If only online security issues could be solved with sorcery: a magic wand, some incantations, and poof! Troubles disappear.

  Sadly, magic only works in books and movies. Out here in the real world, the bad guys always have the advantage, and you need more than wizardry to keep them off your network.

  Criminals that ply their trade in cyberspace are mostly driven by economics. They might be after the banking credentials for your small business so they can drain funds from online accounts. If your business is connected to sensitive industries, the bad guys might be foreign agents intent on stealing secrets. Or maybe they're in the ransomware business, hoping to encrypt one of your PCs so they can demand a ransom to unlock it.

  If you think antivirus software is going to stop all those threats, think again. Even the most successful antivirus program is only about 90% effective under the best of circumstances.

  Yes, your business needs antivirus software, but a well-rounded IT security strategy includes multiple additional layers, each working in concert with the others.

Here are four crucial ingredients that must be included in that mix:

1. A Comprehensive Update Strategy

       Every year, security companies review the data they collect from virus-infected PCs, and, every year, the results prove the same depressing truth: most drive-by infections are the result of an exploit that targets a flaw in the operating system or a piece of installed software. And the overwhelming majority of infections were only possible because the owner of the infected PC had failed to install patches released months or years before.

    The moral for your company is simple: keep every PC up to date. That includes the operating system, applications like Microsoft Office, and commonly installed software add-ons such as Adobe Flash and Oracle Java. And make sure to check the update status of every PC regularly, either manually or with the help of centralized management software.

2. Robust Email Filters

    What does email have to do with security? A lot, as it turns out.

Email attachments are among the most popular vectors for spreading malware, usually in the form of misleading executable files (Trojan horses) and booby-trapped documents in PDF and other common formats. The best way to protect your network is to have your email provider or gateway detect suspicious packages and remove them before they can get to your users' mailboxes.

3. Standard (Not Administrative) User Accounts

   Even if someone in your organization is tricked into running malware that your antivirus software doesn't block, you can limit the damage. The most important change to make is simple: set up standard user accounts, and reserve administrator accounts for those times when you really need to change something. If malware can take over a user account with administrative privileges, it can wreak havoc on crucial system functions. Don't let that happen.

4. Know Your Network

   Even in the best-run business, it's possible that a virus or other malicious software will slip past your defenses. In fact, you should assume that's a possibility and review network logs regularly to detect strange behavior. Is someone from outside your network making inbound connections at odd times? Are files being transferred outside your network? This type of activity can be an early warning sign of a network compromise, and the best way to find out about it is before you get a call from your bank or the FBI.

Contact us to help identify the right tools for your organization.

 "We're missing a laptop!"   These words are not something you want to hear, but the chances are, it's going to happen at some point. Unfortunately, data on the majority of SMB laptops is not encrypted, so what exactly does it mean for your company if this happens?

   It means that if the bad guys pull the hard drive from the missing laptop and plug it into a running system, then chances are they can access to your data. A simple user ID and password are not going to be adequate protection.

   Are the thieves going to bother even looking at the stolen laptop? Many years ago, the hardware itself would fetch a decent amount on auction sites as "previously owned." With the professionalization of cyber crime, oftentimes, the data from a professional firm is worth more than the hardware itself.

   Cyber criminals are very aware of the value of purloined data and a lost laptop can quickly turn into a serious incident. For example, the theft of personal information may lead to an extortion demand or blackmail attempt. Furthermore, a fine from a regulatory or governing body is frequently being applied to organizations that take a cavalier attitude towards laptop security.

In 2013, the Information Commissioner's Office (ICO) in the UK fined Glasgow City Council £150,000 for the loss of two unencrypted laptops, one of which contained personal details on more than 20,000 people.

In 2014, two entities paid the U.S. Department of Health and Human Services Office for Civil Rights (OCR) $1,975,220 collectively to resolve potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules.

Stolen or lost laptops have become one of the most common business security incidents, according to the 2014 Data Breach Investigation Reportby Verizon, and depending on the regulations governing your business, the penalties and costs could be significant. These penalties and costs continue to grow as the individuals' privacy, which was violated, may seek additional restitution.

These major enforcement actions in the US and UK underscore the significant risk to the security of personal or medical information posed by laptop computers and other mobile devices.

Here are five precautions you can take to ensure you limit the damage of a stolen device:

1. Utilize Tools Such as Full Disk Encryption

   With the introduction of Windows 8.1 Bitlocker, Microsoft's disk encryption solution is bundled in the operating system (Windows 7 Ultimate had it as well). It takes some work to roll it out to an organization, but since it is included, your organization could find itself in a difficult legal position if a data breach occurs. There are also a plethora of third-party add-on solutions.

2. Physical Security

   The traveling or unattended laptop is one of the more risky situations any mobile device can find itself in. In public places or even hotel rooms, the corporate laptop or tablet should be, at best, secured in a safe and, at worst, stored out of site. In the office, a security tether should be used, especially if overall access control to the facility is weak or the organization is large.

3. Data Segmentation

   If storing all your data on a USB stick seems like a solution, think again. Your laptop may have an email client installed on it, and if those sensitive documents or information has been attached, the bad guys may get at those files. If you only utilize web mail and your documents are on an encrypted USB stick, this may be a useful technique to survive a lost or stolen device.

4. Disposal

   It may sound like something out of Mission Impossible, but the physical destruction of a device that falls into the wrong hands is best, but drive wipe with secure erase software should be your minimum. Always keep in mind that the data lives on the hard drive inside the device. If you plan on backing up user files or archiving the contents of the old device, first make sure that it's secure as well.

5. Avoid Logos

   Advertising whom you work for may not be the best idea if you are in a high-risk situation, like the world's largest hacker convention. Not the best time to bust out your NSA stickered Panasonic Toughbook.

Conclusion

   Ultimately, you need to remember that the security of your mobile device(s) is your responsibility. Folks' stolen property is returned by strangers, or found using technology, all the time. Unfortunately, if it's out of your control, the contents may be copied or malware may have been implanted — be careful.