Cybersecurity for Small Business: It Doesn’t Keep You Up at Night? It Should!

If you want a pleasant Sunday morning read, check out this list of data breaches of major companies, organizations and government agencies. These are entities with IT departments, security professionals monitoring their networks, cybersecurity policies, and a budget to support their cybersecurity efforts. At least one of these data breaches included data about you. And,… Read more »

The post Cybersecurity for Small Business: It Doesn’t Keep You Up at Night? It Should! appeared first on Alexandria Small Business Development Center.

If you want a pleasant Sunday morning read, check out this list of data breaches of major companies, organizations and government agencies. These are entities with IT departments, security professionals monitoring their networks, cybersecurity policies, and a budget to support their cybersecurity efforts. At least one of these data breaches included data about you. And, these cyberattacks were not even the primary targets of most attacks in the world. Hackers today find it lucrative to target businesses and, more specifically, North America-based small businesses.

Hackers have breached about 14 million small businesses in the last year, and most don’t know it. Cybersecurity for Small Business might sound obscure if you’re in business on “Main Street” and don’t sell online. However, it’s one of the most important management areas of your business to focus on today. Cybersecurity itself means protecting your digital world from attacks in a variety of forms so you can focus on running and growing your business.

Unfortunately, gone are the days when you can buy antivirus software for your desktop computer and all your digital worries can go away; it’s part of the solution but it’s not the whole solution. There are many ways in which hackers can penetrate your personal, your business, your employees, and your customers’ machines and access data with intent to steal or get access to that equipment for nefarious reasons. Frequently, the reasoning doesn’t make sense on the surface so you aren’t suspicious, and this can be the most dangerous cybersecurity breaches because you are unaware for so long.

I’ll use the colloquial term “cybercrime” throughout this discussion to cover the wide variety of crimes, unethical tactics, and downright immoral practices of individuals and companies against personal and business systems and their data. These cybercrimes include, but are not limited to,

  • hacking your digital devices (which could be your smartphone, computers and laptops, Point of Sale terminals, credit card machines, and similar devices),
  • hacking your digital services (think about your website, email, cloud storage, and online services),
  • blatant physical theft (ergo, larceny) of digital equipment to get the underlying data,
  • data theft,
  • phishing,
  • stalking,
  • identity theft,
  • wire tapping,
  • denial of service (DoS) and distributed denial of service (DDoS) attacks against your servers to shut down your websites,
  • email bombing (the equivalent of a DoS/DDoS attack, but with a volume of email messages sent to you instead of HTTP requests to the server), and
  • injection of malware (malicious software), ransomware (taking data to make you pay to gain get it back), and other types of software that do dubious actions to your digital environment.

Now isn’t this a Charlie Foxtrot, eh? I know it’s daunting and it might scare and overwhelm you. It’s understandable that you may feel this way. But, as a business owner in the Internet Age, you must head cybercrime off at the pass, or risk losing time, money, and clients. Thankfully, there are some common sense ways to deal with cybercrime, so you can rest at ease knowing your digital world is safe and get back to running your business.

Physical security of hardware

Every Small Business should have physical security protocols for all digital devices (phones, external hard drives, computers should be secured in place so they cannot be easily picked up and run away with, laptops / tablets / credit card readers should be secured in locked storage when not in use.

Your next best defense since people are fallible, is to have an offsite backup. This can include making a full copy of your encrypted data on an external hard drive and taking it someplace away from the business location, and/or using a cloud storage backup service such as Carbonite, Crashplan, or even Google Backup and Sync.

Something that some businesses are starting to do as well, when all else fails, is to make sure their business liability insurance cover physical theft. And, you should know that there are cyber security risk / liability insurance policies available for damages and losses from digital means.

Physical access to systems (users)

When it comes to physical access to systems, your users should be guided by an effective Digital Device Policy and include protocols for:

  • How to create employee user accounts and assign only the administrative/user privileges needed for them to perform in their role.
  • Give users physical access to systems only at the times needed to satisfy their assignments, and not give access to unnecessary systems at all. If employees don’t need access to your server room, don’t give it to them.
  • For how to allow Bring Your Own Device (BYOD) employees at your business. You should have in place a policy for managing BYOD’s. Employees must use and abide by these security protocols on their mobile devices, if they use personal devices at work.

Separation of personal and business devices

You separate your business and personal finances, because you need to track what is yours and what is your business’, even if only for tax purposes. The same goes with cybersecurity. You need separate personal and business logins for online accounts. This may also include hardware, like the phone you use to make and receive personal or work calls. Will your ISP or telecommunications provider have protections in place if you’re using your consumer service for business purposes? Probably not. The fine print matters here.

Software protections

Since the late 1990s there has been antivirus and anti-spyware software. And, yet, business owners resist installing reputable antivirus software on their business machines. While some have costs associated with them, many are free and built into your operating system, such as Windows Defender. You simply need to activate them. But, if you have purchased a license for one not built into your operating system, please make sure that your license is still valid and the software are kept up-to-date (including your mobile phones and devices). Also, firewalls keep your computer, and any devices or routers connected to the Internet safer, especially your Web browsers (all of them, even if you don’t use them all, all of the time), must have firewall protection. Again, on Microsoft Windows, there’s Windows Firewall that simply needs to be enabled.

VPN when on WiFi on anyone else’s network

If you spend much of your time on other people’s WiFi, then you need to use a Virtual Private Network (VPN) to secure your business data trafficking across the network. This includes any open WiFi network at your local cafe and if you’re working at a coworking space or even at your client’s site. No network outside your firewall can be trusted to be secure. A VPN product you can try for 500MB per month for free is TunnelBear and if you use more data than that per month across your business, then you can upgrade.

Web browsing and email protections

As a business owner (and advising your staff similarly), don’t open suspect emails and don’t transact any personal or private information about yourself via email. Period.

At the core of most Web and email protection is antivirus and spam-filtering software, so it’s definitely recommended that your ESP (email service provider) and/or ISP (Internet service provider) give you options for protecting and securing your Web and email traffic. However, that’s simply not enough for a business today.

In addition to such protective software, you should also seek out information on implementing SPF, DKIM, and/or DMARC as available through your ESP.

It also doesn’t hurt to enable two-factor authentication (a/k/a 2FA or TFA) on all online services that have the capability. Where possible, use a password manager, such as LastPass, 1Password, or Dashlane, to not only use unique passwords for every online account you have for the business, but also long passwords with unique passwords to increase its resilience to attacks.

Mobile security

As more and more computing happens on mobile devices, security on them will become the dominant concern for small business owners. But, mobile doesn’t simply stop there. With the advent of Internet of Things (embedded “smart” technology in everyday things), wearable technologies, smart vehicle systems (Android Auto, anyone?), and voice assistants (like Amazon Echo devices, Google Home, and, the newcomer, Apple HomePod), cybersecurity needs expand to have to meet those new frontiers.

It’s so important for Small Business to have their representatives’ support when it comes to combatting cybercrime against them and their customers. In April, a bipartisan small business cybersecurity bill was introduced by nine senators—the MAIN STREET Cybersecurity Act of 2017. Sadly, this bill, according to Skopos Labs as detailed on GovTrack.us, has a 3% chance of becoming law. This is a commonsense piece of legislation to get the National Institute for Standards and Technology (NIST), “to disseminate resources to help reduce small business cybersecurity risks, and for other purposes.” Call your congressional representatives and tell them that you support S. 770 and they should support their small business voters by supporting this bill.

Also, if you’re scared senseless and you need help, never fear. Contact the Alexandria Small Business Development Center and we can refer you to professional security consultants who can help you.

Next Roundtable – August 15, 2017 – Sizing Up the Competition: How to Create a Competitive Advantage

Alexandria Small Business Development Center hosts a monthly Business Development Roundtable from January to November. We meet in our main conference at noon on the third Tuesday of the month, and you can bring a beverage or your lunch, for a different business marketing or management topic that’s pertinent to Alexandria Small Business. Join us on August 15, 2017 at noon, when we gather to discuss “Sizing Up the Competition: How to Create a Competitive Advantage.”

The post Cybersecurity for Small Business: It Doesn’t Keep You Up at Night? It Should! appeared first on Alexandria Small Business Development Center.

HVAC: Accounting for stuff only the birds can see!

Old Hvac Unit
Old roof top HVAC unit scheduled to be replaced.

Necessary – What has this got to do with me? I am building a chic new retail store. I need to focus on the design, merchandise displays and retail image. Who sees this? I know – I know, the space must have functioning heat and air conditioning but, really, why do I need a structural engineer? I want to put my budget were it is visible to my customers.

Most commercial HVAC units will last 15 to 20 years. They probably cost over $10M each without any distribution and, in all but special circumstances, you cannot hope to have a functional commercial space without them. They are as basic as the walls, roof, plumbing, lights, etc. So when the HVAC company, landlord, or MEP engineer says it is time to replace you can be pretty sure they are correct.

Fundamental – Few would argue that it is completely fundamental for a tenant to understand who is responsible for the original installation, subsequent maintenance, repair and eventual replacement of the heating and air conditioning in a space. Neglecting to do this would be like moving into a space that might or might not have walls, yet I am often surprised by retailers who are unclear about, even disinterested in, these issues. Until something goes wrong that is.

Bar Joist
Bar joist hold up the roof and are common in retail environments.

Required – But I digress. My intention is not to outline heating and air conditioning systems common to small commercial projects, which is nicely done here. It is, rather, to explain why structural engineering is required for the installation of an HVAC unit. Consider this; all commercial HVAC systems have parts, many of which are large, heavy and sit on something, i.e., the roof. The unit in the photo, for example, weighs upward of 1,200 pounds. Now take a critical look at the structural framing system in the other photo, and ask yourself if it looks like it will be sufficient to hold up the concentrated load created by the installation of half a ton of equipment. In this case the structure is actually holding up the unit shown, so the answer happens to be yes – barely. I point this out because in many cases, especially in existing buildings without available structural drawings, common sense might lead one to ask if a new mechanical unit weighs the same as the one being replaced. Be aware that where common sense fails, the building code does not.

Structural load calculations and drawings which have been certified by an authorized professional are required before building departments will issue a permit allowing heavy equipment to be installed in, or on, a new or existing building. This, of course, includes mechanical, as well as other types of equipment. I mention the later as an aside for all you restaurant owners out there. Restaurant equipment is heavy and installing it in old buildings like those found in historic areas can create problems for unaware owners. Also, in the case of replacement equipment, it is less involved but still necessary to evaluate a new unit even if it weighs less than the old one. In the case under consideration, the replacement HVAC unit proved to be heavier than the existing, meaning it became necessary to provide structural reinforcement before the new unit could be installed.

Roof top image shows location of existing HVAC equipment.
Roof top image shows location of existing HVAC equipment.

How – So what steps were required? How did we arrive at this conclusion? First we had a contractor go up onto the roof and take photos of the exiting equipment, including a close up view of the label. This allowed the mechanical engineer to research the existing unit with the manufacturer who was able to provide a weight. A new unit was then specified according to the new design for the space. Efforts were made to avoid additional expense by matching the new unit with the old and installing it in the same location. Eventually it was determine that, although the location could be maintained, the replacement unit was going to be heavier than the old one. Had it weighed the same or less, the mechanical engineer would have so noted it on the drawings and been done.

Since this was not the case, it became necessary for the structural engineer to completed the process. He went to he site, analyzed the structural type, crawled up on a ladder, measured the bar joist, and checked the location of the existing equipment. Upon returning to his office, he went through a series of calculations to see if the structure was sufficient to accommodate the new unit. Since it was not he had to design and specify additional reinforcement adequate for the new equipment. This information was delivered in the form of signed and sealed drawings and calculations, along with certified architectural and MEP documents, to the building department with the permit application.

Why – The point of this discussion is to show those contemplating a commercial building project what a single line in a lease assigning responsibility for the heating and air conditioning equipment can indicate. In my experience all reputable landlords give full disclosure about the age and condition of the mechanical systems in their properties. Many provide substantial construction allowances for unit replacement and other improvements. Few, though, take into consideration the amount of engineering required in order to make the actual improvement. Professional services, Architectural, Mechanical, Electrical, Plumbing and Structural, are expensive and should be accounted for in the budget for a building project. I would suggest that forewarned is forearmed.

Bridget Gaddis, is a Licensed Architect and LEED-accredited Professional practicing nationally, and locally in the Washington DC area. She holds professional degrees in both Architecture and Interior Design, and with a comprehensive background in commercial retail design, planning and construction has completed projects for such for such well known brands as Chloe, Zegna, and Bvlgari. Her career began in tenant coordination and site planning for two well-known Cleveland developers, followed by six years in store planning for a national retailer. After a move to New York City in 1997, she spent the next years working for architecture firms specializing in retail projects. In 2011 she started her own practice in Alexandria, VA. Ms. Gaddis is the author of two blogs dealing with architectural subjects.

Save

What do you mean by “Feasibility Assessment?”

Now What?
Now What? How do I turn this in to a new store?

Contemplation – Imagine you are a retailer contemplating this tenant space. Clearly, you might be asking yourself; “now what?” Suppose a few of the questions below move from unconscious reflection to conscious contemplation without ensuing answers, then assessing a project to see what is actually required could facilitate the decision making process and provide many benefits.

Resources – Landlord provided documents, previous project cost summaries, consultations with building departments, contractors, engineers and sometimes professional construction estimators are all resources informing project feasibility. The intent is to simplify, consolidate and summarize the probable scope of work, professional fees, construction costs and time that might be anticipated for a project. It is the purpose of a feasibility assessment and a highly recommended means of beginning most retail projects.

  • Do I need to build the walls?
  • Do I need to build the bathroom(s)
  • Why do I need 2 bathrooms?
  • Why do I need 2 entries?
  • Do I need to install the storefront system?
  • Can I use my own storefront design?
  • Do I need to have my own electric meter installed?
  • Do I need to install my own Air Conditioning and heating system?
  • What is the best mechanical system to use?
  • Is there water in the space?
  • What about hot water?
  • What about gas?
  • Where is the sewer?
  • How do I connect to it?
  • Will my store fit in this space?
  • Must I supply my own storefront sign?
  • Who will design it?
  • Can I design the store myself?
  • Can I turn a logo into a store design?
  • Where do I get the store fixtures?
  • What if I can’t find the exact fixtures that I need to display my products?
  • Are custom store fixtures required, if so who will design them?
  • What about lighting?
  • Who sets up the Point of Sale (POS) system and how do I hide the wires?
  • How do I accommodate the cabling and hard wiring for my computers?
  • How much can I expect to spend for all this?
  • A contractor told me he could build my store for $45/sq. ft. Should I believe him?
  • Do I need a building permit?
  • What does an architect charge?
  • Can I get this done in time to open before I must begin paying rent?
  • How do a pick a contractor?
  • Is the construction allowance from the landlord enough to build the store?
  • Does the location have enough parking?
  • What is the visibility from walk and drive by traffic?
  • Is this space a good choice for my project?
  • If I don’t take this space do I need to start all over with a new feasibility for a different location?

Please feel free start a discussion here and maybe even see some answers.

Bridget Gaddis, is a Licensed Architect and LEED-accredited Professional practicing nationally, and locally in the Washington DC area. She holds professional degrees in both Architecture and Interior Design, and with a comprehensive background in commercial retail design, planning and construction has completed projects for such for such well known brands as Chloe, Zegna, and Bvlgari. Her career began in tenant coordination and site planning for two well-known Cleveland developers, followed by six years in store planning for a national retailer. After a move to New York City in 1997, she spent the next years working for architecture firms specializing in retail projects. In 2011 she started her own practice in Alexandria, VA. Ms. Gaddis is the author of two blogs dealing with architectural subjects.

5 New Year’s Resolutions for Your Small Business

We’re all used to the practice of making resolutions at the start of the year about things that we wish to do in our personal lives, whether it is losing a few extra pounds, finishing a degree or obtaining additional training or education, working out on a regular basis, or spending more quality time with family… Read more »

The post 5 New Year’s Resolutions for Your Small Business appeared first on Alexandria Small Business Development Center.

5 New Years Resolutions for Your Small BusinessWe’re all used to the practice of making resolutions at the start of the year about things that we wish to do in our personal lives, whether it is losing a few extra pounds, finishing a degree or obtaining additional training or education, working out on a regular basis, or spending more quality time with family and friends. Unfortunately, by the end of January many of these resolutions have been swallowed up by the everyday events of our lives, and we find ourselves feeling guilty and frustrated.

This time of year is also important for making resolutions for your small business. To avoid the failure and frustration that often accompanies personal resolutions, these should be simple, specific, and actionable to increase the chances of success. A few suggestions for small business owners are:

  1. Update Your Business Plan. Whether you started with a formal business plan or ideas on the back of a napkin, this is a good time to dust off your original plan and see how your vision worked in the real world. Has your small business worked out as planned? Are there things that you know now that you wish you would have known when you started? Where do you see your business being this time next year? What do you have to do to accomplish that? It may be as simple as taking the time to really think about these issues and write down your thoughts to spur on your business’ growth in 2015. The Business Planning Guide on the Alexandria SBDC’s website can be an effective tool to use to update your plan
  2. Understand Your Business Finances. You pay the bills, and you, or your accountant or bookkeeper, files the taxes, but do you really understand the financial position of your business? Many small business owners are passionate and very knowledgeable in their area of business, but often less so when it comes to financial operations. Make 2015 the year that you look at the numbers and really understand what they mean. This may involve an “educational session” with your accountant, a financial discussion with SBDC Business Analyst Jack Parker, or registration for one of the many classes in the area on finances, accounting, Quickbooks, etc. By monitoring your finances on a monthly basis, or at least quarterly, you will know how you are doing and be able to make informed projections of your cash requirements for the year.
  3. Update Your Website. This probably does not involve starting from scratch with a whole new site (the Alexandria SBDC did that last year – a lot of work, but worth it!). How new is the material on your site?  If the last time you added new content was 2012, you have some refreshing to do! Is it time to add a blog, or just to add new content, videos or photos? If your site is not interesting enough for you to go to it on a regular basis, why should anyone else? Make sure that it reflects what you want your business to present to the world. Remember that Alexandria City businesses can schedule a session with the SBDC to review your site and get suggestions from the experts.
  4. Try Something New with Social Media. Are you overwhelmed by social media and how much time you think it will take from “doing your business”? Wherever you are in the social media spectrum, from active participant to total novice, you can resolve to take yourself up a level. Do not try to do it all at once – that is a sure recipe for failure and frustration. Figure out which social media platform would be the best one for you to explore for your industry and work on mastering that one in 2015. Alexandria SBDC social media consultant Ray Sidney-Smith has published a book, Social Local Mobile Success: Small Business Marketing Strategy Explained.  It is available as an e-book or in paperback from the major online outlets and is a great source of information for small business owners who want to “up their game” in this area. Treat yourself to a copy for the new year, follow through on one platform, and see how the increased visibility helps your business.
  5. Measure The Impact of Your Decisions. While you are understanding your finances, updating your website and increasing your social media presence, it is important to see how this increased activity brings change to your business. Decide which metrics are most important to you, then make a plan on how to measure and analyze that information. Make sure that you have Google Analytics installed on your website and synced with your social media. Understand your sales cycle by looking at your financial reports and knowing which periods of the year are busy and which need a boost. While this may not be the most interesting or exciting thing that you do for your business in 2015, it may be the most important. Having good data is the first step to making good decisions.

It is your business – empower yourself to take control of it in 2015!

The post 5 New Year’s Resolutions for Your Small Business appeared first on Alexandria Small Business Development Center.