May News:

On The Calendar May at The Fulcrum Group Monday, July 29th, we will be at Grow Successfully 2019, an educational event for business owners that adds Frisco RoughRiders baseball entertainment afterwards. If you're a business owner and have an interest in attending, please reach out to your account manager to find out more! We'll let you know about any additional upcoming special events through our social media pages, which we'll update on our Events page as they occur. Quick links to our social media pages are accessible right from our website and in every monthly newsletter email you receive from us. If you're new to our newsletter and you'd like to subscribe, let us know.
What is Whole Disk Encryption & Why Do I Need It? What is Disk Encryption & Why You Need it What is Whole Disk Encryption? Whole disk encryption is the most complete form of computer encryption. It's transparent to users and doesn't require them to do anything special to encrypt files stored on their computer – all files, folders and volumes are encrypted.  With whole disk encryption, you must provide an encryption passcode or have the computer read an encryption key (a random string of letters and numbers) from a USB device when powering on your computer. This action unlocks the files so you can use them normally.  Modern operating systems like Windows 10 and Mac OS X include whole disk encryption as a built-in option.   Why Do I Need Whole Disk Encryption? The purpose of file and disk encryption is to protect data stored on a computer system. All organizations, including small and midsize businesses (SMBs), have information stored on their computers that is sensitive and should be protected.  This information includes personally identifiable information (PII), customer data, proprietary company data, and financial data.  An organization can experience financial loss, business interruption, loss of reputation, or even be sued if a computer containing sensitive data is lost or stolen and the data is compromised.  If a laptop is lost or stolen and the files or disk aren't encrypted, a cybercriminal can easily steal sensitive information, so it's a good practice to encrypt your entire hard drive. The cybercriminal doesn't even need to know the credentials to access the files – it's easy to boot a computer from a USB thumb drive and then access the disks within the computer.   Whole disk encryption isn’t a cybersecurity silver bullet, but should be considered as part of an overall cybersecurity program.  Organizations that have compliance requirements (government, healthcare, financial, and others) should include full disk encryption as a standard part of their new computer setup process.
Why Business Owners & Execs Need To Know About Shadow IT Why Business Owners & Execs Need To Know About Shadow IT Shadow IT is a relatively new term that should be on business owners’ and executives’ minds these days.  Shadow IT refers to IT systems and applications deployed and used within an organization without explicit approval from management or the IT department. Hot take:  your organization probably has Shadow IT and you may not even know it! Recent Everest Group research shows 50 percent of technology spend in organizations flies under the radar of business owners and IT managers.  The realization that half an organization’s budget might be spent on software applications and IT systems that teams, groups, and business units are purchasing (and using) without the IT department’s knowledge, reveals why Shadow IT is a hot topic that needs to be addressed from a cybersecurity perspective.  Here’s a few important points to keep in mind about how collaboration tools for staff are implemented, keeping them “out of the shadows” and part of a structured plan and process:
  • Document all apps that access your network and their access to key data. Anytime your IT department isn’t aware of various apps or software that are being used within your organization, the result is more potential security gaps and endpoint vulnerabilities that hackers and cyber criminals can potentially seek to exploit. Moreover, PC-installed apps used in any shadow IT ecosystem will require updates and security patches at some point, and there’s no guarantee that employees using those apps will take the time and effort to do so, leaving critical data and systems at risk. Also, giving apps access to key assets can easily render your entire network vulnerable.  There’s also no monitoring the transition of access to key data stored in a shadow IT app should the employee change jobs. Because IT doesn’t know an employee has been using a separate CRM app to manage contacts, for example, it’s impossible to take normal protocols such as revoking access and changing passwords.
  • Develop internal policies and procedures (including penalties) and provide ongoing education of staff to help curb Shadow IT issues. Most employees who use shadow IT apps do so without intending to endanger their employers. They simply aren’t aware of the significant risks. Employees might choose to store work-related files on their personal Dropbox, for instance, which might not have the same level of security settings as approved apps. And in the event of a breach, security administrators won’t be alerted as to the full potential scope of the threat, leaving the company unsure of what data has been compromised and when. The use of shadow IT apps on smartphones and tablets is likewise problematic. When an employee stores confidential data on an unapproved app which they use on a mobile device, it creates a situation where data is constantly synchronized between a secured device (a work-issued laptop, for instance) and an unsecured device (i.e. personal smartphone). Indeed, we’re all guilty of glossing over the various permissions we grant our mobile apps.
  • Create an approved IT vendor list that all employees are aware of and have access to. If employees and managers would like to begin using an app not currently on the list, encourage them to submit that vendor to your IT department where you’ll be able to conduct proper vetting and configure the app with proper security protocols. When onboarding a new vendor, formulate a breach notification plan in the agreement so that you’ll both be able to take swift action in the event of an actual cyber attack.
  • Arrange for an audit of all current technical assets and capabilities to minimize risks presented by shadow IT usage. Any hardware used by employees should be tagged and be made traceable, when possible. More importantly, take stock of apps that anyone in the organization is using to handle work-related data. Only 28 percent of IT leaders are actually using some kind of SaaS management tool to get the kind of visibility into Shadow IT that’s necessary to adequately protect their data and systems, according to a recent survey from Torii. This despite IT leaders saying that security is their number one concern for 2019.
Ensuring all of the points on your organization’s cybersecurity spectrum are covered can seem overwhelming.  We can help illuminate various vulnerability points so that less shadows lurk within your organization’s IT.  For more details, read “Why Shadow IT is the Next Looming Cyber Security Threat” in full, here.
May Security Awareness Newsletter

Click for May's Security Awareness Newsletter.

Cybersecurity SPOTlight:  Top 3 Personal Security Tips For You Why does your personal security matter to us?  Just like (we hope) you wouldn't simply add a filter to your child's computing device and call protecting your child online "good" or "done," (we hope you'd also include security related conversations, as well as frequently discussions around good cyber-citizenship and behavior, additionally) we believe that a culture of strong human firewalls prioritizes personal, as well as, organizational security. We want to arm you with knowledge so you can protect your family’s data the same way you protect data here at work. So here are a few top tips from this month's Security Awareness Newsletter:
  1. Strong passwords still rule as a major element of personal security.  The implementation of passPHRASES (versus passwords), and using a password manager are two great steps you can take.
  2. Have strong cyber security rules in place for your family (as your work environment expects you to adhere to).  Discuss responsible cyber behavior often and always encourage (and model) appropriate times to unplug, for your own health as well as the health of others.
  3. When using public networks on your smartphone, remember that cybercriminals sometimes spoof common networks and trick your phone into connecting to their rogue network instead of the legit one, which gives them access to your data!  Avoid this by disabling auto-connect on public networks, carefully choose which networks you connect to, and always use a VPN on public WiFi.
For more great info on your personal cyber security, check out this month's Security Awareness Newsletter!
  Vistage Executive News - Defining Your Company's Values - Why Its Worth Your Time Vistage Executive News With all the things fighting for priority on your daily task list, getting specific about your company's core values doesn't always make it to the top. However, your organization's core values are its moral compass, the foundation upon which your culture is built, and contributes greatly to the success a values-based company enjoys.  This month's news for executives, "Why Its Worth Your Time To Define Your Company's Values - Even If You're Just Starting Out" explores why spending time on your values can help you get ahead!  At The Fulcrum Group, we've tackled the same task and defined 6 Core Values our team lives by.  You can read what those are, here.
Fulcrum Group Did You Know Did You Know...?  Whole Disk Encryption Solutions Did you know The Fulcrum Group offers Whole Disk Encryption solutions that include reporting and auditing functions?  If your organization has compliance requirements for whole disk encryption, this can be a great tool to help you stay compliant.  Reach out to your Fulcrum Group Account Manager for details!