How to create an effective BYOD policy

If you want to let your employees use their personal devices for work-related activities, then you should learn how to create a secure and effective bring-your-own-device policy for your business.

Here’s what you need to know to get started on the right foot.

Understand the potential threats of BYOD

You can’t write an effective BYOD policy until you understand the potential threats of letting employees use their smartphones for work. Some of the biggest security threats of BYOD include:

  • Malicious websites and apps that compromise your network security
  • Lost devices that give unauthorized users access to sensitive information like email contacts, phone numbers, contracts and any data stored on your company’s network and apps
  • Employees who don’t understand the importance of keeping personal information separate from work data and apps
  • Jailbroken (rooted) smartphones that no longer include the manufacturer’s security features

Since BYOD can put your business’s security at risk, it’s not a bad idea to have a professional perform a security risk assessment that will uncover your current vulnerabilities.

Know the benefits of BYOD

Now that you know the potential threats of BYOD, you might wonder why businesses allow it.

When done correctly, BYOD can offer your business several benefits. A lot of companies feel that the benefits outweigh the risks. Besides, they know that creating an effective BYOD policy will mitigate some of those risks.

Benefits that you can expect from adopting a good BYOD policy include:

  • Increased productivity
  • Saving money by transferring the cost of mobile devices to your employees
  • Making remote work days possible, which will appeal to younger Millennial workers who prefer flexible schedules

Related: What’s an IP phone and why is it amazing for business operations?

How to craft an effective, secure BYOD policy

If you decide that you want to take advantage of BYOD’s benefits, then you will need to write a BYOD policy that protects your security, business and employees. Follow these four tips to make your BYOD as effective as possible.

1. Use straightforward language

People can only follow policies that they understand. Use straightforward language and avoid technical jargon so your employees will know how to follow your BYOD policies.

2. Authorize certain apps for business use

BYOD can make it easier for employees to use shadow IT, such as apps that you haven’t authorized. Unauthorized apps could contain vulnerabilities that give hackers access to your network. Choose cloud services that your employees can use, and ask them to avoid apps that haven’t been reviewed.

Related: 4 solid file sharing options for SMBs

3. Require anti-malware software

If your employees are going to connect to your network, then you need to make sure they use devices with reliable anti-malware software. Choose an option that matches your business needs. If the software costs money, pay for it. You don’t want someone to put your security at risk over a few dollars.

4. Educate your employees

Your BYOD policy should include an educational requirement to make sure your employees know how to use the internet, apps and other tools safely. For instance, they should know the warning signs of a phishing attempt and how to spot a fake website.

BYOD comes with a lot of benefits, but you have to take some precautions to make sure you keep your business and employees secure. If you need help, reach out to your managed IT services provider. They can review your security standards and help you create effective policies that will offset some of the BYOD policy

7 questions to ask before creating a business backup procedure

Data backup is so essential to modern business operations that it’s easy to forget how important it is. That’s unfortunate because data backup is extremely important.

If something happens to your network—anything from a short period of downtime to a ransomware attack that completely wipes your system—your data backups are the only thing between you and a complete and total disaster.

That’s because your data backups are basically an insurance policy. If anything happens to your original data, there they are, waiting to save the day.

But it’s not enough to know that backups are important. You still need to develop a backup strategy for your company, and that’s where this article can help.

“Backups should be as frequent as possible while not impacting the service quality and performance of the system.” – CIO

There’s no one-size-fits-all option

Data backup is like so many forms of IT support for SMBs. A cookie-cutter, a one-size-fits-all approach just isn’t going to meet your needs. That said, some form of backup is better than nothing, so don’t ditch your current backup plan until you have another one in place.

But if you have no backup procedure (or if you’re updating your backup procedure), there’s a right way to do it and a wrong way to do it.

The right way is going to be highly customized to ensure that everything about your backup process protects your data and sets you up for success if you ever need to restore your data.

Which brings us to the 7 questions you should ask before you develop your new backup strategy.

7 critical data backup questions

The questions below will walk you through the strategic process of determining exactly what you need from your data backup service. We recommend that you go over all of these questions and your answers with your managed IT services provider.

In fact, your MSP should walk you through some version of these questions before making any backup recommendations.

1. What are your backup goals?

The core goal of all data backup strategies is the same—protect and maintain data. But why do you want to protect your data?

Are you storing sensitive data about your customers or employees? Do you rely on historical reports for future forecasting and performance? What would happen if you suddenly lost all your data and had to start over tomorrow?

Answering this question is important because it sets the stage for the rest of your strategic planning. When you have a firm understanding of what’s at stake, it’s much easier to really invest in the process.

2. How much do you need to backup?

How much data are we talking about? The type of data doesn’t really matter—yet. First, determine the total amount of data you have.

That number matters because it will help you decide how much total backup space you need. And don’t assume a 1-to-1 ratio. The general rule is that for every 1 terabyte of original data you have, you’ll need 4-5 terabytes of backup space.

3. How big are the files you’ll be backing up?

Now that you have a total number, what’s the average size of each file? Are you backing up a few hundred text files? Those are generally small and take up relatively little space.

Or do you have a massive portfolio of images and videos? Because those can be much bigger.

Average file size matters because bigger files can take longer to transfer. You’ll combine your answer to this question with your answer to the next question to help decide what type of back (onsite, offsite or hybrid) would serve you best.

4. How important is speed when accessing your backup files?

Offsite backups are generally safer simply because there’s distance.

If something happens to your office, like a fire, an offsite backup will be unaffected. Your data remains safe. Onsite backup servers might not protect you as well.

On the other hand, offsite backup tends to take longer to restore. If speed matters, offsite backup alone may not be the way to go. You may want a hybrid backup solution—both offsite and onsite—so that you have the protection of offsite backups with the speed of onsite backups.

5. What’s the ideal scenario for restoring data from your backup files?

Let’s go back to that terrifying question. Suppose you lose all your data all at once and you have to begin the process of a full data restoration. What’s the best case scenario at that point?

Do you need everything back in place in a matter of hours? Would days or even weeks be okay? How will you maintain business operations if you need to work remotely for a while?

You’re planning for a potential disaster. Ask yourself what the smoothest possible recovery would look like for you, your staff and your customers. Now, what kind of data backup enables that?

6. Are you subject to any regulatory requirements?

If your business is subject to compliance rules, they may limit some of your data backup options. You may not be able to use offsite backups, for example. Or you may need to ensure there’s a specific level of security in play first.

The cost of compliance violations is high. You don’t want to go through all the work of developing a backup strategy only to discover you’ve left yourself open to a regulatory fine.

7. Are you sure about the security of your data backups?

Finally, give some thought to the level of security your data backup plan provides.

If you’re using an onsite server, do you have both software-based and physical security precautions in place? If you’re using an offsite option, does the backup provider guarantee cybersecurity?

Don’t assume everyone else out there takes security as seriously as you do. Think it through and ask.

The right backup option for you

If you work your way through these 7 questions, you’re much more likely to arrive at a backup strategy that fully protects your data. And don’t forget to reach out to a data backup pro if you feel out of your depth.

After all, protecting your data matters. Make sure you give this the time and attention it deserves.

Benefits of superior business continuity management and how to enhance it

Having a business continuity plan isn’t an option, it’s a necessity. If disaster strikes, you have to get back up and running as soon as possible. As a small business, you can’t afford downtime or its negative impact on your operations and your customers.

That’s why business continuity management is critical. It looks beyond dealing with the emergency itself—whether that’s a natural disaster or cyberattack—and takes into account what is required to get everything up and running again. Business continuity management is more than just a risk management process and data backup, it’s part of having a sustainable, reliable and thriving business.

Benefits of a superior business continuity management plan

Let’s look at some of the key benefits of having a superior business continuity plan.

Reducing financial risk

Consider this—according to a recent survey, 80% of businesses require a guaranteed uptime of 99.99% from their cloud service vendors. This correlates to about an hour of downtime annually, which can cost a business as much as $260,000. The further you can minimize any downtime, the less risk you run of losing money.

Preserving your reputation

Your reputation is on the line. In addition to operating losses, repeated occurrences of downtime can cause erosion of your brand. Your customers and partners could lose confidence in your ability to serve them, damaging your business relationships and referrals.

Delivering on expectations for recovery

With a comprehensive business continuity plan, you can also enable the recovery of mission-critical systems in the agreed timeframe. This sets expectations for your staff, your customers, and others. Having this well documented puts a threshold on what’s an acceptable timeframe to get back up and going. According to a recent ransomware report, 96% of businesses with a plan in place fully recover operations.

Complying with legal obligations

Another benefit is compliance with any legal or statutory obligations. Depending on your industry or the industries you serve, you may have to meet certain guidelines for business continuity. For example, financial firms have more and different regulations than other types of businesses.

Even if you are not legally obligated to meet certain standards, proving to stakeholders that you are running your business responsibly is vital to sustainability.

Offering a competitive edge

Not all your competitors will have the same robust continuity plan that you have. This could be something very important to your customers. Use this to your advantage as a strong differentiator that you have well-designed plan to deal with any disruption quickly and effectively.

How SMBs can build or enhance their business continuity plan

If you don’t have a plan, it’s time to work on one. If you do have one, it can be optimized. For help, contemplate these tips:

Business continuity is NOT the same as disaster recovery

Many companies use these terms interchangeably, but they aren’t the same. Disaster recovery focuses on restoring IT and technical operations. Business continuity is much more broad and detailed and usually includes IT disaster recovery. It outlines procedures and processes to preserve and restore business operations after a disaster, including facilities, communications, human resources, partners, customer service, and more. You need both types of plans ready to go.

Remember your plan should be fluid

Business continuity plans aren’t something you can create and then forget about. Many things will change that will need to be addressed or updated in your plan. You may add more infrastructure or need to comply with new laws. You should revisit your plan regularly to ensure it is still relevant to your current business model and customer commitments. As your company changes, it might be useful for an IT consultant to provide an assessment.

Test your business continuity plan

A plan is great on paper, but what about real life? You need to accommodate testing of your plan, which could include:

  • Table-top exercises: Your team goes through the plan looking for gaps
  • Structured walk-throughs: Every team member does a step-by-step review of what they would do and how to do it
  • Disaster simulation testing: Your team simulates an environment where a real disaster has occurred

Communicate your plan with all

A business continuity plan must be shared with all your employees. It needs to be discussed regularly so your entire team understands its importance.

If you’d like to optimize or build your business continuity plan, you may want help from an IT services and technology provider.

At ISG Technology, we have over seven decades of experience and serve a variety of industries with thousands of clients all over the world. Contact us today to see how we can serve you.

What to cover in your business continuity plan

What would your company do to maintain operations after a disaster?  

This is an important question to consider, as FEMA states that between 40% and 60% of businesses never reopen after a disaster. Many businesses have a disaster recovery (DR) plan, but that’s not the same as a business continuity (BC) plan. Let’s look at how they’re different – and 6 items your BC plan must cover.

HPE Platinum Partner
Written in Partnership with Hewlett-Packard Enterprise

More than a disaster recovery plan

First things first: while a DR plan is crucial to maintaining data integrity, a BC plan is more than that. Disaster recovery is often integrated into business continuity, but a BC plan specifically looks at how your business will continue to serve its customers during recovery from a disaster or event.  

Know your data centers

Knowing your data centers is crucial. After all, not all disasters happen to a business’s operating location, especially if companies are heavily invested in cloud computing, offsite and virtual servers, and other factors. Make sure you’re aware of your data center’s disaster plan. Do they have multiple fuel providers in case of interruption? Are they geographically diverse so that one disaster won’t wipe out all of their data distribution? Do they have their own safe backups of information? How will they communicate with you in the event of a disaster?  

Knowing these details makes the transition during an issue much smoother.  

Have alternate locations ready

If your primary business location is flattened by a tornado or flooded by a hurricane, where will your employees report to work? Can your customer service reps work from home or other housing using VoIP while facilities are rebuilt? Will your cloud services remain sufficiently secure if your staff need to access them from less secure connections? Can you quickly rent a space in a less damaged area for your most crucial personnel? By building these answers into your BC plan, you will have an easier time responding to any problems.  

Have key information in separate storage facilities

Businesses should have insurance policies, numbers to call in case of disaster, and so forth. Make sure there are copies of these documents stored in multiple locations. Having them in your desk at work won’t be helpful if your building has been destroyed by an earthquake.

HPE Platinum Partner
Written in Partnership with Hewlett-Packard Enterprise

Identify key players and who can assume their roles

Remember the recent case when a cryptocurrency CEO died unexpectedly and took the passwords to his hard drives with him? Roughly $145 million of cryptocurrency disappeared with him since he had the only password to the relevant hard drive.  

Unfortunately, there are unexpected and sudden deaths in the business world. Part of your continuity plan should address key players in the company and consider who would assume their roles until a permanent decision was made. Don’t just assume that a VP can step into the CEO’s role without planning for who will take over the VP’s role as well.  

Engage in regular testing

The most crucial element of any business continuity plan is testing. Companies should start by addressing the plan on paper with all key players to identify any gaps or immediate concerns. Then, they should reality test the plan, addressing it again with any outside stakeholders. If changes are made, it should come back to the table for further discussion. Finally, live-testing a disaster recovery plan will identify any last minute weaknesses. It will also give stakeholders a sense of how a real event would proceed.  

Business continuity plans are crucial to the operation of a successful business. It is often assumed that disasters will happen to other companies; in reality, however, disasters happen to all businesses, sooner or later. What separates those that survive from those that do not is, quite simply, their preparedness.  

To get help designing or refining your business continuity plan, contact your managed services provider today. Power your enterprise with proven, industry-leading IT infrastructure solutions, products, and services with HPE. Find out more here.

Cybersecurity tips at a glance: Managing IoT devices

As the realm of the internet of things grows, it is important to understand all aspects of the technology’s performance. Companies and industries that see only the benefits open themselves up to data breaches, public embarrassment and even legal action. IoT technology can boost productivity when done right but lead to costly and unnecessary expenses if utilized without proper foresight.

The possible downsides of exercise wearables
Employee wellness is a trend that is sweeping across industries. These initiatives have shown positive results, such as increasing worker morale and promoting healthy behaviors. One study from the Journal of Occupational and Environmental Medicine even found that employee wellness diet programs can reduce health risks.

To this end, exercise wearables, such as Fitbit, appear to make sense. These devices can track heart rate, body temperature, calorie consumption and sleep quality. Many come with a social aspect, as well, allowing co-workers to engage in friendly competition to see who is the most active within the office.

For many industries, these wearables have no real downside. However, employers should know that the data gathered by many fitness wearables can be used to track employee location. This vulnerability has been problematic, especially for those working for the U.S. armed forces. According to The Washington Post, several previously secret military bases were revealed when data gathered by GPS tracking company Strava was made public.

The U.S. army had been using these fitness wearables for their advantages without fully understanding how the technology could be exploited. Most commercial hardware is designed for ease of use and cost affordability. These traits are in part the reason why IoT has famously encountered cybersecurity concerns over the past several years.

For enterprises working with sensitive and classified materials, IoT wearables may have a downside. Outside parties, benign and malicious, can track employee movement, knowing more about workers than may be deemed safe.

Augmented reality glasses can also potentially leak vital secrets, as they see and record all the employee does. Augmented reality glasses can also potentially leak vital secrets, as they see and record all the employee does.

Know where backup data is stored
Many IoT devices provide extra “eyes” on the field. Drones have been performing various types of reconnaissance missions for decades, whether for government contractors or farmers wishing to understand more about their soil. These unmanned aerial vehicles, or UAVs, are built to capture, transmit and store data.

While useful, drones have several serious cybersecurity concerns. They can be intercepted, and if so, their data is easily accessible. This risk is especially a problem for devices that back up information into themselves. A report from Syracuse University indicates that there are concerns that data stored on Chinese manufactured drones could be accessed by their government and would be out of U.S. control.

Using IoT devices has many advantages, but executives must always consider the full picture before implementation.

Data Madness: The importance of deleting/removing critical data from old devices

You arrive at work and get an immediate call to see the CEO. Upon entering the office, you notice that the CIO and other executives are in the room, as well as several people in suits you don’t recognize. Everyone is looking stressed, brows furrowed and heads bent.

Those new people in suits are lawyers planning the company’s defense to the major data breach that was just detected. The malicious activity occurred last month and the hacker supposedly used your information.

After frantic moments of head scratching, you remember: You sold your smartphone last month. While it was a personal device, you used it to check office email and it had stored access to the company network password.

While data madness often happens when vital data goes missing, it can also occur when data isn’t properly disposed of. Too often, organizations fail to stress the importance of information security at every phase of the hardware’s life cycle. Before a machine can be decommissioned, data must first be thoroughly purged and, in some cases, destroyed.

A broken phone can still house perfectly working data. A broken phone can still house perfectly working data.

Sanitizing data vs. deleting data
In some companies, the temptation is to delete data by moving it to the recycling bin and pressing “empty.” However, this is not enough. According to Secure Data Recovery, data emptied from the recycling bin is not permanently deleted – at least not right away. The computer simply deletes the pathing and labels the information as “free space,” meaning that it can be overwritten by new data.

For all intents and purposes, data deleted from the recycling bin is gone, at least as far as the layperson is concerned. Those with computer programming and specialized skills or software, however, can recover the information and restore it. If you’ve ever done a search for “data recovery” – you will see that these skills are not in short supply.

Yet companies make this mistake all the time. A survey conducted by Blancco found that almost half of all hard drives carried at least some residual data. The same was true for over a third of smartphones. Files such as emails, photos and sensitive company documents were recovered from these devices. To securely delete files requires a more thorough process.

The University of California, Riverside defines data sanitization as “the process of deliberately, permanently, and irreversibly removing or destroying the data stored on a memory device.” Sanitized data drives typically carry no residual data, even with the aid of recovery tools. However, this solution often times requires additional software that will erase and rewrite information multiple times.

Companies have a wide variety of options to choose from when it comes to securing data sanitization software. Microsoft even provides an in-house solution in the form of its tool, data eraser – which has been optimized for PCs and tablets. It’s important to remember that different types of data drives will only be compatible with certain software.

Given the sensitive nature of the material in question, companies should only choose data sanitization software from trust organizations.

Recycling bins - like their physical counterparts - are not known for permanently disposing of trash. Recycling bins – like their physical counterparts – are not known for permanently disposing of trash.

When physical destruction may be needed
However, for some kinds of data, sanitization may not be enough. This can be regulated by internal business policy (such as placing employee payroll information as the most sensitive data) or by government laws like HIPAA – which mandate time-effective data destruction.

In this case, the storage device matters more. Hard disk drives, commonly found in computers and servers, are the easiest to destroy as they operate on magnetic fields. A hard drive degausser can permanently alter these fields, leaving the device completely unreadable.

Solid state drives and flash media are more difficult. Their data storage is circuit-based, rendering a degausser ineffective. These drives should be shredded or destroyed by quality equipment expressly designed for the task. Hard drive data can be recovered after improper destruction, even in extreme cases. ComputerWorld reported that data was restored from the wreckage of the Columbia space shuttle tragedy, illustrating the hardiness of certain drives and the effectiveness of professional data recovery tools.

Safely disposing of data is no easy task and innovations like the internet of things have made it more difficult. Cybercriminals may be developing more sophisticated ransomware but they are also still routinely diving in dumpsters and scoping out secondhand stores for improperly deleted data. Make sure your company is taking the necessary steps to avoid data madness.