Skip to content

Understanding the Business Continuity Plan and Its Importance

These days, cybercrime is rampant. It’s no longer a matter of “if” you’re going to suffer an attack but “when” it will happen. All companies want to be ready for any crisis. And this is where a business continuity plan comes into play.

But what is a business continuity plan exactly? Why is it important? What should one include? Today, we’re exploring all these questions in-depth.

What is a business continuity plan?

A business continuity plan (BCP) is a document that sets guidelines for how an organization will continue its operations in the event of a disruption, whether it’s a fire, flood, other natural disaster or a cybersecurity incident. A BCP aims to help organizations resume operations without significant downtime.

Unfortunately, according to a 2020 Mercer survey, 51% of businesses across the globe don’t have a business continuity plan in place.

What’s the difference between business continuity and disaster recovery plans?

We often confuse the terms business continuity plan and disaster recovery plan. The two overlap and often work together, but the disaster recovery plan focuses on containing, examining, and restoring operations after a cyber incident. On the other hand, BCP is a broader concept that considers the whole organization. A business continuity plan helps organizations stay prepared for dealing with a potential crisis and usually encompasses a disaster recovery plan.

Importance of business continuity planning

The number of news headlines announcing data breaches has numbed us to the fact that cybercrime is very real and frequent and poses an existential risk to companies of all sizes and industries.

Consider that in 2021, approximately 37% of global organizations fell victim to a ransomware attack. Then consider that business interruption and restoration costs account for 50% of cyberattack-related losses. Finally, take into account that most cyberattacks are financially motivated and the global cost of cybercrime topped $6 trillion last year. The picture is quite clear — cybercrime is a lucrative venture for bad actors and potentially disastrous for those on the receiving end.

To thrive in these unpredictable times, organizations go beyond conventional security measures. Many companies develop a business continuity plan parallel to secure infrastructure and consider the plan a critical part of the security ecosystem. The Purpose of a business continuity plan is to significantly reduce the downtime in an emergency and, in turn, reduce the potential reputational damage and — of course — revenue losses.

Business continuity plan template

Password security for your business

Store, manage and share passwords.

Get NordPass Business

30-day money-back guarantee

Business Continuity Plan Example

[Company Name]

[Date]

I. Introduction

  • Purpose of the Plan

  • Scope of the Plan

  • Budget

  • Timeline

The initial stage of developing a business continuity plan starts with a statement of the plan’s purpose, which explains the main objective of the plan, such as ensuring the organization’s ability to continue its operations during and after a disruptive event.

The Scope of the Plan outlines the areas or functions that the plan will cover, including business processes, personnel, equipment, and technology.

The Budget specifies the estimated financial resources required to implement and maintain the BCP. It includes costs related to technology, personnel, equipment, training, and other necessary expenses.

The Timeline provides a detailed schedule for developing, implementing, testing, and updating the BCP.

II. Risk Assessment

  • Identification of Risks

  • Prioritization of Risks

  • Mitigation Strategies

The Risk Assessment section of a Business Continuity Plan (BCP) is an essential part of the plan that identifies potential risks that could disrupt an organization’s critical functions.

The Identification of Risks involves identifying potential threats to the organization, such cybersecurity breaches, supply chain disruptions, power outages, and other potential risks. This step is critical to understand the risks and their potential impact on the organization.

Once the risks have been identified, the Prioritization of Risks follows, which helps determine which risks require the most attention and resources.

The final step in the Risk Assessment section is developing Mitigation Strategies to minimize the impact of identified risks. Mitigation strategies may include preventative measures, such as system redundancies, data backups, cybersecurity measures, as well as response and recovery measures, such as emergency protocols and employee training.

III. Emergency Response

  • Emergency Response Team

  • Communication Plan

  • Emergency Procedures

This section of the plan focuses on immediate actions that should be taken to ensure the safety and well-being of employees and minimize the impact of the event on the organization’s operations.

The Emergency Response Team is responsible for managing the response to an emergency or disaster situation. This team should be composed of individuals who are trained in emergency response procedures and can act quickly and decisively during an emergency. The team should also include a designated leader who is responsible for coordinating the emergency response efforts.

The Communication Plan outlines how information will be disseminated during an emergency situation. It includes contact information for employees, stakeholders, and emergency response personnel, as well as protocols for communicating with these individuals.

The Emergency Procedures detail the steps that should be taken during an emergency or disaster situation. The emergency procedures should be developed based on the potential risks identified in the Risk Assessment section and should be tested regularly to ensure that they are effective.

IV. Business Impact Analysis

The Business Impact Analysis (BIA) section of a Business Continuity Plan (BCP) is a critical step in identifying the potential impact of a disruption to an organization’s critical operations.

The Business Impact Analysis is typically conducted by a team of individuals who understand the organization’s critical functions and can assess the potential impact of a disruption to those functions. The team may include representatives from various departments, including finance, operations, IT, and human resources.

V. Recovery and Restoration

  • Procedures for recovery and restoration of critical processes

  • Prioritization of recovery efforts

  • Establishment of recovery time objectives

The Recovery and Restoration section of a Business Continuity Plan (BCP) outlines the procedures for recovering and restoring critical processes and functions following a disruption.

The Procedures for recovery and restoration of critical processes describe the steps required to restore critical processes and functions following a disruption. This may include steps such as relocating to alternate facilities, restoring data and systems, and re-establishing key business relationships.

The Prioritization section of the plan identifies the order in which critical processes will be restored, based on their importance to the organization’s operations and overall mission.

Recovery time objectives (RTOs) define the maximum amount of time that critical processes and functions can be unavailable following a disruption. Establishing RTOs ensures that recovery efforts are focused on restoring critical functions within a specific timeframe.

VI. Plan Activation

  • Plan Activation Procedures

The Plan Activation section is critical in ensuring that an organization can quickly and effectively activate the plan and respond to a potential emergency.

The Plan Activation Procedures describe the steps required to activate the BCP in response to a disruption. The procedures should be clear and concise, with specific instructions for each step to ensure a prompt and effective response.

VII. Testing and Maintenance

  • Testing Procedures

  • Maintenance Procedures

  • Review and Update Procedures

This section of the plan is critical to ensure that an organization can effectively respond to disruptions and quickly resume its essential functions.

Testing procedures may include scenarios such as natural disasters, cyber-attacks, and other potential risks. The testing procedures should include clear objectives, testing scenarios, roles and responsibilities, and evaluation criteria to assess the effectiveness of the plan.

The Maintenance Procedures detail the steps necessary to keep the BCP up-to-date and relevant.

The Review and Update Procedures describe how the BCP will be reviewed and updated regularly to ensure its continued effectiveness. This may involve conducting a review of the plan on a regular basis or after significant changes to the organization’s operations or threats.

What should a business continuity plan checklist include?

Organizations looking to develop a BCP have more than a few things to think through and consider. Variables such as the size of the organization, its IT infrastructure, personnel, and resources all play a significant role in developing a continuity plan. Remember, each crisis is different, and each organization will have a view on handling it according to all the variables in play. However, all business continuity plans will include a few elements in one way or another.

  • Clearly defined areas of responsibility

    A BCP should define specific roles and responsibilities for cases of emergency. Detail who is responsible for what tasks and clarify what course of action a person in a specific position should take. Clearly defined roles and responsibilities in an emergency event allow you to act quickly and decisively and minimize potential damage.

  • Crisis communication plan

    In an emergency, communication is vital. It is the determining factor when it comes to crisis handling. For communication to be effective, it is critical to establish clear communication pipelines. Furthermore, it is crucial to understand that alternative communication channels should not be overlooked and outlined in a business continuity plan.

  • Recovery teams

    A recovery team is a collective of different professionals who ensure that business operations are restored as soon as possible after the organization confronts a crisis.

  • Alternative site of operations

    Today, when we think of an incident in a business environment, we usually think of something related to cybersecurity. However, as discussed earlier, a BCP covers many possible disasters. In a natural disaster, determine potential alternate sites where the company could continue to operate.

  • Backup power and data backups

    Whether a cyber event or a real-life physical event, ensuring that you have access to power is crucial if you wish to continue operations. In a BCP, you can often come across lists of alternative power sources such as generators, where such tools are located, and who should oversee them. The same applies to data. Regularly scheduled data backups can significantly reduce potential losses incurred by a crisis event.

  • Recovery guidelines

    If a crisis is significant, a comprehensive business continuity plan usually includes detailed guidelines on how the recovery process will be carried out.

Business continuity planning steps

Here are some general guidelines that an organization looking to develop a BCP should consider:

Analysis

A business continuity plan should include an in-depth analysis of everything that could negatively affect the overall organizational infrastructure and operations. Assessing different levels of risk should also be a part of the analysis phase.

Design and development

Once you have a clear overview of potential risks your company could face, start developing a plan. Create a draft and reassess it to see if it takes into account even the smallest of details.

Implementation

Implement BCP within the organization by providing training sessions for the staff to get familiar with the plan. Getting everyone on the same page regarding crisis management is critical.

Testing

Rigorously test the plan. Play out a variety of scenarios in training sessions to learn the overall effectiveness of the continuity plan. By doing so, everyone on the team will be closely familiar with the business continuity plan’s guidelines.

Maintenance and updating

Because the threat landscape constantly changes and evolves, you should regularly reassess your BCP and take steps to update it. By making your continuity plan in tune with the times, you will be able to stay a step ahead of a crisis.

Level up your company’s security with NordPass Business

A comprehensive business continuity plan is vital for the entire organization’s security posture. However, in a perfect world, you wouldn’t have to use it. This is where NordPass Business can help.

Remember, weak, reused, or compromised passwords are often cited as one of the top contributing factors in data breaches. It’s not surprising, considering that an average user has around 100 passwords. Password fatigue is real and significantly affects how people treat their credentials. NordPass Business counters these issues.

With NordPass Business, your team will have a single secure place to store all work-related passwords, credit cards, and other sensitive information. Accessing all the data stored in NordPass is quick and easy, which allows your employees not to be distracted by the task of finding the correct passwords for the correct account.

In cyber incidents, NordPass Business ensures that company credentials remain secure at all times. Everything stored in the NordPass vault is secured with advanced encryption algorithms, which would take hundreds of years to brute force.

If you are interested in learning more about NordPass Business and how it can fortify corporate security, do not hesitate to book a demo with our representative.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

10 Best Practices for Email Security to Protect Your Business

With the rise of remote working came a surge in cybercrime. Business Email Compromise (BEC) attacks have seen a 150% year-over-year increase, so the odds are not in any business’s favor. However, staying vigilant and educated can protect your company and avoid such attacks. Keep reading to find out the main dangers business email accounts face and get 10 business email security tips.

What is Business Email Compromise (BEC)?

BEC is a type of cybercrime that involves impersonating a trusted business contact, such as a CEO or supplier, in order to trick employees into transferring money or sensitive information to the criminal’s account. These schemes often involve careful research and social engineering to create a convincing ruse.

According to the FBI, BEC fraud has cost companies over $26 billion globally since 2016, and the threat continues to grow. Small businesses are particularly vulnerable, as they may not have the resources or expertise to detect and prevent these attacks.

One example of a BEC scam involved the director of Puerto Rico’s Industrial Development Company, Ruben Rivera, who mistakenly made the transaction of $2.6 million to a fake bank account. In another case, Ubiquiti Networks Inc., the San Jose-based manufacturer of high-performance networking technologies, fell victim to a BEC attack that resulted in a loss of $46.7 million.

As the use of email continues to be an essential aspect of business communication, it is crucial for companies to remain vigilant and take proactive measures to defend against the threat of BEC.

Phishing is the number one email security threat

Phishing is a type of digital scam that is especially common in emails. It’s a form of social engineering where a hacker tries to deceive an employee into believing the email is coming from a credible source. Phishing emails usually have some sort of CTA: it’s like a form of marketing, if you will. Except that phishing CTAs usually involve clicking on a malicious link or revealing sensitive company data to outsiders.

Well, just like any other marketer, hackers employ creative techniques to improve the conversion rates of their scams. The more deceitful the email, the higher the conversion rate. That’s why phishing emails can be difficult to spot at times. Examples of phishing emails include:

  • Account verification scam. You may receive a phishing email that looks something like this: “Due to a recent security threat, we would like to ask you to verify your account by signing in through the link below. Failing to do so will result in the permanent deactivation of your account.”

  • Fake invoice scam. Hackers may send out emails saying, “We still haven’t received your payment for our services. Please use the link below to complete the transaction.”

  • Spear phishing. This is a more advanced and tailored form of phishing that requires hackers to do some research on your company. For instance, an employee may receive an email that looks like it’s coming from a specific coworker, instructing them to visit a website or disclose information.

Password security for your business

Store, manage and share passwords.

Get NordPass Business

30-day money-back guarantee

Best practices for business email security

Falling for phishing scams can expose your company to data breaches and malware. Taking steps to appropriately ensure the security of your email will help protect your business from phishing and other forms of cybercrime:

1. Conduct phishing awareness training

Emails usually get breached through employee negligence and lack of knowledge. So the first way to increase email cybersecurity is to raise awareness about the main threat: phishing. All employees should receive in-depth training on recognizing and avoiding attempted phishing schemes. The main points to cover here are:

  • Becoming familiar with the main phishing schemes

  • Being suspicious about unusual requests

  • Never clicking on random links received through email

Once employees are familiar with these precautions, your company’s susceptibility to phishing emails will significantly decrease and your business email security will improve in general.

2. Train employees on how to deal with email attachments and suspicious email links

Email attachments and suspicious links are the most common methods cybercrooks use to spread malicious software. Ensure that your employees are well aware of these devious practices and are trained to spot them in real-life situations. With time and a lot of practice, your team will develop a sense for suspicious email links and attachments, which should considerably lower the potential attack vector and significantly improve your overall security posture.

3. Enable multi-factor authentication

You can make your account safer from hackers by connecting your smartphone to your email. Even if the passwords to your email accounts are leaked, no outsiders will be able to access them without having access to the device it’s connected to. All vital business accounts, not just email accounts, should have multi-factor authentication enabled.

4. Avoid using email when on public Wi-Fi

Public Wi-Fi poses massive risks to email security. If it’s unencrypted (which it often is), anybody can connect to the same network. You never know when a hacker will be that someone.

If a hacker intercepts your connection with unencrypted public Wi-Fi and catches you logging into your email, they can steal your email password. It’s best to steer clear of public Wi-Fi altogether, but if connecting to it is necessary, never transmit important data while on it.

5. Avoid using business emails for private purposes and vice versa

Most office jobs these days come with an email address. Some people get the temptation to use the new email address for all sign-ins. Need to sign up for a new streaming service? Well, why not use your brand new business email for that? Everybody else does it, anyway, right?

At first, it might sound like a great idea. Yet using your enterprise email for private purposes and vice versa could cause significant security concerns for you as an individual and the company.

First, using a company email for your personal online activities allows for easier and simpler profiling. Consequently, that could lead to spear-phishing — a targeted phishing campaign or other targeted cyberattacks.

6. Encrypt company email

Encrypting company email using special email security software is a great way to steer hackers away. Encryption ensures that the only people able to view the emails are the sender and recipient. If a hacker intercepts an employee’s Wi-Fi connection or email account, they will not see any sensitive data.

7. Set up email security protocols

Email security protocols are immensely important because they provide an extra layer of security to your digital communications. The protocols are designed to ensure the safety of your communications as they pass through webmail services over the internet. Without the aid of email security protocols, bad actors can intercept communication in a relatively easy manner. Please familiarize yourself with different email security protocols and enable them to ensure secure communications.

8. Improve endpoint security

To further fortify your security stance, take action to improve your endpoint security. Often the easiest and most effective way to boost endpoint security is by implementing security tools for company-wide use.

Consider deploying a VPN like NordLayer — a tool that encrypts the internet connection and data transferred over your business network. Antivirus software is another tool that should be used on all business workstations to ensure a proactive defense.

9. Don’t change passwords too often

Password fatigue is a fact of life — today, the average user has about 100 passwords on their hands. Keeping track of all the passwords is a challenge.

The conventional wisdom regarding password security is that you should change your passwords every 90 days. While that might sound like a reasonable security practice, it could lead to simpler and easy-to-crack passwords being used.

If you know that your employees take password hygiene seriously and craft hard-to-guess passwords and that none of their passwords were ever leaked, then they should stick to the passwords they already use. If any password (no matter how strong it is) is leaked or breached — the change should be immediate.

10. Use strong passwords for email accounts

Strong passwords are the backbone of account safety. Yet businesses often fail to secure their emails with strong passwords. If your business is like this, you should know that the easier the password, the easier it is to hack, especially through brute-force attacks. Brute-force attacks are when hackers try to guess a password by flooding your account with thousands of attempts.

To protect your business email from such attacks, ensure everyone in your organization secures their passwords. Secure email passwords are:

  • Long

  • Complicated

  • Contain different types of characters

  • Unique (never reused from other accounts)

These points are crucial if you want to ensure the safety of your business. However, passwords that are difficult to hack are also difficult to remember. The last thing anyone would want is to secure their account so well that they couldn’t even access it themselves.

Luckily, the business password manager by NordPass can come to the rescue. If all members of your company use it for their accounts, their emails will be safe, and they won’t need to scratch their heads trying to remember their passwords.

Bottom line

Business email security is never a given. Even though platforms like Gmail or Outlook do their best to ensure the safety of their users, you can easily fall victim to hackers if you don’t actively protect your account. By following these five email security best practices, the chances of getting your business emails hacked will be much slimmer because hackers will likely prefer more vulnerable prey.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

UX/UI Designers in cybersecurity: An essential role for a safer digital world

While most people associate cybersecurity solutions with complex code, it also involves a significant amount of design work. That’s where UX/UI specialists come in. But exactly what role do these designers play in the cybersecurity field, and where can we see their impact?

To answer these questions, we talked to two UX/UI designers working at Nord Security, Teodora Žvilaitytė and Irma Škuratovaitė. They shared their experiences and some insights on their work in this challenging industry and how it feels to shape a quality user experience for the world’s fastest VPN. So, without further ado, let’s dive in.

Meaningful work

What makes working in the cybersecurity field exciting and fulfilling for you as a UX/UI designer?

Irma: It is really gratifying to know that I’m helping make the online world safer for millions of people across the globe. And it’s even more rewarding to see that our hard work has been recognized by TIME magazine, which listed NordVPN as one of the best innovations of 2022.

While UX/UI design may not be the most crucial part of the product (the tech side is), it still plays an essential role in ensuring that the security features of NordVPN are accessible and user-friendly. This involves designing intuitive interfaces, clear instructions, and helpful features that guide users in managing their security settings.

Teodora: It’s crazy how cyber threats are everywhere and can affect not just companies but also ordinary people, who often think they are too small to become a target of cybercriminals – but they’re not. Knowing this, I’m glad to work for NordVPN, securing people’s digital lives.

The fact that I’m playing an active role by creating a seamless, enjoyable experience, allowing NordVPN users to take control of their online security, is what makes my job so fulfilling. Seeing how much they appreciate and trust our product is incredibly inspiring, and it gives me a great sense of purpose that is hard to come by.

Skills needed to succeed

UX design is a broad field that covers many areas of expertise. What skills do you need to succeed as a UX pro?

Irma: To work at Nord Security, you need to have open-mindedness, communication, and presentation skills, along with problem-solving abilities. Being open to discussion, feedback, and different viewpoints will help you collaborate more effectively with stakeholders and cross-functional teams and create better design solutions.

Communication and presentation skills are essential for conveying ideas, preparing presentations, and ensuring that the design process runs smoothly. Problem-solving skills are crucial for empathizing with users and finding solutions to their pain points.

Teodora: Besides having strong communication skills, as Irma mentioned, you also need to have a keen attention to detail and a willingness to tackle problems creatively. As a UX/UI designer, you’ll need to balance aesthetics with functionality and security, and sometimes combining these factors can be challenging.

Finally, since the cybersecurity field is constantly changing, you have to be prepared to work in a fast-paced and high-pressure environment, as designers often work on multiple projects and must meet tight deadlines.

Irma: In terms of hard skills, proficiency in Figma is a must, while familiarity with Adobe AI, PS, HTML, CSS, and JavaScript is also important. Creating wireframes and prototypes, knowing user research methodologies, and following accessibility standards are all key. Knowledge of A/B testing and Google Analytics is also beneficial for deeper insights.

Teodora: Figma will definitely be your major tool in this role, along with the web technologies that Irma mentioned. Besides that, knowledge of user experience (UX) design principles, including user research, information architecture, prototyping, and testing, is a must if you want to work in this role. If you’d like to learn more about what UX/UI designer’s job looks like in the cybersecurity field, feel free to reach out to me on LinkedIn.

Irma: Once you join Nord Security, your professional growth will only accelerate. You’ll have access to a supportive community of experts who are always willing to share their knowledge and wisdom. And our learning and development team is absolutely amazing! They provide us with a wide range of learning opportunities, from internal and external training to mentorship programs, workshops, and knowledge-sharing events.

All these resources help us stay up-to-date with the latest trends and technologies in the field and continuously improve our skills. It’s inspiring to work for a company that truly invests in the growth and development of its team members.

Blog inside image girl 2

Exciting challenges

What are the challenges of working as a UX/UI designer at Nord Security?

Irma: As a UX/UI designer on the conversion rate optimization (CRO) team, my main focus is on creating designs that convert. The team helps me to identify pain points, problems, and opportunities for improvement on our website. Based on that, I create wireframes and prototypes and design A/B test variations for our landing pages.

The biggest challenge in this role is to visually communicate and translate complex security concepts and product features into clear, intuitive, and user-friendly designs.

Teodora: Another challenge is ensuring that our products are accessible and easy to use for all users, including those with disabilities. This involves designing interfaces and user experiences in a way that meets accessibility standards and considers their special needs. By doing so, we can provide a secure digital environment that is inclusive and accessible to all.

One more challenge in this role is finding common ground and ensuring that every stakeholder, from product managers to engineers who have different perspectives and priorities, is working towards the same goal. This challenge can be overcome through effective communication, collaboration, and finding a shared understanding of the project goals.

The impact of work

What is the impact of your work on the world’s fastest VPN?

Teodora: Well, my work has a direct impact on the experience of millions of users. One recent project I worked on was introducing a new navigation menu on our global website, which has already improved the user experience for many NordVPN users. Another was optimizing and raising interest for specific audiences in our Amazon (Indirect Sales) store, which has led to increased engagement and sales.

In addition, I am involved in daily suggestions and problem-solving decisions, such as optimizing our landing pages, localizing web content and adapting it to specific countries, etc. It’s amazing to think that my work is visible to millions of people across the globe and that every design decision I make has the potential to impact someone’s online security and privacy. This is a huge responsibility, but it’s also incredibly rewarding to know that I’m making a difference in the world.

Irma: My team and I have a direct impact on the world’s fastest VPN, NordVPN, by creating design solutions that significantly improve landing page conversions. Through data analysis, we were able to redesign sections with better UI and brand compatibility, improve storytelling for clearer communication, and enhance mobile UX on specific components.

Our work is crucial in making NordVPN more accessible to people worldwide, providing them with a secure and easy-to-use digital environment. By constantly improving the user experience, we are helping NordVPN to continue to grow and maintain its position as the leader in the VPN industry, serving millions of users worldwide.

Work in cybersecurity

Want to catch a glimpse of what working with other Nord Security products as a UX/UI designer looks like? Watch the Meet Nord People video. And if you’re ready to take the next step and join our team, explore our UX/UI designer opportunities here!

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

How nameless malware steals your data (and gets away with it)

Imagine if malware got into your computer. In fact, how do you know it isn’t there already? With some help from third-party researchers, we uncovered and analyzed a database of stolen data. It’s big — and the victims likely never knew their files had been stolen.

The discovery of a stolen database

We want to make it clear: we did not purchase this database nor would we condone other parties doing it. A hacker group revealed the database location accidentally. The analysis of the database was conducted in partnership with a third-party company specializing in data breach research. The cloud provider hosting the data was notified so it can be taken down.

1.2 TB database of stolen data

The stolen database contained 1.2 TB of files, cookies, and credentials that came from 3.2 million Windows-based computers. The data was stolen between 2018 and 2020. The database included 2 billion cookies. The analysis revealed that over 400 million, or 22%, of those cookies were still valid at the time when the database was discovered.

We now know that the virus escaped with 6 million files it grabbed from Desktop and Downloads folders. 3 million text files, 900,00 image files, and 600,000+ Word files made up the bulk of the stolen database, but it also contained over 1,000 types of different files.

Screenshots made by the malware reveal that it spread via illegal software (Adobe Photoshop), Windows cracking tools, and pirated games. Moreover, the malware also photographed the user if the device had a webcam.

The dangers of custom malware

Just like with hurricanes, experts love naming dangerous malware. But computer viruses don’t have to have names to be capable of stealing lots of data. The truth is, anyone can get their hands on custom malware. It’s cheap, customizable, and can be found all over the web.

Dark web ads for these viruses uncover even more truth about this market. For instance, anyone can get their own custom malware and even lessons on how to use the stolen data for as little as $100. And custom does mean custom – advertisers promise that they can build a virus to attack virtually any app the buyer needs.

How to stay safe

Based on the feedback from the researchers, it may be impossible to tell whether a file is infected. If the malware is new, no antivirus can recognize it. The only way to stay safe is to follow good cyber hygiene rules:

  • Web browsers are not good at protecting sensitive data. Use password managers to protect your credentials and auto-fill information.
  • Malware can’t access encrypted files. Services like NordLocker protect your files both on your computer and the cloud, so malware can’t just grab them.
  • Some cookies are valid for 90 days, and some don’t expire for an entire year. Make deleting cookies a monthly habit.
  • Peer-to-peer networks are often used for spreading malware. Only download software from the developer’s website and other well-known sources.
  • All malware gets recognized eventually. Make sure that your antivirus is always updated to prevent old viruses from slipping through the cracks.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

How ScottMadden rolled out security integration with Azure AD

ScottMaden is a management consulting group that supports Fortune 500 companies. The service provider focuses on two primary business areas: the energy sector and corporate & shared services. With 40-year experience in the industry, ScottMadden provides its clients with strategic planning through implementation across different business fields and functions.

Addressing numerous global clientele challenges represents ScottMadden’s expertise in sophisticated planning. Therefore, how does a company with up to 250 full-time employees throughout the United States and three local East Coast offices face internal security issues? Clinton Miller, IT Director of ScottMadden, shares their story on filling in the missing links in the organization’s cybersecurity strategy.

The Challenge

Securing employees on the go the right way

The company consults domestic and international clients — employees travel quite a bit to client sites and work hands-on on their projects. Hence, a hybrid work model wasn’t the new normal for the organization once the pandemic hit.

ScottMadden consultants spend a lot of time in airports and other public spaces where they would connect to the airport or mobile hotspots and hotel wifi. Yet, the company’s solution wasn’t as good for protecting and running smoothly while traveling.

“The concern was to improve the existing security model and ensure our employees had an encrypted connection regardless of which network they were on.”

Click to tweet

Having better performance, following industry best practices, and fulfilling client requirements to protect data outside the office were the driving factors in looking for a change. But is there a solution that can solve the problem effectively and efficiently onboard?

The Solution

Streamlined client drive-out to different environments

The traveling ScottMadden consultants and employees working from home used to rely on browser-based encryption. Using built-in data encoding in Office365 applications allowed them to perform job tasks and communicate with teams with some security levels.

However, the issue was the poor connection flow while video conferencing — latency is a deal breaker for online business meetings in a remote setup.

“Everyone during the pandemic did a lot of video conferencing via Google Meet, Microsoft Teams, or Zoom. We aimed to ensure there was a minimal impact on video calls.”

Click to tweet

One thing is handling latency to elevate employees’ and clients’ experience. But can the transition process administratively have a minimal impact on existing company infrastructure and cybersecurity strategy?

“One of the things we wanted to do was to push out the client fairly easily, operating on an SSO solution already in use.”

Click to tweet

ScottMadden uses solution Azure AD single sign-on solution for user identification within the organization. The company operates in macOS and Windows environments, so the chosen solution had to fit into the criteria for integration and simplicity.

Why choose NordLayer?

NordLayer solution is compatible with major service providers on the market. Thus, the company could integrate with AzureAD IAM solution and roll out organization-wide onboarding to a new solution using existing SSO.

The endpoint management solution allowed remote access in macOS and Windows environments.

“The implementation of NordLayer went a lot easier when we connected clients to Azure AD. It relieved us from setting up new individual accounts for every 250+ people in the organization.”

Click to tweet

The IT Director handled the process — it didn’t require a lot of resources and time to deploy the solution in the organization.

Organization onboarding using Azure AD by ScottMadden

According to Clinton Miller, the IT Director of the company, the longest step was to create an Azure group and add NordLayer. Once it was solved, the complete rollout to NordLayer solution took only a few hours.

The Outcome

Onboarding to a chosen solution enabled the company to secure team connections and extensive access to functionalities that comply with ScottMadden set benchmarks. Achieving data security didn’t have to compromise connection speed and video conferencing quality.

“Anytime employees are outside the office – at home or coffee shop – wherever they might be, we validated that they can reach all the services they needed, and speed wasn’t an issue.”

Click to tweet

The transition to the new tool was heavily based on the company’s SSO. The documentation, knowledge base, and support team are highly responsive with communication to walk IT leaders through the process.

“For other potential decision-makers: onboarding NordLayer isn’t a heavy lift — you have the support and knowledge base ready, so it’s pretty straightforward.”

Click to tweet

Moreover, NordLayer’s Control Panel provides a good cross-reference point for those using the tool while working outside the office by filtering ongoing active connections.

It also delivers another step in the reporting process for the IT admin and the whole organization. For instance, it verifies that the organization follows internal policies by exporting connection data to verify and justify to a third-party audit.

Pro cybersecurity tips

Different sectors, industries, and services, but the same goal unites every organization’s IT leaders — securing their company assets. Following best practices and professional knowledge helps achieve security targets easier. Clinton Miller, the IT Director at ScottMadden, shares his top-on-the-list tips:

Do you need to upgrade existing tools used in your organization to align with best practices in the industry, improve processes and performance for the team, or expand your capabilities of tracking and reviewing the implemented security strategy?

Using NordLayer, you can integrate more features and functionalities with the organization’s preferred tools, service providers, and IAM solutions. It is possible without committing to massive changes and re-organizing current policies and infrastructure. Reach out to find out about your options on how to secure connections for the off-office employees and improve their experience while working online.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×