Tag Archives: Tech Professionals

Mind The Skill Gap: How To Expand Talent In Cybersecurity

Posted on by

The modern cybersecurity industry has been the subject of much attention in recent years as threats to businesses large and small continue to mount. Even outside of the industry, business experts have correctly concluded that more measures are necessary to counteract aging infrastructure and an increase in possible attack surfaces. The interest exists, but what doesn’t exist is enough personnel to fill the myriad jobs in cybersecurity. And this problem is only expected to get worse as time goes on, with the number of new professionals eclipsed by how much their talents are needed.

The discrepancy in cybersecurity is often blamed on the failure of universities to provide the courses necessary to train the next generation of experts. While this is a noted problem, it is only one of many. The same cybersecurity professionals who scoff at formalized education in the field are often unwilling to invest the resources into training others within their organization, instead preferring to solicit existing talent from other businesses. Though there is significant work involved when it comes to building a reliable team, the reward of cultivating new talent is preferable to poaching the old and widening the skill gap further. It’s a sacrifice, but one that must be made if the industry is to be sustainable moving forward.

The other advantage of in-house training is the integration of cybersecurity practices throughout all of a business’s processes. Too often, organizations view these tools as afterthoughts to be stapled at the end of every project. The reality here is that new systems, products, and infrastructure should be created with cybersecurity in mind. Training and apprenticeship programs provide enough personnel to adequately address anything new coming through the pipeline. This carries the added benefit of allowing new entrants in the industry to receive a hands-on experience with a variety of systems.

And, if a company doesn’t have any place to start when it comes to building in-house cybersecurity firms, a third-party organization can help. These companies can provide support for companies that don’t have the resources to train new experts and build the start of a good security culture. However, even dedicated cybersecurity organizations should be mindful of their practices when it comes to recruiting vs. fostering talent.

It’s also important to consider the kind of training that is being given to aspiring cybersecurity experts. The best way to handle cybersecurity is to start with the broad strokes—the compliance laws that it is absolutely vital that any professional knows. In many cybersecurity courses, emphasis is placed on the products that businesses can use to combat threats. This leads to experts with very specialized knowledge of a specific solution, rather than knowing many brand-agnostic solutions or the compliance standards that underpin the whole industry. Consultants should be neutral when it comes to recommending solutions and find whatever suits an organization’s needs.

The future of cybersecurity will need to be collaborative. Between academic organizations selling their programs to business organizations offering opportunities for interested professionals to learn, a lot needs to change about how new talent is cultivated. In the future, expect to see a new generation of experts that know compliance law inside and out—and that are focused on spreading their best practices to others.

 

 

Why Cybersecurity is Important For Small Businesses

Posted on by

Most small businesses think themselves beneath notice in the larger corporate world. After all, without the need for IT systems or significant infrastructure, there is less to manage and fewer vulnerabilities to address. Anything related to technology is often an afterthought for small businesses, and many make the mistake of believing that cyber threats are not a potential issue.

The unfortunate reality is that cybercriminals are more than willing to prey on small- to mid-sized businesses, even with bigger targets available. Widespread adoption of technology has made just about every enterprise a potential target. Given the lack of focus on technological infrastructure and fewer resources to dedicate to systems monitoring or recovery after a breach, these organizations are especially vulnerable. And every company has data worth stealing, to sell or use as leverage. The loss of any sensitive information can cost a company in both reputation and capital.

For small businesses, a bit of investment in cybersecurity can keep records safe and ensure that larger losses don’t happen down the line. There’s no need for a dedicated IT team to take necessary precautions when it comes to adopting new technology or infrastructure. The first step is acknowledging that, while small businesses are vulnerable, they are not without options for their own protection.

Many cybersecurity breaches are the result of internal error—I can’t emphasize this enough. As a result, controlling for human mistakes such as weak passwords, clicking on risky emails, and using mobile devices on unsecured networks can go a long way. Many do not realize how many points of vulnerability exist. Small businesses should ensure that the tools in place are easy to use for employees that may not be familiar with these matters.

Mobile devices are such a massive point of vulnerability that it’s worth dedicating time to examine all of the ways that they can go wrong. Between the difficulty inherent in managing them, the risk of public wifi, and employees bringing devices from home, small businesses will have to account for every possible attack surface. Consistent regulation is necessary to ensure that personal and business devices stay safe no matter where they go.

For that matter, small businesses should consider regulating access to certain systems and technology. Though they may not have an IT department or dedicated standards for who can access what, these organizations should consider which systems each employee has a consistent need for. If an employee doesn’t require a system to get their work done, they should not have access.

Planning for a cyberattack should also account for the worst-case scenario of a breach occurring and ease the recovery process. Making backups of everything digital is the best and easiest way that a small business can protect themselves in the event of a breach and allow for the least downtime when something goes wrong. The investment to create on- and off-site backups is minimal, but the safety it provides is huge.

This is only a small sample of the tactics that small businesses can consider when investing in cybersecurity. VPNs, software audits, and proven antivirus software can also provide an additional line of defense. However, any small business should recognize that precautions do not guarantee safety, and may want to consider investing in the services of a third-party cybersecurity firm to assess risk levels and provide scalable solutions. Technology will become even more involved in business, and safe adoption is important for businesses of all sizes.

 

How to Teach Employees Cloud Security

Posted on by

Businesses have worked hard in recent years to bring their IT infrastructure in line with cloud best practices, but security is still an ever-present issue. It can be hard to regulate all of the data shared over the cloud, and information is always being updated. It seems, in many ways, like a zero-sum game—but given the amount of sensitive data freely shared over the cloud, it is still valuable to ensure that employees at your company are informed of the ways that they can practice good cloud security.

Training has multiple benefits; not only can it prevent sensitive data from leaking, but instructing employees on the finer points of VPNs and WiFi as well can dispel myths about the technology and ward against future mishaps. If you are a cloud professional, consider collaborating to set up a training program with other relevant IT staff. If your office lacks a reliable source of knowledge and you use an external provider for cloud services, inquire about the viability of a training program and work with them to reach a suitable arrangement.

The first thing to understand about cloud security is that it involves everyone in the office, not just IT staff. Pay special attention to anyone handling sensitive information; they may need extra instruction in this area. It may seem difficult to educate non-IT staff on the intricacies of the cloud, but in reality, there’s a lot that they can do to improve security on an individual level. Teach them how to avoid malware and unauthorized applications, and give them the resources to create strong passwords.

When training, it is of the utmost importance to impart onto employees that action is taken immediately. Companies cannot afford to take a reactive stance when it comes to cybersecurity, as a data breach can cost dearly in capital, time, and reputation. Often, once data is gone, there is no retrieving it. For businesses pursuing training, they should incentivize it and discuss the benefits that it brings. While it may take time out of their normal work schedules, a better understanding of cloud sharing can improve efficiency in the long run.

It is also important, when planning a training program, to ease employees into cloud usage with practical applications. Use a simple site or API to highlight how the cloud can be used to make it more efficient, and how it can safely be used. Keep in mind that employees will have different learning styles, and strive to offer supplemental guides and videos to allow them to fill gaps in their knowledge.

To go along with training, companies should take the time to reevaluate their cloud permissions, and which employees make use of it. Cloud protocol should be integrated into a company’s policies; don’t just make it a suggestion by way of training, but identify areas that can unwittingly be breached from within and work to fix them and mitigate the risk.

It can be difficult to get staff to comply with these changes. After all, for the average employee, much of it will seem sudden and difficult to understand. Understand and listen to your staff’s concerns about learning this new technology and empathize with them; if something in a training program isn’t working, you should consider working with them to fix the problem. Get them to apply what they’ve learned to practical office problems, and demonstrate their knowledge. Many compliance laws will require demonstration that employees have learned the material, so be cognizant about the steps you will need to take to fully comply.

In addition, it will be necessary to update training every year or so. It may sound like drudgery, but with security concerns changing by the day, your staff will need to stay up to date on the best ways to keep data secure. For IT staff, this obligation may be even more extensive, requiring consistent research into recent attacks and best practices for security.

With cloud migration continuing unabated, it is valuable for any company to educate their employees on its proper use. It affects all aspects of business, which could potentially be problematic for individuals not trained in using it in a secure manner. The sooner businesses embrace cloud education for their employees, the sooner they can adopt new changes and continue to leverage the cloud and its myriad of benefits.

Best Cloud-Based Apps for Business

Posted on by

I spend a lot of time talking about applications of the cloud, so I figured I’d dedicate myself now to discussing some applications for the cloud. If you’re the owner of a small-to-medium sized business (often colloquially referred to as an SMB), then you’ll be happy to know that, even without cloud services, it’s still possible to leverage this technology to work for you and improve productivity. Thousands of applications exist on the web, and now, some recent additions are using the cloud to better manage their resources.

Have a look at some of the best services available now.

Intuit Quickbooks Online Plus

For under $40 per month, you can use cloud-based accounting to get a better handle on company finances. From its modest beginning, Intuit has since expanded its services and created a simple, user-friendly UI that caters specifically to SMB needs. It even includes a flexible payroll management service to make it your one-stop shop for dealing with finance.

IDrive

For the business with a minimal web presence looking for a hassle-free way to protect its data, IDrive is ideal. It’s inexpensive and boasts an easy setup that offers businesses disk image backups, folder syncing, and a hard drive for physical data security.

The downside? It only offers a terabyte of storage, which some smaller businesses may not mind, given IDrive’s ease of use.

Carbonite

For slightly larger businesses, Carbonite offers a more robust backup option for businesses looking to protect their data in case of disaster for a reasonable price. However, it does nothing to protect or back up virtual infrastructures or cloud-based data centers, making it so that businesses that are more digitally involved will have to look elsewhere for answers.

MailChimp

Even if your budget for email marketing is low, MailChimp delivers (pun intended) with a level of customization that’ll keep anybody happy regardless of their level of technological expertise. It’s also capable of integrating third party tools, and includes templates to get a new user off and running as fast as possible.

Hootsuite

If you’re interested in easily managing multiple social media platforms from one place, then consider Hootsuite. It starts off free, but an interested user can scale up and add more socials if they decide that the like the service.

Unfortunately, it doesn’t offer all-in-one analytics; though most social platforms have their own free services if you’d like to really track engagement.

Webroot SecureAnywhere Antivirus

For a little bit of money (around $20, to be precise), you can protect your devices from viruses and ensure recovery of files encrypted by ransomware. It doesn’t take up a lot of space on your device, scans rapidly, and offers a protective firewall. Plus, Webroot is constantly updating its database of programs and potential threats, and is willing to respond and adapt to any attack by an unknown software.

Ascencio System OnlyOffice

It’s a lot like Google Docs, but OnlyOffice offers a few more options that make it worth the higher price point. It provides additional features that can aid in productivity, including task, project, and customer relationship management tools. Plus, its myriad of functions are all cleanly integrated together in a way that makes it easy to shift from task to task.

Its main drawback is its lack of included storage, but this is offset by the fact that OnlyOffice plays nicely with other third-party storage providers for your convenience.

Hiring a Cloud Professional: Skills to Look For

Posted on by

I think it’s safe to say that I’ve written a few times about the value of the cloud in business. And, as it turns out, a lot of people agree with me. The cloud is growing incredibly quickly, with cloud services such as Amazon AWS and Microsoft reporting massive upsurges in revenue. For agile businesses such as startups, entrepreneurs have been able to easily adopt the cloud and gain a huge advantage over competitors.

With this increase in demand for cloud services, businesses are looking for cloud-savvy professionals in their IT departments. Perhaps your company is even one of those businesses. With that in mind, these are some of the skills you’ll want to look for when it comes to hiring a cloud professional, or perhaps even learn for yourself.

Data Systems and Databases

Data is the cornerstone of the cloud, and any professional working with it needs to be familiar with the workings of a database in order to qualify. Big Data is increasingly enabled by the cloud, with the sector growing at a similarly rapid rate. In fact, cloud experts are convinced that this trend will become even more pronounced in the future, with businesses storing and accessing their data through the cloud.

SQL and MySQL are standard languages for databases and crucial for any cloud professional to know. However, open source data platforms such as Hadoop and MongoDB. In fact, the former is well suited for processing large volumes of data, making it ideal to embrace the advent of big data.

Linux

While it’s not strictly necessary for working with the cloud, the majority of cloud software platforms are based in Linux. While Linux hasn’t made a huge impact when it comes to desktop computing, it has gained popularity in the cloud community for its rapid innovation and flexibility. Its primary rival is Microsoft Azure, which even includes an option to run Linux’s openSuse OS.

Dual booting your computer is a great first step to start if you’d like to learn the ins and outs of Linux. As an open source operating system, the community is robust and helpful resources are plentiful.

Cloud migration

It can be difficult to switch over to the cloud from typical IT infrastructure, especially as a large business. When it comes time to make the transition, businesses often have to rely on professional services for migration.

Professionals will want to obtain a certificate in migration for the cloud platform of their choice. Giving the complexity and security concerns associated with migration, finding a professional and plan that fits your needs is very necessary.

Quality assurance

QA is one of the most common skills requested in cloud computing job postings, and the cloud presents new challenges to QA developers. QA and QC engineers have always been in demand, and with the expansion of the cloud, ensuring the integrity of a piece of software is more important than ever.

Security

Cyber security for cloud applications is still developing, leaving many systems vulnerable to hackers. With over 90% of cloud applications not secure for enterprise use, the burden falls to developers to secure their systems and protect the organizations that they work for.

Due to mounting security concerns, data protection regulations are being implemented to ensure compliance amongst businesses and leverage fines if their systems are not secure enough. Like many of the other skills on this list, certifications exist for any professional wishing to bring cloud applications up to spec.