Select Page
Who Knows What You’re Doing For Data Privacy Week?

Who Knows What You’re Doing For Data Privacy Week?

by | Jan 27, 2022 | Backup, Cloud, Disaster Recovery, Managed IT Services, Security

The EstesGroup 2022 data privacy initiative focuses on educating businesses on best practices for collecting data and promoting transparency, respect, and security.

Every second, EstesGroup cybersecurity experts work to protect the data of our customers, our employees, our partners, and our friends. In this spirit, we are once again a Data Privacy Week Champion. As one of the leading cloud providers in the nation, we know full well how important it is to recognize and support the principle that all organizations share the responsibility of protecting information.

Data Privacy Week 2022 Champion

Data Privacy Week Raises Awareness Within Organizations

The COVID-19 pandemic has blurred private environments, like bedrooms and living rooms, into corporate offices, given our increased dependence on remote workforces. A universal respect for privacy has never been more important: the pandemic has also increased international attacks on American businesses, and this has left the homes of remote workers vulnerable to cyberthreats most common in traditional office settings.

EstesGroup helps businesses manage data through advanced cloud-based solutions that offer the protection levels trusted by medical record keepers, law offices, manufacturers, distributors, and more. We promise to guard our clients at every level possible:

We protect online data, and we secure offline data with the same robust approach to risk management that makes even the most sensitive information safe in the hands of our IT staff.

We prevent unauthorized access and ensure that compliance regulations are not only met, but exceeded.

We secure employees wherever they are and train them to protect themselves against the perils of digital harm.

We educate our customers so that they handle their data wisely and keep everyone in their networks and supply chains safe from cyberthreats.

Data collection is only increasing, and the risks are following suit.

The Pew Research Center reports that 79% of adults in the United States are worried about the security of their data as it is handled by organizations. Here are a few tips to earn the trust of your employees and customers by deploying secure privacy management strategies:

  • Save now, secure now: There is no room for procrastination in cybersecurity. If you save the data, protect it.
  • Go now, know now: Choose your cyber pathways wisely, and know who in your company is traveling where and ensure that you are documenting digital tracks so that a breach can be traced after disaster strikes.
  • Collect now, share now: If you are collecting information, inform your employees and customers about how you are saving, using, and sharing information through clear and concise policies that abide by privacy laws.
  • Behave now, train now: Know how to behave and train your employees to do likewise.

Understand Data Privacy

  1. Get a free cyber health check from EstesGroup.
  2. Sign up for a full security audit at least once a year.
  3. Enroll in educational programs at least once a year so that you’re fully informed about how the digital landscape is changing.

Manage Data Privacy

  1. Distribute and post current policies to all employees.
  2. Delete unused applications and move vulnerable data offline using secure backup plans.
  3. Use firewalls, encryption, cybersecurity solutions, and disaster recovery planning services.
  4. Move operations into a private or hybrid cloud environment for the most control over your data, ensuring cybersecurity and privacy at every endpoint.
  5. Ensure that your partners and vendors have up-to-date privacy measures in place so that your employees and customers are also protected in your extended network.

For more information regarding adoption of a robust privacy framework to meet industry compliance regulations, please learn more about NIST. If you would like help understanding the details of NIST Privacy Framework, AICPA Privacy Management Framework, ISO/IEC 27701 – International Standard for Privacy Information Management, please contact the EstesCloud team.

As privacy management champions, we have your back — and can manage your backup, too.

VIEW OUR GUIDE TO REMOTE WORKER PRIVACY MANAGEMENT
5 Signs Your Business Needs Cybersecurity Training

5 Signs Your Business Needs Cybersecurity Training

by | Oct 20, 2021 | Backup, Cloud, Disaster Recovery, Hosting, Managed IT Services, Network Security, Security

Cybersecurity Education Begins With Ownership

Small and medium sized business owners beware! 65% of attacks that originate in cyberspace are aimed at companies that think they’re too small to be of interest to cybercriminals. If you think you’re at low risk, read on and see why our IT security consultants recommend cybersecurity training for everyone.

Cybersecurity Training Hacker in Network Security Lock

Are you a small business owner? Or are you a once-small company now grown into the medium range of corporate presence? When it comes to cybersecurity solutions for businesses, you always have to structure your services and behavior to prepare as if you’re bigger than you are. This involves a comprehensive security solution that covers your entire company network, from suppliers to employees. Do you have an enterprise-level cybersecurity strategy that protects every connection and end user from digital harm?

If you own a business, you know how precious your data is to daily operations. Profitability depends on good data management behaviors. Because all companies are vulnerable to hackers, your data should be presumed insecure. Cybersecurity should be a proactive approach to cybercrime, rather than a reactive (disaster recovery) move.

Are you on a cybercrime watchlist?

Breaches happen, even to the most prepared companies. Therefore, your risk management policies should be revisited frequently. Business owners should be part of this process. A board of advisors might be beneficial, and it can be cost-effective to outsource this high-level cybersecurity work to a virtual CIO or to a firm with the technology skills that guarantee security for your data.

What happens when a hacker is watching your business?

It takes about a half of a year for business owners to become aware that a hacker has breached the network. It also takes about two months to react to a cyber attack. 

Here are five signs your business is at risk and in need of cybersecurity training:

1. You are a small or medium size business.

Far less likely to report cybercrime to the authorities, small and midsized companies are viewed by hackers as a low-risk target. Manufacturers and distributors are often looking to scale, and maintaining a good reputation is key to a successful future. As a growing business, you wouldn’t want your reputation to include a history of victimization by way of ransomware.

2. You think it’s a small problem or that someone else is addressing the issue of cyber safety.

Fear of expense often prevents small and midsize manufacturers and distributors from securing the technology solutions and services they need to protect their data. A good backup solution isn’t enough, even though this is what many company owners depend on for risk management. When planning your IT department budget, price out outsourced help, especially when it comes to cybersecurity. Often, the experts at an IT managed services provider (MSP) will be more friendly to the budget than on-site technology staff.

3. You think you need to cut the IT budget… but IT costs are actually decreasing.

Firewalls and phishing filters are a necessity these days. Due to a mix of popularity and availability, technology cost trends show that business owners can get enterprise-level technology services with affordable pricing. Cloud-based IT services, such as SECaaS (Security as a Service) look at the unique needs of your business and adjust pricing accordingly. Only pay for what you need.

4. Your employees don’t know what they don’t know.

Cybersecurity training might be the most important activity you schedule for the end of 2021 or the beginning of 2022. The time is now. Hackers take advantage of poorly trained employees on a daily basis. 95% of security breaches are successful because of human error. Train, train, and train again. Technology is an ever-evolving field, and this ripples into the dark web as cutting-edge malware. Protecting your talented staff from the dark web is key to employee retention in today’s culture.

Fortunately, cyber education is often free online. Formal training is easy on the budget. If you have a million customers relying on your manufacturing operations to maintain uptime, your cyber security plan needs to defend more than credit card numbers and social security numbers. You need an IT solution that comprehensively protects the countless connections along your supply chain, right down to the home offices of your remote workers. 

Sign up for a ransomware simulation attack today to see if your employees are ready for disaster. Employees are eager to learn security breach mitigation strategies because their personal information is at risk in the event of a data leak. Information security begins with security training.

5. You’re likely to pay the ransom if you are attacked.

More than half of small businesses pay a ransom. Reasons revolve around damage control: you definitely don’t want your data or your reputation harmed by a ransomware attack, so in the moment you are likely to pay the attacker. If you think you’d be likely to pay a ransomer to get your data back, then you stand unprepared. Once you have a solid cybersecurity plan in place with a crew of talented IT staff to support your solutions, you’ll know that you’ll never pay a hacker a dime of your earnings. In the event that you experience a breach, you’ll know that you have an incident response plan that won’t involve a ransom payment.

Today’s cyber landscape is riddled with massive corporations hitting the news for million-dollar ransomware attacks. When was your last security audit? It’s better to act as a big little company in a technology culture in which the hackers are frequently more skilled than even the best IT staff.

  • Empower your workers with the best solutions so that they can use their talents to their full extent.
  • Prevent identity theft of employees by securing personal data and corporate data.
  • Bring in a white hat hacker to test both onsite and remote cybersecurity solutions and services.

Can your staff respond properly to a data breach? Do you have an incident response plan clearly delineated so that all employees understand your disaster recovery process? Have employees been thoroughly trained to recognize cyber threats lurking in their email accounts as phishing attempts?

Cybersecurity training involves both on-premise and cloud-based breach mitigation techniques. EstesGroup offers coast-to-coast onsite and cloud IT services, including everything from project and budget planning to education and monitoring.

Sign up for cybersecurity training now

October is Cybersecurity Awareness Month

October is Cybersecurity Awareness Month

by | Oct 12, 2021 | Disaster Recovery, Managed IT Services, Network Security, Security

Cybersecurity Awareness Month

EstesGroup is a Cybersecurity Awareness Month Champion

Are you mitigating both old and new cybersecurity threats? Are you navigating the vulnerabilities at both on-site and remote office locations? Are you communicating current best practices for cybersecurity across your employee pool? Cybersecurity Awareness Month, held every year in October, helps even the most informed business owners further secure their operations.

This year’s Cybersecurity Awareness Month initiative highlights the growing importance of cybersecurity by encouraging individuals and organizations to take necessary measures to stay safe and secure in an increasingly connected world.

EstesGroup is committed to Cybersecurity Awareness Month and is a 2021 Champion. We join a growing global effort to promote the awareness of online safety and privacy. The Cybersecurity Awareness Month Champions Program is a collaborative effort among businesses, government agencies, colleges and universities, associations, nonprofit organizations and individuals committed to the Cybersecurity Awareness Month theme of ‘Do Your Part. #BeCyberSmart.’

Mitigate Threats, Navigate Shortfalls, and Communicate Cybersecurity Policies

More than ever before, technology plays a part in almost everything we do. Connected devices have been woven into society as an integral part of how people communicate and access services essential to their well-being. Despite these great advances in technology and the conveniences this provides, recent events have shown us how quickly our lives and businesses can be disrupted when cyber criminals and adversaries use technology to do harm. We find these security vulnerabilities, while offering actionable guidance surrounding behaviors anyone can take to protect themselves and their organizations.

Secure By Design

What if social engineering attacks, dark web disturbances, and malicious malvertising intrusions into your life simply couldn’t exist? This month, make it a goal to stop them from existing in your business. Here are a few focus points to take into consideration when developing your cybersecurity policies:

  • Understanding and implementing basic cyber hygiene, including the importance of strong passphrases, using multi-factor authentication, performing software updates and backing up data. Creating a disaster recovery plan before a disaster necessitates such actions.
  • Recognizing and reporting phishing attempts whether it’s through email, text messages, or chat boxes.
  • Empowering individuals to not only practice safe online behavior, but consider joining the mission of securing our online world by considering a career in cybersecurity!
  • Making cybersecurity a priority in business by making products and processes “secure by design” and considering cybersecurity when purchasing new internet-connected devices.

If everyone does their part – implementing stronger security practices, raising community awareness, educating vulnerable audiences or training employees – our interconnected world will be safer and more resilient for everyone.

I’m Secure, You’re Secure, We’re Secure

Now in its 18th year, Cybersecurity Awareness Month continues to build momentum and impact with the ultimate goal of providing everyone with the information they need to stay safer and more secure online. EstesGroup is proud to support this far-reaching online safety awareness and education initiative which is co-led by the National Cyber Security Alliance and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security.

Is Your Organization Secure?

Find out now by signing up for a network assessment. Chat with us now to schedule a free consultation with our technology experts!

Preventing Ransomware in the Automotive Aftermarket

Preventing Ransomware in the Automotive Aftermarket

by | Sep 27, 2021 | Disaster Recovery, Distribution, Hosting, Managed IT Services, Manufacturing Innovation, Network Security, Security

How to Secure the Automotive Aftermarket

To help develop awareness of cybersecurity needs in the manufacturing and distribution industries, EstesGroup conducted a joint education session with the Specialty Equipment Market Association (SEMA). SEMA is a trade association composed of manufacturers, distributors, retailers and specialists focused on automotive specialty parts and accessories.

Preventing Ransomware in the Automotive Aftermarket

The educational session,“Preventing Ransomware in the Automotive Aftermarket,” focused on the steps that SEMA members can do to mitigate cyber threats. These steps can help any business improve digital security, so I’d like to review some of the material covered concerning the landscape of cyber threats.

What is the Threat?

Threats to organizations are widespread and increasingly prolific. According to the 2021 Malware Report from Cybersecurity Insiders, 88% of a survey of 500,000 IT professionals and 76% of 30,000 small and medium-sized business owners say that cyberthreats are a significant and growing risk. The attack vectors are multifaceted, including spear phishing emails, domain spoofing, and man-in-the-middle attacks.  

Cyberthreats are impacting organizations at all levels. On the business side, malware attacks caused both an increase in IT security-related spending and a decrease in productivity. At the IT operations level, ransomware is forcing cybersecurity professionals to update IT security strategies to focus on mitigation, as they struggle with data loss, downtime, and business continuity.

Watch the Specialty Equipment Market Association (SEMA) of “Preventing Ransomware in the Automotive Aftermarket”

Ransomware Questions, Security Answers

One might beg the question: Why is this happening? The reasons are surprisingly straightforward—the business of cyber warfare is a low-barrier, high-reward enterprise. The “startup costs” for a hacker who already has the necessary technical acumen are comparatively low, when compared to a traditional business environment.

The Reward is a Handsome Ransom

Cybersecurity is not merely an IT problem. It’s an enterprise-wide issue. As business owners, we do things to make our enterprises more integrated and efficient, and share information across the organization. But this creates new potential opportunities for exploitation. Moreover, since March of 2020, we and our fellow employees have been accessing our work environment from an increasingly remote context, further complicating company networks and creating new vulnerabilities.

Where are the Attacks Coming From?

The threats that proliferate our contemporary cyber landscape can be described as “hidden in plain sight” — the threat is as broad as the number of connected users, connected devices, and connected programs. It is not an exaggeration to say that every touchpoint is a potential threat. Some of the most common infiltration paths include the following:

  • Email: Email is a constant target of schemes and scams, and the attacks are getting more nuanced and personalized.
  • The Internet: Online infiltration dressed as information continues to be a source of attacks, with increasing attempts from hackers to disguise malicious domains to appear like the familiar sites that you know and love.
  • Programs & Applications: Within daily business operations, a company uses a surprising number of discrete applications. Whether online or installed on your devices, every program that we use for business purposes is a potential threat.
  • Integrations: The integrating of core systems with third-party applications increases the threat risk. We want the benefits of interconnectivity—for instance, we want our e-commerce system to speak to our inventory system so we know what is available to sell and ship. But in the hands of a hacker, that is a dangerous amount of information to possess.
  • Authentication: The credentials that users apply when accessing company resources can be a significant source of risk. Weak user credentials, simple passwords, and basic authentication policies can allow for significant system breeches.
  • The IOT Movement: The “internet of things” or “IOT” movement increased points of connectivity, and the number of viable targets. Who would have ever thought that you could get hacked by your refrigerator!
  • The BYOD Movement:  The “bring your own device” or “BYOD” movement lowered the bar for device management. Increasingly, smartphones and other devices are accessing social media social media to access system resources.  The risk here should be self-evident.
  • Remote Access: VPNs (or virtual private networks) provide extensive access to company networks. VPNs often provide more access than a user actually needs—it’s like providing access to the entire gymnasium just so you can reach the janitor’s closet.
  • COVID: The pandemic expanded the threat landscape, by increasing the number of remote users connected from a broader array of devices, many of them being inadequately-connected. On a broad scale, shared family devices were suddenly connecting to company headquarters.

The Future of Preventing Ransomware in the Automotive Aftermarket

As you can see, the threats are abundant, and the targets are many. The future of security in the automotive aftermarket depends on you and on your cybersecurity strategy. There are some simple steps that companies can take to mitigate the challenges of our current cyber landscape. To see what companies are doing to secure their organizations from threats, and what you can do to secure your future, please watch the recording of the SEMA educational session and come to our managed IT experts with any questions you have about current best practices for threat mitigation for businesses.

Let’s talk about cybersecurity and compliance regulations specific to your industry. Chat with us now to schedule a free technology assessment.

Hosted or SaaS ERP? Understanding the Differences

Hosted or SaaS ERP? Understanding the Differences

by | Jun 30, 2021 | Cloud, ERP, Hosting, Managed IT Services, Security

In the world of enterprise resource planning (ERP), companies spend a lot of time on the software selection cycle. Determining which application will best fit the needs of the business also brings deployment model questions to the table. Currently, many manufacturers and distributors are trying to understand the differences between hosted ERP and SaaS (software as a service) ERP. Whether you’ve already chosen your ERP or are in the process of selecting your software, understanding your on-premise and cloud deployment options is key to enterprise resource planning success.

Hosted or SaaS ERP Infrastructure with Cybersecurity Locks

An application’s functionality is understandably important. The best fit that a company can find with its ERP system will very likely lead to a better implementation, with lower costs and reduced risk surfacing as essential benefits. Ideally, you’ll build a solid foundation for all business activities that follow your ERP implementation. Your computing costs should go down, and time formerly spent on technology and software should shift into more time to spend on your business.

What is ERP deployment? 

A key consideration, one that I do not believe receives enough time and effort during the software selection phase, has to do with the deployment of the solution itself. The implications of such a deployment are life-changing for any company, and particularly influential in the manufacturing and distribution industries.

At the time of software selection, it’s important to understand how you intend to deploy your new ERP system. An application’s functionality is almost as important as the functionality itself. For this reason, you’ll want to ensure that the deployment model you choose successfully overlaps with the functionality that you need.

What is a deployment model?

By deployment model, I am not referring to the operating system or the underlying database management system, whether the system is Windows-or Linux based or whether it sits on top of an SQL server or Oracle database. Those are in themselves important considerations, but the deployment model has more to do with installation and accessibility. How will the application itself be installed and accessed by the customer?

What is cloud deployment?

There are two very general classifications of cloud ERP deployment models that you can make to try and understand your cloud options. I would classify these as SaaS (software as a service) and hosted deployments.

The Software as a Service Deployment Model

Software as a service, or SaaS, is the model in which the application lives somewhere in the vendor’s data center, and the consuming customer has no line of site to its deployment. The customer subscribes to the software and consumes the application on a client-only basis, often in the form of a web browser. There is no need to manage a complex installation or oversee the application’s administration. The SaaS deployment model limits your control by limiting your responsibility in regard to application management.

The Hosting Deployment Model

The other common deployment model you could classify broadly as hosting. In a hosted environment, the application is deployed to a known server architecture. This architecture could be an on-premise or a local host, or a colocation facility, but I’m seeing much less of that these days, except with larger organizations that are comfortable with large hardware investments. Most often, I find hosting to refer to some form of cloud data center hosting, where the resources are consumed over the cloud as a service. In this scenario, the software itself is purchased using a perpetual license model and deployed to and administered from a discrete platform.

Hosted & SaaS ERP: Two Roads Diverged

So SaaS and hosting are your two basic options for the underlying technology that will serve as the foundation for your ERP. If you are a customer in the midst of an ERP software selection journey, you need to understand what deployment options are available and how they differ, relative to the specific software you are evaluating. That said, I think some generalizations can be made regarding the two models.

SaaS itself can be divided into two categories. The first would be the family of applications that were built from the ground-up to be browser-based, web applications. Plex, NetSuite, and Salesforce are examples of purely web-based applications. 

Another class of applications would be vendors who are retrofitting their older, on-premise applications to be web-enabled and centrally installed and administered, like any other SaaS application.

In general, SaaS is a great option, especially for what I would consider lightweight applications. The software as a service deployment model provides the functionality you need with a costing model that your accountants will like, and it does this without a lot of administrative IT overhead. 

I say lightweight because I’ve found some challenges with some of the limitations of SaaS functionality. In my own efforts, working within various applications, I’ve found that SaaS applications provide a more limited functionality when it comes to the need for more robust capabilities. This is especially true in terms of reporting or administration, or in the construction of specialized business logic.

If you take a well-known software like Salesforce, for instance, and compare its capabilities to traditional on-premise enterprise systems, you’ll see some challenges or differences in the relative functionality of the two systems. An example might be the administrative tools provided to manage, load, and update data. The capabilities are somewhat comparable, but on-premise applications will almost always be more robust, easier to use, and more effective.

The Future of ERP Deployment Makes All the Difference

Currently, ERP software vendors understand this gap and are working to close it over time, but this process is years in the making. For vendors that offer both on-premise and SaaS versions of their applications, I’ve found that the functionality available in SaaS has a long way to go to catch up with their on-premise antecedents. If you were to purchase the SaaS version and the on-premise version of an ERP from the same vendor, you should expect the SaaS version to underperform compared to the on-premise version.

The resources on ERP deployment out there are not always very clear on what those differences actually are, especially when the information comes from the vendors themselves. 

For a hosted model, whether it is some form of self-hosting on top of an infrastructure as a service model, or a managed hosting situation, where a group is providing the entire platform, you can think of it as an on-premise installation without the risks and costs and overhead that come with an on-premise install. This is great from a functionality standpoint, as the control provides over the server architecture allows you to really leverage the full functionality available to you as a customer.

From my perspective, the difference between SaaS and hosted ERP really comes down to expectations with regard to functionality.

I have seen cases during the software selection cycle where the solutions engineers of various companies demonstrate the capabilities of their ERP systems using their full-bodied on-premise versions, only for the sales reps to actually sell the SaaS-based version of the application to the customer. 

This is done with the implicit assumption that the SaaS-based version contains all the rich features and functionality of its on-premise sibling. But as we’ve discussed, that this is not always the case, and I’ve known more than a few customers who express tremendous frustration over this experience—believing they are buying a luxury car, only to have the dealer deliver them the base model. 

How to Choose SaaS or Hosted ERP

If you are looking at a software that sprung from the web fully formed, like a NetSuite or a Plex, the question is a little more straightforward. There is no option to host the application, and from a functionality standpoint, what you see is what you get.

But if you’re working though the decision as to whether to purchase the SaaS subscription license or the perpetual license of an application, you really need to understand whether the functionality will be available in both versions. Essentially, you need to understand how the user experience might differ between the two versions, and then make your choice from there. 

Companies that need the robust functionality that comes with a perpetual license and an on-premise installation and can’t afford to lose that in moving to a pure SaaS or purely web-based architecture have hosting options. If you wish to avoid the liabilities and costs of an on-premise install, then you need explore some of the hosting alternatives available. There are plenty of benefits to be gained through leveraging the cloud:

  • the scalability
  • the dynamic consumption model
  • the benefits of adaptive computing

With these in mind, your cloud migration should also be done in a process that ensures that you are leveraging the full functionality of the software and not limiting yourself, your business, and your future in the process.

Cloud environments like hosted or SaaS ERP systems demand that your team is ready to handle everything from basic business processes to highly sensitive data. Cloud ERP is becoming the go-to jump, and a cloud based software solution could become a downfall without expert project management.

Watch a video on server best practices for Prophet 21 ERP

Software applications are becoming more complex, and your ERP solution will change regularly as your vendor adapts to changing technology. Are you looking for help understanding cloud infrastructure? Our cloud computing consultants have answers. Whether you’re trying to head out of community clouds or get lightning-strike level understanding of single tenant infrastructure, our EstesCloud team is here to help make your business run better.

Don’t Avenge a Cyber Attack – Prevent It

Don’t Avenge a Cyber Attack – Prevent It

by | May 21, 2021 | Disaster Recovery, ERP Risks and Challenges, Hosting, Managed IT Services, Network Security, Security

One cyber world story that captivated me as a youth was the character of “Ultron,” as depicted in comic books and in the movie adaptation of The Avengers. The character was a breed of artificial intelligence created with the intent of protecting the earth. But he turned against his creators, and against the earth itself, becoming a cyber super villain in the process. Origin story complete. Now queue the good guys.

Cyber Attack Encrypted Files Ransomware Attack

Such is the nexus of superhero narratives. A good intention turns violently wrong, necessitating radical intervention. Movies and comic books love to prey on fears of killer robots and cyber intelligence. It’s an archetype as old as the myth of Daedalus and Icarus: technology going too far and humanity in its arrogance flying too close to the sun, then landing on those old Led Zeppelin t-shirts instead.

Companies encounter similar, albeit less explosive, narratives when deploying cybersecurity solutions, in an attempt to lock down their networks. Often such solutions are deployed in the absence of a comprehensive infrastructure threat review. As such, they fail to provide comprehensive cyber protection.

This amounts to a technical placebo. The cybersecurity plan once implemented gives the impression of the cure without any real medicine provided. And while the attempt to paint over one’s data security problems is not itself an act of malice, it can nevertheless have deleterious effects to the organization in question. 

My own experience in the business world tells me that user oblivion is as dangerous as malice when it comes to cyber vulnerability. A corporate network with rudimentary cybersecurity and normal online hacking attempts, such as phishing scams or malvertising, can be more problematic than a secured network under a heavy cyber attack, such as ransomware.

A Cyber Attack from an ERP Perspective

While the tale of Ultron and the Avengers had itself a happy ending, the story of many businesses is not so optimistic. I once worked for a manufacturing organization that was on the cusp of an ERP (Enterprise Resource Planning) cutover. Painstaking work had been done to ensure that all steps were accomplished and that everyone was ready for a successful go-live.

Training, communication, data conversion—all of the pieces were in place. Cutover weekend went without a hitch; the steps in the go-live plan were executed without issue. The first day live went off without major problems. The normal hiccups associated with a new system surfaced, but nothing unexpected came the way of the ERP implementation team.

On the second day after the ERP go-live, users quite suddenly lost access to shared network drives. Soon after, they began receiving errors when trying to save ERP transactions to the database. Then they abruptly lost access to the application entirely. Amongst all of the communication, they hadn’t even realized yet that their email server had gone down and that they were therefore no longer sending nor receiving communication. Their network had been completely compromised. Chaos ensued.

When people think of the most common reasons for an ERP failure, they normally speak of over-customization, or a lack of management support. They rarely think of ransomware. But for the company in question, getting ransomed over cutover weekend was the first step to a cascading number of failures. In a panic, the company reached for paper-based manual processes while communicating to customers and suppliers over hotspot connections, using the employees’ own private email accounts. It was a cyber mess on all ends and resulted in late shipments, efficiency issues, unhappy customers, and months of work to resolve. Time and talents could have been spent on things other than cyber attack recovery—if only the company had been prepared through preventive measures.

Companies Running ERP Systems Can Avoid Ransomware

The moral of this story is less than heroic: there are no super powers that can save a network that is unprepared, or insufficiently prepared, for an attack. And there are no super heroes to jump in and avenge the wrongdoing.  

Avoiding a cyber attack entirely is always preferable to avenging it after it’s happened. Many companies believe they’ve taken the steps necessary to mitigate a cyber attack. Enterprise risk management needs to be an ongoing activity, however, with business owners and executives involved in designing, understanding, and implementing a cybersecurity plan customized to the vulnerabilities of the industry under attack—because every industry is ALWAYS under attack. 

A company’s greatest vulnerabilities are often the ones that they never realized they had. The greatest risks are the ones they believe they’ve already mitigated. The company in this tale of ERP implementation security chaos thought they had done everything internally to secure their network. But their efforts were done in a vacuum, without any impartial opinions or outside analysis. They weren’t out to create a monster, but their vulnerabilities created a monstrous problem. They didn’t feel they were walking on enemy ground because the villians were hidden and undetected by current cybersecurity measures.

The lesson to be learned here is that malice often masquerades as magnanimity. The most significant threats to an organization are often clothed in good intentions.

Is Your Business at Risk of a Cyber Attack?

Could cybersecurity be the biggest problem you didn’t know you had? I’ll spoil the plot—cyber vulnerability, particularly the risk of a ransomware attack, is the biggest problem currently lurking within most businesses. Manufacturers are at risk of complete shutdown. Distributors face supply chain attacks on a daily basis. And there is no type of business that isn’t under attack. Law offices, financial institutions, hotels, medical facilities—all are under the threat of a cyber attack.

Are you feeling the cyber risk and wondering what you can do to protect your business? Don’t avenge your problems—prevent them before they’ve occurred. Get a security assessment, identify your vulnerabilities, and assemble your future. Know the problems you had yesterday and predict the ones you might face in the future of cybercrime.

Cyber Security