Category: Microsoft

Defending against cyber attacks – Antivirus software and antivirus employees

Posted on July 13, 2020 by - Access

Defending against cyber attacks – Antivirus software and antivirus employees

There are two basic defenses you should have in place to defend against cyber attacks One is technological, the other is human. Together, the two can go a long way to protecting the integrity and security of your data.
Antivirus software and network protection – One of the risks you face these days is the one that is most likely to damage your brand. It is the one most likely to deeply undermine customer confidence and trust. That risk is a data breach. If you experience some form of data breach where your clients perceive their data has been compromised, your brand is damaged permanently. More importantly, you are likely liable for the financial consequences of a data breach. Make sure that your systems are protected by the latest antivirus software and that you are consistently updating it. New viruses appear every day, so outdated antivirus software is less likely to protect you.

Employee training – One of the tools for risk managers is risk avoidance. Avoid getting into trouble in the first place. Training employees about their responsibility for data security is critical. One of the primary ways that hackers and thieves gain access to corporate data is through employee error. Every employee should be trained on proper password behavior. Simple guidelines about changing passwords frequently and never sharing passwords are basic but important first steps. Additionally, employees need to be trained to identify fake websites and phishing scams. Opening emails with bad attachments and links is a principal source for entry into company accounts and databases. A managed service provider can provide tips and guidance on training your employees about data security.

In summary, small businesses need to be aware of the risks that exist out there and make plans so they are not caught flat-footed when disaster strikes. It is especially important for smaller firms to be aware of this because they are the least likely to have the deeper pockets to be able to rebound after a catastrophic event hits their business. A managed service provider is an excellent resource for developing a risk management plan for your IT infrastructure.

Managing risk: Keeping IT up and running

Posted on June 12, 2020 by - Access

Managing risk: Keeping IT up and running

So why are we addressing risk management? Because every firm needs to make plans if something bad happens. It could be a fire, flood, hurricane, extensive power or broadband outage, even an act of terror, but any of these events could affect your IT infrastructure or capacity to connect to it. And many smaller firms fail to recognize how reliant they are on their IT infrastructure. Here are two tools that can help keep your IT infrastructure operational in the event of a disaster.

VoIP– This is an interesting option. You may have the standard PBX system that handles switching calls that are directed within your physical organization, and it may even allow call forwarding, but that is all it usually permits. VoIP systems allow dramatically aggressive approaches to call forwarding, including time windows. This makes it easier to maintain voice connections even if access to a physical site has been blocked. VoIP also offers many innovative features such as voice-to-text and voice-to-email that can increase productivity.

Uninterruptible power supplies (UPS) and surge protection – Don’t forget the obvious. Risk management means looking at one of the key risks any business faces: power interruption. What would you do if a long term power event occurred? Could you just tell your customers “oops-sorry?” That won’t likely work very well. There are uninterruptible power supply systems using battery support, natural gas and other fuels which can provide support for as long as is needed.
Contact a managed services provider to discuss inhouse UPS management.

Managing Risks: Small firms need to wake up

Posted on April 13, 2020 by - Access, Consulting, Security

Managing Risks: Small firms need to wake up

You may not think too much about serious disasters. Most of us focus on the day-to-day chores of running our businesses and keeping revenues up. However, there are long term planning concerns that many firms just avoid. Those concerns are managing the risk to your business if something very bad happens. This long-term planning is called risk management and it is the dullest topic ever—until something bad happens.

Business school academics have varying definitions of risk and risk management, but for our purposes the concepts are fairly simple. Risk is the negative uncertainty that comes from any potential loss. Risk management is the collection of activities a business undertakes to mitigate, avoid, and transfer the losses that might damage the business due to some negative event.Risk management, now frequently referred to as Enterprise Risk Management, has been an area of business focus for decades. Businesses have long recognised that they need to look at the financial risks they might face if something happened to their physical assets or were confronted with major litigation. However, in the past few decades, there has been a stronger and broader focus on the entire spectrum of risks that confront a business which has begun to push the issue to the C-suite level. Unfortunately, while large businesses devote serious resources at the the highest level to managing risk to protect their organization, smaller firms often spend little or no time considering risk as an important business issue. Even smaller firms who do take the time to think about protecting against operational threats may be unlikely to consider threats that are a degree or two of separation away from their core business. That means that technology infrastructure may be ignored if, and when, business continuity and disaster recovery plans are being considered.

Background: Why is risk management gaining greater visibility? As noted, risk management isn’t new. However, the last few decades have seen the United States face two major catastrophic events: Hurricane Katrina in 2006 and the terror attacks in 2001. Both brought to the fore the consequences to businesses who are unprepared, as well as the reality that very bad things can happen.

Globalization has also shown that distance does not shield us from the consequences of far away events. The earthquake and subsequent tsunami that hit Japan in 2011 reminded manufacturers and businesses in the United States about the consequences of their reliance on long supply chains and just-in-time inventory.

Another new threat that has alerted even the smallest firms to their vulnerability is technological. For a small firm, a major man-made or natural disaster may seem too distant to distract management from day-to-day operations, but the emergence of cyber threats, ransomware, hacking and data theft has really hit home for every organization out there. Even smaller firms totally focussed on making it day-to-day are taking notice of this threat. Have you really given thought to how you would handle a disaster?

Click to contact us for more information about managing IT risks.

Website cloning: Don’t fall for that trap!

Posted on January 14, 2020 by - Compliance, Managed Services, Office365, Policy, Professional Services, Security, Security and Compliance

Website cloning: Don’t fall for that trap!

Have you watched one of those horror movies where the something impersonates the protagonist only to wreak havoc later? Well, website cloning does the same thing–to your business–in real life. Website cloning is one of the most popular methods among scammers to fleece you of your money.

As the name suggests, the cybercriminal first creates a ‘clone’ site of the original one. There can be a clone of any website, though retail shopping sites, travel booking sites and banks are the favorites of cybercriminals. The clone site looks exactly like the original one, barring a very miniscule change in the url.

Next, they will create a trap intended to get unsuspecting victims to visit the clone site. This is usually done via links shared through emails, SMS messages or social media posts asking them to click on a link to the clone site. The message urges the recipient to take an action. For example, a message that presents itself as though it is from the IRS, asking the recipient to pay pending taxes by clicking on a specific link to avoid a fine or business shutdown, or an SMS about a time-bound discount on iPads. Sometimes, they go straight for the target and masquerade as a message from your bank asking you to authenticate your credentials by logging into your banking portal–the only glitch, the banking portal will be a clone.

Staying safe

So, how do you identify a clone website and a dubious message?

  • Does the email sound too good to be true? Well, then it probably is. Nike giving away free shoes? Emirates Airlines giving you free tickets to Europe? Apple iPhone X for just $20? All of these scream SCAM!
  • Even if the message sounds genuine, such as an email from your bank asking you to authenticate your login credentials, check the email header to see if the sender’s email domain matches your bank’s. For example, if your bank is Bank of America, the sender’s email ID should have that in the domain. Something like customercare@bankofamerica.com could be genuine, whereas, customercare@bankofamerica.net is suspicious.
  • Check the final URL before you enter any information to make sure it is the actual one. Most shopping/banking websites, where payments are made and other personal details are shared are secure (HTTPS)and will have a lock symbol at the beginning of the URL. Also, check the domain. For example, something like- www.customerauthentication.com/bankofamerica is not

Identifying a cloned website is tricky, but it is not something you can afford to ignore. Giving away your personal and financial information to a fraudster can cause a lot of harm to you and your business.

Click here to learn more about our cybersecurity and compliance solutions.

BYOD=Bring your own disaster?

Posted on January 12, 2020 by - Compliance, Managed Services, Office365, Policy, Professional Services, Security, Security and Compliance

BYOD=Bring your own disaster?

Workplaces today have changed. They extend beyond the working hours, beyond the cubicles. Whether you are commuting to work or even vacationing, chances are you or your employees take a break from the break to reply to those important emails that require ‘immediate action’. Plus, there may even be employees who are not even on the same continent as you. What does all this mean for your business in terms of IT security? Does BYOD translate to bring your own disaster to work? This blog explores the risks of BYOD culture and offers tips on how you can avoid them.

When you adopt a BYOD culture at your business, you are opening the virtual floodgates to all kind of malwares and phishing attacks. Your employee may be storing work-related data on their personal devices and then clicking a malicious link they received on their personal email or (even whatsapp in case of tablets or smartphones) and put your entire network at risk. Secondly, you cannot control how your employees use their personal devices. They may connect to unauthorized networks, download unauthorized software programs, use outdated antivirus programs etc,. Even something as simple and harmless as the free wifi at the mall can spell danger for your data.

What you can do?

First of all, if you have decided to adopt the BYOD culture in your organization, ensure you have a strong BYOD policy in place. It should cover the dos and don’ts and define boundaries and responsibilities related to the BYOD environment.

It also makes sense for you to invest in strong antivirus software and mandate those employees following the BYOD model to install it. You can also conduct device audits to ensure your employee’s personal devices are up-to-date in terms of software, security and firewall requirements to the extent that they are safe to be used for work purpose.

And one of the most important aspects–train your employees on the best practices related to basic data security, access and BYOD environments. This will ensure that they don’t make mistakes that prove costly to you. You can conduct mock drills, tests and certifications and provide the BYOD privilege to only those who clear your tests. You could also use positive and negative reinforcements to ensure everyone takes it seriously.

BYOD is great in terms of the flexibility it lends to both–the employer and the employee, and the trend is here to stay. It is up to businesses to ensure it helps more than it can hurt.

Click here to learn more about our cybersecurity solutions.

3 things your Managed Services Provider (MSP) wants you to know

Posted on January 2, 2020 by - Compliance, Managed Services, Management, Office365, Policy, Professional Services, Security, Security and Compliance

Are you considering bringing a MSP on board? Or perhaps you already have one. Either way, for you to truly benefit from your relationship with a MSP, you need to build a solid bond with them. As a MSP who has been in this business for long, I can tell you the 3 important steps that will help you get there.

Share, share, share

Your MSP is your IT doctor. Just as you would share everything about your health with your doctor, you need to share everything related to your business that impacts your IT, with your MSP. Give us an overview of your business and answer questions such as

  • What you do exactly as a business
  • Who are your key clients
  • Which industry verticals do you serve
  • What are your peak and lull seasons, if you have them
  • What are the core regulatory codes that apply to you based on the industries you work for
  • What are your business expansion plans for the near future and in the long run

Sometimes clients shy away from discussing all these things because they don’t trust the MSP enough. There is a fear of the MSP sharing business plans and other confidential information with their competitors. As a MSP, I can tell you that we work best with clients who trust us. When you are trusting us with the lifeblood of your business–your IT infrastructure, you should be able to trust us with your plans for your business.

Let’s talk often

While it’s great that you outsource your IT completely to us, it is still important that we meet and talk. Your business needs may change over time and we don’t want to be caught off-guard. We know you are busy, but set some time aside every month or even every quarter to catch up with us and discuss your IT challenges and needs.

Take us seriously

Your IT is our business, and we take our business very seriously. So, when we tell you something, such as–to implement strong password policies, limit data access, upgrade antivirus, etc., please take notice!

Teamwork forms the core of any successful relationship. Same holds true for your relationship with your MSP.  Trust us, pay attention to us and hear us out. We’d love that…and we’d love to work with you!

Don’t make these IT mistakes as you grow!

Posted on December 31, 2019 by - Compliance, Managed Services, Office365, Policy, Professional Services, Security, Security and Compliance

During the course of IT consultancy, we come across a lot of clients who are not happy with the way their IT shaped up over the years. They feel their IT investments never really yielded the kind of returns they expected and come to us looking to change the trend. When analyzing the reasons for the failure of their IT investment, here’s what we come across most often.

Not prioritizing IT

This is the #1 mistake SMBs make. When focusing on growing their business, most SMBs think marketing, sales and inventory, but very few consider allocating resources–monetary or otherwise towards IT. IT is seen as a cost-center, rarely prioritized and any investment in IT is made begrudgingly.

Going for the fastest, latest or even the ‘best’ technology–which may not be the best for you

This is in contrast to the issue discussed above. Many SMBs realize the key role that IT plays in their business success. But they tend to get carried away and invest in the latest IT trends without considering whether it fits their business needs well, or if they really need it. Sometimes it is just a case of keeping up with the Joneses. But, why spend on the fastest computers or largest hard drives when you get only incremental productivity benefits?

Your team is not with you

When you bring in new technology or even new IT policies, it is your team that needs to work on it on a daily basis. If your staff is not on the same page with you, your IT investment is unlikely to succeed. So, before you make that transition from local desktops to the cloud, or from Windows to iOs or roll out that new BYOD policy, make sure you have your staff on your side.

You are not sure how to put it to good use

The lure of new technology is like a shiny, new toy. Investing in something popular and then not using it to its maximum is commonplace. Make sure you make the most of your investment in IT by providing your staff with adequate training on how to use it.

IT can seem challenging to navigate when you have to do it all by yourself. It entails steep costs when taken care of in-house. Add to that the complex task of deciding what IT investment you will benefit the most from and then training your team to use it…all of this is pretty daunting when you have to do it all by yourself. A MSP has the experience and expertise needed to be your trusted partner and guide in these challenges, helping you make the most of your IT investment.

Click here to learn more about our managed service provider solutions.

Assessing your MSP in the first appointment

Posted on December 29, 2019 by - Compliance, Managed Services, Office365, Policy, Professional Services, Security, Security and Compliance

Handing over your IT to a MSP is a major decision. Who do you choose and more importantly, how? While there’s no rulebook that will tell you exactly how to proceed, here are a few hints that can help you decide how invested your prospective MSP is into you.

How well do they know your industry vertical

It is important that your MSP truly understands the industry-specific IT challenges you face so they can help you overcome those challenges effectively. For example, do you have a commonly used software program or any governmental or regulatory mandates that you must be adhering to. Is your MSP knowledgeable on that front?

How well do they know you and your values

How well does this MSP know your business in particular. Have they invested time in learning a bit about you from sources other than you–like your website, press releases, etc.? Do they understand your mission, vision and values and are they on the same page as you on those? This is important because you and your MSP have to work as a team and when start to see things from your point of view, it is going to be easier for you to build a mutually trusting, lasting relationship with them.

References and testimonials

References are a great tool to assess your prospective MSPs. Ask them to provide you with as many references and testimonials as they can. It would be even better if their references and testimonials are from clients who happen to know you personally, or are in the same industry vertical as you or are well-known brands that need no introduction.

Are they talking in jargons or talking so you understand

Your MSP is an IT whiz, but most likely you are not. So, instead of throwing IT terminology (jargons) on you, they should be speaking in simple layman terms so you understand and are comfortable having a conversation with them. If that doesn’t happen, then probably they are not the right fit for you.

Were they on time

Did your MSP show up when they said they would? Punctuality goes a long way in business relationships and more so in this case as you want your IT person to ‘be there’ when an emergency strikes.

While there are many factors that go into making the MSP-client relationship a success, the ones discussed above can be assessed during your very first meeting. They are kind of like very basic prerequisites. Make sure these basic conditions are fulfilled before you decide on a second meeting.

Click here to learn more about our managed service provider solutions.

Hiring seasonal staff? Here are a few things to consider from the IT

Posted on December 27, 2019 by - Break-Fix, Compliance, Consulting, Disaster Mitigation, HIPAA, Managed Services, Management, Office365, PCI DSS, Policy, Professional Services, Project Management, Security, Security and Compliance, Software, Training

In many industries, there are seasonal spikes in business around specific times. For example, CPAs/Accounting firms, though busy all year, generally see a spike in business around the time of tax planning, IRS return filing, etc., the retail industry sees a boom around the Holiday Season, and so on. During such peak times, it is common practice in the industry to employ part-time staff to meet the immediate resource needs. While this works well in terms of costs and for handling additional work/client inflow, this poses a few challenges from the IT perspective. In this blog, we explore those challenges so you know what to watch out for before bringing part-time staff on board.

Security

When you are hiring someone part-time, security could be a concern. You or your HR person may have done a background check, but their risk score nevertheless remains much higher than permanent employees who are on your payroll. Trusting a temp worker with customer and business data is a risky choice.

Infrastructure

Having seasonal employees is a good solution to temporary spike in workload. But, there is still a need to provide your temps with the resources they need to perform their tasks efficiently. Computers, server space, internet and phone connectivity, all need to be made available to your temp workforce as well.

Lack of training

Your permanent employees will most likely have been trained in IT Security best practices, but what about your temps? When hiring short-term staff, SMBs and even bigger organizations rarely invest any time or resources in general training and induction. Usually brought in during the peak seasons, temps are expected to get going at the earliest. Often IT drills and security trainings have no place in such hurried schedules.

Collaboration needs

Often businesses hire seasonal staff from across the country or even the globe because it may offer cost savings. In such cases when the seasonal staff is working remotely, there is a need to ensure the work environment is seamless. High quality collaboration tools for file sharing and access and communication needs to be in place.

Having part-time or seasonal staff is an excellent solution to time-specific resource needs. However, for it to work as intended–smoothly and in-tandem with the work happening at your office, and without any untoward happenings–such as a security breach, businesses need to consider the aspects discussed above. A MSP will be able to help by managing them for you, in which case hiring temps will be all you need to think of.

Click to learn more about our managed service provider solutions.

IT Red Flags to Watch Out For

Posted on December 24, 2019 by - Compliance, Managed Services, Office365, Policy, Professional Services, Security, Security and Compliance

As someone running a SMB, you probably have a lot on your plate. You are the core decision maker, responsible for growing your business, keeping your clients happy and getting all the working done. Often, when you have so much going on, one area that gets overlooked is IT. When you are so busy looking into other things, the start of IT issues may slip your watchful eyes. In this blog, we discuss the IT red flags that you need to watch out for.

Adware ambush

This happens generally when your internet browser has been hijacked and an adware has been sneaked into your system. When you try to surf the net using a hijacked browser, you will find online ads popping up everywhere. And by that we don’t mean the few sponsored search results or a couple of ads that show up when you browse a site. We are talking about ads showing up just about everywhere on your browser. Even a simple link click will take you to an unintended page. It is so evident, you just cannot miss identifying an adware ambush!

Strange pop-ups

Much like the Adware ambush, strange pop-ups show up when you least expect them. For example, you may be trying to open a presentation or a document and a series of pop-up windows will appear before you are allowed access to the file. Watch out for these, as they indicate the presence of a malware in your system.

Spam/Fake emails

If, all of a sudden, you see a lot of spam emails being sent from your/your staff’s official email IDs, there may be a worm at work. Often email worms enter the IT system through the download of one infected file and then replicate themselves across the network via email. Worms do this by penetrating the victim’s email security and spread itself across all of the victim’s email contact list through automated emails that look as if they were actually sent by the victim. So, is Sam from Accounting sending you a lot of junk emails? Probably time to get his PC checked.

A lot of what used to work before is now broken

We all have minor software and hardware issues here and there. But, if all of a sudden, a lot of stuff that used to be up and running seems to be broken, it screams “Red alert”! It could mean that the malware is slowly taking over your IT system, one program at a time.

Bottomline–Surprises are good, but not so much in IT. If you find anything amiss, anything different, like a machine that suddenly slowed down, or a program that just doesn’t work anymore or a new plug-in added to your browser or a new homepage, it’s better to take a deeper look and arrest the problem before it spreads elsewhere wreaking havoc through your IT network.

Click here to learn more about our IT consulting services.