the disruption of operations, according to Ponemon’s “State of Cybersecurity in Small and Medium-Sized Business,” which was released in June 2016.

Contact InfoTech Innovators today and learn how we can help !

InfoTech Innovators

InfoTech Innovators – Best of Toms River Award for 2017

InfoTech Innovators LLC is among a very small group of companies that have won the Best of Toms River Award for four consecutive years.

The Toms River Award Program recognizes those companies that have shown the ability to use their best practices and implemented programs to generate competitive advantages and long-term value. These local companies enhance the positive image of small business through service to their customers and our community. The Toms River Award Program was established to recognize the best of local businesses in our community. Our organization works exclusively with local business owners, trade groups, professional associations and other business advertising and marketing groups. Our mission is to recognize the small business community’s contributions to the U.S. economy.

InfoTech Innovators LLC Receives 2016 Best of Toms River Award

Press Release

FOR IMMEDIATE RELEASE

InfoTech Innovators LLC Receives 2016 Best of Toms River Award

Toms River Award Program Honors the Achievement

TOMS RIVER February 23, 2016 — InfoTech Innovators LLC has been selected for the 2016 Best of Toms River Award in the IT Business and Solutions Consultant category by the Toms River Award Program.

Each year, the Toms River Award Program identifies companies that we believe have achieved exceptional success in their local community and business category. These are local companies that enhance the positive image of small business through service to their customers and our community. These exceptional companies help make the Toms River area a great place to live, work and play.

Various sources of information were gathered and analyzed to choose the winners in each category. The 2016 Toms River Award Program focuses on quality, not quantity. Winners are determined based on the information gathered both internally by the Toms River Award Program and data provided by third parties.

About Toms River Award Program

The Toms River Award Program is an annual awards program honoring the achievements and accomplishments of local businesses throughout the Toms River area. Recognition is given to those companies that have shown the ability to use their best practices and implemented programs to generate competitive advantages and long-term value.

The Toms River Award Program was established to recognize the best of local businesses in our community. Our organization works exclusively with local business owners, trade groups, professional associations and other business advertising and marketing groups. Our mission is to recognize the small business community’s contributions to the U.S. economy.

SOURCE: Toms River Award Program

Hackers Hold Hollywood Hospitals Computer System Hostage, Demand $3.6 Million

“Hackers have taken the computer system of the Hollywood Presbyterian Medical Center hostage, demanding 9,000 Bitcoin or $3.6 million…Also, some patients had to be transferred to other hospitals, as some of the medical equipment that need computers at the Hollywood Presbyterian Medical Center were rendered inoperable, including apparatuses for X-ray and CT scans, documentation and pharmacy and lab work. “

Below is the link to the article on Tech Time:

http://www.techtimes.com/articles/133874/20160216/hackers-hold-hollywood-hospital-s-computer-system-hostage-demand-3-6-million-as-patients-transferred.htm

Having a security and customer focused culture in healthcare is paramount. Security training, technology, procedures, policies, etc are not just a static “HIPAA security assessment audit check mark”, it has to be a way of doing business each and every day for a healthcare provider. InfoTech Innovator’s HIPAA Risk Assessment Service can help a healthcare provider to perform their required HIPAA Risk Assessment and our knowledgable technical staff can help point out client areas requiring better security training, technology, services and help clients to implement these for their organization.

Ransonware is typically spread via phishing email attacks and downloads. General phishing are scams that attempt to trick recipients into responding or clicking immediately, by claiming they will lose something (e.g., email, bank account). Such a claim is always indicative of a phishing scam. “Spear phishing” is more specific and can target (or be tailored to) specific individuals, roles, or organizations.

Below is a great link from the University Of Indiana that offers some basic information on how to spot
phishing.

https://protect.iu.edu/online-safety/personal-preparedness/email-phishing.html

HIPAA Business Associates, BAAs and CEs .. $3.5m HHS-OCR settlement.

As per the article below by Owen Kurtin on jdsupra.com.. “A recent Department of Health and Human Services Office of Civil Rights (HHS OCR) $3.5 million settlement confirms that it is a facial violation of HIPAA for a Covered Entity to transmit, and for a Business Associate to receive, patient Protected Health Information without a written, compliant Business Associate Agreement in place. In other words, if there is no written, compliant Business Associate Agreement in place, the Covered Entity had no right to transmit, and the Business Associate had no right to receive, the PHI in the first place.

This sends a strong message from HHS-OCR about CE to BA relationships and the need for BAA’s.  This same message as been a consistent message from InfoTech Innovators LLC.

[jwplayer mediaid=”847″ autostart=”false” width=”500″ height=”425″]

Below is a link to the full article on jdsupra.com

http://www.jdsupra.com/legalnews/hipaa-business-associate-agreement-best-49072/

Landmark HIPAA settlement confirms push to firm up patching schedules

Anchorage Community Mental Health Services ACMHS must pay 150,000 and integrate an action plan to meet HIPAA compliance after the organization had more than 2,700 individuals electronic health information compromised in a cyber attack. OCR opened an investigation into the group’s HIPAA compliance and found that the medical organization violated the “Security Rule.”

The HIPAA Security Rule requires entities who handle electronic protected health information to regularly patch systems and update their IT infrastructure. Although ACMHS had adopted the sample Security Rule policies and procedures in 2005, they were never followed. This lack of patching of IT security systems allowed malware to breach the medical organization’s systems, and, the bulletin says, prompted the settlement.

“This settlement illustrates that covered entities and business associates not only need to adopt the appropriate HIPAA policies, procedures and practices on paper, but they have to “live them” via execution. Keeping software and computer infrastructure patched and current is part of living HIPAA compliant. This gets to heart of negligence related to proper IT controls and management. It’s not enough to just install technology and forget about it, security and patching is an on going task.” said Al Rozell President of InfoTech Innovators.