The title

Category: SME

You’ve Been Hacked And Now You’re Being Sued!

Cybercrime is a continuing and rising threat. It has been in the news extensively and we have commented on the threats posed by Ransomware and DDoS attacks. We have also commented that 60% of cyber attacks are on SMEs

Here in Singapore we are far from immune to this as SMEs are increasingly becoming soft targets for cyber criminals who see SMEs as easy targets as they often lack the resources, expertise and technical manpower to defend themselves against cyber attacks.

As a result of this, digital data breaches are becoming an all too frequent occurrence today. What is less on the radar of the average SME business owner is the rising number of lawsuits brought brought by customers, government agencies, employees and a variety of other stakeholders.

Cybersecurity is more than just an IT challenge – cybersecurity is now a business and legal imperative.

 


 

What Risks Do I Face?

Broadly speaking there are 2 categories of litigation risks:

1. Criminal prosecution by Government regulatory authorities for the loss and misappropriation of consumer data.

Here in Singapore this is set out in the Personal Data Protection Act and the penalties for breaches of this legistlation are onerous with fines of up to $100,000 and custodial sentences of upto 3 years. The position is similar in most other countries in the region.

2. Civil prosecution by customers, employees and a variety of other stakeholders.

As a SME owner in the business-to-business sector, one of the biggest civil litigation concerns you potentially face is the [temporary or permanent] loss of business client data and your potential liability for your client’s consequential [direct and indirect] loss.

Take for example a professional services firm who experience a data loss as a result of a  cyber-attack, and critical client data is lost – or innaccessible – at a time when it is most needed. In this scenario the owner[s] of this firm could face a civil prosecution for recovery of their client’s losses. In the instance of a consequential loss e.g. loss of business arising from the data loss, the liability could be considerable.

The law of contract law and the law of negligence will vary from one country to another, but the general principles remain broadly the same.

We should of course point out that we are not legal advisors! Our perspective in commenting on these issues is that of IT advisor and our purpose in highlighting these points is to draw your attention to the broader dimension of the risks faced by the SME business owner arising from cyber-attacks. To fully understand  your legal position you should seek professional legal advice.

 


Assessing your risk

As with all these issues, the temptation for the SME business owner is to ignore the issue and to think “this won’t happen to me!”

But there are costs to doing nothing, and you will only discover the full extent of that cost when you experience a cyber-attack and your client’s business critical data is lost….

The prudent approach is to conduct a thorough risk assessment followed by an examination and implementation of the most effective solutions to protect your business.

If you would like to discuss this issue and how to protect your business from these threats and exposures, please get in touch and we will facilitate a thorough review to help you gain clarity, we will inform you on your best options, and if required we will implement a solution for you.

Since inception in 1996, PASR Technologies has been providing SME business owners with a level of service and support to the SME business owner that is typically only directly available in very large organisations.

Servicing businesses from 10 to up to 200 employees, our clients range from local SMEs through to regional offices of larger MNCs, and include airlines.

What is your business risk from broadband outage?

Cybercrime has been in the news extensively and we have commented on the threats posed by Ransomware and DDoS attacks. However recent events here in Singapore have highlighted another often ignored and very real threat to SME businesses – what happens when your broadband service provider experiences a major outage?

Singapore telco Singtel experienced an islandwide outage of its fibre broadband service for nearly 24 hours over the weekend.

This follows on closely from two recent broadband service outages that hit Singapore based service provider StarHub and that have been attributed to “intentional and likely malicious attacks” on its servers.

Over the past few months broadband outages have been reported from BT in the UK, Deutsche Telekom in Germany, and Australian telco Telstra which has experienced 7 major outages in recent months!


Why does this matter?

Well aside from the inconvenience to millions of consumers denied access to their favourite content on the internet it can have a devastating impact on businesses.

To put it bluntly you need your network to run your business. In these challenging and competitive times, few businesses can afford a single location to go off-line, and definitely not the HQ or the data centre!

If you experience a broadband outage, your network goes down, and your business is impacted – but by how much?

The reality is that most SME business owners don’t know the answer to that question… until the network goes down!

Above and beyond the immediate direct costs, there are indirect costs:

  1. Loss of employee productivity
  2. Reputational damage with customers, suppliers and banks
  3. Loss of current revenue, loss of future revenue, and in some cases compensatory payments

Short broadband network outages can be an expensive nuisance, but the impact of larger outages can be devastatingly insurmountable for some businesses.


How can I protect my business?

  1. You can reduce your exposure by having a secondary broadband provider. By having a second internet connection, the internet activity can be load balanced over the two lines with an automatic switch-over in the event of a network issue.
  2. If you are the business owner of  an Internet-dependent SME you may want  to avoid a dangerous over-reliance on fixed networking solutions by having either a Wireless 3G/4G enabled router, or satellite-based solution for additional backup.

The first step is a thorough risk assessment

Clearly there are costs to either or both of these solutions. And the temptation is to ignore the issue.

But there are costs to doing nothing, and you will only discover the full extent of that cost when you experience a broadband network outage.

The prudent approach is to conduct a thorough risk assessment followed by a cost-benefit analysis.

If you would like to discuss this issue and what it means for your business, please get in touch and we will facilitate a thorough review to help you gain clarity, we will  inform you on your best options, and if required we will implement a solution for you.

Since inception in 1996, PASR Technologies has been providing SME business owners with a level of service and support to the SME business owner that is typically only directly available in very large organisations.

Servicing businesses from 10 to up to 200 employees, our clients range from local SMEs through to regional offices of larger MNCs, and include airlines.

 

 

 

Why The Man With The Van Is Redundant

It is an inescapable reality that most businesses rely heavily on technology, and of the many challenges facing the small business owner many of these relate to IT – issues such as “Who manages your IT?  and How do you deal with IT support and maintenance?

A multi-national corporation with over 1,000 employees has the budget to hire its own IT team. But what about smaller companies? The ongoing problem for the small business owner is how to get effective, cost-efficient support for their technology platform. Many treat IT support and maintenance in the same way as dealing with car maintenance – for example: a printer isn’t working/a tire is flat so call the IT support guy/garage.

The “man with the van” may provide a solution to the immediate problem, but that is ALL he does because his service is reactive.

If your business is reliant on IT please consider the following critical questions:


[1] How long can your business survive without key data?

 

How long would your business last if you experienced a hard drive failure? Imagine losing important customer files and trying to explain to your clients how this happened. If your immediate response to this question is to say: “But we back up our data regularly!” –  sure you may have a back up strategy but do you regularly test your strategy to ensure that you are 100% sure you are able to recover your data in the event of a major disaster or loss.

Statistics show that 60% of backups are incomplete, and 50% of restores failed.


[2] How do you protect the “crown jewels” of your business?

 

How do you protect commercially sensitive data? How do you protect client data held on your computers?

Do you realise that every third party who has access to your IT systems potentially has access to all of your secrets?

What level of security assessment do you undertake on any third-party you bring into your company to undertake IT support and maintenance?


[3] Are you maximising your ROI in your IT assets?

 

  1. Are your computers up-to-date for necessary patches, security issues and updates?
  2. Do you know the exact the locations, counts and disposition of all of your IT assets?
  3. How do you know which of your hardware and software needs updating, upgrading or replacing?
  4. Are you over-licensed on software and thus wasting money?
  5. How do you know that you are getting your money’s worth from independent consultants and vendors?

The Solution

 

The fundamental issue with the traditional “man with the van” approach to IT support and maintenance is that it is reactive.

The solution is to employ an approach and a methodology that anticipates potential problems BEFORE they become an issue and that implements an automated solution in the background.

This solution is provided by partnering with an IT management and support service who provide a Remote Management and Monitoring [RMM] service incorporating a proprietary technology that:

  • Detects problems and identifies potential hazards before they ever impact your company.
  • Provides 24/7 real-time systems status monitoring updates every five minutes.
  • Provides continual updates regarding the state of hardware and software, including logs, performance metrics, patches, antivirus and more.
  • Is continually watching for unusual events, and many of these have fully automated responses.

This proactive solution is the complete reverse of the usual approach of acting AFTER a problem occurs.

This results in a significant increase in productivity, as problems are rectified in the background, without interrupting users, and before they escalate and become a major issue.

Whilst the technology that provides this service is complex and sophisticated, the connection of your business to this service is incredibly simple involving no more than 3 clicks of a mouse!

PASR Technologies provide this service and we would be delighted to speak with you to understand  your issues and to explain more about how your business could benefit from this solution.

Servicing businesses from 10 to up to 200 employees, our clients range from local SMEs through to regional offices of larger MNCs, and include airlines.

At PASR Technologies, we solve your IT problems before you even realize you have one!

 

 


How Do You Protect Your “Crown Jewels”?

We have worked with business owners and senior management of organizations with less that 200 staff for over 20 years.

We continually see the same recurring issues when it comes to IT management in SMEs.

One of issue that we find quite disturbing is the cavalier attitude so many small business owners take with regard to the security of their IT assets.

This is especially significant with regard to security of their own data and even more critically the security of their clients’ data that is held on their systems.

A recent survey quoted a senior manager in a professional services firm as saying:

“At the moment internally we don’t really have much [internal] security. Our systems are open; Just about everyone in the office can actually look at anything in the system.”


The issues

 

  • Threats to IT information assets come from many sources – malware, hardware failure, hacking, employee mistake and deliberate sabotage. How do you know that you are protected?
  • How do you ensure that you have current and continual protection across all fronts to ensure your data is not lost or compromised?
  • How do you ensure that organisational information assets are NOT stored on only one key staff member’s laptop, but are stored centrally for all users to access, AND properly backed up and recoverable?

Critical Questions

 

  • How long can your business survive without key data?

Imagine losing important customer files and trying to explain to your clients how this happened. If your immediate response to this question is to say: “But we back up our data regularly!” –  sure you may have a back up strategy but do you regularly test your strategy to ensure that you are 100% sure you are able to recover your data in the event of a major disaster or loss? [Statistics show that 60% of backups are incomplete, and 50% of restores failed.]

  • How do you protect your commercially sensitive data?
  • How do you protect client data held on your computers?
  • What level of security assessment do you undertake on any third-party you bring into your company to undertake IT support and maintenance?

You do realise that every third party who has access to your IT systems potentially has access to all of your secrets?


The Business Impacts and Your Exposures

 

Unless you can answer each of these questions you and your business are at considerable, and potentially catastrophic, risk of business failure and expensive, damaging litigation.

The solution is a consistent, holistic strategy and implementation to protect your business across all of these areas.

If you are unclear about this and what it means for your business, please get in touch. Since inception in 1996, PASR Technologies has been providing SME business owners with a level of service and support to the SME business owner that is typically only directly available in very large organisations.

Servicing businesses from 10 to up to 200 employees, our clients range from local SMEs through to regional offices of larger MNCs, and include airlines.

At PASR Technologies, we solve your IT problems before you even realize you have one!


© 2016 PASR Technologies Pte Ltd

Terms & ConditionsPrivacy Policy

Support

Support Hotlines

Email: support@pasr.net

Skype: pasrsupport

  • Singapore

    +65 6340 1018

  • India

    000 800 443 0046

  • Philippines

    1800 1651 0800