KTC Consulting Inc.

Cyberattacks and the vulnerability of the small business You cannot go a day without reading about some big name company or even government agency being hacked and critical data being compromised. What you don’t see in the media is that most of the attacks happen to small firms, and that this is where a lot of the cybercrime is occurring. What any business, but especially a small business, needs to be afraid of are cyber attacks that disable your operations, disrupt customer interaction, or breach your customer’s personal data. Contrary to what one might expect, smaller firms are far more likely to be targets of hackers than large firms. They are also likely to have less sophisticated security measures in place. Any firm’s existence can be threatened by these events, but smaller firms are often unable to rebuild after a major breach. Studies show that customers are less forgiving of smaller firms than larger ones when their personal data has been compromised. The lesson here is that

Denial is not a solution: Something you owe your customers and your employees Why do so many people procrastinate about making a will? Why is it so hard to get young people to buy health insurance? Because it is one of those “probably won’t happen--at least in the foreseeable future, and I‘ve got more interesting things to worry about or spend my money on” issues. Small business owners tend to take the same approach to making business continuity plans in case of a disaster. They are usually fully consumed just running the business and keeping revenues steady and growing. Diverting energies and resources to a “what if” scenario just isn't an imperative. There are affordable, effective tools out there that will allow any smaller firm to develop effective business continuity plans, but they only work if you take action. Our best advice to overcome denial? Think of this scenario: If something happened right now and your entire operation came to a halt because of a cyber attack, a powe

Limited investment capital and planning for trouble Small businesses often fail to take the time to make business continuity plans. One aspect of a business continuity plan involves developing plans to handle the loss of physical infrastructure and hardware. Unfortunately, smaller and younger firms often fail to address these issues because they lack the necessary capital to invest in additional or supplemental equipment. Redundant servers, battery back systems or uninterruptible power supplies, and data backup systems that allow for offsite backup storage are the most obvious examples. These can represent considerable capex for a small firm. However, these costs need to be weighed against the costs that would be incurred if a severe business interruption occurred. Encouragingly, new technology is creating tools for redundancy and data protection that don't require additional hardware investments. The cloud is probably the single biggest savior for small businesses looking to def

Data Protection Laws and PIIs Last week we discussed the overall concept of “Data Protection Laws,” which govern the handling and securing of specific data. While these laws are wide ranging, most of these laws reference Personally Identifiable Information (PII) This “refers to information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual.” ( https://www.gsa.gov/portal/content/104256 ) For example, if you possess an individual’s first initial and last name and store it with their credit card number, bank account, SSN or driver’s license number, that becomes a PII. At the Federal level, the United States doesn't have any overarching and comprehensive data protection laws of the sort that most European nations do, but they do exist and primarily affect individual sectors, such as healthcare. Presently 48 states in the US have some laws requ

Are you subject to Data Protection laws? This blog introduces a new topic that many may be unaware of: Data Protection laws. These are laws that define fully, or in part, what type of data is covered by government regulations, proscribe general standards for the securing of covered data, and may also require notification of victims and governmental authorities in the event of a breach. Small businesses, no matter what product or service they provide, are likely subject to some manner of regulations regarding the storage and use of digital data. For instance, any medical office or organization that handles medical records is subject to HIPAA, the federal law regarding health data privacy. Meeting IT regulations can be expensive and time consuming and they also require timely upgrades. Failure to stay up to date can lead to fines, penalties, and a damaged reputation. Chances are, you are subject to some data protection or data security laws. You are also very likely to be subject to br