• Time for a Better IT Services Company?
    Call (905) 763_-7896
  • IT services toronto

CAMH Mental Health Resources

Thank you for tuning into our webinar with CAMH about “Mental Health Practices Every Business Can Replicate For a Healthy Culture”. These are  the resources that you can turn to for further information, recommended by Dr. Donna Ferguson during our webinar. We truly hope that these tools are helpful for your journey towards a better culture and mental health practices within your own organization.

CAMH and PACE Webinar

Crisis Resources

Crisis Services Canada

www.crisisservicescanada.ca

1 833 456-4566 (phone)

45645 (text)

Services offered: Phone support available 24/7 and text support from 4:00 p.m.to midnight

 Hospital Emergency Departments

If you need help, you can go to a hospital’s emergency department. However, unless you are assessed as being a danger to yourself or others, the health care professional at the hospital (e.g., doctor, nurse) is unlikely to admit you as an inpatient. Instead, they may suggest that you return home or stay with a friend or family member as long as you have someone with you for support.

Some people find it stressful to be in a hospital where they are separated from their usual supports and must follow rules, regulations and structured programs. However, others may find that this is the safest place for them to be in a severe crisis.

Mobile Crisis Intervention Teams and Other Mobile Crisis

Services

In Toronto, mobile crisis intervention teams pair a specially trained police offer with a mental health nurse to respond to crises involving people with mental health issues. Outside of Toronto, crisis outreach and support teams have a similar function to mobile crisis intervention teams, but involve a plain clothes officer rather than a police officer in uniform. Like many other health care services, mobile crisis teams are more likely to operate in cities and larger communities than in rural areas. Some mobile crisis teams don’t involve a police officer, but may just consist of crisis workers. To reach a mobile crisis intervention team, call 911, or contact your local hospital, community mental health agency or a Community Care Access Centre.

Toronto

Gerstein Centre Crisis Line

416 929-5200

Services offered: Non-medical crisis intervention for people experiencing a mental health or substance use related crisis who either don’t need hospitalization or don’t want to be hospitalized

Eligibility: Must live in the catchment area south to the lake, north to Eglinton, west to Jane St., east to Victoria Park

St. Mike’s Hospital Mobile Crisis Team

Accessed by calling 911 (no direct phone number)

Services offered: A mobile crisis team that consists of a police officer and mental health nurse who work 11:00 a.m. to 9:00 p.m., seven days a week

ConnexOntario

www.connexontario.ca

1 888 531-2600 (phone or chat)

Services offered: Free, confidential health services information for people with alcohol or other drug problems, and/or people with mental health or gambling issues.

Other Mental Health Resources

Anxiety Canada: https://www.anxietycanada.com/ A Canadian organization
that offers free CBT-based online resources for learning about and managing anxiety.

https://www.anxietycanada.com/articles/what-to-do-if-you-are-anxious-or-worried-about-
coronavirus-covid-19/

Centre for Addiction and Mental Health (CAMH): http://www.camh.ca/covid19

Ontario Psychological Association (OPA): https://www.psych.on.ca/

Daily Tips for parents: https://childmind.org/

Positive Psychology Kit: https://positivepsychology.com/the-crisis-kit/

310 COPE: https://www.yssn.ca/310-COPE

Mind your Mind Online Support: https://mindyourmind.ca/

Centre for Clinical Interventions: https://www.cci.health.wa.gov.au/ – an Australian organization that offers a number of free CBT-based online workbooks for a variety of mental health concerns. The workbooks can be found here: https://www.cci.health.wa.gov.au/Resources/Looking-After-Yourself

Centers for Disease Control and Prevention: Information on how to manage stress and anxiety during COVID-19: https://www.cdc.gov/coronavirus/2019-ncov/prepare/managing-stress-anxiety.html

Anxiety and Depression Association of America
A US association of clinicians and researchers who work in the areas of anxiety and depression: https://adaa.org/learn-from-us/from-the-experts/blog-posts/consumer/covid-19-lockdown-guide-how-manage-anxiety-and

American Psychological Association
Past research findings and tips to help reduce COVID-19 anxiety https://www.apa.org/news/apa/2020/03/covid-19-research-findings

Depression & General Self Help Books

Greenberger, D., & Padesky, C.A. (2016). Mind over mood: Change how you feel by changing the way you think, 2nd ed. New York, NY: Guilford Press.

Link to external link showing what languages this is translated into  https://www.mindovermood.com/all-translations.html

Teasdale, J., Williams, M., & Segal, Z. (2014). The mindful way workbook: An 8-week program to free yourself from depression and emotional distress. New York, NY: Guilford Press.

Gilson, M., Freeman, A., Yates, M.J., and Morgillo Freeman, S. (2009). Overcoming Depression: A Cognitive Approach: Workbook. Oxford University Press Inc. New York.

 

Thank you for tuning into our webinar with CAMH about “Mental Health Practices Every Business Can Replicate For a Healthy Culture”. These are  the resources that you can turn to for further information, recommended by Dr. Donna Ferguson during our webinar.

CAMH X PACE is Collaborating in a Webinar on Corporate Culture & Mental Health Best Practices

Mental Health Best Practices Every Business Can Replicate For A Healthy Corporate Culture

We are excited to announce that we will be collaborating with Dr. Donna Ferguson from The Centre For Addiction and Mental Health (CAMH) in a webinar all about “Mental Health Practices Every Business Can Replicate For A Healthy Corporate Culture”. This webinar will be hosted alongside our very own CEO, Shael Risman who has been a long-time CAMH supporter and speaker on corporate culture and mental health. If you are a business leader looking to adopt mental health practices within your own organization, if you manage a team, or if you would like to learn about ways to encourage a more inclusive and healthy professional space, then you need to tune into this webinar. There will be tons of amazing resources and content that we will be sharing from both of our playbooks. To register for this webinar taking place on Friday, September 11th at 12pm, please sign up here: https://us02web.zoom.us/webinar/register/WN_jwQ45MjDTXem0zwlaF8BdA

CAMH and PACE Webinar

Mental Health Best Practices Every Business Can Replicate For A Healthy Corporate Culture We are excited to announce that we will be collaborating with Dr. Donna Ferguson from The Centre For Addiction and Mental Health (CAMH) in a webinar all about “Mental Health Practices Every Business Can Replicate For A Healthy Corporate Culture”. This webinar

Why is MFA So Important For Your Toronto Business?

The Importance of Multi-Factor Authentication aka MFA

These days passwords can be easily compromised. MFA increases your defenses by requiring multiple forms of verification to prove your who you say you are when signing into business applications. It is part of a 360-approach to full cyber-security for your business. By implementing MFA throughout your entire organization, you minimize the likelihood of cyber threats and breaches. Here are 5 reasons why it is so important that your business implements MFA right now.

Identity theft is on the rise. When you turn on the news, you hear dozens of stories about businesses being attacked by cyber-criminals every day. Implementing MFA is like having an extra layer of security that gives hackers a much harder time to break into your infrastructure.MFA and Identity Theft

Threat actors are targeting small businesses. A 360 approach to cyber-security isn’t only for fortune 500 companies or fast growing start-ups. MFA is easy for any small business to implement, and regardless of the size or industry of your organization it is a necessity. MFA and Small Businesses

Stronger perimeter security. Cyber-security defenses and tools like anti-virus and firewalls are absolutely necessary, however they are only a subset of what is required to keep you safe. MFA elevates your security to the next level and makes your existing perimeter security even better.perimeter cybersecurity

Business leaders and decisions makers are targets for cyber-criminals. One successful phishing attempt can lead to the demise of your entire organization. It is important that highly privileged users are properly protected at all costs. Business reputation is one of the hardest things to get back. Once it’s tarnished, it can sometimes never be regained.Cyber whaling

MFA is Everywhere. If you haven’t already noticed, MFA is used in the majority of applications that you use right now. From social media accounts, online banking, to email platforms, MFA has been widely adopted, so implementing it into your business should be a no-brainer.MFA

If you’d like to setup MFA for your Microsoft Office 365 account, visit our step-by-step tutorial here. Want to learn more about our Managed IT Support Services in Toronto or Cloud Solutions for your business in the GTA, please reach out to us at sales@pacetechnical.com or book a complimentary meeting here.

Book A Meeting With PACE

The Importance of Multi-Factor Authentication aka MFA These days passwords can be easily compromised. MFA increases your defenses by requiring multiple forms of verification to prove your who you say you are when signing into business applications. It is part of a 360-approach to full cyber-security for your business.

Zoom Meeting Best Practices For Working From Home

Zoom Meeting Best Practices You Didn’t Know You Needed

Many of us now welcome the workday with video conference calls since the pandemic has changed the way we work. Just because normal business meetings are not happening within the walls of a board room or office space, etiquette and rules still apply. So, whether you are working from our home office, dining table or bedroom, here are 7 tips for Zoom meeting best practices (and webinars) that will set a professional tone.

  1. During webinars, you should only allow the main host and panelists to share their video with the audience. You can also enable audio and screen sharing for presenters only. This way your attendees will be able to focus on the presentation, and they will be able to interact via chat, polls, or a Q & A session.Zoom Meeting Best Practices
  2. If you want more privacy within your meetings or webinars, you can enable passwords that will only allow authorized attendees to join in.Zoom meeting passwords
  3. When it comes to screen sharing, you can click the security icon to enable or disable screen sharing within your meetings.Enable and Disable Screen Share and Annotation for Participants in Zoom meetings
  4. If your meeting is of a private nature or only for a specific group of peers, we recommend locking your meeting to prevent other co-workers or participants from being able to join.Zoom web client – Zoom Help Center
  5. During meetings, you can disable private chat to allow for participants to be more present and less distracted by personal private chats going on in the background.Controlling and disabling in-meeting chat – Zoom Meeting
  6. Leverage poll questions to gauge your audience and keep them engaged during your presentations and webinars. Active participation not only encourages the audience to stick around longer, but it is also great for collecting insights that can help you with topics that you want real-time insights on.Polling for meetings – Zoom Help Center
  7. Host a Question and Answer session towards the end of your webinar to allow participants to ask their questions and voice their feedback.Getting started with Question & Answer – Zoom Help Center

Pro-Tip: When it comes to webinars, always provide your contact information towards the end in case participants want to reach out with private questions or concerns. You can also, provide links to resources and relevant content that they may find interesting, or feature any specials or promotions that you have to offer.

Want to learn more about Video conferencing solutions or Managed IT Services in Toronto for your business? Reach out to us at sales@pacetechnical.com or book a complimentary meeting here.

Book A Meeting With PACE

Zoom Meeting Best Practices You Didn’t Know You Needed Many of us now welcome the workday with video conference calls since the pandemic has changed the way we work. Just because normal business meetings are not happening within the walls of a board room or office space, etiquette and rules still apply. So, whether you

The Role of Multi-Factor Authentication in Business Cloud Security

Why your business needs Multi-Factor Authentication like yesterday

Have you noticed that many of your accounts now require extra steps before you can login? Access is no longer granted by simply providing an email and password; you also need a code generated by an app, telephone or email to gain full access. Welcome to the world of Multi-Factor Authentication, also known as MFA or 2-Factor Authentication. MFA usually uses three things in order to verify who you say you are. In short, it consists of “something you know, something you have, and something you are”.

Multi-Factor Authentication Fingerprint

It can be annoying always having to grab your cellphone or check your email every single time you need to login to an account right? While Multi-Factor Authentication might feel slightly inconvenient, it is definitely put in place for all of the right reasons. Think about having double locks on the front door to your home. By having MFA, it is unlikely that someone will have both keys to your account, which makes it harder to break in. While cyber-criminals can still find loopholes to get their hands on your username or password, once they don’t have the MFA code, it makes it harder for them to break down the door and gain access your account.

Multi-Factor Authentication

What’s The Big Deal About MFA and Your Business Cloud?

Sometimes, all it takes is getting a backdoor entry into your organization and it’s game over. It takes one untrained employee to give up their credentials in a phishing attempt and the entire company can be compromised. However, if you have enabled MFA on services like Office 365, it makes it much more difficult to get in. Without MFA, traditional cyber-security precautions can be compromised. Anti-virus, firewalls, encryption tools, network monitoring can all be by-passed if a threat-actor gets their hands on credentials to your accounts.

So why is MFA so important to safeguard your cloud accounts and why should you consider adding an extra layer of security? Just like the previous analogy of having double locks on your front door, the same goes for passwords and the ways we authenticate against our systems. Your Business Cloud is just one of many enterprises that you absolutely need to put your best efforts into ensuring its security. Passwords like front door keys, can be copied but that added layer of protection makes it complex and robust. You can apply MFA measures to your Business Cloud accounts by using Authy, or Google Authenticator to generate codes for all your applications.

For advice on securing your Business Cloud environments or to learn more about our Managed IT Support Services in Toronto, contact us at sales@pacetechnical.com or book a meeting with us here.

Book A Meeting With PACE

 

Why your business needs Multi-Factor Authentication like yesterday Have you noticed that many of your accounts now require extra steps before you can login? Access is no longer granted by simply providing an email and password; you also need a code generated by an app, telephone or email to gain full access. Welcome to the

Office 2010 End of Life Notification

Cyber-criminals are constantly finding more creative ways to take advantage of ineffective cybersecurity and lack of proactive IT practices. When it comes to upgrades, your company should never defer these. You are increasing your exposure to risk when you postpone important upgrades. We always recommend doing upgrades as soon as they are needed. Companies using outdated versions of Microsoft Office or using computers that are still on Windows 7, (See Windows 7 End of Life Notification Here) are putting themselves at risk.

Microsoft Office 2010, like almost all Microsoft products, has a support lifecycle during which we provide bug fixes and security fixes. This lifecycle lasts for a certain number of years from the date of the product’s initial release. For Office 2010, the support lifecycle is 10 years. When Office 2010 reaches its end of support on October 13, 2020, Microsoft will no longer provide technical support for issues, bug fixes for issues that are discovered and security fixes for vulnerabilities that are discovered.

We strongly advise that you upgrade as soon as possible. If you have any questions about Windows or Office upgrades for your business, please do not hesitate to reach out to your Client Strategy Team to begin the process.

Cyber-criminals are constantly finding more creative ways to take advantage of ineffective cybersecurity and lack of proactive IT practices. When it comes to upgrades, your company should never defer these. You are increasing your exposure to risk when you postpone important upgrades.

9 Windows Keyboard Shortcuts Everyone Needs

Here are 9 super easy Windows Keyboard shortcuts that can save you time and make your day more productive!

Keyboard shortcuts are keys or combinations of keys that provide an alternative way to do something that you’d typically do with a mouse.

Take a snip of what’s on your screen

Press Windows logo key  + Shift to open the snipping bar, then drag the cursor over the area you want to capture. The area you snipped will be saved to your clipboard.

Windows Snip Feature

Add emoji from your keyboard

Express yourself however and wherever you want. Press Windows logo key + period (.) to open an emoji panel. Use kaomojis to create faces with text, and symbols—like punctuation and currency—to make a statement.

Add emojis from your keyboard in windows

Open File Explorer quickly

Press Windows logo key + E, then open the folder you want in File Explorer.

open file explorer in windows

Get to your desktop quickly

Press Windows logo key D to minimize all your open windows and go right to your desktop.

open desktop quickly

Open Settings quickly

Press Windows logo key + I, then select or search for the setting you want to change.

open settings quickly

Copy files or text

Select what you want to copy, then press Ctrl + C. It’ll be stored on your clipboard, so you can paste it where you want by pressing Ctrl + V.

copy files or text in windows

Cut and paste files or text

Select what you want to cut and press Ctrl + X. Go to the place you want to move it to, then press Ctrl + V to paste it there.

cut and paste files in windows

 

Switch between open windows

Hold down the Alt key, press Tab repeatedly until the window you want is selected, and then release the Alt key.

switch between open windows on your desktop

Add a touch keyboard shortcut to the taskbar

Press and hold (or right-click) the taskbar, and then select Show touch keyboard button.

add a touch keyboard shortcut

For more Windows Shortcuts just like these, visit the official Microsoft website here. To keep up with more awesome updates that your remote team can leverage, make sure to check out our blogs every month for news articles just like this.

If you’re looking for help with implementing remote tools or apps for your company, reach out to us at sales@pacetechnical.com. Looking for resources on cybersecurity solutions for your business? Please visit our Cyber News web page here.

Here are 9 super easy Windows Keyboard shortcuts that can save you time and make your day more productive! Keyboard shortcuts are keys or combinations of keys that provide an alternative way to do something that you’d typically do with a mouse. Take a snip of what’s on your screen Press Windows logo key  + Shift + S to open the

NEW Microsoft Teams Updates For August 2020

If your team is still working remotely then these Microsoft Teams updates are definitely going to up your work from home game.

2020 has accelerated a digital shift in the way we communicate both professionally and personally. We not only depend on apps like Microsoft Teams to stay connected with family and friends, but we also need them to stay productive while working remotely. Here at PACE, our people and our clients depend on apps like Microsoft Teams to maximize daily communications and productivity. There are many new updates that they’ve started to roll out to make our communications with each other feel that much more human. Here are some of the latest Microsoft Teams updates that we are super excited about.

  • File system integration improvements between Teams and SharePoint/OneDrive. Microsoft is rolling out the same file sharing and access control experience in Teams that business users like yourself already know from other Microsoft 365 apps, including OneDrive, Outlook, or Office. Soon, when you go to share a file from within Teams, you’ll have the option to create sharing links that provide access permissions to anyone, people within your organization, people with existing access, or specific people, including those in a private conversation or group chat. You can read in further details about how to share files from OneDrive here.
  • Tasks App. For a long time, Microsoft isolated tasks within different systems like Outlook, OneNote, Project, SharePoint and Azure DevOps. They all had separate task lists with no single place to see everything you needed to get done. These new Microsoft Teams Updates will start the integration of Planner and To-Do into Teams as the Tasks app, announced last year at Ignite. It creates a single place to see tasks from multiple sources. You can now take the chaos out of teamwork tasks and get more done! Planner also makes it easier for your team to create new plans, organize and assign tasks, share files, chat about what you are working on, and get updates on progress.
Microsoft Teams Updates Task App Update

Here’s What The Microsoft Teams Task App Update Looks Like

  • Together Mode. This Microsoft Teams Update will be great during meetings where multiple team members need to present. Take for example staff meetings, brainstorm sessions or round-table discussions. This will make it easier for participants to understand who is talking. Together mode with auditorium view is rolling out now and will be available this August! See what it will look like here.
  • Dynamic View. Dynamic view builds on the meetings enhancements Microsoft announced last month, which will include a large gallery view where you can see video of up to 49 people in a meeting simultaneously. There will also be virtual breakout rooms, which will allow the meeting organizer to split participants into smaller groups.

 

Microsoft Teams Updates Dynamic View

Here’s What The Microsoft Teams Dynamic View Looks Like

  • Video filters. We have all tried video filters on Instagram, Snapchat and other social media apps, and now it’s finally coming to Microsoft Teams! Before joining a meeting, you can use the filters to subtly adjust your lighting levels and soften the focus of the camera to customize your appearance! How cool is that?
  • Live Reactions. Non-verbal cues like smiles and head nods can be difficult to notice in online meetings, making it challenging for presenters to gauge audience reactions. Soon, you will be able to display your live reactions during a meeting using emojis. Live reactions are a shared feature with PowerPoint Live Presentations, which allows audience members to also provide instant feedback to the presenter.
  • More control in meeting options. Now, you have the option to make everyone—even people from your company—wait in the meeting lobby when they join a meeting you have organized. To access this setting, open the “Meeting” options. Then, where it asks, “Who can bypass the lobby?” select “Only me”.
  • Channel meetings in an instant. Microsoft Teams Updates like this one, makes it easier now more than ever to start a meeting in a channel. Select the “Meet” button at the top of a channel and choose to meet right away or to schedule a meeting. When you choose “Meet now”, you will get the same options for setting your audio and video up before you join as you do for other meetings.
Microsoft Teams Updates Meet Now Feature

Here’s What The Microsoft Teams Meet Now Feature Looks Like!

For more Microsoft Teams Updates, make sure to visit their official page here. To keep up with more awesome updates that your remote team can leverage, make sure to check out our blogs every month for news articles just like this.  If you’re looking for help with remote tools and apps for your company, reach out to us at sales@pacetechnical.com. Looking for resources on cybersecurity solutions for your business? Please visit our Cyber News web page here.

Leverage the latest Microsoft Teams updates for better work efficiencies and improved remote collaborations!

Why Businesses are moving to MSPs with better Cybersecurity

Businesses are moving to MSPs they feel have better Cybersecurity Services

Recovering from a cyber-attack can be nearly impossible with the endless reports showing businesses being shut down; sometimes for good, and within a short period of time from the attack. As a result, more business leaders are recognizing why Cybersecurity is one of the most crucial components of IT, and are investing accordingly.

So, how “good” does your company’s cyber protection need to be, to keep your business threat free?

Some people still think that comprehensive cybersecurity comes from setting up an anti-virus or monitoring software. However, the reality is that cybersecurity is an ever-changing landscape, and while you may believe your defenses are sufficient, they may not be.

Here is why companies with “good” cyber defenses are still vulnerable

There are so many factors that can expose a business to cyber threats, examples include a lack of proactive efforts, lack of process, poor awareness, or inefficient training. You may be in a situation where you think your current service prevents cyber issues from happening in the first place, but they may just be putting out fires instead. When you invest less, what you are most likely getting is less protection, less diligence, and less proactivity. Anything considered “good” or comprehensive requires a substantial investment.

Did you know that Cyber-threats increased by approximately 20x more than it did right before the pandemic happened? That is because some MSPs focused on getting their clients up and running to work from home and neglected to continue their cybersecurity efforts. With the lapse in attention to cybersecurity, we see many scams like phishing threats, spear phishing threats, and malware attacks regarding COVID-19. As if this is not alarming enough, pay attention to the following statistics.

  • Cyberattacks cost SMBs on average $200,000.
  • Most SMBs go out of business within 6 months of the attack.
  • 75% of companies infected right now are already running up-to-date user protection.
  • Ransomware increased 148% in March right before the pandemic.
  • By 2021, 6 trillion is expected to be invested into cybersecurity.

What does cybersecurity have to do with your SMB and why should you care?

This is the part where you think about your own business. All your hard work, the years of investment and the countless hours you have put into building an organization/brand that is really making an impact on the world. Then one day out of the blue, your company is attacked with Ransomware, and you have lost $200,000 to regain access of your data. How long could your business go without access to your data? Is it hours, days, weeks, never? How much would it cost for the downtime? Or better question, would your business ever be able to bounce back if you had to pay a ransom? This is another reason why business leaders are investing more in Cyber Insurance and it is becoming extremely popular as an extra layer on top of the extra layer of protection MSPs can offer.

So, just like surgeons, MSPs are tasked with coming up with the right solutions to protect their clients with the right tools at their disposal to do so. You would need to do a fair amount of research before you chose one first right? Yes, that is true. The same applies with cybersecurity. You need to do your research before you make an investment, instead of taking a risk and learning the hard way.

Businesses are choosing services that includes phishing protection, dark web monitoring and perimeter security because it is not worth spending less on a reactive, risky service. The reality is that technology-driven companies have been moving towards services that they feel can provide better cybersecurity. We have seen this within PACE over the last 10 years of companies wanting to work with us specifically because of our unique process and ability to provide award-winning cyber solutions. If you think you are spending more for less services, then it is time to take an evaluation of the service that you have. What do you like about your existing service? Do you feel like you are getting the most out of your investment? Are there processes that you would change? Is the value of your investment being communicated with you often? What are your top 2-3 areas of risk, and has that been addressed or discussed with you? Are you losing sleep over your IT dollars because you are not sure if you made a smart choice?

In Cybersecurity it is all about Detection, Prevention and Attention.

We have built a process that is proven to deliver reliable cybersecurity even during unpredictable circumstances, take for example the current worldwide pandemic. While many other IT service providers might have felt the pinch, we exceeded expectations, and our clients can attest to how our team left them feeling equipped to take on the challenge of working from their homes.

Ultimately, you want to choose a service that is not going to let you down, and won’t over promise on deliverables that they don’t put the time, resources and energy into, because they’re too small, charge less, or lack experience. Really take the time to evaluate your current cyber solutions/services, because cybersecurity can either break or build your company.

For more resources on cybersecurity solutions for your business, please visit our web page here.

Connect with our team to get a free demo of our unique PACE Client Portal and see for yourself how we do cybersecurity Undeniably Better!

Businesses are moving to MSPs they feel have better Cybersecurity Services Recovering from a cyber-attack can be nearly impossible with the endless reports showing businesses being shut down; sometimes for good, and within a short period of time from the attack. As a result, more business leaders are recognizing why Cybersecurity is one of the

Common Areas of Cyber Risk That Your Company Can Start Avoiding Right Now

The FBI recently released an online list of the top 10 most regularly exploited IT vulnerabilities. Most of these areas of risk involved the loopholes within applications that threat actors can effectively infiltrate. Three of the most popular apps included Microsoft Windows, Microsoft Office, and Adobe Flash Player. So, why are these three applications so easily exploitable? The first and most obvious reason is because they are widely used by companies everywhere. Another major reason was due to the lack of timely software updates and patching.

The good news is that some of these vulnerabilities can be avoided. However, hackers are constantly finding creative ways to take advantage of ineffective cybersecurity efforts and a lack of proactivity. Every time someone in your company defers an update, there is a chance of exposure to risk. Therefore, installing patches and performing regular updates are necessary as soon as they are recommended. Another common area of risk were companies using outdated versions of Microsoft Office or using computers that are still on Windows 7, (See Windows 7 End of Life Notification Here).

So now that you are aware of some of these cybersecurity risks and how to avoid them, you can take action to prevent further exposure. If you are not sure about your what your company’s cybersecurity efforts are, then you should contact your provider to find out.

If you have any questions about cyber solutions for your business, you can reach out to one of our IT experts at sales@pacetechnical.com for a non-obligatory discussion about our enhanced cybersecurity efforts, and how we keep our clients cyber proofed.

The FBI recently released an online list of the top 10 most regularly exploited IT vulnerabilities. Most of these areas of risk involved the loopholes within applications that threat actors can effectively infiltrate. Three of the most popular apps included Microsoft Windows, Microsoft Office, and Adobe Flash Player.

Returning To The Office? Here’s The Ultimate Checklist!

This checklist can help provide guidance as you look to reopen your office. It’s organized into three sections: People, Office Space and Technology. Everyone’s situation is unique, but evaluating your plan with these components in mind can help you get organized and anticipate obstacles!

Returning To The Office Checklist

This checklist can help provide guidance as you look to reopen your office. It’s organized into three sections: People, Office Space and Technology. Everyone’s situation is unique, but evaluating your plan with these components in mind can help you get organized and anticipate obstacles!

Noman Ahmed is a Finalist for Canada’s 2020 CIO of the Year!

Nine Canadian IT leaders have been selected as finalists in four categories in the 2020 CIO of the Year awards. The awards program recognizes Canadian technology leaders who have demonstrated business and technological vision, entrepreneurship, a capacity to drive transformation and an ability to drive value. The awards are presented by CanadianCIO in partnership with the CIO Association of Canada (CIOCAN). PACE would like to congratulate our Director of Technology, Noman Ahmed for being a finalist for the Next Generation Leader Award!

Noman transitioned from a Senior Support Technician to this newly created and desperately needed role while PACE was in hyper-growth and technology for small business was becoming mission critical. He has had an enormous yet quiet impact in his position by leading a re-invigoration of the staff and clients and general pride and happiness at PACE.

The primary function of our Director of Technology is the overall planning, organizing, and execution of all technology functions at PACE. This includes directing all IT operations to meet customer requirements as well as the development of new technical solutions. This means he must have a detailed understanding of EACH of our clients’ networks to help guide our Client Strategy team in bringing the right results quickly, productively, and efficiently. That is a lofty goal, but one that he meets consistently.

Besides his solid knowledge and expertise regarding the ever-changing technical needs of small businesses, he possesses a keen understanding of their unique requirements as business entities. It is the rare ability to combine these two talents that allows him to help create solutions for our clients that are innovative, productive, and budget-conscious, and keep them with us for a long time. Whether working with internal or external groups, our team or those of our clients, Noman looks to find the best outcome for all involved and truly exemplifies the core values of PACE at all times. Noman brings a considered and thoughtful approach to leadership but equally a willingness to learn. Not one to be rushed, he takes the time to listen and make sure everyone is included in the conversation then returns with a thoughtful and inclusive decision. Yet when it is time take the initiative, he does with gusto and determination. His honesty, friendly and considerate nature are qualities that make him a natural leader.

Having someone like Noman on our Executive Team is like finding a unicorn – we can proceed with the day-to-day dealings of our organization knowing that our clients’ solutions are being developed and executed with diligence and accountability. We cannot think of anyone more deserving of this award.

Congratulations on your nomination again, and thank you so much for making us so proud!

Nine Canadian IT leaders have been selected as finalists in four categories in the 2020 CIO of the Year awards. The awards program recognizes Canadian technology leaders who have demonstrated business and technological vision, entrepreneurship, a capacity to drive transformation and an ability to drive value. The awards are presented by CanadianCIO in partnership with

Did You Hear About These Cyber Scams?

There has been no shortage of cyber threats in Canada over the last 3 months as threat actors are finding more creative ways to take advantage of the COVID-19 pandemic.

We’ve compiled (4) of the latest cyber threats that should be on your radar (if they aren’t already). So, let’s get right into it:

1. COVID-19 Malware/Phishing Scam. There have been numerous attempts to use the pandemic as a front to infect computers and mobile devices with malware. The victims of one such scheme received phishing messages/emails telling them that they’ve been exposed to someone who has tested positive for COVID-19 virus and asked them to fill out what looks like an Excel form. When users click to enable the content and view the form, it infects their computers with a Trojan down-loader that installs malicious files. Microsoft has also put out a warning about a massive phishing attack that started on May 12. The campaign sends emails that look like they are from the “Johns Hopkins Center”, and they have an Excel attachment that claims to be US deaths caused by the Corona-virus.

Example of Excel attachment phishing/malware scam:

2. Spoofed CERB Payments & Fake 3rd Party Companies claiming to assist with CERB Applications. There have been reports around the country of companies claiming to help with these CERB Applications. Never click on a link or attachment in a text message or an email for any CERB or any other financial related sites – always open a browser and go to the site directly yourself. For information regarding CERB, please visit: https://www.canada.ca/en/services/benefits/ei/cerb-application.html and for further assistance,contact the CRA at: 1-800-959-8281.

Examples of a CERB direct deposit “smishing” scam:

FYI, Canadians can now report suspected fraudulent CERB recipients through the Canada Revenue Agency’s official snitch line. “If you suspect a potential misuse of the COVID-19 emergency benefits and programs, the National Leads Centre is currently accepting leads on these programs”.

Visit the Lead’s Program page here: https://www.canada.ca/en/revenue-agency/programs/about-canada-revenue-agency-cra/suspected-tax-cheating-in-canada-overview.html

3.Unauthorized or Fraudulent Charities. Sadly, there are many fraudulent entities requesting money for victims, products and/or research regarding COVID-19. Don’t be pressured into making any donations whatsoever but if you do so, please verify that it is a registered charity here before you give your banking information out.

Example of a COVID-19 charity scam:

 

4.Webex and Microsoft Teams are being targeted. More video-conferencing providers are also under attack. Reports from a company called “Abnormal Security” reported that hackers are trying to squirm into Cisco Webex and Microsoft Teams video meetings. They’re sending out emails impersonating automated messages from both services, with different strategies.

A phishing Webex email claims that there’s a security certificate problem and your account is locked. To unlock it, you must sign in with the provided link, which goes to a fake website that captures your password.

Webex Phishing email example:

The Microsoft Teams email claims that your teammates are trying to reach you and includes a link or an icon to a shared file. When you click on the link, you get taken to a phony Microsoft Office login page, where your username and password are captured. What may make these lures convincing are tricks like having a URL for the login page include the word “Microsoft product”. With so many video meetings being held these days, you’ve got to be careful when logging into any service from a sent email.

Pro-Tip: Before clicking, be sure to contact your team mate either by message or phone to check if the meeting invite is real.

Microsoft Teams Phishing email example:

There has been no shortage of cyber threats in Canada over the last 3 months as threat actors are finding more creative ways to take advantage of the COVID-19 pandemic. We’ve compiled (4) of the latest cyber threats that should be on your radar (if they aren’t already). So, let’s get right into it: 1.

Dealing With Our Feelings

Greetings all!  Here we are about 8 weeks into self-isolation – how are you doing?  Are you keeping it together?  Obviously we have all been super-stressed and concerned about our physical well-being, but while we’re spending so much time focused on our bodily health, it’s important that our mental health remains a part of that process.  A crisis like this can cause feelings of uncertainty, frustration and anxiety, and most people can get stuck on thinking about how this will affect the future. Maybe you are struggling with strong feelings of disappointment and helplessness.

It is really important to show empathy to yourself as well as the people around you, it can take time to manage these feelings.

This can be a very stressful time, but if you are struggling with continued feelings of extreme hopelessness and cannot shake feelings of despair, anxiety, or depression, please ask for help through your healthcare provider or local community organization. Asking for help is a sign of strength.

I do a lot of work with CAMH in Toronto, and they have launched a helpful resource page at https://www.camh.ca/en/health-info/mental-health-and-covid-19 .  Believe it or not, you are not alone even in isolation.  Whether you know someone who may be struggling, or you are struggling yourself, do not hesitate to reach out.  Take a breath.  Treat yourself and others with kindness.  It works.

Here are other helpful/quick CAMH resources:

Greetings all!  Here we are about 8 weeks into self-isolation – how are you doing?  Are you keeping it together?

Network Loads

The Ontario government recently announced plans to extend school closures until at least May 4, and implement e-learning policies for all students starting Monday April 6.  This change, combined with the work from home initiatives that most companies have recently implemented, will put more demand on both residential and mobile internet connections than ever before.

Networks everywhere are already starting to feel the strain due to the volume of people logging onto gaming and streaming services due to social distancing measures, with companies such as Netflix even going so far as to reduce the quality of their streaming video in an effort to decrease bandwidth.

This increase in network traffic is expected to greatly impact speeds and could even cause sporadic outages, as telecom companies struggle to cope.  Users in more rural areas will likely experience this slowdown the most, but as time goes on and demand increases, so will the extent of users who are affected.

The good news is that internet and mobile providers everywhere are currently doing everything they can to improve the overall infrastructure throughout the country.  In the meantime, we as users can do our part by trying to build connectivity breaks into our daily routines to reduce the load, and by being as patient as possible when we inevitably start to experience these network issues ourselves.

The most important thing to keep in mind is that this – like everything else during these times – is just another challenge we will overcome if we work together.

For more resources on technology solutions for your business, please visit our web page here.

Connect with our team to get a free demo of our unique PACE Client Portal and see for yourself how we manage technology Undeniably Better!

The Ontario government recently announced plans to extend school closures until at least May 4, and implement e-learning policies for all students starting Monday April 6.  This change, combined with the work from home initiatives that most companies have recently implemented, will put more demand on both residential and mobile internet connections than ever before.

Join Our FREE Live Webinar on Microsoft Teams and COVID-19 IT Issues Q&A

About this Event
 Because of COVID-19, many businesses in the GTA are faced with the challenge of navigating through these turbulent times. In this live online webinar, we’ll be going over tips, tools, and more on working and collaborating with your team from home.

Who should tune in?

  • If you’ve had to adjust to working from home because of COVID-19, and social distancing.
  • If you’d like to get better at working from home more effectively.
  • If you’re a business owner or professional managing a team, and/or have remote workers.

Webinar Agenda:

  • How to use Microsoft Teams for collaboration.
  • General tips on working from home productively.
  • Security considerations for working from home.
  • Live Q & A session with our Director of Technology, Noman Ahmed.

Feel free to reach out to us if you have any questions about the event at sales@pacetechnical.com

When: Tuesday, March 24th at 12:00pm EST

Link to Event: https://zoom.us/webinar/register/WN_SDRdyNmNR6qP9ActjOjqHQ

Share With Friends & Colleagues Here:

 

About this Event  Because of COVID-19, many businesses in the GTA are faced with the challenge of navigating through these turbulent times. In this live online webinar, we’ll be going over tips, tools, and more on working and collaborating with your team from home. Who should tune in?

5 Ways to Stay Calm During COVID-19 

Don’t panic – Your first instinct may be to get a bit nervous or anxious. People everywhere are running to their nearest grocery store, raiding toilet paper aisles, hoarding hand sanitizer, masks and nonperishable food items in preparation for what looks like the apocalypse. Despite everything going on right now, we need to stay calm. Don’t let fear consume you or turn you into a complete monster.  

Image Source: BroBible

Social distancing – We’ve all heard this term by now, and it is highly encouraged that we do this to ensure our own safety and the safety of those around us. None of us really know how long this will last, so it is imperative to focus on protection and prevention. 

Image result for social distancing

Image Source: Forbes

Staying positive – In any distressing situation, people are expected to get a little crazy. But there are tons that we can do to keep our spirits up. You can schedule times throughout your day to take a break, exercise, and do whatever gets your mind off the negativity and craziness happening around the world. Forbes Magazine has a fantastic resource with more tips for staying positive here: https://www.forbes.com/sites/travisbradberry/2016/08/23/3-powerful-ways-to-stay-positive/#46b4dbbf19c9 

Woman Wearing Yellow Button-up Long-sleeved Dress Shirt

Image Source: Pexels

Open Communication – Everyone needs to feel a sense of unity right now. We tend to react to stressful situations in different ways, and we’re good at mimicking what we see around us.  Check-in with your peers. Keep an eye out for each other (even though we still need to maintain a safe distance). Be kind, empathetic, and a source of strength for those of us who really need it right now.  There are applications that you can use to stay in touch with your team throughout the day like Microsoft Teams, Zoom, Skype. For free Microsoft Training, visit our media page to find our webinar recording on how to leverage remote communications with your team.

Man in Striped Long Sleeve Using Mobile Phones

Image Source: Pexels

Meditation – It’s probably not a good idea to go to a spa right now, but that doesn’t mean you can’t bring the spa to you. Pull out your face masks, bath salt, candles and whatever else you use in the shower to create a relaxing Zen atmosphere. You can find spa playlists on YouTube like this one to help you unwind at the end of the day: https://www.youtube.com/watch?v=lFcSrYw-ARY. Meditation apps can also really help to provide a sense of calm and reduce anxiety throughout the day. We could all a few of these activities to keep us level-headed and relaxed. Many people like myself use the Calm app to refocus and re-energize, and it’s available on iOS and Android here: https://www.calm.com/. There are plenty of other apps such as Headspace, and even master classes that you can virtually join to release some of that built up tension like these online yoga classes here: https://www.verywellfit.com/best-online-yoga-classes-3567242 

Image result for calm app

Image Source: Calm App

As always, I hope some of these tips are helpful, and that you’re all hanging in there while we go through this together! 

If your GTA business needs Managed IT support, PACE is here for you. See our free resources related to COVID-19 and feel free to book a consultation with us to go over the right IT Solutions your business needs to thrive.

Don’t panic – Your first instinct may be to get a bit nervous or anxious. People everywhere are running to their nearest grocery store, raiding toilet paper aisles, hoarding hand sanitizer, masks and nonperishable food items in preparation for what looks like the apocalypse. Despite everything going on right now, we need to stay calm.

How To Work From Home Effectively 

If you’ve never worked from home before and this is a whole new experience, then we’re in the same boat. Here are a few things that will help you to quickly adjust to working from home as a newbie: 

Structure your day – Try to carve out your days as much as possible  and create a realistic schedule to keep your tasks and activities on track. If you use outlook or Gmail, then you’ll already have an online calendar that you can use and share with your team. It is very likely that you’ll be able to get through tasks quicker if you’re home alone and not distracted by the typical working environment where people can pop by your office for a quick chat that can sometimes turn into a lost hour of productivity. Utilize this “quiet time” to get laser focused on as much as you can to keep ahead of your schedule. There may be things that come up unexpectedly, so be as prepared as possible to have time to deal with things as they come your way.  

Person Holding White Stylus

Creating a great space to work – if you don’t already have a home office, you’ll need to find a location of your home that is conducive for productivity. Even if you have pets or kids at home – try to find a quiet space with good lighting and designate it as a “no distraction” zone. Keep your work area separate from where you go to enjoy your regular leisure time. For this to work effectively, you need to apply the same concepts as you would in your office at work to your set-up at home. So, don’t recreate your working area in your living room, and don’t get work done from bed either. This resource has some conventional examples to help you curate a space that is work friendly if you don’t have a home office: https://www.refinery29.com/en-us/work-from-home-no-office-desk-space 

Silver Imac Displaying Line Graph Placed on Desk

Limiting Distractions – The last thing you need is one distraction after the next, so it is extremely important to create an atmosphere that helps you to zone out and get work done. Try to stay off your social media apps during working hours, so that means limit your time on Instagram, Facebook, YouTube, Tik Tok etc. (unless it is work related and you manage professional social media accounts, website, blogs etc.). The whole idea is to keep the space as work friendly as possible – so everything should mimic your typical activity and behavior as you would when you’re in the office. Save chit chat and personal video calls for later. Don’t get tempted to pick up the phone and jibber jabber all day with your pals. It’s easy to let your work life bleed into your personal life. Maintaining a clear boundary is important. USA Today has some more great tips that you should check out here: https://www.usatoday.com/story/tech/2020/03/12/quick-guide-getting-started-work-at-home/5022331002/ 

Women typing on the notebook

Communicate expectations with anyone who will be home with you. Of course, you might be working from home but still have “company.” Make sure any roommates, siblings, parents, spouses, and pets (well, maybe not pets) respect your space during work hours.  

Woman in Red Long Sleeve Shirt Using Macbook Air

Clear communication – now more than ever, we need to stay connected to our friends, family and loved ones. But when it comes to your working relationships, ensure that clear communication is at the center of everything that you do. Create expectations and times to check-in with your co-workers, supervisors, or boss and establish a clear plan for action that keeps everyone productive and on schedule. There will be obvious kinks and setbacks if you’ve never worked from home before, so plan as much as possible what you’ll be tackling ahead of time.  We have free training for Microsoft Teams which we use ourselves to maintain our daily communication with our team.

Shallow Focus Photo of Woman Using Smartphone

Yes, it’s still work, even though you’re at home – your time working from home is still company time. Be sure to check in with your team, establish goals and expectations, get feedback as often and as timely as you need to. Treat every day the same as if you were going into the office on any other day. Just because you’re working from home doesn’t mean it’s a vacation or downtime. Take your breaks as you normally would and stick to them. There’s nothing wrong with enjoying your down time while at home, just don’t let it linger on into the rest of your solid working hours. 

Woman in White Bed Holding Remote Control While Eating Popcorn

Dress appropriately – it’s still professional time. While you may be tempted to get comfortable in boxers or sweats, be mindful of your attire where it regards video calls, conferences and meetings. Now is not the time to slack off mentally or physically and maintaining the same physical outlook can help you to feel more mentally productive to get you in the right frame of mind to work.  

Man Sitting on Green Chair While Using Laptop

Hopefully these tips will help you to navigate through the next few weeks work wise. Stay safe, stay positive and wash your hands! 

If your business needs help with your remote communication, PACE is here! Contact us by calling (905) 763-7896 or email: sales@pacetechnical.com

If you’ve never worked from home before and this is a whole new experience, then we’re in the same boat. Here are a few things that will help you to quickly adjust to working from home as a newbie:  Structure your day – Try to carve out your days as much as possible  and create a realistic

Emergency Preparedness: A reminder from COVID-19

There have been a handful of events in the GTA over the last 20 years that have made us all stop and say “wow, didn’t see that coming”.  Recent ice storms, SARS and the big blackout of 2003 come to mind.  Now this most recent event of Novel Coronavirus, formally known as COVID-19 and now declared as a global pandemic, has us yet again stopped in our tracks with a panic of what could happen and what the impact could be to our lives and businesses.  While these events can catch us off guard, they are also opportunities to check our gages for emergency preparedness. 

Between servicing clients, managing your team and getting tasks completed, emergency preparedness and Disaster planning probably rank at the very bottom of your daily priority checklist. However, having a full schedule is no excuse for not making time to develop a fully documented business continuity/recovery plan if something bad were to happen to your firm. The truth is, you might already have a plan filed away in a cabinet somewhere under dust and cobwebs, but you’re probably still unsure of what the procedures are or who takes the lead if a disastrous situation occurred unexpectedly. It’s also likely that disaster planning only crosses your mind when you read a news article about a business burning down, or maybe a hurricane, earthquake or storm is happening somewhere in the world. While natural disasters could have a ripple effect of devastating implications to any firm, we are now faced with the potential effects of a health crisis that can affect everything from our employees, to clients, vendors, suppliers and the financial state of our businesses and the global economy.  People everywhere are scrambling to come up with measures to keep their business afloat in the event of a possible outbreak. If your firm isn’t geared up and ready to face the “what’s the worst that could happen”, then stick around to find out how you can be better prepared for this current threat, or any other disastrous threat to your business.  For this article we will be speaking primarily about technology preparedness.  For personal emergency preparedness, the Canadian Government’s GetPrepared website (https://www.getprepared.gc.ca/cnt/plns/index-en.aspx) has some very good and useful information. 

COVID-19 is a serious threat to our lives and businesses, and this is an opportunity to look at our businesses and our extent of emergency preparedness to weather any type of disaster or major potential disruption to day-to-day operations.   

Here are some of the top considerations to help your business mitigate against any disaster scenario: 

Disaster/Business Continuity Plan – Everything starts with planning!  Every business should have a written disaster/business continuity plan which will address both the business and technical aspects of recovering from and continuing business after an event.  You have the option to hire a consultant/business that specializes in creating disaster plans or create one yourself using a template/guide.  In either case, if you have the right consultant or guide, they will take you through the process of identifying a) Your emergency team who will be responsible for actions and communications in the event of a disaster or emergency; b) the critical functions of your business and the effect on your business if impacted; c) a list of issues/events that could happen and a plan for business continuity (if possible) in each scenario; d) a list of key personnel, clients and vendors and how to communicate with each in the event of a disaster; and lastly d) a process to review and test the plan that you’ve written.  

Having a written plan doesn’t guarantee that you will have prepared for every possible scenario, but you will have a much better chance of surviving a disaster scenario if you do have a plan and you know how to use it.   

If you don’t have a plan, the Business Development Bank of Canada (BDC) has a great how-to article as well as free templates to create your own Emergency/Disaster Plan (see https://www.bdc.ca/en/articles-tools/business-strategy-planning/manage-business/pages/business-continuity-8-steps-building-plan.aspx) 

Remote Access – One big eye-opener COVID-19 has presented is the possibility of ordered and/or self-quarantine for individuals who have been exposed or may have been potentially exposed to others who have the virus.  In this scenario or other similar scenarios where individuals cannot come into the workplace, businesses should review their existing remote access capabilities.  Some businesses already have full-functioning remote access for a portion or all their employees.  A note of caution, if you have remote access enabled for some of your employees it’s not a given that you can easily just get the rest of the staff up and running easily.  You will need to look at several things including Internet bandwidth, existing computing capacity/resources, security, licensing, the availability of all software and systems in a remote environment and training for your staff in the event they need to use it.  For those who don’t currently have remote access capabilities, there are several considerations including an inhouse solution built on a VPN or remote access protocol (Citrix, Remote Desktop) or potentially moving your systems to cloud hosting.  Each scenario has its advantages and disadvantages and it’s best to review it with your IT department or provider to assist with the best solution for your business. 

Cloud Services – If your business is already 100% on the cloud, then you should have most of the technical aspects of business continuity in the event of a disaster, however, don’t take this for granted.  It’s still important to ask questions regarding disaster scenarios.  Is your cloud solution resilient against a local or regional event?  If your people had to work from home, do they have the proper machine, Internet connection, security, etc. to access systems remotely?  Have you tested this with all employees or at minimum key personnel? 

If you are not on the cloud or only partially on the cloud, it would be a good exercise to see what cloud solutions are available at minimum for critical applications (email, financial systems, ERP systems, line of business applications, etc.) or potentially all of your systems.  Speak with your IT staff or provider to assist with the best cloud strategy for your business. 

Remote Communications – Good backups and remote access are critical pieces to a disaster scenario plan, but many businesses miss a critical piece that’s necessary to keep productivity levels up – communication.  How will your people, teams and departments, who may be more used to face to face interaction, communicate in a disruptive scenario?  Let’s start with a basic one – the telephone.  Telephone communication has certainly become more accessible with the adoption of VoIP telephony and mobile phones.  VoIP telephony allows for the mobility to make and receive calls anywhere with an Internet connection as well as the flexibility to forward calls to a cell phone, use your pc or laptop as a “soft phone”, etc.  Be cautioned that this functionality is not necessarily setup and ready to go at any time with all systems.  Your systems may need additional configuration and/or licensing to provide this functionality.  That said, it is a good idea to review and test your systems for these scenarios.  If you’re not using VoIP technology for your phone system, it should at minimum be a consideration for your business 

Email is the next obvious one.  If your email is hosted externally, you’re probably OK if you’re hosted with a larger provider (I.e. Microsoft Office365, Google, etc.).  However, if you are with a more local provider or if your email is hosted on an inhouse server, you may want to do some due diligence to ensure you have failover systems in place to cover against internal, local or regional events that may disrupt your service. 

Communication doesn’t end with phones and email and relying on just these two modes may be a clunky way of communicating.  There have been great innovations with messaging and team-based communication apps that help to keep Teams functioning and collaborating efficiently whether in or out of the office and you don’t need a disaster scenario to benefit from using them.  One notable app is Microsoft Teams which has basically taken the business world by storm with massive adoption of the app by businesses everywhere.  In fact, I’m using Teams right now to collaborate with a coworker in writing this article.  Teams is a communication and collaboration application that has many features: File sharing and collaboration on files with an individual or group, instant messaging to individuals and groups, audio and video calls with an individual or group, screen sharing and more.  If you’re using Office365 you most likely already have Microsoft Teams available to you as it’s included in most O365 subscriptions.  A great feature of Teams is that all the information can be backed up.  If you are not familiar with Teams, here is a brief video overview from Microsoft- https://www.youtube.com/watch?v=jugBQqE_2sM.  There are certainly other applications for collaboration that can accomplish similar features to Teams.  In any case, I would highly recommend implementing a remote collaboration solution in your firm to increase productivity every day and prepare you for disruptive scenarios. 

Backups/Disaster Recovery/Business Continuity Systems – Backups is a technology that has seen big changes over the last 10-15 years.  The biggest changes have come with how data and systems are backed up and how systems are recovered and/or how systems continue to function in a disaster or failure scenario.  Many people think “we have backups, so everything is OK”, however depending on the technology used, many businesses are unpleasantly surprised when they discover how long it takes to get their systems back up and running from a failure.  When I ask business owners what the process and timeline is to recover from a failure or disaster event, most have no idea – and every business should know this.  So, please ask your IT people.  If your infrastructure or systems are all cloud based, you are most likely OK but ask anyways.  If you are on a file-based backup system with inhouse servers, you can be looking at 2-5+ days to recover from backups.  Newer image-based business continuity backup solutions can drastically decrease the recovery time down to minutes, but even this varies depending on the solution and technology used.  This should be reviewed and tested at least once per year to ensure you know the timeline and process and determine if it meets your criteria for recovery time.  If it doesn’t there are many other options available. 

IT Security – Although not the traditional type of disaster we imagine, IT security events can have disastrous effects to a business if it is not properly protected.  IT security is a big topic unto itself, so I’ll just hit on a couple of important points.  The first is that businesses around the world all have firewalls and antivirus, and big businesses spend millions on tools to protect their infrastructures, yet we hear of breaches every day.  IT security is not “set it and forget it” – if there is not a proactive process in place and dedicated individuals for checking systems, settings and security then you will have blind spots (unknowns) and potential risk to your business.  Along with proactive processes, employee security training is proving to be a very effective way of keeping your users and thus your business safe from threats.  For more information on how to secure your business, see this article on The Cybersecurity Essentials for your business. 

As of the writing of this article, we’ve seen major events and conferences cancelled, the NBA season put on hold, an entire country on lockdown, disruption to families travel plans and a major celebrity (Tom Hanks) identified as having COVID-19.  We’re not sure exactly where this is going, but best to take whatever measures we can now to prepare for this and/or any other disaster scenario that presents a threat to business.  Hopefully this article has given you some ideas to help your business weather any type of storm.  Please stay safe! 

There have been a handful of events in the GTA over the last 20 years that have made us all stop and say “wow, didn’t see that coming”.  Recent ice storms, SARS and the big blackout of 2003 come to mind.  Now this most recent event of Novel Coronavirus, formally known as COVID-19 and now

This Happens When Your Business Doesn’t Have an Emergency Preparedness Plan…

Unfortunately, 25% of firms don’t bounce back after some type of disaster strikes them. If you don’t have a business recovery or continuity plan in place, then you need to consider creating one, and at the very least, educate yourself on the negative repercussions that could affect your firm if you’re unprepared: 

Business Interruptions – Figure out which departments and/or teams that would be directly impacted by a disaster or health crisis. How would they manage or continue to stay productive during or after? What types of interruptions would they have to push through? How long would it take before your clients feel the impact of slowed productivity? Pandemics like COVID-19, can have a severe ripple effect on most or all functioning areas of a firm as you can see with the challenges sighted earlier. You’ll be faced with tackling multiple sick leaves, delayed projects, meetings, cases etc. Think about it, every minute/hour that your people aren’t working = downtime and money lost for your firm, that you probably won’t get back. 

Financial – Most disasters will cause some extent of financial implications to your firm, and you’re likely to lose a lot more money if you’re completely blind-sided. The costs of interruptions can vary from hundreds of thousands to millions of dollars. Lost profits, lower market share, regulatory fine and penalties are all on the list for taking down a firm without a recovery/disaster plan.  

Liability/Breach of contract – As you could imagine, one of the many snowball effects of lost productivity, is the inability to meet service deliveries to clients. The legal implications from a breach of service contract can put your firm on the line for missing deadlines and/or breaking agreements – adding yet another financial burden to the list of repercussions.  

Reputational – This one doesn’t only apply to health pandemics, but also to any form of disaster. A firm’s reputation can be held accountable for mishandling a disastrous situation with regards to addressing it within a timely and/or strategic manner. It is important to act on behalf of everyone’s best interest and to approach all disastrous situations with professionalism and transparency. There have been instances where firms/businesses have made crude, insensitive or racially charged statements that have offended groups of people, and later received serious backlash to their reputation. You can sometimes bounce back from financial losses, interruptions, loss of productivity – however, recovering a severed reputation can sometimes take months or even years to salvage – in many ways, it can be considered one of the harder challenges to manage. 

Conclusion 

No firm is completely immune from any kind of disaster. However, developing, testing and having a functional plan for continuity will help to mitigate all these risks and help to get your firm back on track again.  If you’re interested in learning more about Business Recovery and Disaster Planning, contact us at sales@pacetechnical.com or call 905-886-7896.

Unfortunately, 25% of firms don’t bounce back after some type of disaster strikes them. If you don’t have a business recovery or continuity plan in place, then you need to consider creating one, and at the very least, educate yourself on the negative repercussions that could affect your firm if you’re unprepared:  Business Interruptions – Figure

PACE Client Notice: Regarding COVID-19

We have had several inquiries with concern regarding Novel Coronavirus, now labelled as COVID-19, and would like to inform you that we recognize your concern and we are closely monitoring the current situation both locally and globally.  We don’t know what impact this situation will have on any of our businesses, but at a minimum it is a good reminder to review emergency preparedness in the event of any disruptive situation (illness, disaster, etc).

As you may know, PACE has a state-of-the-art Business Continuity structure deployed in our organization and we are constantly reviewing it to ensure that we are prepared to respond to any potentially disruptive event.  Rest assured, we are confident that we can provide continuity of service to our clients without interruption in any event. As well, we are ready to assist you with your emergency preparedness and help with additional measures or actions you deem appropriate for your company, including remote access for your staff to maximize productivity while working from home.

PACE’s actions throughout this situation will be guided by instructions from the WHO (https://who.int) or the Ministry Of Health (http://www.health.gov.on.ca/en/) as required.  We are committed to providing the best and safest level of service to our customers, so if you don’t have an emergency plan in place or have concerns about your business continuity, feel free to reach out to your Client Strategist/Business Advisor to ensure that you are technically prepared for any situation.

All the best!

The PACE Team

We have had several inquiries with concern regarding Novel Coronavirus, now labelled as COVID-19, and would like to inform you that we recognize your concern and we are closely monitoring the current situation both locally and globally.  We don’t know what impact this situation will have on any of our businesses, but at a minimum

Big Bike 2020

We missed last year’s event, but we’re back in the game to show our support for The Heart Disease & Stroke Foundation of Canada by fundraising for the upcoming Big Bike event on May 12th, 2020.

It’s a heart-pumping, cheer-thumping, crazy big, fun ride on a 30-person bike ride with your whole team. But it’s also a ridiculously fun team-building event where we all get to hang out with work friends, enjoy some fresh air and raise money for a great cause.

Did you know?

  • Heart disease and stroke are 2 of the top 3 causes of death in Canada.
  • More than 66,000 Canadians die every year from heart disease and stroke — that’s one life taken every 7 minutes.
  • 9 in 10 Canadians are at risk of heart disease and stroke.
  • An estimated 62,000 strokes and 70,000 heart attacks occur each year in Canada, which is why we need your help!

Every family, friend, or community member you connect with, and every dollar you raise, helps to create more moments for all of us through research, heart and stroke treatments, and education. With your continued support we can build on this momentum, fund more breakthroughs, and create even more survivors.

What we’re pedalling towards

We need people like you! By donating or hopping on the Big Bike, you are helping pedal towards much more than the end of the ride. You’re giving Canadians #MoreMoments with those they love, while helping to ensure that critical research in hospitals and universities across Canada can continue.

You can join our team or donate here!

Big Bike 2018 PACE Team

We missed last year’s event, but we’re back in the game to show our support for The Heart Disease & Stroke Foundation of Canada by fundraising for the upcoming Big Bike event on May 12th, 2020. It’s a heart-pumping, cheer-thumping, crazy big, fun ride on a 30-person bike ride with your whole team. But it’s

One Brave Night For Mental Health 2020 with Shael Risman x CAMH

Back at it again for our third year! On Saturday May 16th, my friends and I are taking the stage again in support of mental health and eliminating the stigma surrounding it.

As always, I’m taking the #OneBraveNight challenge again this year because of my brother Carey. He struggled with profound mental illness for many years until it finally took his life in 1996.

That was a long time ago, and there has been many and myriad positive changes to the way we approach mental illness – new meds, therapies and programs to name only as few. CAMH has been at the forefront of these efforts for decades. Indeed, they were there for Carey at a time when it wasn’t necessarily OK to talk about it too loudly.

Carey was a die-hard music fan, so once again for my ONE BRAVE NIGHT, I have decided to sit at my piano and sing and play until I can’t anymore. I humbly ask you all to support me in my efforts to inspire hope for those living with mental illness by making a generous donation to my ONE BRAVE NIGHT event.

Our previous events have been an astounding success – we have raised over $35,000 and had thousands of people watch the live Facebook stream. We have been featured on Breakfast Television, Indie88 Radio and several national newspapers. Obviously, this year promises to be no different!

This year we are thrilled to be on our home stage at the Whitby Centennial Building (where the Whitby Courthouse Theatre performs their season), and to celebrate we are once again filling the stage with world class talent. Our stellar cast will be joining me in performing an encyclopedia of popular music – Billy Joel, Sara Bareilles, Fleetwood Mac, Van Morrison, HAIM, and many more! Wrap that all up in a fabulous pre-show cocktail reception and you got yourself a kick-ass evening for only $50 – which all goes to the amazing an important work being done by our friends at CAMH.

If for whatever reason you can’t make it to the event, you can still donate to the cause and stream us on Facebook – no problem!

Again, I am participating in ONE BRAVE NIGHT because I want to inspire hope for people living with mental illness now – and to defeat mental illness completely so that no one ever has to deal with Carey’s kind of pain again. By buying a concert ticket or donating to my One Brave Night, you are helping CAMH improve access to care, conduct research to find better treatments, and build more spaces for healing.

This is our chance to step up! Please donate generously and help me reach my fundraising goal. Stay tuned for more details – and save May 16th on your calendar!!

Remember that’s Saturday, May 16 2020 8pm at the Whitby Centennial Building Theatre: 416 Centre St. S, Whitby, ON

Cash bar open at 7pm. Tickets are $50. All proceeds go to the Centre for Addiction & Mental Health!

Buy Tickets Here

Donate Here.

Can’t wait to see you there!

 

 

Back at it again for our third year! On Saturday May 16th, my friends and I are taking the stage again in support of mental health and eliminating the stigma surrounding it. As always, I’m taking the #OneBraveNight challenge again this year because of my brother Carey.

5 Ways to Stay Protected from Advanced Phishing Threats

It’s no surprise that phishing attempts affected over 64% of organizations in the past year, and that the number is rising simply because cyber-criminals are getting smarter while more and more people are falling victim to these threats because of the lack of awareness and training regarding these types of attacks. Everyone is encouraged to adapt safe online practices, both on their work devices as well as their personal devices, and these are 5 ways that can help you stay protected from advanced phishing threats that you could be exposed to on a day-to-day basis.

  1. Scan all your employee devices using a mobile security software

If employees bring their own devices to work, then you need to ensure that each one of those devices is secure, lest they throw the security of the entire corporate network into jeopardy. Privately-owned devices could have malicious phishing apps and pirated software installed on them. It is important to note that employees working from home or other remote locations could send data to your head office via unsecured connections or Wi-Fi networks that the company isn’t aware of.

To ensure that important data doesn’t leak through employee devices – you should install mobile security software on all “BYOD” devices.

  1. Think Before You Click!

It’s okay to click on links when you’re on trusted websites. However, clicking on links that appear within random emails from unknown senders, text messages and DM’s isn’t such a smart move. Hover over links that you’re unsure of before clicking on them. Ask yourself, do they lead where they’re supposed to? A phishing email may claim to be from a legitimate company or sender, and then when you click the link to the website, it may look exactly like the real website. The email may ask you to fill in the information, but it may not even address you by name. Most phishing emails will start with “Dear Customer” – and not a first name e.g. “Dear John”, so you should be alert when you come across these generic looking emails. When in doubt, always go directly to the source rather than clicking on a potentially dangerous link.

  1. Avoid shortened web links

Hackers post shortened phishing links on social media, which makes it extremely hard for users to differentiate legitimate links from the illegitimate ones. Link shortening services such as “Bitly” make all links look identical in the eyes of ordinary online users. Not unless you trust the source of a shortened link, therefore, try not to click on it as it could inadvertently lead you to a malicious or fake website. If you mistakenly enter your personal details in a fake website, phishing thieves will effortlessly steal that data and use it against you.

If you must click on a shortened link, even for those coming from trusted sources, you should make a point of placing your mouse over the link to confirm that it is the same link hyperlinked beneath the text. Also, avoid clicking on any links directly from the email and instead copy and paste it to a different window/tab. That makes it much harder for an attacker to read your emails in case he succeeds in infesting your device with malware.

  1. Always browse securely

Secure websites are indicated by a security lock icon that appears on the top left-hand side of your browser. Also, the link is preceded by https:// in the browser’s address bar. If these two features are missing, it is advisable to leave that website ASAP, and if it requires you to enter or submit sensitive data, please don’t. In the same vein, always avoid submitting sensitive information online using unsecured or public Wi-Fi. Your private information such as credit card details and healthcare information are extremely vulnerable, so make sure that you guard it wisely.

  1. Training Your People

Newsflash: Your team members aren’t cybersecurity professionals.

The HR, shipping, sales, accounting, and other departments are filled with people who may not know anything about data security. Therefore, you have to train these workers on how to handle phishing attempts if they happen. Ongoing security awareness and simulated phishing training is highly recommended for all users to keep security top of mind throughout your organization.

Many people and companies lose data and sensitive information to hackers due to their negligence and poor data security practices, but these 5 tips above will help you defeat one phishing threat at a time. Remember, cyber-criminals are getting more creative by the day, and so it’s vital that you educate yourself and your company on all the ways they can harm you. Even if you aren’t as tech-savvy as they are, you should do everything in your power to make their job as hard as possible. For more information on phishing training for your company, please contact your PACE Business Advisor (Client Strategist).

If you’re not one of our clients, but you’re interested in hearing more about defenses against phishing threats, then give us a call at 905-763-7896 or email sales@pacetechnical.com and we’d be happy to advise you.

It’s no surprise that phishing attempts affected over 64% of organizations in the past year, and that the number is rising simply because cyber-criminals are getting smarter while more and more people are falling victim to these threats because of the lack of awareness and training regarding these types of attacks. Everyone is encouraged to

Defeating Communication Barriers with Microsoft Teams

Have you ever had to work in a small or large team of people who spoke different languages? In today’s business world, this happens more often than not where small, medium size and enterprise level companies have employees and/or collaborators all over the world, and Microsoft Teams has made it easier to communicate with others by translating the language that they speak into yours!

Teams will automatically translate any messages into the language that you set for yourself in the “General” tab of the Settings page. You can always go back into the Settings and change the language to any of the selection that Microsoft reports if you want to, and you can change your theme or application settings while you’re at it.

To translate messages in your Microsoft Teams conversations, simply click on the ellipses (the three dots) at the top right-hand side of the message, next to the little bookmark and thumbs-up icons. The drop-down menu will allow you to mark a message as unread, delete it, copy the link, or now “Translate” the message into your primary language. If the language you’re trying to translate is supported by Microsoft, then the application will simply transform the message all at once when you click on “Translate.”

The simplicity and effectiveness of the inline messaging feature makes it a powerful addition to the Microsoft Teams stack!

For more information on acquiring Microsoft Teams for your business, reach out to us at sales@pacetechnical.com or call 905-763-7896. You’ll be happy to know that the possibilities are endless, for what you and your team can accomplish together!

Have you ever had to work in a small or large team of people who spoke different languages? In today’s business world, this happens more often than not where small, medium size and enterprise level companies have employees and/or collaborators all over the world, and Microsoft Teams has made it easier to communicate with others

Our Very Special Valentine’s Day Message

This year we decided to do Valentine’s Day a little differently, and wear our hearts on our sleeves by making a very fun video for our clients.

Watch Our Valentine’s Day Video on YouTube!

This year we decided to do Valentine’s Day a little differently, and wear our hearts on our sleeves by making a very fun video for our clients. Watch Our Valentine’s Day Video on YouTube!

We’ve always been Trailblazers!

When Mike and I started PACE, virtually no one was offering Managed IT Services in the Greater Toronto Area.  There were less than a handful of MSP’s in all of North America, and at that point, everyone in the IT industry ran a break/fix business (that is, when something broke, you called us to repair it).  We noticed though, that for our clients – the model wasn’t working. There wasn’t a clear way for you to calculate your monthly costs.  Everything was reactive.  Some months nothing happened, and other months there were thousands of dollars in IT expenses.  So, PACE set out on a mission to make IT costs more predictable.

We began pitching the idea of managing your technology instead of just fixing it. We started talking about being proactive instead of reactive. We referred to ourselves as ‘trusted advisors’ rather than simply IT providers.  And the cost of IT became far less volatile as we tackled the big issues instead of just applying band-aids.  Essentially, we became a fully invested Managed Service Provider for our clients before anyone else even knew what it was.

Of course, when the competition started figuring out that ‘managing’ technologies rather than just ‘fixing’ them made for more successful client businesses – the MSP landscape started to become overpopulated.  Basically, anyone with a credit card figured that they could subscribe to some online tools and call themselves an MSP.  All this did was confuse the average customer and they couldn’t tell the difference between legitimate MSPs and the ‘trunk slammers’ because we were all saying the same thing.  And where do you go when everything looks the same?  Unfortunately, you go with the one thing all businesses understand – cost.  Some clients chose the cheapest option because they figured we all looked the same, and ultimately, they ended up with poor results that compromised their businesses.  They started to realize that they needed way more from their Managed Service Provider than just some tools and empty promises.

The needs of small businesses have changed yet again.  You are now looking for strategic relationships with us. You now understand the power behind making better decisions around technology.  And as usual, PACE is there with you.  Quite simply, we are not in the business of just fixing computers and networks.  We are not in the business of monitoring tools.  Sure, we do all those things, but when you get right down to it, we do them because there is only one thing that we can guarantee above all else:

We are in the business of assisting you with producing positive business outcomes.  End of story.

PACE is not an MSP anymore.  We are a TSP – a TECHNOLOGY SUCCESS PROVIDER.  Once again standing apart from the crowd and proudly setting the standard.

Thanks for sticking by us!

Shael Risman, CEO

When Mike and I started PACE, virtually no one was offering Managed IT Services in the Greater Toronto Area.  There were less than a handful of MSP’s in all of North America, and at that point, everyone in the IT industry ran a break/fix business (that is, when something broke, you called us to repair

Is It Time to Break-Up with Your MSP?

We’ve been talking to a few business owners who aren’t satisfied with their current IT Service, so we decided to make a list of the most common things they mentioned. We’ve also tried our best to relate them to rom-coms that we’ve all watched on Valentine’s Day. So here goes…

Our money is being spent putting out fires rather than preventing them from happening in the first place.

(From: The Wedding Singer)

Our Service Requests/Tickets are being constantly forgotten about.

(From: The Notebook)

Our own people end up stepping in to fix the problem and we just get it done ourselves.

(From: Home Improvement)

 Overspending on problems instead of finding a proactive solution to prevent them.

(From: Grease)

You shouldn’t have to settle for an IT service that’s stunting your business. If you feel as though you’re in the same boat, then maybe it’s time for you to cut the cord. The good news is, you’ve taken a step in the right direction by seeing what else is out there, and if you have that feeling of doubt deep down inside, then it’s probably time for an IT Service Gut Check.

So, here’s what you should be getting with a proactive IT service:

  • An Actual Proactive Service. If your service is indeed proactive, it should be actionable – meaning that these main things: People, Process & Best Practices are always in motion. Here’s a quick example: If the same issue occurs repetitively, then there aren’t really the right people, processes or practices for identifying the blind spots in your Technology. With a proactive approach, issues are identified the first time around, or before they even happen, and this gives you back more time for productivity.
  • Cyber-security. Cyber-criminals are hoping to get a backdoor entry into your systems, by getting into your providers systems. If their network is unsafe, and they don’t take their own defenses seriously, then this can lead to a disastrous chain reaction of events that could shut your business down for good. In order to ensure your IT service is truly “proactive”, then read our blog here – where we really dive deep into it.
  • Human connection. It goes without saying that a great point of contact such as a Business Advisor, VCIO or a Dedicated Client Success Manager goes a long way in the IT MSP world. Having someone in each of these roles helps to ensure that your business as well as your people are getting what they need, when they need it. The true purpose of having dedicated human resources managing as well as monitoring your technology (and not just having an Account Manager), is that you get the most value out of each of their professional perspectives which helps achieve your business goals you set out to achieve. The last thing that should be happening is reaching out to them only when you’re having IT issues.

If you’re seriously thinking about making a difference with your business technology, then send us an email at sales@pacetechnical.com call 905-763-7896 or to book an exploratory meeting with us here.

We’ve been talking to a few business owners who aren’t satisfied with their current IT Service, so we decided to make a list of the most common things they mentioned. We’ve also tried our best to relate them to rom-coms that we’ve all watched on Valentine’s Day. So here goes… Our money is being spent

Does Your Technology Need A Makeover?

Do you have a messy server room? When was the last time you took note of how many machines you own, and what each of them are contributing to your business’s goals? If these sounds familiar, then it’s time to take a closer look at your technology and examine how you can improve operations. One of the best ways you can do so is by eliminating unnecessary costs from unused and/or underutilized servers.

According to Processor magazine, a solid 30% of all powered-on servers aren’t working to their maximum potential. In fact, support servers average only about a 12-18 % utilization rate. This means that there are a ton of servers out there that are costing businesses money on unnecessary expenses. It’s basically like wasted money, especially when you consider that many businesses use several dedicated servers for email, file hosting, and more. The reasoning behind this is that the servers can function independently from one-another, but the reality of the situation is that servers use a ton of energy; energy that’s wasted if not taken advantage of properly.

The Benefits

There are many benefits to consolidating your server infrastructure. Performing a close analysis of your organization’s server infrastructure is imperative to cutting unnecessary costs and optimizing your bottom line. Here are some of the best ways your company can benefit from elimination of underutilized or unused servers.

  • Dramatic decrease in energy costs. With less machines online always, you can save money on operational costs, maintenance, and energy. Servers eat up a ton of electricity, so it’s natural that you do whatever you can to limit how much you use. Furthermore, maintenance is significantly less expensive if you only have one machine that needs updating, rather than four.
  • Simplified computing infrastructure. Instead of having all your technology spread across multiple pieces of hardware, you only always need a minimal number of machines operating. This makes it much easier to maintain and manage all your mission-critical technology from one central location.
  • More physical space for activities and other technology. Regardless of how many servers you’re able to eliminate, you’ll be saving valuable space that can be used for other, more productive things. For instance, you can use the freed space for storage. You’ll finally be able to get rid of that fax machine that’s been collecting dust on your desk.

If you’re unsure how many of your servers are underutilized, or if you need help identifying where you can shave off some IT costs, PACE can perform an obligation-free IT network assessment, where we take into account all aspects of your infrastructure; servers included. Furthermore, we can help your organization cut down on costs by taking advantage of virtual servers. When you virtualize a server, you’re eliminating the costs of running an additional physical machine, allowing one piece of hardware to perform the tasks of many.

This lets you reap the benefits of multiple servers while only worrying about handling one of them. For more information on how we can help your organization transcend the limitations of hardware and optimize operations, give us a call at 905.763.7896.

Do you have a messy server room? When was the last time you took note of how many machines you own, and what each of them are contributing to your business’s goals? If these sounds familiar, then it’s time to take a closer look at your technology and examine how you can improve operations.

Looking for Love? Definitely Don’t Look Here…

Just like the rest of the world, I was catching up on an episode of TLC’s 90 Day Fiancé: Before The 90 Days, and I came across this couple – Maria and Caesar. From the first 2 minutes of their love story, I had a gut feeling that poor Caesar got himself entangled in an online scam, nevertheless everyone else in his circle was getting a funky vibe besides him. Watching this show has made me hyper-aware of the concerns with finding love online, and now is not the time to be caught up in an online dating scam (unless you’re TLC, and you’ve created a worldwide fandom off of people’s happiness, heartbreak and naivety #LoveThatShow).

We’re in an age where technology is at the center of our lives dictating how we work, but especially how we play. Online dating has become one of the most exhilarating ways to meet new people from around the world, and as many as 1 in 3 persons in a room are currently signed-up on at least one dating app right now. There’s no shortage of dating platforms to take your pick, and whether you sign up for free or pay a premium – we have popular options nowadays like Tinder, Grindr, Bumble, Facebook Dating, Hinge, Match.com, e-Harmony, OkCupid, Plenty of Fish, and the list goes on and on.

Whether you’re into one-time hook-ups, fetishes, or specifics like nationality, race, or religion, there’s a place for you to find what or who you’re into. But just before you go on a swiping spree, here are some of the hard facts about online dating in Canada that should be on your radar:

  • Canadians lost more than $22.5 million in online dating scams in 2018 (compared to $17 million in 2012).
  • 55% of online daters have experienced some form of threat or issue while dating online, and are twice as likely to experience an IT security incident when compared to people who don’t.
  • Only 27% of online daters use a security solution to protect their device, and 16% do nothing at all to protect themselves.
  • Crimes involving dating apps have doubled in the last 4 years including actual incidents of murder.

So here’s the thing, these stats aren’t meant to make you delete all your dating apps and give up on love – it’s intended to create a greater awareness of the potential dangers that you’re exposed to by doing it. I can tell you that many people including myself have had great experiences with online dating, and according to a survey by SimpleTexting, “15% of couples who’ve met on a dating service have been seeing each other for over a year, and 13.6% are already engaged or married“. This is likely because these folks are taking appropriate precautions while doing so. Sadly, there are still many victims of romance scams, and we hear stories just like these ones all the time, nationally and internationally – Just last November, Global News posted a story about Michelle Boyer, a local Ottawa woman who became a victim of an online dating scam and said that her lover “made me feel like a real person, by telling me he loved me and I was beautiful – my ex never said stuff like that.” They also posted a story about a widowed senior named Margaret, who lost up to $140K to her online lover, and as a result, had to sell her car and move out of her condominium!

Never forget that scammers prey on your insecurities and they know exactly what buttons to push to get what they want from you. But let’s also not forget about the dating platforms and the role they play in all of this.

A few weeks ago, Grindr, OkCupid and Tinder, were at the center of controversy when they were accused of disclosing highly personal information and breaking privacy laws. Each app denied many of the accusations, but what you should always keep top of mind is that all of these apps have access to your DM’s, private photos and videos that you share with others on their platform. If you didn’t know by now, data breaches are a very real thing, and if one of these platforms were to get hacked, your information (as well any dirty laundry you may have out there) would be on full display – just ask the profile users over at Ashley Maddison…

So here’s the part of this blog that can actually help you out if you’re an online dater.

These are some major Tell-Tale signs to know if you’re caught up in an online dating scam:

  • It feels like they virtually don’t exist. They’re not on any other social media platforms (can’t find them when you Google Search, no LinkedIn profile etc.)
  • If you can’t find them on social media or if they have a profile that doesn’t go back a very long time and there is little activity happening on their feed/timelines.
  • They send you supermodel/stock looking photos, and never want to video chat with you or meet-up in person (You can always Google search images to find it’s origin).
  • This one goes without saying, but if they’re quick to say “I Love You” this is a bright red flag waving in-front of you.
  • Within a short period of time chatting with them, they’ve already asked you to send them money.
  • They try to keep you from your relatives and close friends, and create a narrative that it wouldn’t be a good idea for them to make an introduction.
  • They ask you for provocative photos (aka nudes) or videos which can later be used against you if they try to extort money.
  • They claim to be a member of the military (many romance scammers impersonate soldiers and other people in positions of trust).

Online Safety Tips For Dating:

  1. Never give out your real home address, work address, phone number in private messages, or when signing up.
  2. Take your time until you build up trust – Don’t let users quickly persuade you to continue conversations on others apps like WhatsApp or iMessage.
  3. Turn off your location settings, or use them sparingly.
  4. Be cautious of how much identifiable information you use on your profile. That includes displaying your education, employer etc.
  5. It may be best to sign up for paid dating apps since the free apps are more likely to sell your data and are more vulnerable to cyber-threats.
  6. Bonus Tip: Beware of platforms that are known for having a reputation such as: sugardaddyforme.com, Miss Travel, Ugly Schmucks, Zoosk, Date Hook Up, and worth mentioning again, Ashley Maddison.

To end this off, I just want to say be smart, be aware, be safe and most importantly good luck with finding love and have a Happy Valentine’s Day!

Just like the rest of the world, I was catching up on an episode of TLC’s 90 Day Fiancé: Before The 90 Days, and I came across this couple – Maria and Caesar. From the first 2 minutes of their love story, I had a gut feeling that poor Caesar got himself entangled in an

2 is Better than 1: A Guide to Multi-Factor Authentication

The following will guide you through the process of configuring Multi-Factor Authentication (MFA) with your company’s account as it pertains to Microsoft’s online services such as email/Outlook, Teams, SharePoint, OneDrive, etc.

Simply explained, MFA is a security system that requires more than one method of authentication from independent categories of credentials to verify a user’s identity for a login.  Previously, only a password was needed however going forward, logins will require something you know (your password) as well as something you have, in this case, it will use your mobile device, and it will ask you to permit or deny a login attempt.  For applications that don’t support this type of authentication or could be considered a nuisance, random passwords, called “App Passwords” are generated and assigned for each specific device or application.  I.e. Outlook, iPhone, iPad, laptop, will all have different random passwords.  Don’t worry, you won’t need to remember or keep track of them, in fact that’s the idea behind it.  It’s a password that you enter once and forget it, if you needed to re-enter the password, say because you got a new device, you would simply generate a new one and delete the old one.

After MFA has been enabled on your account:

  1. From your mobile device, proceed to your App Store/Play Store
  2. Search for and install “Microsoft Authenticator”
  3. On your PC, browse to a Microsoft login page, eg.
    https://www.office.com/
    Click on “Sign In
  4. Choose ‘Work Accountif you’re prompted.
    Enter your email address and current network password.
  1. You will be prompted with the following screen:
    More information required
    click Next.

 

  1. Prompt: Step 1: How should we contact you?
    From the drop-down menu select Mobile app
    Click button ‘Receive notifications for verification
    Click Set up

 

  1. Prompt: Configure mobile app
    Open the Microsoft Authenticator app
    on your mobile device.

  1. On your mobile device within the
    Microsoft Authenticator app, choose
    ADD ACCOUNT Select “Work or school account”

 

 

  1. Steadily hold your mobile device up to the PC
    screen and scan the QR code.
    The account should automatically be added.

10. On your PC, Click Next

11. The status will show ‘verifying’ Once completed the message will show:
Mobile app has been configured for notifications and verification codes.

Click Next

12. PC Prompt:

Step 2: Let’s make sure that we can reach you on your Mobile App device.
You will receive a notification on your mobile device to
Deny or Approve the request
Choose APPROVE

 

13. Prompt:
Step 3: In case you loose access to the mobile app
Enter a direct number where you can be reached.
In the event that your mobile device is damaged, lost or stolen, the MFA can use this number to authenticate you and also be used to configure a new mobile device when needed.
Click Next

14. Prompt:
Step 4: Keep using your existing applications
Click Done

15. Browse to: https://aka.ms/CreateAppPassword
This is where you will manage your ‘App Passwords’
Delete the ‘Initial app password<date+random no.>’
by clicking Delete next to the date, confirm with yes

16. Click create
Enter the name: Outlook On PC
Click next

 

17. Copy the new app password to the clipboard
If you’re not comfortable with using the
clipboard, paste the password to a blank
Notepad document.

18. Run Outlook on your PC
You should be prompted to enter a username
and password. Use your email address as your
username and paste the app password as your
Check on Remember my credentials
If you’re not prompted to enter your username
and password, please contact a PACE support
personnel who can assist you further.
Minimize Outlook to continue.

19. Return to the web browser, click close.
If you are receiving email on your mobile device,
generate another app password for email on
that device.
Use a descriptive name for your mobile device
which can include function and model
Email On iPhone8

20. On your mobile device, edit your mail account
settings with this new generated app password.

21. Continue to generate new app passwords for every
device that needs one.

22. You should browse to: https://aka.ms/MFASetup at any time to update your communication settings or to setup a new MFA authenticator for use on another device. Having up-to-date information is important in the event your Microsoft Authenticator app isn’t available such as you left your phone at home, dead battery or otherwise inaccessible.  The MFA can call or text you at another number to complete a request.

You’ve completed the MFA setup for your Microsoft Online account.  If you have any questions or issues with your setup, please open a support request with PACE and we will be able to assist you with configuring, using and troubleshooting issues with regard to your multi-factor authentication.

 

If you’re one of our clients, and you have any questions on setting up Multi-Factor Authentication for your business, please feel free to reach out to our Client Success or Client Strategist team for further information!

The following will guide you through the process of configuring Multi-Factor Authentication (MFA) with your company’s account as it pertains to Microsoft’s online services such as email/Outlook, Teams, SharePoint, OneDrive, etc. Simply explained, MFA is a security system that requires more than one method of authentication from independent categories of credentials to verify a user’s

Meet Our Client Success Team!

Don’t You Mean Customer Service?

Client Success has often been mistaken for customer support or customer service; although very similar, they are very different from each other.

Here’s a simple breakdown:

Customer support or service is technical and reactive whereas, Client Success is strategic and proactive.

It’s true that clients require fast and friendly reactive service when they’re frustrated with technology and PACE will always be there to help fix it. With that said, Client Success is more focused on the business results that your people can see and measure. It seeks to understand the desired outcome that a client requires and creates custom benchmarks for gauging their success. We achieve this by monitoring clients for potential areas of deficiencies in their service and this reveals room for improvement and better strategic guidance. At PACE, we never use a cookie cutter approach. As we on-board each new client, we create a customized system to help them get the most value out of their IT investment.

In the Managed Service Provider (MSP) world, Client Success is a relatively new concept. PACE started seeing the need for a dedicated Client Success department in 2018 as we acquired more clients with unique needs. We’re considered an industry leader for implementing this department and we’re thrilled to formally announce that we have an amazing Client Success team of two running the department.

Anika is the head of the team and we’d like to officially welcome Marc on board, who’s the first point of contact at the PACE help desk, and you may have already been in contact with him when you reach out to us! So whether it’s on-boarding or special projects, they’re both here to humanize your experience and make it a pleasant one. They create KPI’s and monitor your feedback for a more proactive approach that will help us serve you better. Your incoming tickets will be triaged to the right department, and they will coordinate internally to follow up with updates or questions that you may have.

From start to finish, you’ll always be in the right hands with this Duo!

Anika Ahmed, Client Success Manager & Marc Ludwig, Client Success Associate

 

Don’t You Mean Customer Service? Client Success has often been mistaken for customer support or customer service; although very similar, they are very different from each other. Here’s a simple breakdown: Customer support or service is technical and reactive whereas, Client Success is strategic and proactive.

A Message From Shael Risman, CEO PACE Technical

I hope the holidays treated you well, and that you are embracing the Canadian winter and focusing on the lovelier weather ahead – both personal and business-wise! 

As per our commitment to timely and effective communications, at this time of year I like to update our valued client-base on the goings on here at PACE.  There is a LOT of stuff happening behind the scenes that we don’t always make a big deal about, and this is our chance to get you in the know. 

 ENDPOINT ADMINISTRATION IMPROVEMENTS 

We’ve heard your feedback, and have worked hard this year to maintain industry-leading delivery and deployment times without compromising on quality. Our EA Department now processes and deploys hundreds of machines a year, and we are building out our facility and streamlining the process to get your business machines to you faster! 

 24/7 SUPPORT ON THE WAY!  

As PACE has grown and taken on more international clients, we have seen the demand for 24/7 support skyrocket.  We are thrilled to announce that by the end of the year our clients will be able to add round-the-clock Support Centre access to their PACE CompleteCare subscription!  Details will be forthcoming from your BTA – so stay tuned! 

 REFERRALS 

Client referrals are our bread-and butter, and we are thrilled to announce that the past year has been a record breaker when it came to our clients referring new business to us.  Not only is that a true testimonial to the level of confidence our partner base has in us, it also allows PACE to steadily build a knowledge base steeped in like-minded businesses that value their technology.  It is a win-win for everyone! 

 If you know a business like yours with 20-200 employees that needs a better end result in IT, let us know!  If they become a client, we will give you a $3000 credit on your next monthly invoice! 

 That’s it for now – but there is always more coming from PACE! 

I hope the holidays treated you well, and that you are embracing the Canadian winter and focusing on the lovelier weather ahead – both personal and business-wise!  As per our commitment to timely and effective communications, at this time of year I like to update our valued client-base on the goings on here at PACE. 

Windows 7: End of Life Notification for PACE Clients

Greetings & Happy New Year!

As you may already be aware, Windows 7 will reach its End of Life phase on January 14, 2020.  At that point, Microsoft will stop releasing updates and patches for the operating system.  This doesn’t mean that your Windows 7 PC will suddenly stop working on January 15.  In fact, your computer will still boot up as normal, and you probably won’t notice any difference.

It is important to keep in mind though, that just because you will still be able to use your Windows 7 machine, it doesn’t mean you should.  The biggest concern with running Windows 7 after this date is that it will leave your machine (and by extension, your entire corporate infrastructure) vulnerable to emerging security threats.

Windows 7 is an extremely popular operating system, and many people will want to stick with it despite the risks.  Malicious users are well-aware of this fact and are ready to take advantage of it.  Once January 15 rolls around, cyber-criminals will start actively targeting Windows 7 machine users with viruses, ransomware, and other malware, which can put your business in the cross-hairs.

The best way to mitigate this security risk, is to upgrade all your Windows 7 machines to Windows 10 right away.  In newer machines, this may be as simple as upgrading the operating system on the existing hardware, but for older computers, it is usually better to start fresh with a faster and more efficient PC.

Your PACE Business Technology Advisor can work with you to discuss your options and ensure that your migration happens as smoothly as possible, so you can have the peace of mind of knowing that your business is protected.

Give us a call today to get the ball rolling!

Regards,

Jay Da Costa

Director of Service Delivery

Telephone: 905-763-7896 x 226

Email: jdacosta@pacetechnical.com

Greetings & Happy New Year! As you may already be aware, Windows 7 will reach its End of Life phase on January 14, 2020.  At that point, Microsoft will stop releasing updates and patches for the operating system.

Cleaning Up Your Clutter in 2020

It’s January 2020, but you probably still have 10,000 unread emails and dozens of files and documents that you don’t need anymore. When it comes to keeping organized, many of us are last minute and forget to do a clean sweep before the new year rolls in. There’s no reason to hoard all your not-so-important files (like your screenshots of memes) into 2020. Here are a few things that you can do to tidy up before January ends for a much more organized year ahead.

  1. Delete spam/junk emails from your inbox.
  2. Create folders to keep the files/documents you need from 2019 or previous years.
  3. Decide what to keep and what can hit the trash folder.
  4. De-clutter your desk area, leave just the essentials.
  5. Throw-out old reports and print outs in your desk/drawer.
  6. Clear the cookies and cached images/files in your browser history.
  7. Clean up your downloads folder and delete what you don’t need.
  8. Get rid of unwanted bookmarks in your browser.
  9. Keep work and personal files separated.
  10. Designate areas for each item such as incoming and outgoing documents.
  11. Throw out expired snacks and goodies in your desk.
  12. Donate extra stationery that you don’t need to a nearby school or charity.
  13. If possible, rearrange your office for a fresh new look.

Think of your work-space as a haven for concentration and focus. Eliminate clutter and junk that can distract you or get in the way of doing your best work. You’ll have more time to be productive if you reduce the time it takes to search for things that you can never find. Some other tips for getting through the year in a better state of mind would be to get away from the office for lunch, do meditations, and take your breaks by walking around and getting fresh air outdoors.

Bonus Tip: At the end of every week, book off some time in your calendar to tidy up emails and files that you don’t need. This way you’ll stay ahead of the clutter and you won’t have to do such a large sweep when the new year starts!

Happy De-Cluttering!

It’s January 2020, but you probably still have 10,000 unread emails and dozens of files and documents that you don’t need anymore. When it comes to keeping organized, many of us are last minute and forget to do a clean sweep before the new year rolls in. There’s no reason to hoard all your not-so-important

Will Your Business Go Down in Flames in 2020?

Backups can sometimes come across as a complicated concept to wrap your head around. But here’s the most important thing that you need to know about them.

  • Do you know the recovery time associated with getting your business up and running in an event such as a disaster, fire, or flood?
  • Can you remember the last time you did a full Disaster Recovery test?
  • Are you able to go back in time to see what took place during a certain time or an exact date, let’s say 6 months ago?

These are some of the basic questions about backups that you should be able to answer. What if an angry employee started a fire to your premise or a major flood had your entire company under water? If either of these scenarios were to come to life, do you know what would happen to your data. Is it gone forever? Are you up and running in 2 weeks or 2 days? Would the amount of downtime significantly affect your business, or would it barely leave a dent in your pocket?

Backups For Business Recovery & Continuity

The true goal of a good backup solution is a little more than just ensuring your files can be restored, it should also take it a step further to ensure that your business can continue to stay operational under any condition or event.

So, regardless of if you invest in the latest, greatest and most expensive electronics, laptops or computers for your company, that won’t guarantee that your business will continue to function if something disastrous were to happen.

Backups are so much more than just file restoration. You should start thinking of backups as a vital business tool to protect the entirety of your company regardless of all the different ways it can be harmed. So, whether it’s a Physical threat (e.g. like hard drive failure, fire, flood, theft), Virtual threat (like viruses) or Cloud-Based Issue, investing in the right backup solution can avoid disastrous scenarios from happening in the first place, and ensure that if it does happen that it won’t be the end of times for you and your business.

If you need assistance with finding the best backup solution for your business, send us an email at sales@pacetechnical.com or call 905-763-7896.

Backups can sometimes come across as a complicated concept to wrap your head around. But here’s the most important thing that you need to know about them. Do you know the recovery time associated with getting your business up and running in an event such as a disaster, fire, or flood?

The Most Common Types of Online Scams

In 2019, everyone including celebrities were falling for the most realistic online scams, just ask Julia Roberts, Usher or Pink.  Everyday it seems as though there’s a new scam out there, but here are (3) online scams that you should always keep an eye out for as a business professional: Credit Card Fraud, Phishing Scams and Job Application Scams.

Credit Card Fraud is more common than you might think. Be wary of the websites that you make shopping transactions on since this is how cyber-criminals can get their hands on your personal and financial information. Some websites try to lure people in with deals that sound like they’re too good to be true, or priced way below their market value. If you start seeing activity on your credit card that you don’t remember, this could be how your information was breached. If you’ve noticed any questionable transactions on your account, report it immediately to your bank institution to cancel the card. Make it a habit to regularly check your transactions online or when you receive your monthly statement. There are also telephone scammers that attempt to get your credit card information by posing as the Canada Revenue Agency. Never give out your credit card information to any suspicious caller – as creative and believable as they may seem, always be on the safe side and never share your PIN with anyone over the phone or online.

Image result for credit card fraud

 Phishing Scams

According to the Q1 2019 RSA Fraud Report, 52% of phishing attacks occurred in Canada alone. Phishing simply explained, is when someone tries to get access to your private accounts such as your Gmail, Instagram or Facebook by sending you a clickable link in the message with the goal of getting you to send your personal information. If a hacker is able to get into your account via phishing, they can attempt to change your password and lock you out of it. Always double-check who the sender is, and never open a suspicious looking email or click any of the links or downloadable attachments. Setting up multi-factor authentication is also an additional layer of security that will keep hackers out of your account if you fall for a phishing attempt.

Pro-tip: Watch out for “smishing” the SMS version of phishing scams. It’s when someone attempts to get your private information by sending you a text message with a phishing link.

Image result for phishing

Job Application Scams

Imagine finding your dream job online. They’re offering you a huge salary and lavish perks. You’ve submitted all your personal information that they’ve required including your full name, date of birth, home address, phone number and maybe even your SIN number and bank information. Just like that, you’ve literally bore your soul – well not exactly, but it might as well be since this sensitive information can be used to hack into your financial accounts, or worse cause scenario – your identity – which can go up for auction on the Dark Web. Job scammers use legitimate looking vacancies to seek your interest. It’s never a bad idea to thoroughly do your homework on the company, as well as the job listing. We recommend finding jobs directly from the company’s website and not on skeptical websites that are completely unrelated to the company. Other than requesting a cover letter and a resume (maybe even a portfolio depending on the position) – most vacancies do not require you to submit sensitive information at this stage of the process, so watch out for job postings that require this kind of information upfront.

Image result for job scams

Pro-tip: “Be suspicious of unsolicited ‘work from home’ opportunities or job offers, particularly those that offer a ‘guaranteed income’ or require you to pay an upfront fee”. Avoid any arrangement with a stranger that asks for up-front payment via money order, wire transfer, international funds transfer, pre-loaded card or electronic currency. It is rare to recover money sent this way.

 

In 2019, everyone including celebrities were falling for the most realistic online scams, just ask Julia Roberts, Usher or Pink.  Everyday it seems as though there’s a new scam out there, but here are (3) online scams that you should always keep an eye out for as a business professional: Credit Card Fraud, Phishing Scams

Tips to Keep Your Cell Phone or Personal Computer from Getting Hacked

Here’s the ugly truth about cellular devices that most business owners probably don’t realize; Over 74% of companies around the world have reported one or more data breaches due to mobile security issues and IT professionals have ranked mobile devices as the hardest enterprise to defend. It’s no surprise that this is happening globally since, mobile online traffic represents over 52% of internet usage worldwide, not to mention more than 180 billion apps have been downloaded from Apple’s App Store in 2017 alone. Nonetheless, we’re undeniably attached to our cellphones and laptops. Most of us access our work emails and documents that we need on a day-to-day basis on these devices, and we’re virtually dependent on them to function. So whether we use them for work or pleasure, our sensitive information on these devices such as our passwords, notes, banking information and private photos should be protected so that you’re not the next victim of a cyber-attack or security breach.

Here are 10 tips to keep your electronic devices protected:

  1. Don’t open emails from unknown senders.
  2. Resist clicking on pop-ups and deals that sound like they’re too good to be true.
  3. Never give out your credit card information over email.
  4. Use an Anti-Virus protector on your cellphone and PC.
  5. Make your passwords difficult (so no nicknames, birthdays, lovers or children’s names – these are way too easy for hackers to find out about you).
  6. Beware of FREE Wi-Fi networks when you’re out in public.
  7. Keep your software updated regularly.
  8. Use only trusted browsers like Safari, Google Chrome or Firefox.
  9. Don’t always leave your Bluetooth on (Blue Snarfing is an actual thing).
  10. Use a strong password on your device and multi-factor authentication to access your applications.

Bonus Tip:

Did you know that “Smishing” is the cell-phone version of Phishing? It’s when someone tries to trick you into giving them your private information via a text or SMS message. Smishing is becoming an emerging and growing threat in the world of online security.

If you think that your cellphone or personal computer may be putting your privacy at risk, then it’s probably time to upgrade your IT security on all your devices. For more information on how to keep your personal and business data secure email us at sales@pacetechnical.com or call us at 905-763-7896.

 

 

 

Here’s the ugly truth about cellular devices that most business owners probably don’t realize; Over 74% of companies around the world have reported one or more data breaches due to mobile security issues and IT professionals have ranked mobile devices as the hardest enterprise to defend. It’s no surprise that this is happening globally since,

4 Tips to Shop Securely Online

The 2019 holiday online shopping season is shaping up to be the biggest yet. According to a projection from research group Forresteronline retail in Canada will generate a spend of $39.9 billion in 2019, accounting for 9.5 percent of all retail transactions. Criminals are good at following trends; they have their online traps baited and ready for the holidays, hoping to nab credit card numbers from unsuspecting shoppers. We are not trying to deter you from shopping online, there are also risks and unpleasantries associated with traditional shopping, like muggings and foul body odors; instead, we want to educate you on four best practices to ensure your online shopping is safe and pleasant this holiday season.

Use a Secure PC
Before you do anything else online, you first need to make sure your computer is secure. You should check your security software, and find out if is up-to-date. It is even a good idea to run a scan before you do a transaction. One trap used by cybercriminals is to plant a keylogger in your system that will keep track of every keystroke. When the keylogger detects anything that looks like sensitive data, it will automatically communicate your information to the wrong people. Another important safeguard is to keep your browser and operating system current, be sure to check for updates before shopping.

Shop Trusted Sites
When you surf the net for deals, you will come across many advertisements tailored to your search engine inquires. If an advertisement sounds too good to be true (like an iPad for 72% off), then it probably is. These too-good-to-be-true ads are likely ploys used to get you to visit a shady third party site. The best practice is to shop the official websites of major companies. If you are enticed to check out an unfamilar site, you can research reviews on Bizrate.com and ResellerRatings.com to find out if the site is legitimate or not.

A Padlock for Your Browser
Before you make a purchase, look for a little padlock icon in your web browser, and make sure the padlock is in the locked position. This means that the site has a secure socket layer (SSL) of encryption to enhance security. One way to double check if the padlock is real or not is look at the URL, if it starts with HTTPS://, instead of HTTP://, this means it is a legitimate SSL site. Several security software companies add an additional layer of shopping protection by giving you the option to open the web-page in a virtual window using their software. Avast calls this the SafeZone, look for this feature with your antivirus software.

Credit, Not Debit
Credit cards give you the option to “charge back” fraudulent transactions to your account if they are caught within an agreed upon period of time, be sure to frequently check your statements to catch any weird transactions. Debit cards do not have this “charge back” feature, if money is stolen from your debit account, then it is gone for good. The most secure option for shopping online is to use gift cards, or rechargeable credit cards.

Three additional online shopping tips are: 1) Never shop over a public Wi-Fi connection, 2) use official apps directly from the company when shopping from your mobile device, and 3) remember to use strong passwords when creating an account. A lot of this boils down to common sense, if your gut is telling you something is fishy then it is best to stay clear.

If you plan on shopping online this year, and you want the best protection for your accounts, then call PACE Technical Services at 905.763.7896 and we will check your PC and mobile devices for spyware. We can even install, monitor, and maintain your anti-virus software and firewall to maximize your online shopping experience; because we know you have more important things on your mind during this holiday season than cyber-security.

The 2019 holiday online shopping season is shaping up to be the biggest yet. According to a projection from research group Forrester, online retail in Canada will generate a spend of $39.9 billion in 2019, accounting for 9.

4 IT New Year’s Resolutions Your Business Can Actually Stick To

Start 2020 off with a plan to better your business through better use of technology.

New Year’s resolutions are a bit of a punchline these days. We all say that this year will be the year we finally commit to ‘X’, and make a plan we’ll see through to completion. However, by the time February rolls around, we’ve already abandoned those plans – and our resolution along with them. This happens not only in our personal lives but in our business lives as well.

While we can’t promise that 2020 will be the year you finally keep your personal resolutions, we can all but guarantee that this will be the year you keep your business resolutions. Specifically, your IT resolutions.

The first step is deciding on which resolutions will benefit your business the most, and how best to go about laying out a plan to make those goals a reality. Based on our first-hand experience helping businesses set and reach IT goals year after year, the PACE team has a few suggestions for resolutions you should make for your business in 2020 – and how to keep them.

IT New Year’s Resolution #1: “This year I want my IT provider to proactively work with me to create a real plan for my business technology, track and report performance, and align my IT to true standards and best practices, not just show up when there’s a problem.”

This might be the easiest IT resolution for your business to keep since much of the hard work falls to the IT company you choose. Whether you’re looking to get more out of the IT provider you’re already working with, or are in the market for someone entirely new, you’ll want to start by asking a few basic but critical questions.

The key is to make sure you’ll be working with a company that can meet your expectations, so you’ll need to know that they can:

  1. Provide the knowledge, expertise, processes and staff needed to help you create and carry out strategic IT goals.
  2. Provide you with constant updates and feedback to ensure your technology is performing at its peak.
  3. Provide solutions and guidance to help you meet compliance requirements and security best practices.
  4. Proactively monitor and maintain your IT systems to keep costly downtime to a minimum.

Find an IT provider who can give you a firm “yes” to these questions, and you’re well on your way to fulfilling your resolution.

IT New Year’s Resolution #2:I don’t want to worry about data breaches or downtime to my business. I want to know that there is a proactive process for ongoing system checks and best practices and reporting to remove any blind spots and areas of risk.”

This is something that can be tricky to take care of on your own. The resources and manpower needed to keep your business productive and secure are often more than a business can manage in-house. Partnering with an IT support provider who offers complete security monitoring, as well as a comprehensive security assessment designed to uncover any vulnerabilities or flaws will help your business keep this resolution. A good IT provider will go out of their way to make sure no aspect of your security has been overlooked and sit down with you to come up with a plan to keep your business and your data safe, no matter what.

IT New Year’s Resolution #3:I want a better return from my people, and IT costs. I will have a proactive system and process in place to measure and report key IT metrics and KPI’s to better understand my system performance and implement a process and strategy to regularly review and work on improving IT performance.”

Having data like this readily available to you to help inform business choices going forward is invaluable to your future success – yet many businesses don’t have any processes or protocols in place to measure or interpret this information. Sit down with your IT provider to discuss the options available to your business and implement a solution that suits your specific needs. Once you have a plan in place to gather this data, you can make reviewing the data part of your management routine to ensure you’re using the information provided to your full advantage.

IT New Year’s Resolution #4:I will no longer settle for just fixing IT issues. I want a true proactive process in place to maximize my IT and business results.”

This resolution is as simple as it is critical to your business’ ongoing success. If you’ve been relying primarily or entirely on break/fix IT support to keep your technology running, you really should make 2020 the year you leave break/fix IT behind.

While it’s important to have the support that you can count on when something goes wrong, it’s much, much more important to have support in place to keep things from going wrong in the first place. Proactive IT maintenance is just one small part of what a Managed IT Service Provider can offer your growing business. The full range of support solutions these providers have to offer will not only help you stay ahead of potential problems but grant the ability to leverage your business technology in ways you never thought possible.

 

If any of these New Year’s IT Performance Resolutions sound like something your business would benefit from, contact PACE Technical at (905) 763-7896. We can help take care of all your IT resolutions in 2020.

New Year’s resolutions are a bit of a punchline these days. We all say that this year will be the year we finally commit to ‘X’, and make a plan we’ll see through to completion. However, by the time February rolls around, we’ve already abandoned those plans – and our resolution along with them.

IT Business Planning For 2020 – Seminar Recap

As the year is coming to an end, this is the time that most businesses and organizations look back on how things went to start planning for the new year. We recently held a seminar for the Canadian Society of Association Executives (www.csae.com) on how to create a Strategic IT Plan. This blog is a break-down of the presentation, so that other businesses and organizations can leverage what was reviewed in order to start their own 2020 IT Business Planning.

First, We began the seminar with a poll to quickly gauge the audience on who felt as if they had a good process around general Business Planning. Quite shockingly, approximately only 2% of the audience felt as though they did.  If you don’t have a good process or structure around Business Planning, I have a fantastic free resource that we discovered many years ago, and it has been a key factor in our own business success.  The organization is called Gazelles (www.gazelles.com), and they have structured a system for Business Planning and management based on how John D. Rockefeller ran his businesses.  We highly recommend reading their book Scaling Up (https://scalingup.com/), written by their CEO, Verne Harnish, and utilizing their free resources (https://gazelles.com/resources/growth-tools) – specifically the One-Page Strategic Plan.  In one simple view, you develop the guiding principles of your organization, set long, medium and short-term goals, and the key initiatives and measurable KPI’s that will help you attain them.  We really love this subject, so please contact us if you need any assistance.  We also had a focus on process for every section of the presentation, and questions for reflection afterwards.  For this section we asked:

  1. What is your current process for Business Planning?
  2. When do you start the process, what are the key dates, and when is your completion date?
  3. Who’s responsible for ensuring this gets done?

Second, we discussed conducting an Organizational IT Assessment. This starts with a non-IT review of the organization/business purpose, mission and core values.  Overall, we want to ensure that any decisions or strategies around IT are in line with the direction that the organization/business is going.  What are the long- and-short-term goals of the organization, and what are the changes that will be happening over the next 1-3 years? (i.e. growing, shrinking, moving, adding new services). We want to ensure that any IT changes will accommodate and prepare for any of those changes.  Next, we return to an IT focus that starts with an understanding of the role that IT plays in the organization, and why does it exist?

Obviously, IT was initially introduced into the business-place to help do things better, faster and with fewer resources than your competitors. While that still holds true today, everyone has technology in the workplace.  Today, efficiencies come in a different form – technology performance, security and accessibility – all of which significantly affect most organizations biggest expense – their payroll and/or the people using the technology.  Next, we look at how important IT is to the organization, what is the cost/risk associated with downtime, data loss, data breach and small-to-large performance issues with staff.  All organizations are reliant on IT, but they vary on their tolerance for IT issues.  Lastly, we want to review the current IT issues.  What are the things slowing down your staff, recurring issues, gaps, security concerns, etc. that are getting in the way of your people getting their jobs done?  These should all be documented and assessed with a severity level.  For this section, here are some questions for reflection:

  1. What is the process for identifying the top IT issues slowing down your people?
  2. What is the process to assess and report to management, any areas of risk with regards to IT?
  3. What is the process for infrastructure review – how often does it happen, how is it documented and who is involved? Are we really following any structure or process or just reacting to issues as they come along?

The third part of the IT Business Planning process is the Infrastructure review. We’ve created a free template to track inventory (PC’s, laptops, servers, networking equipment, printers, etc.).  If you have an internal IT person or outsourced IT company, they should be providing this information to you on a regular basis without you having to ask for it (probably a red flag if they’re not).  We want to track all inventory items, basic specs (if you have them), age of the equipment, warranty status and any notes (history, performance issues, flags for replacement, etc.) as well as action items for each entry.  All businesses should have a Hardware Life-cycle Plan that defines how and when you replace equipment, otherwise, there’s no control over costs and you’d be replacing equipment as it dies causing disruption and poor performance for your staff.  So, here are some questions to ask:

  1. Do you have a defined process for managing hardware replacements?
  2. Are you budgeting for hardware replacements and capital costs related to IT?
  3. Do you keep an up-to-date inventory of your IT equipment? (PC’s, laptops, servers, networking equipment, etc.)

The last part, and certainly not the least, is IT Security and Business Continuity/Disaster Recovery. We tell people all the time that every business in the world now has a firewall and antivirus, yet we still hear of breaches and ransom attacks every day. Why is that? It’s because hackers and cyber-criminals target network vulnerabilities and people. So beyond having some IT security tools like a firewall and antivirus, it is an absolute must to have some security processes in place that regularly check your systems for what we call “blind spots”. These are all the unknowns and unchecked elements of your IT systems. Without a proactive process in place to check for vulnerabilities and unknowns or educating your people on threats and what they look like, your business may be exposed to risks.  Together with Security is Business Continuity, which if set up properly with the right solution, can act as a safety net to keep your business up-and-running in any event (fire, flood, theft, breach, etc.).  The key here is having the right solution for your business and your expectations.  Every business should know what the timeline and process would be for getting back-up-and-running in any event from small to catastrophic. However, we’ve met with many business owners and they don’t know this basic information.  Not every backup solution will get you running “right away”, and in fact the average recovery times with many backup solutions is 2-4 days.  It’s important to ensure that your business requirements for recovery are met.  For this section, here are some questions for reflection:

  1. Beyond having a firewall and antivirus, what process is in place and reported to management showing the business that there is an alignment to basic security standards?
  2. What is the process and timeline to recover from a disaster or major server failure?
  3. If you are running Cloud Services, have you checked the retention rate on data to ensure it meets your requirements? (FYI, many Cloud Services only have a 30-day backup data retention policy)

Remember to download our FREE IT Business Planning Guide here.

We hope this information has inspired you to start your IT Business Planning for 2020. If at some point you get stuck or decide to move forward with a professional solution to manage your IT, then feel free to reach us at 905-763-4443 or email:sales@pacetechnical.com and we’d be happy to assist you with the process.

As the year is coming to an end, this is the time that most businesses and organizations look back on how things went to start planning for the new year. We recently held a seminar for the Canadian Society of Association Executives (www.csae.

2019 Holiday Party & Awards!

Our holiday party was an evening of festivity and recognition for hard work. This year we featured Blackjack and Poker for our entertainment, and enjoyed a variety of mouthwatering fixings from the Sheraton Hotel. Each guest in attendance received a special gift bag from PACE, and there were tons of cool prizes that were given away such as Samsung Tablets, Nintendo Switch’s and PlayStations. We even indulged in a few drinks to celebrate our dedicated team and a prosperous year.

On behalf of the entire PACE family, we would like to extend a very heartfelt thank you to our generous founding fathers, Shael Risman, CEO and Michael Sugrue, President for their continuous support and encouragement throughout 2019. They always inspire us to do our best and we are proud and honored to be a part of the PACE Pack that they’ve created. We had such a blast and we look forward to working harder and playing even harder in 2020!

Shael Risman & Michael Sugrue with the winners of our Annual Company Awards.
Brian Morson: Executive Choice Award, Anika Ahmed: Vision & Values Award & Farshid Afshar: Executive Choice Award.

 

Shael & Mike with with their holiday presents.

 

2019 Holiday Party Picture Collage

Our holiday party was an evening of festivity and recognition for hard work. This year we featured Blackjack and Poker for our entertainment, and enjoyed a variety of mouthwatering fixings from the Sheraton Hotel. Each guest in attendance received a special gift bag from PACE, and there were tons of cool prizes that were given

How To Avoid Wi-Fi Scams During The Holidays

Open and unsecured Wi-Fi networks are the ultimate gift to hackers. It’s as easy as stealing candy from a baby, for them to get a hold of your passwords, credentials, and financial information. By connecting to public Wi-Fi, you are potentially allowing hackers to view all the activities taking place on your device. 

This is a cause for concern year-round, but especially worrisome during the holidays when users are more likely to use the mall or coffee shop Wi-Fi to browse and make purchases online. The best way to protect yourself and your data is to avoid using these connections altogether, or at the very least avoid logging on to sites that require a password or putting in credit card information. You should also turn off your Bluetooth and file sharing in your device settings when you’re not using it. 

So how exactly do hackers use these open Wi-Fi connections to steal your sensitive data? I’m glad you’ve asked. Two of the more popular methods are Man-In-The-Middle attacks, and Evil-Twin Attacks. 

Man-In-The-Middle attacks work by allowing the hacker to place themselves between you and the intended Wi-Fi connection point. Instead of connecting directly to a Wi-Fi hotspot, any information you send out filters through the hacker, allowing them to impersonate you. This means your passwords, credit card information, and even login credentials for your secure business network are virtually in the hands of the hacker. 

With this information, a hacker can easily transfer funds out of your personal or business accounts and into theirs. They can even bypass your business’ network security to steal confidential client information or financial details, or plant malware or spyware on your systems. 

Evil Twin attacks are carried out by hackers that set up Wi-Fi access points that mimic known networks in the hopes of tricking your device into connecting automatically. If that happens, the hacker can then hijack your device. Once they have control of your device and credentials, they are free to do any of the same things a hacker behind a Man-In-The-Middle attack can do. 

 Unsecured networks are an open invitation to hackers, and not even password protection can be enough to stop them. Which is why it’s so important to never send out any financial information over a public network. You should never connect to free Wi-Fi automatically, and never shop online while using free Wi-Fi. 

 Public Wi-Fi isn’t your only concern for risk. If your business does not have the right security measures in place to protect your own wireless connection and network, a hacker can easily use your own Wi-Fi against you 

 If you suspect that your business Wi-Fi might not be secure, then give us a call at 905-763-7896 or email sales@pacetechnical.com to get the best IT Security solution for you. 

Open and unsecured Wi-Fi networks are the ultimate gift to hackers. It’s as easy as stealing candy from a baby, for them to get a hold of your passwords, credentials, and financial information. By connecting to public Wi-Fi, you are potentially allowing hackers to view all the activities taking place on your device.

How to Avoid a Lump of Coal in Your Stocking This Christmas

Stay safe from scammers this holiday season by using a few common-sense strategies

Scammers are like the Grinch of the holidays; they’re seemingly more active during this time and they might just ruin your holidays. They count on tired and harried shoppers letting down their guard as they scramble to finish checking off their Christmas list. Online shopping has made our lives easy and convenient however, this has come at a steep price for businesses if they get wrapped up in one of the latest online scams. 

Here’s the top (3) worst scams during the holidays, and how you can avoid falling victim to these traps 

Counterfeit Products 

Sellers of fake products peak people’s desire to keep their holiday gift giving costs low. They advertise prices that sound like they’re too good to be true, and target people seeking to buy brand name items and electronics, that are sold out from well-known stores. Predatory sellers are also active on common online marketplaces such as Amazon and eBay, so be sure to check each seller’s rating prior to buying from them. It’s a huge red flag if they have horrible ratings or low transaction rates, and you should pass them up no matter how great the deal might seem. 

“Flipped” products are another thing to watch out for from online auction-style marketplaces. Scammers typically buy large amounts of the year’s hottest items, causing shortages among traditional retailers and put them up for sale on eBay or similar sites then sit back while frantic consumers compete in bidding wars. These same products are usually available again for significantly slashed prices once the holidays are over.

Phishing

Phishing scams have been around for years, but they change in nature quite frequently enough to through even the most careful shoppers off their guard. An example of a phishing scam is gift card offers from well-known retailers. An example of this happened to Costco who recently announced that there had been a Facebook advertising scam for a free $75 couponArtistic scammers go as far as to create authentic-looking websites offering popular items for sale. This is particularly pernicious because you not only won’t receive the product, but your personal information may be sold off to identity thieves on the Dark WebBottomline here is to always protect yourself by shopping with established retailers only, and by using software designed to keep your financial information as safe as possible. 

Data Attacks 

Hackers also focus on legitimate retailers this time of year to harvest the personal and financial information from their customers. Fortunately, major retailers have recently taken steps to provide enhanced data encryption of sensitive information provided by their customers, but caution is nonetheless advised. Enabling online access to bank accounts and credit cards allows consumers to closely monitor their financial transactions and take steps to minimize attacks from scammers if unauthorized charges or other signs of a data breach enter the picture. Nonetheless, identity theft is no picnic, so protect yourself by frequently checking your accounts daily, never use public or unsecured Wi-Fi connections to make online purchases, and use a protection package designed to identify online threats. 

If you suspect that your business Wi-Fi might be exposed to hackers, then give us a call at 905-763-7896 or email sales@pacetechnical.com to get the best IT Security solution for you. 

Stay safe from scammers this holiday season by using a few common-sense strategies Scammers are like the Grinch of the holidays; they’re seemingly more active during this time and they might just ruin your holidays. They count on tired and harried shoppers letting down their guard as they scramble to finish checking off their Christmas list. Online shopping has made our lives easy

Beware of Holiday Gift Card Scams

It’s Christmas Eve and you’ve run out of time to purchase a heartfelt holiday gift for your husband, wife, parent, child or maybe even your overly friendly neighbor Jim. It’s the obvious and most convenient last-minute option that comes to mind, and the most popular item on everyone’s wish list, – it’s the choice that never seems to disappoint around the holidays or any occasion. While gift cards are a “killer” option, they may potentially be a dangerous one – that’s of course if you get scammed. 

 Here’s What You Should Look Out For When Buying Gift Cards… 

Look closely. Scammers aren’t just hanging out online, they’re also lurking through your favorite stores, recording the registration number on gift cards along with their activation PIN. If you’re in a rush to pick up a gift card, make sure you check for tears, wrinkles or damages to the packaging – this is a serious red flag that it might have been tampered with. FYI, scammers go as far as putting stickers over the activation number, so when in doubt, the best thing for you to do is to take it to the cashier or service station to check before you buy it. 

Register the gift card. You can simply ask the store cashier/clerk to check if the brand of gift card will allow you to register it. This will add an additional layer of information that will connect the card to the recipient, making it harder to access if it was lost or stolen. 

Report a lost or stolen gift card. Like credit cards, you can make a call to report a lost gift card by contacting the customer support number of the card issuer. This way if someone else got their grimy hands on it and tried to use it, they won’t be able to. It’s also not a bad idea to keep an eye out on the card if you’re planning on mailing it to the recipient – so keep your tracking number and receipt handy. If you’re sending an electronic gift card, then be sure to password protect it. 

The last thing you’d want is an embarrassing and awkward phone call from your 3rd cousin Jill, screaming that the balance of her gift card is $0. So, save yourself the trouble by being extra cautious this holiday season. 

Another common occurrence that you should be aware of during the holidays, are phishing scams that target local businesses. Scammers are sending legitimate looking emails, to appear as if they came from a co-worker, boss or colleague asking if you could secretly buy things such as office gifts, and not to tell anyone else about it. You’ll also hear about telephone scams on the news. There was a recent story surrounding scammers pretending to be police officers, informing citizens that there’s been a warrant out for their arrest, and that they have to pay in cash or gift cards. How bizarre is that? Sadly, this can happen to anyone if they’re not careful enough this holiday season. Let’s hope it’s not you. 

 If you suspect that your business may be at risk or exposed to phishing attacks, then give us a call at 905-763-7896 or email sales@pacetechnical.com to get the best IT Security solution for you.  

It’s Christmas Eve and you’ve run out of time to purchase a heartfelt holiday gift for your husband, wife, parent, child or maybe even your overly friendly neighbor Jim. It’s the obvious and most convenient last-minute option that comes to mind, and the most popular item on everyone’s wish list, – it’s the choice that never

Is Your IT Service Really “Proactive”?

“Proactive” – It’s a word you’ve most likely heard before from your IT Service provider. It’s bounced around repeatedly by Managed Service Provider (MSP’s) when they reference how they handle your Cybersecurity, Network, and even your Cloud Storage.

The truth is most are not exercising the word “proactive” in its entirety. While they may have the best intentions in mind, they’re creating an illusion of the term. Whether they mean to or not, they’re misleading you into thinking you’re fully covered, when you most likely aren’t.

So, let’s start over by introducing the full meaning of the term Proactive as it relates to IT Management.

Proactive IT Service is the continuous process of review and alignment of IT systems to a defined set of industry standards and best practices.  When aligned properly, it leads to:

  • Better Security
  • Fewer Issues
  • Lower Risk & Elimination of Unknowns
  • Optimal Performance of an IT Network

The key term in this definition is continuous process.  Without a defined proactive process, dedicated resources for proactive tasks and detailed reporting – there is no “proactive” process.  If these vital elements are not in place, then proactive tasks will perpetually remain at the bottom of a “to-do list” – and, at best, considered only after all your other “IT fires are put out”.

Most I.T. Providers think that the services they provide are “proactive” and may unintentionally mislead you to believing this as well.

 

Here are some ways that I.T. Providers make you think they’re being “Proactive”

  1. They use “proactive” tools like an IT monitor. IT monitors are not “proactive” as they can only alert you AFTER something has already gone wrong.
  2. They do “proactive” maintenance such as patching and system updates.  Patching and system updates are an absolute necessity for any computer system to work just like gas is a necessity for your car to run. These necessary tasks cannot be considered proactive.
  3. A ticketing system. This is a great tool for tracking and managing IT issues, but by itself does not have any “proactive” functionality.
  4. A “proactive” report showing basic network activity (i.e. the number of helpdesk tickets, number of viruses caught, server uptime, server storage, etc.).  This basic report is typically auto generated by a provider’s IT management software, and although it provides some useful information, it’s just a lagging index report showing you what happened last month.
  5. On-site visits.  If a technician comes to your office to pick up the laundry list of IT issues or just walks around to install patches and system updates (aka basic maintenance), then there’s really nothing “proactive” happening on site.

 

Why should you care about having a “proactive” IT service?

You might be thinking that a “proactive” service may be expensive or isn’t an absolute necessity for your type of business. Regardless of what business you are in, without a “proactive” approach you assume the risk of dealing with a disastrous chain reaction of events that could shut any business down for good.

People costs: Today, with most businesses having over 90% of their workforce working on a computer for most of their day, IT is the critical factor that directly affects a business’ return on their biggest expense – their people.  Ignoring the performance of IT systems is like ignoring how many breaks your people are taking in a day.  And conversely, focusing on IT performance improvement can lead to major percentage gains in people productivity, thus buying the business more leverage with their workforce.  Optimal IT performance is only accomplished through ongoing proactive measurement and review of IT systems and has almost nothing to do with how quickly IT fires are put out.

Security: Just like the check-in process at airports has changed dramatically over the years, so has the Cybersecurity landscape with IT systems.  Every business has a firewall and antivirus yet every day, we hear of breaches and ransom attacks hitting businesses of all sizes.  It’s because Cybercriminals prey on systems that have vulnerabilities – many times resulting because there is no process for checking and ensuring all systems are up to date and properly locked down.  Cybercrime is a huge lucrative business and the number of attacks and attackers are growing every day.  Did you know that 43% of cyber-attacks target SMBs? Only 14% of them rate their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective, and 60% go out of business within only six months the attack.  Cybercriminals are hoping you are taking a “set it and forget it” approach to your IT systems.  If your business is reliant on IT systems, your data is sensitive or a security event would be damaging to your business’ reputation, then you should ensure that you have a true proactive approach to managing your systems.

 

Ask yourself these questions below to see if you’re being managed in a truly “proactive” way. If you’re starting to doubt yourself, then maybe it’s time to reconsider all your options or even go back to the drawing board with your IT.

 

Proactive IT Service Gut Check:

  1. Do we have a set of IT related KPI’s that are measured and reported/interpreted to us?
  2. Do we have a process for identifying recurring issues and eliminating them?
  3. If a disgruntled employee took a flame thrower to our servers, do we know what the process and timeline would be to get our business back up and running?
  4. Outside of having a firewall and antivirus, is there a process that is followed and reported to us to ensure we are truly secure?
  5. Do we regularly receive updated network documentation?
  6. Is our network regularly reviewed and is a report with risk/deficiencies provided?
  7. Do we have a process for measuring our systems against industry standards and shown specifically where we are not in line?

Fill out your answers here and we’d be happy to go over options that are right for your business. Feel free to contact us by calling us at 905-763-7896 x 203 or email: sales@pacetechnical.com

“Proactive” – It’s a word you’ve most likely heard before from your IT Service provider. It’s bounced around repeatedly by Managed Service Provider (MSP’s) when they reference how they handle your Cybersecurity, Network, and even your Cloud Storage. The truth is most are not exercising the word “proactive” in its entirety.

Bring Your Kid To Work Day at PACE Technical!

This is one of the most recognized career education events in Canada estimating 200,000 students visiting workplaces every year. The original take your kids to work day was initiated by The Learning Partnership in 1994, and this year it took place on Wednesday, November 6th, 2019. Grade 9 students across Canada spend the day at the workplace of their parent, relative, friend or volunteer host, witnessing first-hand the world of work. We think it’s the perfect occasion for kids to not only experience the day to day workplace environment, but also to get a feel for different careers that they may pursue one day. There are many benefits to doing this, including helping them decide on a career path and demonstrating important office behaviours including time management, best practices and problem solving skills. Roisin, the daughter of our President Michael Sugrue got the chance to speak with several of our in-house teams including Sales & Marketing, Client Success, and End-Point Administration. We had a great time sharing what we do every day and we’re always excited to have more Bring Your Kid To Work Days!

 

Here’s Our President and Proud Dad, Michael Sugrue with his daughter Roisin Sugrue.

 

This is one of the most recognized career education events in Canada estimating 200,000 students visiting workplaces every year. The original take your kids to work day was initiated by The Learning Partnership in 1994, and this year it took place on Wednesday, November 6th, 2019. Grade 9 students across Canada spend the day at

Can You Afford Your Company’s Downtime?

Downtime is bad for business.

Whether you agree or not, it’s a fact – just a couple years ago, small businesses with up to 50 million in annual revenue reported that just a single hour of downtime cost them $8,600.

Why Does Downtime Cost So Much?

The main cost of downtime is not the fix itself, it’s the halt in your business’ productivity. If an IT-related or natural disaster occurs and takes critical systems offline, employees will be unable to complete their tasks, yet your normal business expenses will carry on.

During that time, you incur all the expenses of running a business without the revenue you would usually generate. Even if downtime does not grind everything to a halt, some of your staff will have to divert themselves from their normal work to mitigate the problem – again reducing productivity. Furthermore, while your systems are down, you can’t deliver services or sell products to current and potential new clients.

Not all of the costs associated with downtime have a tangible price tag. The trust of your clients and the reputation of your company are invaluable assets that can erode with prolonged or frequent downtime issues. A diminished reputation can negatively affect your future business opportunities.

Some downtime is inevitable, but much of it can be prevented and mitigated.

What Are The Primary Causes Of Downtime?

  • Power Outage: If your power source fails, that can lead to a long list of complications like servers going down and lost, unsaved data.
  • Cybercrime: Cybercrime has increased in recent years and is still on the rise. All it takes is one employee opening a malicious attachment and your business data could be held hostage.
  • Human Error: Accidentally unplugging key equipment, overloading the system, and improper installations can all cause downtime, but maintaining certain policies and procedures can cut down on human error.
  • Natural Disasters: Hurricanes, tornadoes, floods, and earthquakes happen. Having a plan for getting back to business if the unthinkable happens is the fastest way to recover.

 

What’s The Best Way To Prevent Downtime?

…by stopping it in the first place.

The best way to approach downtime prevention is proactively – you need to keep an eye out for system issues that can spiral into total stoppages. You need to implement backup technologies and best practices to prevent outages. You need to enhance your cybersecurity to protect against cybercrime.

Unfortunately, that’s a lot for you to handle on your own, especially when have other work to see to. That’s why a managed IT services company can be so helpful. They’ll provide 24/7 active monitoring of your systems, business continuity best practices and cybersecurity services that will keep costly downtime at a minimum.

 

 

 

Downtime is bad for business. Whether you agree or not, it’s a fact – just a couple years ago, small businesses with up to 50 million in annual revenue reported that just a single hour of downtime cost them $8,600. Why Does Downtime Cost So Much?

PACE Technical Halloween Costume Competition

We celebrated Halloween 2019 at the office by starting a new annual costume competition. It’s always a fun time at PACE when we get together to participate in fun and friendly office competitions. Congratulations to the winner of the $50 Gift Card, Brian Morson who came decked out as Clark Kent!

 

Left to Right in Costume: Michael Sugrue – President, Mary-Ellen Duncan – Marketing Coordinator, Reza Ghasemzadeh – IT Support Administrator , Brian Morson – IT Support Administrator, Dan Sutkiewicz – IT Support Administrator and Jay Da Costa – Director of Service Delivery.

 

Photo Credit: Candace McPherson – Client Success Associate

We celebrated Halloween 2019 at the office by starting a new annual costume competition. It’s always a fun time at PACE when we get together to participate in fun and friendly office competitions. Congratulations to the winner of the $50 Gift Card, Brian Morson who came decked out as Clark Kent!

What Are Six Challenges Faced By Today’s Manufacturing Plants?

The world of manufacturing is evolving, along with all technology, at such fast rates that many manufacturers have a hard time keeping pace. Due to budgetary constraints, many plants are struggling to keep up with the competition. Below, we go over six of the major problems that manufacturers grapple with each year.

Gray Steel Towers
  • Outdated Technology

Many plants have razor-thin profit margins. This doesn’t allow them to purchase the latest technology. Though some really amazing new machines can automate practically every process, they come at a high price tag. How can you take advantage of this technology on your current budget?

  • Regulatory Compliance and Traceability

Industry regulations are increasing each year. They’re aimed at ensuring that products don’t go out to consumers that are unsafe. There’s an additional burden in the requirement to trace every item produced. Though regulations differ from one country to the next, there’s every reason to think this trend will continue. When consumers buy products that are found to contain asbestos, mercury, cyanide, and other harmful elements, it can ruin your reputation and trigger lawsuits. Those investigating events like this need to be able to learn where those harmful ingredients originated.

  • Aging Work Force

Baby boomers are retiring every day in America. These were skilled, hard-working people who knew the value of a dollar. Their retirement is leaving a huge gap in the American workforce. One man worked in the printing industry for 40 years and knew how to run and repair any type of printing press. How will the industry replace workers like these? It takes a lifetime to acquire knowledge and skills like that. That’s one of the major issues that manufacturing and many industries are facing today.

  • Keeping Products Relevant

Each time a new smartphone comes out, it causes older models to become obsolete. This is happening with almost every product line. From hair dryers to air fryers, new innovative products continually hit the market. Manufacturing companies spend a great deal of time and money just trying to keep up with what’s going on in the marketplace. There’s a huge temptation to skimp on tests and trials to make sure the product is safe to use. Sometimes companies use cheaper materials, and these can result in product failures and lawsuits.

  • Beating Out the Competition

Fast times to market often mean that companies must hurry through important steps in the manufacturing process. In addition, product preferences change very quickly. What if your plant is making a circuit board for laptops, but new technology suddenly renders it obsolete? This will cause delays that eat away at your profits. It’s hard on your management and your workforce.

  • Healthcare Costs

Most workers now expect some type of healthcare plan from their employer. But rising healthcare costs have put a huge strain on the already fragile manufacturing cost structures. If your plant employs 100 workers and healthcare for each one costs $600 a month, how can you recoup that $60,000 a month? Often manufacturers try to factor costs like this into the final price of their products, but then you risk losing out because some other plant can supply the same item for 20 percent less. There’s seemingly no solution for problems like this.

What’s the Bottom Line?

Manufacturers deal with issues like these every day. From compliance to having complete visibility into global supply chains, there’s an endless number of issues facing small manufacturing plants. If you make items like medical devices, the demands are even greater.

One area that all manufacturers deal with is technology. When your employees are working with the best networks, computers, apps, etc. they can get more done and reduce frustration. Mistakes are also reduced along with overtime.

Using the right technology for your industry is a proven way to crank out a better product at a lower price. Your technology investment is an investment in the future of your business. And you will realize a good solid return.

Ways to Win

It’s also important to keep equipment functioning at optimal levels. Regular preventive maintenance can help. Update your programs often. Invest in faster networks, routers, and computers. Don’t forget about replacing worn out wires and cables. When you perform regular proactive maintenance on all your equipment, you can prevent expensive breakdowns. You can keep your employees working and reduce accidents as well. That’s a win-win for everyone.

The world of manufacturing is evolving, along with all technology, at such fast rates that many manufacturers have a hard time keeping pace. Due to budgetary constraints, many plants are struggling to keep up with the competition. Below, we go over six of the major problems that manufacturers grapple with each year.

PACE Technical Services made it to the 2019 List of Best Workplaces™

Great Place To Work 2019

PACE Technical Services is proud to announce that our organization has been named on the 2019 list of Best Workplaces™ in Canada for Less than 100 employees, in Technology, for Millennials, for Inclusion, and for Giving Back!

We received this honour after a thorough and independent analysis conducted by Great Place to Work®.

This list is based on direct feedback from employees of the hundreds of organizations that were surveyed by Great Place to Work®. The data has a 90% confidence and a plus or minus 5% margin of error. To be eligible for this list, organizations must be Great Place to Work Certified™ in the past year. We ranked the best based on employee responses to our Trust Index survey.

PACE is dedicated to creating an environment and a culture that inspires personal and overall company growth. All our efforts are geared towards achieving success and building a strong team that is dependable, trust worthy, and hard working.

About PACE
At the heart of every effective business operation is the strategic use of information technology and that’s where we come in. PACE Technical is an ISO 9001:2015 certified company providing proactive Managed IT, Cloud Services & IT Security to small and mid-sized technology driven businesses. At PACE, we build process into every aspect of our services and into our culture. We have the people, innovation and infrastructure to help businesses get the most out of their IT investment. We keep up with the pace of technology to ensure that your business is more secure, productive and profitable.

 

About Great Place to Work®

Great Place to Work® is the global authority on high-trust, high-performance workplace cultures. Conducting the world’s largest workplace study, surveying over 8,000 organizations representing more than 10 million employees in more than 60 countries, GPTW provides tremendous understanding of effective business cultures and the increasingly complex marketplace. Through proprietary assessment tools and services, GPTW recognizes the world’s Best Workplaces™ in a series of national lists including those published by The Globe & Mail (Canada) and Fortune magazine (USA). GPTW provides the benchmarks and expertise needed to create, sustain, and recognize outstanding workplaces, and it supports clients as this accelerating pace of change compels organizations to continuously adapt, innovate and thrive.

Great Place To Work 2019 PACE Technical Services is proud to announce that our organization has been named on the 2019 list of Best Workplaces™ in Canada for Less than 100 employees, in Technology, for Millennials, for Inclusion, and for Giving Back! We received this honour after a thorough and independent analysis conducted by Great

PACE Technical Attends Legal Tradeshow in Blue Mountain

TLOMA 2019 Conference & Tradeshow Experience!

We attended the TLOMA (The Law Office Management Association) Conference and Tradeshow 2019 in Blue Mountain, Ontario for the very first time this year. For a long time, we’ve wanted to attend a trade show, and since we’ve been working with more legal firms, we decided that this event was a great opportunity for us to try out.

At our booth, we offered FREE Dark Web checks and reports through a portal known as Dark Web ID. It searches any email or domain to find out if information has been compromised or is for sale on the Dark Web. Many of the attendees stopped by our booth and were curious to complete the search and it became a huge hit! Not to mention our colourful and ocean friendly themed booth became a topic of attention – plus we gave away a Keurig at the Prize Draw. All in all, we had a great time, met tons of great people from the legal industry and we would definitely do it again in the future.

From Left to Right: Mike Sugrue, President and Thomas Braceland, Solutions Advisor

The Winner of our Keurig at the Prize Draw Giveaway

TLOMA 2019 Conference & Tradeshow Experience! We attended the TLOMA (The Law Office Management Association) Conference and Tradeshow 2019 in Blue Mountain, Ontario for the very first time this year. For a long time, we’ve wanted to attend a trade show, and since we’ve been working with more legal firms, we decided that this event

Cybersecurity Awareness Month

Cyber Security Awareness is an internationally recognized campaign held each October to inform the public of the importance of cyber security. According to a recent SEC report, SMBs are the “principal target” of cyber attacks. Here’s a checklist to be sure your critical business data is protected. 

 

† Control access to computers. Use key cards or similar security measures to control access to facilities, ensure that employees use strong passwords for laptops and desktops. Administrative privileges should only be given to trusted IT staff.

† Know where your data resides. Maintaining oversight of business data is an important piece of the security puzzle. The more places data exists, the more likely it is that unauthorized individuals will be able to access it. Avoid “shadow IT” with business-class SaaS applications that allow for corporate control of data.

† Protect your network and devices.

† Implement a password policy that requires strong passwords that expire every 90 days.

† Implement multi-factor authentication.

† Deploy firewall, VPN and antivirus technologies to ensure your network and endpoints are not vulnerable to attacks. Ongoing network monitoring should also be considered essential.

† Encrypt hard drives.

† Keep software up to date. It is essential to use up-to-date software products and be vigilant about patch management. Cyber criminals exploit software vulnerabilities using a variety of tactics to gain access to computers and data.

† Back up your data. Daily backups are a requirement to recover from data corruption or loss resulting from security breaches. Consider using a modern data protection tool that takes incremental backups of data periodically throughout the day to prevent data loss.

† Enable uptime. Choose a modern data protection solution that enables “instant recovery” of data and applications. Application downtime can significantly impact your business’ ability to generate revenue.

† Train your employees. Because cybersecurity threats are constantly evolving, an ongoing semi-annual training plan should be implemented for all employees. This should include examples of threats, as well as instruction on security best practices (e.g., lock laptops when away from your desk). Hold employees accountable.

† Create straightforward cybersecurity policies. Write and distribute a clear set of rules and instructions on cybersecurity practices for employees. This will vary from business to business but may include policies on social media use, bring your own device, authentication requirements, etc.

 

 

Cyber Security Awareness is an internationally recognized campaign held each October to inform the public of the importance of cyber security. According to a recent SEC report, SMBs are the “principal target” of cyber attacks. Here’s a checklist to be sure your critical business data is protected.

[ Free Training] Protect Your Yourself From Hackers

Ransomware attacks are growing a staggering 350% each year. And to make matters worse, 43% of all cyber-attacks are aimed at small businesses. Why? Because more often than not, they don’t have the budget or expertise to protect themselves.

Online Cybersecurity Training

Fortunately, knowledge is prevention in situations like this. Even if you don’t have an unlimited amount of money to spend on enterprise-grade security solutions, you’re able to stand a chance as long as your staff members are trained.

After all, human errors are the biggest vulnerability when it comes to staying safe online. Take a look at our training site where we outline 10 ways to stay safe online below.

Click Here To Watch Our Online Training

You never know… One of the tips outlined in the video might be just the thing to prevent you from becoming a victim of an attack that would otherwise cost you thousands of dollars.

If you have questions, hit the “reply” button and let me know.

Ransomware attacks are growing a staggering 350% each year. And to make matters worse, 43% of all cyber-attacks are aimed at small businesses. Why?

Proven Ways Not to Lose To Ransomware

Don’t let your small or medium business fall victim to ransomware. Make sure your data, network, equipment, and employees are safe from ransomware attacks.  

Watch our video below to learn all about ransomware and please feel free to share with your staff and social media networks.

October is Cyber Security Awareness Month. You may have heard about ransomware attacks on school districts, hospitals, and government organizations. Over 20 U.S. cities were targeted by ransomware attacks between January and July 2019. The cost to the city of Baltimore alone was more than $18 million between lost city revenue and repairs to the city’s computer network. Ransomware attacks on cities, schools, and hospitals are serious, but 71 percent of ransomware attacks target small and medium businesses.

According to Beazley Breach Response Services, in 2018, ransomware crooks demanded an average of more than $116,000 from over 3,300 business computer security breaches they directly tracked. Cybersecurity firm Coveware reported that the average ransomware demand to individuals and small businesses grew from $6,733 at the end of 2018 to over $12,760 in the first quarter of 2019.

How does ransomware work?

In the past, ransomware usually came in the form of unsophisticated “spam” emails that most people could recognize as hacking attacks. Hackers sent out hundreds of thousands of emails hoping to trick a few unsuspecting people into revealing their passwords and other secure information. Once installed on a business or individual computer, ransomware encrypts data and stops access to programs. The program then demands a “ransom” in the form of cryptocurrency, usually bitcoin, to restore the data and access.

Ransomware attacks are getting more sophisticated. A 2018 ransomware program, Ryuk, was developed by a North Korean group of hackers. Ryuk has been aimed at large businesses that can’t afford any downtime. The program individually maps the networks of target businesses and steals credentials in order to install the program and encryption. One business targeted by Ryuk paid over $360,000 in bitcoin to retrieve its data.

Ransomware is getting better at getting around anti-virus programs and computer firewalls. Hackers are using known applications and programs that users think are safe to get around security precautions. Expert estimates report that ransomware could cost small and medium businesses as much as $11 billion in 2020.

What can we do to combat ransomware?

  • First, make sure the operating systems for your network and connected devices are up to date. The 2017 WannaCry ransomware attack targeted computers running Windows 7. WannaCry was developed from U.S. National Security Agency tools that were leaked online. According to TechCrunch, up to a million computers are still vulnerable to WannaCry because they are running Windows 7 or earlier Windows versions. Microsoft also ends its support for Windows 7 in January 2020. Ransomware and other types of hacking attacks often target older operating systems that are no longer receiving regular security updates and patches.
  • Second, make sure your security software is also up to date. Check it at least once a month. A managed services provider (MSP) can help in this process.
  • Third, make sure you and your employees know how to recognize potential security threats. Practice good computer habits that prevent intrusions. For example, do not click on any links or images that come from an unknown source no matter how funny or appropriate the title of an email may look at first glance. Managed services providers can help to train you and your staff on good cybersecurity habits that can prevent ransomware and other attacks.
  • And finally, make sure you have a good offsite backup. Businesses that have successfully overcome ransomware attacks have strong and redundant backups for their data and programs. You may lose time, but you won’t lose all of your business data. If you’re in a field that keeps confidential client or customer information, it’s essential for your business to have secure, safe backups of data in the cloud and/or separate physical data storage.

Managed services providers (MSPs) are responsible for keeping track of ransomware threats and understanding the tricks hackers can use to take control of your computers and demand a ransom. They can help your business to prevent a ransomware attack and protect your business data and programs in the event an attack occurs. Malicious hackers have been causing damage to computers for years, but ransomware is the first major way they’ve discovered to earn a lot of money from their criminal activities. Don’t let ransomware interfere with your business operations, profits, and growth. Take our recommended steps to fight back and win against ransomware criminals.

RansomwareFor more resources on cybersecurity solutions for your business, please visit our web page here.

Connect with our team to get a free demo of our unique PACE Client Portal and see for yourself how we do cybersecurity Undeniably Better!

Don’t let your small or medium business fall victim to ransomware. Make sure your data, network, equipment, and employees are safe from ransomware attacks.   Watch our video below to learn all about ransomware and please feel free to share with your staff and social media networks.

Microsoft Teams Update: They Just Made It Even Better

Are you already experiencing the time-saving collaboration tools and productivity tools in Microsoft Teams? Wait until you see the 2019 Microsoft Teams Update.

Microsoft Teams Update

It’s no secret to you that no one is an island when it comes to getting complex jobs done within an organization. But coordinating team efforts, keeping everyone on the same page and working efficiently is always challenging. On top of that, mobile devices have freed us from the confines of our office spaces, allowing people to work from anywhere. But this often means that team members may not be in the same room, same building or even on the same continent.

Microsoft Teams, which was released in 2017, was built with the modern mobile, collaborative office in mind. It sought to rein in all of that chaos with intuitive team collaboration tools that bring people together. It facilitates the ability of teams to effectively accomplish tasks and meet deadlines. Now, they’ve done it again with their 2019 release of new team features for Windows, macOS, Android and iOS. Let’s looks at some of these exciting, collaboration and productivity tools.

MyAnalytics “Focus Time”

They’ve added a new feature to the already helpful MyAnalyics portion the Microsoft Teams. In case you’re not familiar, MyAnalytics helps your team members stay focused, work smarter and accomplish their goal more efficiently by keeping them moving in the right direction.

“Lack of direction, not lack of time, is the problem. We all have twenty-four hour days.”
Zig Ziglar

MyAnalytics delivers AI-powered productivity suggestions based upon the individual’s work patterns. This tool isn’t about getting people to work harder and never take a break. On the contrary, it helps them learn their patterns and discover where time gets wasted so that they can make the best use of work time and have more time for play (off the clock of course).

Using machine learning this tool now suggests the best times for a person to focus uninterrupted, automatically changes their status to “focus” and turns off all notifications during that time.

This tool helps individuals who may feel overwhelmed reclaim their days with less stress and higher productivity.

MyAnalytics is not a management tool. You won’t be able to see the data of employees. But the motivated employee will use it to maximize performance.

Microsoft Teams Rooms “Content Cameras and Intelligent Capture”

No more squinting to see the whiteboard or slides in traditional video conferencing. This improved whiteboarding feature makes it easier for people in multiple locations to view whiteboard information clearly and simultaneously during meetings. This advanced technology requires minimal setup and works automatically. When launched, the tool detects a whiteboard in the frame, crops it and superimposes it over the video.

Meetings First for Skype for Business Server Customers

The new Meetings First feature makes it easy for you to continue a meeting on the Skype for Business Server while moving the workload for the meeting to the Cloud. That means no interruptions or lost productivity. Continue with your chat while viewing information.

Share Audio

Adding videos and audio to Powerpoints has historically been problematic for team members in remote locations. They end up hearing grainy, echoing second-hand audio as speakers pass sound to a microphone then back to their speakers.

A new Microsoft Team Update changes that. Team members will now hear the audio directly through their speakers. So add videos, sound effects, music and more to your PowerPoint without hesitation.

Branded App Development (Developer View)

Businesses thrive when they have tools that they can customize to meet their unique business needs. Microsoft Teams allows you to fully integrate third-party apps into the software and/or develop your own apps to further customize your Microsoft Teams experience. In early 2019 Microsoft released developer preview mode that allows a developer to view the app experience in real-time and are further rolling out the third-party app experience in late 2019.

Explore the Many Productivity Features that Microsoft Teams Has to Offer

We’ve only discussed some of the latest productivity tools added to Teams in the 2019 Microsoft Teams Update as well as a few of the existing feature you may not yet have explored.

If you’re already using Microsoft Teams, these new features will further enhance your team experience. If you aren’t currently using Microsoft Teams, know that we’ve just scratched the service on this innovative, intuitive and practical set of tools. Isn’t it time that your team had the tools it needs to work smarter? It’s time to get Teams or explore the latest that Microsoft Teams Update has to offer.

Call PACE Technical Services at 905.763.7896 Ext. 214 or email us at sales@pacetechnical.com immediately to schedule an complimentary security review!

Are you already experiencing the time-saving collaboration tools and productivity tools in Microsoft Teams? Wait until you see the 2019 Microsoft Teams Update. It’s no secret to you that no one is an island when it comes to getting complex jobs done within an organization.

Free Microsoft Outlook Training

Our training session is completely free of charge and available “on-demand”.  Yes, you can tune-in whenever and wherever you like.

Microsoft Outlook Training

This training session will discuss 4 Ways To Use Microsoft Outlook Efficiently.

Our Microsoft training specialist will guide you through some very important tips and tricks, such as:

  • Quick Parts
  • Templates
  • Automated Responses
  • Signatures

Tune into this month’s training by clicking here.

For more resources on Microsoft solutions for your business, please contact us.

Connect with our team to get a free demo of our unique PACE Client Portal and see for yourself how we do managed technology Undeniably Better!

Our training session is completely free of charge and available “on-demand”.  Yes, you can tune-in whenever and wherever you like. This training session will discuss 4 Ways To Use Microsoft Outlook Efficiently.

The New Ways Cybercriminals Pose a Threat to Organizations

Cybercriminals no longer act alone. Find out the strategies and means cybercriminal networks are using to launch dangerous attacks against your organization. 

Cybercriminals business

According to technology industry blogs, cybercrime incidents are growing by 15 percent each year and cybercrime has become the most profitable type of criminal activity around the globe. Cybercriminals are no longer acting alone and carrying out destructive activities that are relatively simplistic. Instead, cybercriminals have become more sophisticated in their approach. Activities are more damaging and organized. IBM’s CEO and president has stated that the new cybercriminal dangers are “the greatest threat to every profession, every industry, every company in the world.” Being aware of the fact that cybercriminal activity is now executed using the same types of structures and approaches seen in businesses can help IT leaders guard against the dangers cybercrime presents.

Common Types of Cybercriminal Activities

The scale and scope of cybercriminal activities have evolved swiftly since the 1990s. Back then, cybersecurity-related attacks entailed destroying websites and executing simplistic codes that reflected a strong dislike of the corporate culture. Now, modern cybersecurity-related attacks have not only embraced the notion of the corporate model, but have exploited the corporate world’s reliance on digital connectivity. Common cybercriminal activity now involves extortion, the theft of data and information, and sabotage. The design and spread of ransomware through electronic means reaps over $11 billion annually.

Hierarchical Structures

Besides using more sophisticated and profitable methods of wreaking havoc, cybercriminals have formed networks that resemble hierarchical structures within traditional organizations. Many groups of cybercriminals are led by someone who operates as a pseudo executive of a firm who designs an overarching strategy and tasks that are delegated to other leaders who resemble middle managers. In turn, those who work on developing malware and ransomware code are concentrated in a single “department,” while another group is focused on developing and executing distribution methods. Each group represents and operates like a functional department within an organization. Training and recruitment programs are also developed and executed for hackers that wish to join these extensive cybercriminal networks. Knowing that these networks are employing the same strategies and tactics as an experienced corporate marketing department means that any cybersecurity defense plan has to respond in an identical fashion.

The corporate structure and mentality have resulted in the equivalent of million-dollar salaries for some. Cybercriminals are also starting to incorporate other types of illegal activities into their “business models.” Some of those activities include illegal drug production and distribution, human trafficking, and counterfeit goods. Stopping and removing the threats that cybercriminals pose mean considering the possibility that these cybersecurity threats are occurring in conjunction with seemingly unrelated activities. Any defense plan must consider all possibilities and guard all potential and vulnerable points of access.

Call PACE Technical Services at 905.763.7896 Ext. 214 or email us at sales@pacetechnical.com immediately to schedule an introductory security review before it’s too late.

Cybercriminals no longer act alone. Find out the strategies and means cybercriminal networks are using to launch dangerous attacks against your organization.  According to technology industry blogs, cybercrime incidents are growing by 15 percent each year and cybercrime has become the most profitable type of criminal activity around the globe.

10 Questions Every Company Should Ask Before Outsourcing IT Services

Ten questions to ask while considering outsourcing your IT Services to a provider.  

Many companies are outsourcing their IT functions due to convenience and budgetary constraints. Small- and medium-size businesses can focus their hiring of staff for their core business, and hire an IT consultant for their expertise and efficiency. However, even with the growth in IT consulting, there are several things you should consider before signing a contract.

Questions for Managed IT Service Providers

It easy to fall prey to assumptions when interviewing consultants to outsource IT services. Packaged services don’t always include additional IT support, management, maintenance and security needed for your business’ network. When agreeing to a contract, look carefully to make sure it contains everything you need. Here are some questions for you to ask when interviewing a new consultant.

1. How do you support security compliance?

Often IT providers support security compliance through their package bundles which include an array of features and components. On this list of features you should see firewall configuration, vulnerability patching, incident response, intrusion detection systems (IDS), demilitarized zones (DMZs), intrusion prevention systems (IPS) and more. These features should be included by default to protect your data and hardware.

Dependent on your industry and client list, you should have a good idea of the level of security necessary for your network to ensure compliance and proper security documentation. Discuss this with any providers you interview to match the level of security needed to protect your business.

2. How do you manage service integration?

In order to stay competitive, your company needs to fine-tune service integration. Standard Information Technology Infrastructure Library (ITIL) capabilities require integration and automation from your IT service provider to minimize errors and provide secure and effective on-demand service delivery.

3. How do you support incremental outsourcing?

In order to reduce risks associated with outsourcing, you can divide the requirements you need into manageable projects. If you provide a specific set of deliverables to your service provider to work with in a trial setting, you can better assess their completion. You have the option of having the work done on your premises or remotely to better prepare for completely outsourcing managed services.

4. Do you provide a service-level agreement (SLA)?

The service-level agreement (SLA) is one of the most important factors in outsourcing IT services. This agreement is where the service provider details the list of support actions they will provide including end-to-end program management and deliverables to your company.

The agreement should lay out how the provider will take on the project from your company, deploy a small remote or on-site team to coordinate and complete the work. Included in the agreement are delivery dates, the effectiveness of the work, surveys to ensuring the quality of service, and timeframes for the availability of services and service request response times.

5. How flexible is the SLA?

Can the provider grow and change as your business does? Changes within your company should be reflected by the services provided for your IT needs. As you grow, your company will hire more people, take on new projects, add new departments and functions, and have a need for scalable IT infrastructure from your IT provider. In fact, your service provider should have expertise in their field that includes the knowledge and experience to custom-fit a scalable infrastructure that you need for your company.

6. What kind of experience do you have?

If you look at managed service providers by price alone, you may find that you don’t get the expertise you need. It’s better to outsource your IT services needs to an expert that’s completed hundreds of projects successfully. Extract the most value from an experienced partner to gain peace of mind over the quality of work completed. Included in the experience is the latest training and tools available to best protect your company’s data.

7. How do you handle IT strategy vs. emergency support?

If your company has a strategic IT strategy, you need a service provider that can act as a partner in this process. Your service provider should be the expert resource to assist in your strategy. If all they do is take orders and offer emergency service, they are not the right fit for your company.

8. Who will govern our IT services?

Your SLA should include an understanding about who will govern and take responsibility for your IT services. By including a foundational governance framework, you will set the tone for future accountability and start with a shared understanding for your team and your provider’s team. This framework determines which entity makes specific decisions to support organizational principles.

9. What is your reporting process?

Formal reporting should be listed in your SLA and include the standard set of reports provided and a timeline for delivery of those reports from the provider. The frequency and scope of the formal reports between the provider and in-house manager should take place according to the schedule. However, many providers offer informal reports as work is completed.

10. How will you adopt new configuration management?

Changes are part and parcel of a business, making managing those changes routine for your IT service provider. For routine changes, your SLA should cover implementation, but if you have a large project then you should discuss management with your provider before implementation. You can initiate a change request to the provider to allow them to complete an analysis of how to proceed. Once the provider has responded with a schedule and any questions they have, you can move forward on the project together. With a system in place to accomplish new projects, it’s easy to maintain proper tracking and logging of work completed.

Contact PACE Technical Services at 905.763.7896 Ext. 214 or email us at sales@pacetechnical.com to find out more about our Undeniably Better IT Services. 

Ten questions to ask while considering outsourcing your IT Services to a provider.   Many companies are outsourcing their IT functions due to convenience and budgetary constraints. Small- and medium-size businesses can focus their hiring of staff for their core business, and hire an IT consultant for their expertise and efficiency.

Ready for Disaster? Tips for Creating a Smart Business Continuity Plan

Mitigate Disaster with a Comprehensive Business Continuity Plan

When you create a detailed business continuity plan, you can keep disaster from disrupting your operations. See how to get started here.  

Business Planning

When disaster strikes, disruptions to your operations could negatively impact your construction projects, pushing them past the deadline and over budget. And it is not just natural disasters you have to worry about, either.

Everything from serious IT problems to the loss of important team members has the potential to wipe out your operations. That is, unless you have a smart business continuity plan in place. With this plan, you can keep your operations moving along like normal, helping ensure the success of all your construction projects.

Importance of Having a Business Continuity Plan

In optimal conditions, there’s no doubt everything runs like clockwork, as your team works hard to complete their individual tasks. If anyone fails to come through, however, everything could grind to a halt. Furthermore, without writing it out, only a few in your company may know just what everyone should be working on and how it all comes together.

Therefore, you need a business continuity plan just in case serious disruptions leave you without certain team members, equipment, or workspaces. In many ways, this plan is a big-picture overview of everything that goes on at your construction firm. It also identifies all the workarounds you can use when faced with disruptions caused by different disaster scenarios.

Above all, your plan should detail who is in charge of each department in the absence of key players and all the ways they can keep moving forward in their daily duties. With that approach, you can keep major disruptions from throwing your workforce off track or preventing them from completing their tasks.

How to Create a Continuity Plan for Your Business

Without knowing what is on the horizon, there is really no time to waste in creating your business continuity plan. Thankfully, you can easily approach this process by using the following steps.

Take a Complete Inventory of Your Company

Taking inventory of your workforce, contacts, and equipment is the very first thing you must do to create your plan. You will likely need to take a big step back from your construction company to complete this step.

To start, create a list of all your employees, noting the major players in each department. Add their contact information in full, so you can find how to reach out at a glance. Then, create similar records of your material suppliers, clients, and other important contacts.

Next, you can move onto creating a complete inventory of all the equipment used on each of your job sites. Make sure to include their make, model, and serial numbers, so you can find parts or file claims as needed to keep things moving along. In addition, note any local parts suppliers, repair techs, and equipment dealers for those brands to complete your log.

Outline Existing Processes and Highlight Critical Areas

With the completion of the inventory step, you will need to look at your operations. Go from department to department, look at the duties of each employee and how they support other departments. Along the way, busy yourself with creating flowcharts for all the distinct processes used to run your construction company.

Throughout this process, identify your key operations and the major players you depend on to get the work done. Then, see who can fill in if those individuals cannot make it work. Also, add ways employees can workaround specific disruptions and continue to fulfill their core duties.

Identify Temporary Workstations and Keep Them Updated

If your core employees cannot get to their normal workstations, everything should not grind to a halt. But it will unless you have already identified temporary workstations and made the effort to keep them updated.

The workstations should have all the equipment and software normally used by the team and be completely ready for their use. So, create an update schedule and make sure the temporary workstations are included whenever you complete a major equipment or software upgrade. Furthermore, ensure your employees know about the existence of these workstations and how to access them.

Create Your Plan for Maintaining Critical Operations

With your understanding of your core operations, you can create a plan for each of your employees, helping them mitigate the effects of the disaster. Working across all departments, you will need to indicate who is responsible for getting each system back online and up to their normal operating levels. They should have a clear direction on the steps to take and the tools they will need to complete the assigned tasks.

Your plan should cover not only the construction tasks you are responsible for in that moment, but also all the administrative ones. You need to let your payroll department know how to proceed, for example, to ensure they can continue to process payments for all your employees.

Once you are finished creating your business continuity plan, store the main copy in a secure location and provide each department with their own copies.

Don’t Wait — Create Your Business Continuity Plan Today

So, now that you know what to do, there’s really no reason to wait. Start building your business continuity plan today to protect your operations from disaster. Otherwise, your employees could be left without the knowledge needed to keep your business afloat until everything returns to normal.

Please contact us at sales@pacetechnical.com or 905.763.7896 Ext. 214 for more information.

Mitigate Disaster with a Comprehensive Business Continuity Plan When you create a detailed business continuity plan, you can keep disaster from disrupting your operations. See how to get started here.   When disaster strikes, disruptions to your operations could negatively impact your construction projects, pushing them past the deadline and over budget.

Newly Discovered Security Flaws Put Windows Users at Serious Risk

Microsoft Vulnerability Affects Most Recent Operating Systems

Learn about two recently discovered vulnerabilities that could put your company’s computers and operations at risk and what Microsoft is doing to fix the issue.

Is Windows Secure

Two newly discovered security vulnerabilities could put Windows users at risk of attack if they do not download and install security patches Microsoft recently issued.

What Are the New Microsoft Security Flaws?

Nicknamed DejaBlue, the two security flaws are designated CVE-2019-1181 and CVE-2019-1182. They are similar to the BlueKeep vulnerabilities Microsoft issued patches for in May 2019. The newest flaws, like Bluekeep, could allow hackers to create so-called “wormable” attacks that easily can be spread from one computer to another without any interaction from a user.

The main difference is that the newer security vulnerabilities are potential threats to newer versions of Windows products.

What Systems Does DejaBlue Affect?

There are potentially hundreds of thousands of computers that could be affected by the Windows worm. They sit within the Windows Remote Desktop Services (RDS) package. According to Microsoft, the vulnerabilities could affect the following systems:

  • Windows 7 SP1
  • Windows Server 2008 R2 SP1
  • Windows Server 2012
  • Windows 8.1
  • Windows Server 2012 R2
  • Windows 10 (all supported versions, including server versions)

That’s a massive number of potential targets that could be infected if the patches are not deployed and active monitoring tools are not in place.

Windows XP, Windows Server 2008 and Windows Server 2003 are not affected.

How Does DejaBlue Work?

Like with BlueKeep, the vulnerabilities can be used to exploit RDP, a tool that administrators use to connect to other computers on a network. Hackers could then use that exploit to code and load a worm that is automated. It would “jump” from one computer to another, potentially affecting millions of computers quickly.

What makes the DejaBlue and Bluekeep vulnerabilities so dangerous is that they can propagate without any user interaction.

What’s more dangerous is that the new vulnerabilities differ from BlueKeep, which targeted Windows 7 operating systems. The new exposures could affect Windows 7 and all recent versions of Microsoft’s operating systems. That amplifies both the risk and the potential impact.

“At this point, nearly every contemporary Windows computer needs to patch, before hackers can reverse engineer those fixes for clues that might help create exploits,” notes Wired magazine.

While a British intelligence agency, GCHQ, is credited with identifying BlueKeep, Microsoft notes that it identified the new threats itself. To date, no evidence that exists that indicates the vulnerabilities were known to third parties, the company said.

“These vulnerabilities were discovered by Microsoft during hardening of Remote Desktop Services as part of our continual focus on strengthening the security of our products,” Microsoft said in a release.

The scale of the potential damage is extraordinary. As of July 2019, there were as many as 800,000 computers worldwide that were still vulnerable to BlueKeep, with a much larger potential threat from DejaBlue.

What Can We Do to Protect Against Cybersecurity Threats?

The key to maintaining a secure network is developing a comprehensive, multilayered security strategy. A managed services provider can partner with you to develop a cybersecurity plan that includes:

  • Comprehensive network perimeter monitoring using next-generation firewalls to detect, contain, disable and destroy threats
  • Continuous monitoring of systems, endpoints and users
  • Automated downloading and installation of software and firmware updates, upgrades and patches that respond to emerging threats
  • Anti-malware, anti-spam and anti-virus software installed on each user’s machine or device, updated automatically, and analyzed to determine potential threats
  • Email and data encryption
  • Password security, including multifactor authorization
  • Mobile device management, including remote location finding, disabling and wiping functions
  • Cloud solutions for secure hosting of data, apps and operating systems
  • Business continuity and disaster recovery planning
  • Employee training

Having the right security in place greatly reduces your risk of being affected by a cyberattack that can debilitate your business, ruin its reputation and cost thousands to repair.

Please contact us at sales@pacetechnical.com or 905.763.7896 Ext. 214 for more information.

Microsoft Vulnerability Affects Most Recent Operating Systems Learn about two recently discovered vulnerabilities that could put your company’s computers and operations at risk and what Microsoft is doing to fix the issue. Two newly discovered security vulnerabilities could put Windows users at risk of attack if they do not download and install security patches Microsoft

How Much Does It Cost When You Get Hacked?

Depending on the scope of the attack, the cost of getting hacked can be in the hundreds of thousands or more. Here’s what you need to know. 

Getting Hacked

When it comes to cyberattacks, all too often the bad guys win. Hackers have targeted local governments, airports, banks, and businesses, stealing usernames, passwords, and sensitive private data. While they may sell this information on the black market, they often hold it for ransom. With no other way to retrieve the stolen data, victims are forced to buy back their belongings while the thief vanishes into anonymity. Here is a look into the true price of getting hacked and what you can do to protect yourself.

Lake City, Florida mayor Stephen Witt announced that the city would pay hackers $460,000 to recover stolen data. The thieves seized control of major email servers, bringing the city’s operations to a grinding halt. Witt claimed that cyber insurance would cover all but $10,000 of the ransom, though it’s uncertain whether the city met the policy’s criteria for protection.

Ransomware: An Alarming Trend

Ransomware attacks are on the rise, and victims are paying exorbitant sums to regain their data. Three attacks occurred in April 2019 alone, hitting Tallahassee, Augusta, and the Cleveland Hopkins International Airport. The ransomware forced operations to close, with the Tallahassee attack costing the city nearly a half-million. Hackers frequently target municipalities and government organizations knowing the high value of the stolen data and its importance in operations. In many cases, the data isn’t exactly stolen, but encrypted to prevent access. After the ransom is paid, the hackers unlock the data, or so they promise.

Research conducted by SentinelOne found that only 26% of U.S. companies that fell victim to ransomware and paid the ransom were able to access their files. And even if the hackers honor their end of the deal, they may attack again. In fact, organizations that ponied up the cash were hit again 73% of the time. What’s worse is that some cybersecurity providers are in cahoots with hackers, splitting the ransom between them.

MSPs at Risk

Managed service providers (MSPs) are often the strongest line of defense against hackers. Unfortunately, hackers know this and have started to attack the software and systems that MSPs use to protect customer data. By infecting these systems with malware, hackers can access account credentials and use them to log in to customer accounts. They can then obtain bank accounts, addresses, phone numbers, credit card numbers, and other private data.

How Can MSPs Fight Back?

As hackers become more adept, MSPs need to step up their game. Frequent testing of defense systems, backup and recovery plans, and other cybersecurity measures is a must. The National Institute of Standards and Technology (NIST) has published a framework to mitigate cybersecurity risk to assist MSPs in keeping hackers at bay.

As is the case in medicine, prevention is the best cure for cyberattacks. Cities, corporations, and businesses must work together with MSPs to reduce their likelihood of being targeted and have multiple plans in place if a breach occurs. By staying proactive, the good guys can make it difficult for hackers to get what they want.

PACE Technical Services wants to be your solutions provider for anything and everything related to business. Technology is our specialty. We can manage your broken technology as well as your future technology purchases with technology consultation sessions. For help with anything, contact us or give us a call at 905.763.7896 and let us be your favorite point of contact!

Depending on the scope of the attack, the cost of getting hacked can be in the hundreds of thousands or more. Here’s what you need to know.  When it comes to cyberattacks, all too often the bad guys win.

The Complete Guide to Managing Popular Extensions Successfully

Protect Yourself from Potential Attacks Via Chrome Extensions

Learn two simple ways to set the privacy and activity settings for each Google Chrome extension on your browser and steps the company is taking to protect users.

Google’s Chrome web browser is a popular choice for businesses the world over. Managing the extensions gives you more control and faster results when using Chrome to its best. Here’s a closer look at Chrome add-ons and how to use them effectively.

And with emerging cyberthreats targeting browsers, now is an important time to know your way around the extensions.

Browser Extensions

What Is the History of Google Chrome Extensions?

Google introduced Chrome in 2008. By 2010, there were more than 10,000 extensions available in the Chrome Web Store. Today, the company does not release the number available, but it’s estimated to be in the hundreds of thousands.

That growth brings with it an increasing vulnerability to attacks via vectors embedded in extensions. The company does work to keep malicious extensions out of its store but mistakes are possible. Other extensions can invade users’ privacy.

Should I Uninstall All Chrome Extensions?

Deleting all extensions is not necessary. Instead, use these two helpful tools to manage your extensions better and control permissions you provide to the add-in.

1. Use Extension Icons

To the right of the address bar, you’ll find icons representing the extensions you’ve installed. If you right-click on an icon, you’ll see an option titled “This can read and change site data” with three options:

  • When you click the extension
  • On [the site you’re on]
  • On all sites

The default is the first option, which limits the use of the extension to user-activated times. If an extension is “loud,” meaning it uses a lot of bandwidth, these settings can provide more control.

2. Use Extension Settings

If you click on the hamburger menu icon to the far right of your address bar, you can click on the option “More tools” and click on “Extensions.” This will bring up a screen with a box for each installed extension. Click on the Details button for any extension you want to modify. You’ll see the three options again, but also an option to add the URLs of specific sites on which you want the extension activated.

What Can Go Wrong with Browser Extensions?

There are several risks to installing browser extensions. Here are a few of the ways extensions can do harm:

  • Malicious intent. Malware can be installed unknowingly that uses your computer for other purposes. Kaspersky, for example, noted a recent example of extensions that made money for the hacker by clicking on pay-per-click ads.
  • Hijacking. If a hacker steals a designer’s credentials, an extension can be compromised by changing the functionality or inserting malware.
  • Purchases. Extensions are hard for designers to monetize. That’s why many are eager to sell their code if approached by a buyer. Users are usually unaware if extensions change hands, meaning a previously well-intentioned add-on can be repurposed.

Is Google Addressing Extension Security?

Google recently announced steps it’s taking to combat the security issues with extensions. Among its changes:

  • More granular user permission options
  • A requirement that extensions only request access to the minimum amount of user data needed to operate
  • Expanding privacy rules for extensions. Those that carry user communications and user content will join those that handle personal or sensitive user data and need to post privacy policies

Proactive steps combined with Google’s efforts are critical to keeping your browsing and data safe and secure.

Call PACE Technical Services at 905.763.7896 Ext. 214 or email us at sales@pacetechnical.com immediately to schedule an introductory security review before it’s too late.

Protect Yourself from Potential Attacks Via Chrome Extensions Learn two simple ways to set the privacy and activity settings for each Google Chrome extension on your browser and steps the company is taking to protect users. Google’s Chrome web browser is a popular choice for businesses the world over. Managing the extensions gives you more

Capital One Data Breach Affects More Than 100 Million Customers

Capital One Data Breach Affects More Than 100 Million Customers and Small Businesses in The U.S. & 6 Million in Canada

On July 29, 2019, Capital One reported that their customers’ confidential information was compromised. This includes the Social Security and bank account numbers of more than 100 million people and small businesses in the U.S., along with 6 million in Canada.

Capital One Data Breach

The McLean, Virginia-based bank discovered the vulnerability in its system July 19 and immediately sought help from law enforcement to catch the perpetrator. They waited until July 29 to inform customers.

How Did The Hacker Get Into Capital One’s System?

According to court documents in the Capital One case, the hacker obtained this information by finding a misconfigured firewall on Capital One’s Amazon Web Services (AWS) cloud server.

Amazon said that AWS wasn’t compromised in any way. They say that the hacker gained access through a misconfiguration on the cloud server’s application, not through a vulnerability in its infrastructure.

Capital One says that they immediately fixed the configuration vulnerability that the individual exploited and promptly began working with federal law enforcement.

Who Breached Capital One’s Data?

Paige A. Thompson, a former software engineer in Seattle, is accused of stealing data from Capital One credit card applications.

Thompson was a systems engineer and an employee at Amazon Web Services from 2015 to 2016. In a statement, Amazon said that she left the company three years before the hack took place.

The FBI arrested Thompson on Monday, July 29 for the theft, which occurred between March 12 and July 17. Thompson made her initial appearance in U.S. District Court in Seattle and has been detained pending an August 1 hearing. Computer fraud and abuse are punishable by up to five years in prison and a $250,000 fine.

What Information Was Compromised?

Thompson stole information including credit scores and balances plus the Social Security numbers of about 140,000 customers and 80,000 linked bank account numbers of their secured credit card customers. For Capital One’s Canadian credit card customers, approximately 1 million Social Insurance Numbers were compromised.

The largest category of information obtained was that of consumers and small businesses when they applied for one of Capital One’s credit card products from 2005 through early 2019.

Capital One said, some of this information included names, addresses, phone numbers, email addresses, dates of birth and self-reported income.

Other data obtained included credit scores, limits, balances and transaction data from a total of 23 days during 2016, 2017 and 2018.

This is one of the top 10 largest data breaches ever, according to USA TODAY research.

What Is Capital One Saying About The Breach?

They will offer free credit monitoring services to those affected. Capital One said it was “unlikely that the information was used for fraud or disseminated by this individual” but committed to investigating the hack fully.

They’ve set up a consumer website about the breach at www.capitalone.com/facts2019 that you should refer to if you’re worried that your information was compromised.

Capital One expects that this hack will cost them approximately $100 million to $150 million in 2019.

What Should Capital One Customers Do?

If you’re a Capital One customer, you should check your account online. You should also freeze your credit through each of the three main credit bureaus: Experian, Equifax and TransUnion.

It’s important to remain vigilant. Businesses should sign up for Dark Web Scanning to detect whether your confidential business information is there for cybercriminals to use.

Prevention is always the best remedy. Ask your IT provider to ensure your that your firewall is properly configured and to continuously remotely monitor your network for intrusions.

Capital One Data Breach Affects More Than 100 Million Customers and Small Businesses in The U.S. & 6 Million in Canada On July 29, 2019, Capital One reported that their customers’ confidential information was compromised.

Companies Held Responsible for Tech Security

Major Fines for IT Data Breaches

Outdated machines, software or employee practices can lead to major security problems. These big companies faced painful fines for their IT mistakes.

Technology Mistakes Meeting

As companies increase their online activity, data collection and eCommerce, the stakes will continue to rise. Companies that are lax, poorly prepared or sloppy are facing disastrous tech breaches. Equifax, Uber, TJX and Visa are just a few of the companies that have had to face hefty payouts for data breaches. The public relies on companies to act professionally and secure their information. Many companies that face a security breach or lost data will not be able to stay in business.

With a security breach, the customer’s trust is lost. Not only will the reputation harm business, but fixing the issue will cost more than preventing it. Fines and payouts will also add to that cost. And, the more consumers affected by a major problem in the company’s security, the more painful the clean up. You can’t afford to slack when it comes to IT security.

Equifax Data Breach Settlement of $700 Million

The infamous Equifax data breach of 2017 has lead to 147 million affected customers. The settlement announced by the credit reporting company included $175 million to 48 states, $300 million towards free credit monitoring services for the impacted customers and $100 million to the Consumer Financial Protection Bureau for civil penalties.

Federal Trade Commission (FTC) Chairman Joe Simons said, “Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers. This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.”

Facebook Faces $5 Billion in Fines for Privacy Violations

The FTC smacked Facebook with a $5 billion fine for the Cambridge Analytica incident. This privacy violations fine was in response to personal data taken from over 87 million Facebook users to create more persuasive and personalized ads.

Uber Faces $148 Million in Fines for Covering Up Hacked Accounts

In 2016, Uber had over 57 million user accounts compromised–and then tried to cover it up by paying the perpetrator $100k. This lead to the largest data-breach payout at the time of $148 million because they broke data breach violation laws.

Anthem Faces $131 Million for Data Breach of Customers

When the US health insurer Anthem was hacked in 2015, over 79 million customers had their names, birthdates, social security numbers and medical IDs compromised. The company paid out $115 million in a class-action lawsuit in 2017 regarding the breach. The US Department of Health and Human Services fined them an additional $16 million for HIPAA (Health Insurance Portability and Accountability Act) violations.

TJX and Visa Pay Out $40.9 for Data Breach

When over 96 million credit and debit accounts were hacked in a widely-publicized data breach that lasted from 2003 to 2007, TJX promised pay outs. This came under the terms that 80% of card issuers agreed to the recovery offer and promised not to take further legal action. TJX agreed to fund the settlement as a resolution to those U.S. Visa holders with cards from taking further legal action. This amount was not part of the $256 million the company said it had budgeted to deal with the breach.

Texas Cancer Center Fined $4.3 Million for Unencrypted Equipment

Between 2012-2013, the University of Texas MD Anderson Cancer Center lost one unencrypted laptop when it was stolen from an employee’s house and two unencrypted USBs that contained sensitive patient data. The health information of over 33,500 individuals was compromised and the center faced a $4.3 million fine for HIPAA violations.

FMCNA Fined $3.5 Million for Five Data Breaches

In 2012, Fresenius Medical Care North America (FMCNA) was fined $3.5 million for HIPAA violations after five separate breaches in different company locations. The Office for Civil Rights noted that FMCNA could have avoided this with a thorough risk analysis to find the potential risks and vulnerabilities. Many of their breach problems included lacking security policies and failing to encrypt sensitive health data.

A good company will take proactive IT security measures with a great tech team. By outsourcing IT security through a managed IT service company, you can get the best security without hiring a team full-time. Your IT team will provide an audit of your company to help you find the places where your security, devices or practices might be a threat to your company. Ensure you are using the right equipment and your employees are trained to meet compliance standards, privacy laws, customer expectations and more so your company can succeed.

Major Fines for IT Data Breaches Outdated machines, software or employee practices can lead to major security problems. These big companies faced painful fines for their IT mistakes. As companies increase their online activity, data collection and eCommerce, the stakes will continue to rise.

Clearing Up The Cloud – Have You Harnessed Its Strategic Advantages?

Cloud Services

The cloud may still feel like a new technology – but in reality, it’s been around for more than 10 years now.

Does that make you feel old?

Let’s be clear about something – the cloud is here to stay. In recent years you may have still heard the occasional “industry insider” suggest that the world may be moving too quickly to an untested and unsure platform in cloud computing, but no more. The cloud is now an integral part of daily life for private consumer and business users alike.

What Is The Cloud?

The cloud is a network of technologies that allows access to computing resources, such as storage, processing power, and more. That’s where the data is – in these data centers all around the world. Which data center your data is in depends on what cloud service provider you’re working with.

The Cloud’s Many Layers

Public Cloud

Ideal for small businesses that may have trouble budgeting for any other type of cloud deployment, a public cloud is simple and cost-effective. Your data is stored in a “communal” data center, which, while not offering the best possible security or compliance guarantees, is often sufficient enough for organizations that aren’t required to maintain regulated compliance.

Private Cloud

A secure, dedicated environment to ensure maximum performance, security, and functionality for your business applications and employees. This is usually deployed for complaint-driven businesses such as healthcare and finance.

A Hybrid Cloud

This is like a dedicated cloud computing resource on Office 365 and Azure Stack with an extension to on-premise resources for maximum performance, control, security, and functionality. This is for businesses that require maximum control and scalability.

Instead of entrusting your legacy solutions to a public or private cloud, many businesses are opting for a hybrid cloud. They use a mix of on-premise, private and third-party public cloud services because this provides an infrastructure where one or many touchpoints exist between the environments.

Using a hybrid cloud gives you the freedom to choose which applications and resources you want to keep in the data center and which ones you want to store in the Cloud.

The Cloud Isn’t As New As You Might Think…

Would you say the cloud is “new”?

To some, this may seem like a question with an obvious answer, but it’s not that simple.

The way in which we think about technology can lead to something feeling new for a lot longer than would make sense otherwise.

After all, the cloud is more than a decade old, but a lot of people still think of it as a new technology.

For context, it was 2006 when Google and Amazon began using the term “cloud computing” – not necessarily the beginning of the cloud, but as good a point to choose as any.

In that year, the now woefully dated Crash won Best Picture at the Oscars. The Tesla Roadster was still two years from hitting the streets. Netflix was more than a year away from launching its now prolific streaming services.

Does that put it in perspective?

How Is The Cloud-Delivered?

SaaS (Software as a Service)

Software as a Service (SaaS) applications are being adopted at a much faster pace today than in the past. These are productivity applications like Microsoft Office 365, cloud-based practice management solutions, accounting programs, and more.

Your SaaS provider helps you identify and select line of business applications that will run well in the cloud. They can migrate your data and integrate it with software platforms in your current premise or cloud technology stack, or help you implement new ones.

PaaS (Platform as a Service)
This is whole cloth delivery of web applications that are based in the cloud, all via a comprehensive platform. The idea is that, in accessing this platform, you can utilize, develop and even deliver applications based on resources that you don’t need to maintain on-site.

IaaS (Infrastructure as a Service)
Infrastructure as a Service (IaaS) delivers IT infrastructure on an outsourced basis and provides hardware, storage, servers, data center space, and software if needed. It’s used on-demand, rather than requiring you to purchase their own equipment. That means you don’t have to expend the capital to invest in new hardware.

Why Should You Use With The Cloud?
For the same reasons that thousands of other businesses around the world have already adopted cloud computing:

  • Computing Power: The cloud has the ability to activate tens of thousands of CPUs. This unparalleled power can quickly perform deep analytics of your data, and process nearly any ad-hoc queries that you require.
  • Reliable Costs: The cloud services subscription model offers the strategic advantage of low-cost, low-risk opt-in combined with a simple, predictable monthly fee.
  • Easy Scalability: Cloud services have the unique strategic characteristic of being able to stretch or shrink to suit your current level of demand. This is especially useful for businesses of scale or companies that go through seasons of activity.
  • Real-Time Collaboration: With cloud technology, your staff doesn’t have to wait for each other to be done with their part of the document or project in order to tackle their own aspect. They can all work on the same project at the same time to maximize productivity.
  • Remote Work Capability: This cloud feature allows you and your employees to work remotely as need be, which will give your business members the flexibility they desire to have a more balanced home/work life.

You Need To Keep An Eye On Your Cloud

As beneficial as the cloud can be, it’s important to note that it can also pose risks if it isn’t managed properly. It all comes down to the classic binary relationship between convenience and security.

The cloud gives you unparalleled access to your data from anywhere with an Internet connection. That means that external parties (including cybercriminals) can have undue access to your data as well if you don’t take the necessary steps to secure your environment.

That’s why you need to monitor your cloud. No matter who you entrust your data to, you should ensure that you or someone in your organization is given appropriate visibility over your cloud environment. That way, you can guarantee that security and compliance standards are being maintained.

If you don’t have the resources to manage this type of ongoing monitoring, then it would be wise to work with the right third party IT services company. Doing so will allow you to outsource the migration, management, and monitoring of your cloud. You’ll get the best of both world – security and convenience.

The cloud may still feel like a new technology – but in reality, it’s been around for more than 10 years now. Does that make you feel old? Let’s be clear about something – the cloud is here to stay.

8 Essential Reasons to Outsource Your IT Services

8 Essential Reasons to Outsource Your IT Services

Technology moves fast and furiously. In this modern world, you need IT services for your business to run as smoothly as possible. The last thing any well-run company wants is for their IT issues to trip up working conditions so your employees are frustrated, and not being as productive as they should be. Ideally having the right technology in place can help your business to be more profitable in the long run. The question then becomes, is it better to have your IT department in-house or outsource those services? There are actually many terrific benefits to outsourcing your IT services to the right qualified professionals.

Outsource IT Services

Here are 8 essential reasons to leave it to the pros at a managed IT service company for all your technology needs.

Reason #8: Increased Productivity

When companies have their IT services in-house, this can take up time and reduce productivity among the staff. It’s been shown that Managed Service Providers (MSP) who have all the right credentials can implement IT solutions for you in a much faster way. The speed and efficiency an outsourced IT company can give you will allow your business to operate at full capacity much faster in the long run. Less IT distractions equal a better working environment for your staff.

Reason #7: Focus on Core Operations

If you and your employees have to worry about IT glitches and struggles, it’s going to carry over into your daily working environment. That takes away the focus on your core operations. Your managers and employees have limited time to do their job. There are only so many work hours in a day. They can do their jobs better without having to get sidelined by IT problems they shouldn’t have to deal with.

Reason #6: Smaller Business Can Compete

Smaller companies sometimes can’t afford the kind of IT services that larger, more established companies use. By having an MSP who can give you the kind of technological advance that larger companies can afford, will make it easier to compete with the “big guys” on a global scale.

Reason #5: Risks and Threats Are Handled

Most outsourced IT companies are available for risks and threats 24 hours a day, 7 days a week. It’s something they monitor all the time. They will be able to handle and manage these threats for you seamlessly to keep your company operationally rock solid.

Reason #4: More Security

Security and compliance issues are less of a problem with experienced IT professionals. Hardware crashes, viruses, data corruption, and backup failures are less of an issue when outsourced IT people are constantly looking out for your company’s security.

Reason #3: Implement New Technology Faster

When you outsource your IT and need updates to be made to your technology, the professionals are going to be able to put that new technology in place much faster. They can also do these updates in off-hours that won’t interfere with your working day.

Reason #2: More Experienced IT Professionals

A company that focuses solely on IT is going to have all the right credentials and certifications in place that will allow you to have the most experienced professionals in your back pocket. A highly qualified MSP also has the most up-to-date training and ongoing education of everything involved in the technology sphere.

Reason #1: Less Expensive IT Costs

This is by far the most important reason in the minds of most companies, the bottom line. By not having your IT department in-house, you are going to be saving serious monetary resources. It’s just less expensive to outsource your IT costs with an MSP that works efficiently and allows you to pay only for the services your company needs from them.

8 Essential Reasons to Outsource Your IT Services Technology moves fast and furiously. In this modern world, you need IT services for your business to run as smoothly as possible. The last thing any well-run company wants is for their IT issues to trip up working conditions so your employees are frustrated, and not being

Online Excel Training: Tips & Techniques For Managing Workbooks

Organization Shouldn’t Be Complicated

Out of all of Microsoft’s Office programs, Excel is one of the most universally used. What started out as a fairly basic spreadsheet program has evolved into a must-have business tool. However, the more you use Excel, the more data your workbooks will accumulate.

Keeping these workbooks organized and easy to navigate can be a challenge. We can help with that. Check out our short Excel: Tips and Techniques for Managing Workbooks training video, available to you free and on-demand.

Simply Click Here.

Watch at your leisure, and say goodbye to your Excel frustrations.

Managing Excel Workbooks

Organization Shouldn’t Be Complicated Out of all of Microsoft’s Office programs, Excel is one of the most universally used. What started out as a fairly basic spreadsheet program has evolved into a must-have business tool. However, the more you use Excel, the more data your workbooks will accumulate.

Keeping An Eye On The Dark Web?

Keeping An Eye On The Dark Web?

Do you know about the “Dark Web”? It’s the part of the Internet where your private data – passwords, social security, credit card numbers, etc. – could be for sale right now. Do you know how to check if they are?

 

The Internet isn’t all funny videos and social media.

Between phishing, malware, and a seemingly never-ending list of scams, there are a number of serious dangers that are important to be aware of.

But there’s an even a darker corner of the web where few people dare to venture that can have a wide-reaching and severely damaging effect on your business: the Dark Web.

Recently, cyber thieves released a huge list of compromised emails and passwords known as Collection #1. It contains 773 million records, making it one of the largest data breaches to date. If your information has ever been breached, it’s most likely on this new list – and that list is on the Dark Web.

Even the federal government has had a hard time locating those responsible and stopping them. The Department of Homeland Security made their first bust involving criminals selling illegal goods on the Dark Web just last year. The arrests were made after a year-long investigation. Though this is good news, it doesn’t even scratch the surface of all the criminal activities taking place on the Dark Web.

The bottom line is that you can’t wait around for the government or anyone else to protect your business from cyber thieves. You have to be proactive about securing your database. Your personal and business information should not be for sale on the Dark Web, but how can you stop this?

What Is The Dark Web?

The Dark Web is a small part of the much larger “deep web” – the common name for an extensive collection of websites that aren’t accessible through normal Internet browsers. These websites are hidden from the everyday Internet — or Clearnet — users through the use of overlay networks.

They’re built on the framework of networks that already exist, and there are a lot of them. In fact, the Deep Web makes up the majority of the information online. Which, when you consider how vast the corner of the Internet you frequent is, is nothing short of terrifying.

This unseen part of the Internet is a perfect place for less than scrupulous individuals to connect, network, and share tools, tips, and information. And it should go without saying that whatever their up to on these sites is nothing good.

Personal information such as school and medical records, bank statements, and private emails are all part of the immense Deep Web. To gain access to this information, you must be able to access an overlay network using specialized software and passwords. This is a good thing, because it keeps sensitive information safe, and prevents search engines from accessing and indexing it.

Why Is The Dark Web Used To Sell Private Information?

The added security of the Deep Web makes it attractive for those who want their online activities to remain anonymous. Unlike the Deep Web, which prevents outsiders from accessing information, the owners of Dark Websites allow anyone with the right browser to access their sites. One of the most popular of these is The Onion Browser, more commonly known as Tor.

The Dark Web is like “The Wild West” of the Internet. It’s an area beyond the reach of law enforcement, hence the complete lack of regulations or protection. Although not everyone who uses the Dark Web engages in illicit activities — it has a history of being a platform for political dissidents and corporate whistleblowers — many visitors are there for less than upstanding reasons.

Cybercrime costs US businesses billions of dollars each year. The majority of information hackers steal from businesses ends up on the Dark Web for sale to identity thieves and corporate spies.

But, the real danger is that it provides communication and educational training ground for hackers and would-be hackers. Although the competition among different hacking groups is fierce, there’s still a willingness among cyber criminals to share techniques and assist one another.

It’s this access to the “tools of the trade” and the guidance required to pull off successful hacks, attacks, and scams that makes the Dark Web so dangerous to your business. Anyone with the time and inclination to learn how to steal valuable data from your business can check out an online tutorial or two, pay for some basic hacking software from one of these marketplaces, and set their sights on you.

While they might not be the stories that make national headlines, small and mid-sized businesses are targeted every day by cybercriminals looking to make a fast buck.

How can you protect yourself?

When a news story comes out about a large corporate hack, businesses often scramble to learn how they can better protect their businesses – but that’s the wrong time to start thinking about it.

Don’t wait until a breach occurs – start protecting yourself now. The advice you should follow centers around educating your employees about the dangers of online crime and developing company procedures to prevent it from happening.

The first step is to make sure you (and your staff) use stronger passwords…

Top 4 Password Mistakes To Avoid

Length and Complexity

Keep in mind that the easier it is for you to remember a password, the easier it’ll be for a hacker to figure it out. That’s why short and simple passwords are so common – users worry about forgetting them, so they make them too easy to remember, which presents an easy target for hackers.

Numbers, Case, and Symbols

Another factor in the password’s complexity is whether or not it incorporates numbers, cases, and symbols. While it may be easier to remember a password that’s all lower-case letters, it’s important to mix in numbers, capitals, and symbols in order to increase the complexity.

Personal Information

Many users assume that information specific to them will be more secure – the thinking, for example, is that your birthday is one of a 365 possible options in a calendar year, not to mention your birth year itself. The same methodology applies to your pet’s name, your mother’s maiden name, etc.

However, given the ubiquity of social media, it’s not difficult for hackers to research a target through Facebook, LinkedIn, and other sites to determine when they were born, information about their family, personal interests, etc.

Pattern and Sequences

Like the other common mistakes, many people use patterns as passwords in order to better remember them, but again, that makes the password really easy to guess. “abc123”, or the first row of letters on the keyboard, “qwerty”, etc., are extremely easy for hackers to guess.

Maybe you think your passwords are fine.

It’s certainly possible – but it’s one thing to skim over a list of common password mistakes and assume you’re probably still OK.

Sure, maybe that one password is based on your pet’s name, or maybe that other password doesn’t have any capitals or numbers – what’s the big deal, really?

If you’re so confident, then why not put it to the test?

Click here to test how secure your password is – take a few minutes and try a few.

How’d you do?

Probably not as well as you’d hoped, right? The reality is that truly complex passwords can be difficult to come up with, and even more difficult to remember.

Top 3 Tips To Keep Your Data Off The Dark Web

Train staff members on the proper handling of corporate data and procedures to limit data loss, including ways to handle phishing scams.

Besides an initial onboarding training session, all employees should attend refresher courses throughout the year. The vast majority of cybercriminals gain access to a company’s network through mistakes made by employees.

Require the use of strong passwords and two-factor authorization.

It’s advisable that you assign strong passwords to each individual employee to prevent them from using passwords that are easy to guess, as well as implementing two-factor authorization.

Consider investing in hacking insurance and conduct penetration testing.

The cost of cybercrime will exceed 6 billion dollars by 2021. That’s a lot of money. Investing in cyber attack insurance is a good idea for businesses with a great deal of exposure.

Unfortunately, all these tips are meant to be preventative – they’ll increase your security and protect against cybercriminals taking your data in the first place. But what if you’ve already experienced a breach?

Even worse, what if you’ve experienced a data breach, but you don’t even know it? Case in point: it takes most businesses up to 6 months to find out that they’ve experienced a data breach.

What if you’re one of them?

How can you find out if your data is already up for sale?

What About Dark Web Scanning?

There’s only so much you can do on your own – but there are now more direct ways of checking whether your data has been compromised on the Dark Web. Many security vendors now offer cyber-surveillance monitoring solutions that can scan the dark web for your credentials.

One of the most popular of these solutions is Dark Web ID, which is designed to detect compromised credentials that surface on the Dark Web in real-time, offering you a comprehensive level of data theft protection – it’s an enterprise-level service tailored to businesses like yours.

This Dark Web monitoring solution keeps tabs on the shadiest corners of the online world 24 hours a day, 7 days a week – no exceptions.

Features include:

  • Security Awareness to keep your staff prepared to spot and stop hackers from harming your business
  • Password Manager to help you and your staff maintain complex, hard to crack passwords
  • Multifactor Authentication to prevent external parties from accessing your systems with stolen passwords
  • Data Leak Prevention to make sure the integrity of your business data
  • Vulnerability and Patch Management to make sure no weakness in your cybersecurity is overlooked.

This isn’t a matter of “what you don’t know won’t hurt you”. In fact, it’s the opposite. You can’t afford to ignore the dark web.

Keeping An Eye On The Dark Web? Do you know about the “Dark Web”? It’s the part of the Internet where your private data – passwords, social security, credit card numbers, etc.

How Do I Choose a Cloud Computing Model?

Cloud Computing

How Do I Choose a Cloud Computing Model?

No matter what your company or organization specializes in, it’s sure that you have some form or forms of data that needs to be stored, well, somewhere.

Before the invention of cloud computing, most company data was always stored on-site — that is, in the hard drives at a place of business. Additionally, some businesses may have had data stored on remotely-located hard drives or discs; but the majority of data was “in the building.”

Naturally, you can see how this would be dangerous — both for you as a business owner and your clients, customers, and investors. Sensitive data such as customer specs or financial information could be easily stolen, corrupted, lost because of a computer glitch, or even destroyed in a fire.

Today, with the advent of cloud computing. The bulk of these worries are gone. Nearly all major companies, organizations, governments, and many individuals use the cloud.

What is the cloud and what is “cloud computing”?

The first thing to know about “the cloud” is that it’s not a physical thing like a computer or a hard drive. Instead, this term refers to a virtual space or a select part of the Internet — the part that stores data.

Just as you can surf the web from anywhere in the world as long as you have an Internet connection, you can also access the cloud from anywhere in the world — plus whatever you store there. Again, you simply need an Internet connection. In this way, many people simply define the “cloud” as a metaphor for the Internet.

“Cloud computing” is the generally recognized term for all computing actions done in or via the cloud. Therefore, cloud computing refers to cloud-based data storage, but it also means cloud-based:

  • Data management
  • Content delivery
  • Access to applications and software
  • Delivery of services

Should your business be using cloud computing?

Before we dive into how to choose a cloud computing method, let’s talk about why you should be using cloud computing — and you absolutely should be.

Cloud computing provides numerous benefits that old-fashioned computing methods just can’t live up to. Specifically, cloud computing provides:

  • Mobility and Efficiency: You can work on the cloud from anywhere. Allow your employees, customers, clients, and investors to access the best that your company has to offer, without worrying about weighing down the system or collapsing your infrastructure.
  • Ultimate Security: The cloud provides the best security available when it comes to storing your sensitive data. Even when hardware and equipment fails, you know your data will be stored safely and backed up.
  • Scalability and Flexibility: With non-cloud computing solutions, you must anticipate the extent to which you’ll use your storage space and other computing needs beforehand. Cloud computing allows you to scale your cloud services up or down, based on your unique needs.
  • Strategic Value: Cloud computing methods are always updated with the latest software and the newest tech. This gives your company a competitive edge. Plus, there’s no need to toss outdated technology or revamp your entire network, which would otherwise set your company timeline back significantly.

What method of cloud computing should my business use?

This depends on the organization’s specifications, needs, and goals. There are three basic methods of cloud computing to choose from.

Private Cloud Computing

This model of cloud computing provides dedicated use to your company’s data and systems over a private IT infrastructure. This is a good model to choose if you are particularly concerned about confidentiality and security. Only a trusted third-party or your company’s internal resources team should manage a private model of cloud computing, and you should only give access to those within your company.

Public Cloud Computing

This method of cloud computing allows your business’s resources (software, platforms, infrastructure) to be available to the general public. In some cases, these types of cloud computing models are offered to the public for free, but they may also be sold by a pay-per-usage model.

Hybrid Cloud Computing

As the name suggests, the hybrid cloud computing model blends a public cloud and a private cloud. The hybrid model is mostly by companies who need to operate both models, and thus, the two are integrated into one overarching system.

Resources in the cloud are easier to access, manage, and recover after an equipment malfunction. By switching your business to one of the cloud computing models outlined above, you’ll have a competitive edge and complete control of your company’s data and systems.

How Do I Choose a Cloud Computing Model? No matter what your company or organization specializes in, it’s sure that you have some form or forms of data that needs to be stored, well, somewhere. Before the invention of cloud computing, most company data was always stored on-site — that is, in the hard drives at

Your MacOS Is Under Attack: 2019’s Biggest Malware Threats

Your MacOS Is Under Attack: 2019’s Biggest Malware Threats

MacOS and Malware

The Mac operating system (MacOs) has frequently been hailed as one of the best systems for its resiliency to malware and typical viruses. But the days of MacOs standing strong and tall with no worries have really always been a misconception. Mac systems are just as vulnerable to the beefed-up, intelligent malware threats that are out there today.

SentinelOne published a lengthy review of the MacOs malware at the end of 2018, but in a new release, SentinelOne also stated that there has actually been an uptick in the numbers of new types out there attacking users. Here is a look at some of 2019’s biggest MacOs malware threats that every Mac-reliant business owner should know.

1. OSX.Siggen: A Malware Download from a Malicious Domain

Masquerading as a helpful app called WhatsApp, OSX.Siggen is actually a latched-on malware that slips in during a regular app download. WhatsApp is a fake social media platform, and the download looks super enticing when users come across it. However, once added to MacOs, the app runs with a backdoor designed to take administrative control over the system.

2. KeyStealDaemon: Password Hijacker

This dirty malware showed up in February of 2019, but by June it was still running strong. Apple allowed a patch several years ago designed for another purpose, but KeyStealDaemon can create administrative privileges for itself by slipping through. Unfortunately, this malware allows the person behind the scenes to get into the system and steal pretty much any password you have stored. The good news is, if you have properly updated your system, KeyStealDaemon can be booted out because it cannot break through.

3. CookieMiner Slips In and Steals Credentials

Toward the end of January 2019, a cryptominer showed up with its own installed backdoor to induce a threatening combination of technologies to steal cryptocurrency exchange cookies and passwords for Google Chrome. The worrisome thing about CookieMiner is this: experts believe that the malware could potentially have the rare ability to bypass things like authentication processes that involve multiple factors. If CookieMiner is capable of gathering enough cookies and credentials, cryptocurrency wallets can be virtually pickpocketed right in plain sight.

4. Mokes.B Puts On a Good Act

Persistence agents running amuck on your MacOs with familiar names may never be spotted, especially if they are calling themselves things like Firefox, Skype, or Chrome. This is precisely how Mokes.B avoids suspicion when it latches onto the operating system in application support folders and tracking files. Mokes.B is super-scary because it can gain the ability to take actual screenshots whole you are on pertinent screens, but it can also record keystrokes to steal date you are keying in.

5. A Variant of OSX.Pirrit Has Shown Up

OSX.Pirrit caused a lot of problems a few years ago, but this malware never really disappeared altogether. Instead, new family members under the old parent app are still being found on MacOs, and they are not being detected as they would otherwise be when acting as OSX.Pirrit. The aim of this malware is to make money from redirect actions that occur as a result of a browser infection, but there are rumors that PIRRIT is potentially capable of stealing data as well.

6. OSX.Dok Reroutes User Traffic

OSX.Dok gets into a system and installs a securely tucked-away Tor version location on a Mac system. User traffic hitting a site gets sent to an onion server instead of where it should be, which is a major problem for business owners needing to protect sensitive customer actions when they think they are on an e-commerce website. One of the scariest things about OSX.Dok is the fact that it can steal even SSL encrypted internet traffic maneuvers. Older versions of this software were thought to be banished, but new versions continually pop up.

Even though there are so many Mac users who think they are covered by some unseen immunity from malicious software, these risks are there and the growing list of 2019 proves that fact. Attackers deploying these software programs are targeting those easy-to-break barriers, so something like an improperly updated computer or even an unsuspecting employee can leave a business computer wide-open for an attack.

Your MacOS Is Under Attack: 2019’s Biggest Malware Threats The Mac operating system (MacOs) has frequently been hailed as one of the best systems for its resiliency to malware and typical viruses. But the days of MacOs standing strong and tall with no worries have really always been a misconception. Mac systems are just as

Data Security is Vital to Reducing Business Risk

Data Security is Vital to Reducing Business Risk

Traditional business risk has fallen into a few different buckets with the economy and competitors being two of the major forces under consideration. The tides change, and businesses today must add some additional items to that list and one of the most important is the issue of data security.

Photo of woman protecting data on network

From protecting the information that is being stored within your organization to creating a positive way to support the transfer of data between your clients, your business and third-party partners, data security and compliance are becoming hot-button topics in technology and business circles. Protecting your organization from the potential multi-million dollar problems that come along with a data breach is a critical component of IT leadership in the modern world.

What Are the Dangers of Poor Data Security?

You don’t have to look too closely in the world news to see the dangers inherent with poor data security: FacebookMarriott and even Equifax are recent survivors of serious data breaches. Each time a seemingly-indestructible company falls prey to a hacker, the business world holds its collective breath to see what will happen. Unfortunately, what’s happening is that these organizations are facing hundreds of millions or even billions of dollars in notification costs, lost productivity, poor consumer perception and remediation to ensure that their data stays more secure in the future. Even so, there are no guarantees that these businesses will not be hit again as they have already proven to be vulnerable from this type of attack. Major corporations are not the only ones being targeted, however. Small and mid-size businesses are also being targeted for attacks because there’s a perception that they do not invest heavily enough in cybersecurity and secure infrastructure.

How Can I Improve Data Security in My Business?

Improving your business’s data security often starts with an audit of your current situation. This could include where your organization stores data, the type of information that is being stored, the individuals who are able to access your data and how that access occurs, the privacy and security policies of third-party partners and the various integrations that your business systems have with sensitive data. Businesses that are storing personal information (PI) that includes first and last names, passwords or passcodes, health or financial information need to pay particular care as this type of information is extremely sought-after by hackers who are interested in selling it for top dollar on the dark web. Once an audit has been completed, it’s time to start improving the security of your overall systems and storage.

Does Moving Data to the Cloud Help Improve Data Security?

Just as with many questions in technology, there isn’t a cut and dried answer: it depends on the current situation with your data, the type of data that’s being stored and several other factors as well. The best option is to work with a proactive IT solutions provider who has a deep understanding of data security and has helped secure other organizations that are similar in size and storage needs to yours. This allows you to leverage industry best practices to help keep your data safe and nudge you towards the right decisions both now and in the future. In general, moving to the cloud may help improve your security, especially if you have a limited number of internal IT staff members who are able to maintain your systems and data infrastructure. Cloud-based data storage and applications work together fluidly and often without the requirements for ongoing updates as these are applied at the data center level. This can take some of the pressure off of internal IT staff to provide proactive maintenance and allow these individuals to focus on improving the overall security posture of your organization.

As we enter the second half of 2019 and into 2020, CEOs and other top executives are increasing their focus on cybersecurity as a strategic initiative. This provides an added impetus for organizations to thoroughly review their data storage and use strategies and create a cohesive solution for data in transit and at rest that will help reduce the overall risk to your business. Reviewing your data security on a regular basis can help alleviate concerns about your storage procedures and ensure that your organization stays up-to-date with the latest recommendations from security professionals.

Data Security is Vital to Reducing Business Risk Traditional business risk has fallen into a few different buckets with the economy and competitors being two of the major forces under consideration. The tides change, and businesses today must add some additional items to that list and one of the most important is the issue of

Building a Rock Solid Cybersecurity Plan

Cybersecurity Plan

Cybercriminals may be going into a stealth mode, but that doesn’t mean that cyberattacks are slowing down — quite the opposite, in fact. According to the 2018 SiteLock Website Security Report, attacks increased by 59% and accelerated going into December. Record numbers of businesses are being infiltrated by hostile actors, with data breaches affecting hundreds of millions of users in a single attack. This all comes during a time when cybersecurity costs are accelerating as more organizations scramble to bring expensive systems and well-paid IT assets online to help protect their business from attack or assist with recovery. By the year 2021, damage to businesses is expected to exceed $6 trillion annually from cybercrime alone. It’s becoming increasingly difficult for businesses to manage the complexity required for a comprehensive cybersecurity plan alone, but these basics will give you a starting point to managing the risk to your organization.

Understanding “Current State” Security Practices

Many organizations begin crafting their cybersecurity plan by reviewing and documenting the current state of their risk-reduction efforts. This could include everything from data structures and storage locations, physical and cloud-based infrastructure models, third-party vendors and other connections. This “current state” report gives you a comprehensive view of the organization and allows you to capture potential risk centers that will need to be addressed in the future.

Balancing Security Needs with Business Requirements

It’s a fact of life that IT professionals are often in top demand, making it difficult to implement the full range of cybersecurity protections that proactive leaders feel are necessary. This balancing act may take place as ongoing negotiations between business and technology teams as the risks of not taking specific steps to tighten security are weighed against the potential benefits of new functionality. IT teams need to have a full understanding of how data and applications are utilized throughout the organization, including how remote partners or staff members are connecting into business applications and databases. Going through this process prompts conversation around the replacement value of particular platforms. Where an IT team may feel that an older platform could be deprecated without undue business impact, one particular unit may be utilizing that data in an unexpected way. In this instance, business and IT leaders will have to negotiate whether it makes sense to enhance the security or simply move to a newer alternative.

Crafting Your Plan and Training Your Staff

Understanding all of the various assets that your business has available allows you to gain a more holistic view of the business, a crucial element of any successful cybersecurity plan. Define replacement or bypass recommendations for each of your core business assets, and then fully document any changes that need to be made to reduce the risk of a breach or the effect of any malware or ransomware attacks. Having the plan in place also requires determining the training level that your staff will need. According to Cisco, the majority of malicious file extensions are made up of popular files such as Microsoft Word, Excel and PowerPoint, making ongoing training an important part of any cybersecurity strategy.

Small and mid-size businesses are the organizations least likely to have a formal cybersecurity plan in place, but these businesses are a high-risk target that is extremely attractive to hackers. Managing the complexity associated with the various platforms and data sources is often cited as a significant challenge for over-taxed IT personnel. Making regular cybersecurity reviews a priority can help your organization not only stay safe online but also identify processes challenges that need to be addressed to improve operational efficiency. Even with a rock-solid cybersecurity plan in place, that doesn’t mean your organization is completely safe. Instead, it means that you’re ready for an attack and are able to respond appropriately and in a timely manner — which can save your company hundreds of thousands of dollars in the event of a breach.

Cybercriminals may be going into a stealth mode, but that doesn’t mean that cyberattacks are slowing down — quite the opposite, in fact. According to the 2018 SiteLock Website Security Report, attacks increased by 59% and accelerated going into December. Record numbers of businesses are being infiltrated by hostile actors, with data breaches affecting hundreds of millions of users

Using Today View in iOS 12

iOS 12 brings a lot to the table and you will want to take full advantage of it to get the most out of your device. The Today View in iOS 12 is one feature that is worth exploring to determine how you can leverage it to make your workday and personal life more organized. As the name implies, the Today View is there to let you know what is going on right now. But there are a lot of different information points that your device can inform you of, so customizing your Today View and learning to navigate it is essential to getting more out of your iPhone.

The Today View in iOS 12

Your iPhone is designed to keep you organized and updated on the things that matter most to you. As a business user, that means staying abreast of what is going on in your department, your company and your industry. If you are like most business users, it also means managing your professional life and your personal life on the same device.

Taking care of all these needs requires using a variety of apps. In the olden days of earlier smartphones, those apps would need to be opened to see what they had to offer. But today, with your iPhone and iOS 12, you can get most of the information you need from each app on your Today View—at least the fundamental information that you are likely to want access to at a glance. Instead of having to go to your Home screen to get the information you need, you can just do a quick swipe and see what you need more quickly and more conveniently than you would if you have to open each app individually.

One of the most useful things about the Today View is that you do not even need to unlock your phone to access it. As long as you have your security settings established where your Today View shows on your Lock screen—which is the way your phone comes by default—you can check your Today View at any time whether the phone is locked or unlocked.

How to Access Your Today View

Whether you are on your iPhone’s Lock screen or on your Home screen, your action to get to the Today View is the same. You will simply swipe to the right side of your phone screen. You can start your swipe from the left side of the phone, from the middle of the phone screen and even from pretty close to the right edge of the screen. Wherever you begin your swipe, as long as you slide your finger off the right edge of the screen, your Today View will pop up.

When you want to leave the Today View, you perform the opposite gesture. Swipe to the left edge of your screen to leave the Today View both on your Home screen and on your Lock screen.

What Does the Today View Show You?

The things that you will see on your Today View will vary based on the apps you have installed and the widgets you have told your phone to include on the Today View. For instance, you will see FAVORITES that shows some of your favorite contacts that you have called recently. You will also see other widgets that are based on the apps that you have recently used. Like if you have used Maps recently, your Today View will show a MAPS DESTINATIONS widget with a destination that you are likely to want to go to—such as your home.

Show More

Many of your widgets will give you an option to show more information if you need it. The option to Show More will show to the right of the name of the widget. Just click the Show More section and the widget will expand. For example, your FAVORITES widget will only show four favorite contacts initially, but if you click Show More you will see eight contacts.

Launching Apps

Some of the widgets on your phone will give you the option of launching the app just by tapping the widget. For instance, the Maps app widget, MAP DESTINATIONS, will launch Maps if you tap the widget and create a map to the destination offered in the widget—like your home address.

Changing Widgets

You can add or remove widgets from your Today View by tapping Edit at the bottom of the Today View and tapping the minus or plus symbol to the left of the app name. You can also reorganize your widgets by tapping and holding the three horizontal lines to the right of an app name, then shifting the app up or down the list.

iOS 12 Today View

iOS 12 brings a lot to the table and you will want to take full advantage of it to get the most out of your device. The Today View in iOS 12 is one feature that is worth exploring to determine how you can leverage it to make your workday and personal life more organized.

Windows Server 2019: How the Newest Features Influence the Way You do Business

Windows Server 2019

At the end of 2018, Microsoft released the newest version of Windows Server, launching their small to medium business customers into an unexpected dilemma. A new era had arrived. Windows Server 2019, much like previous iterations, has three different editions geared toward every business type from small to enterprise. While the editions for large businesses—Datacenter and Standard—have some great upgrades from the previous version, Windows Server 2019 Essentials for small to medium businesses was massively downsized, leaving business owners to wonder about their future with Windows Server.

Windows Server 2019 and 2016: How do they compare?

What are the newest features of Windows Server Essentials? The 2019 server operating system for small businesses does not really offer anything new as much as it does away with the key features that were part of the 2016 edition; features that businesses have come to expect. In appearance, it is much like the 2016 version. It provides a small business solution as an Active Directory domain controller, and a single license includes Client Access Licenses for 25 users and 50 devices.

So what features are no longer available? One of the biggest changes to Windows Server 2019 Essentials is the removal of the Essentials Experience Role, taking with it the Administrative Dashboard, Client backup, and Remote Web Access. For businesses that depend on RWA—which is the majority—this change limits their ability to provide network access for offsite employees. Accessing the server, your desktop, and your files remotely is no longer an option. Essentials 2019 also no longer supports Office 356 integration tools. The loss of these features can have a huge impact on businesses that—for years—have depended on Windows Server to provide their on-premise server needs. However, the new face of Windows Server is not the only thing to consider before updating your software. Microsoft also announced that Windows Server 2019 Essentials may be their very last iteration of this software for small businesses.

Alternative Solutions to Windows Server 2019

For businesses using Windows Server 2016 Essentials, one solution is to continue using that license until the software becomes obsolete. Rather than upgrade to the 2019 edition, consider using Essentials 2016 for as long as possible, while also researching next steps for the day when Microsoft no longer supports that version. Another option is to upgrade to the Standard edition of the 2019 server, which makes sense if your business is growing at a pace that would require greater capacity in the near future.

If, however, you have already upgraded to Windows Server 2019 Essentials, Microsoft does offer solutions for navigating the lost features. In place of the Administrative Dashboard, look to Windows Admin Center, a free, locally-deployed app that allows you to manage your server, computers, and network with considerable ease. Also, with the Azure Active Directory connect option, businesses can access—for a fee—some of Microsoft’s cloud services while still maintaining an onsite server.

Ultimately, Microsoft is encouraging small businesses to consider moving entirely to a cloud-based service, namely Microsoft 365 or Microsoft 365 Business. For businesses that require dependable remote access and collaboration, this could be an ideal solution. Microsoft 365 includes the complete Office 365 suite of productivity tools and apps, security and mobility solutions, and Windows 10. Switching to a cloud-based solution could also be a helpful option for businesses with little or no IT support. Moving your business to a cloud platform means your security, systems and support are all built in.

Changes in the IT landscape can be difficult to navigate, especially if your business has depended upon a platform or service that has worked well for many years. While these changes can be frustrating at times, the constant developments of technology—when embraced—can also provide upgrades and solutions for your business that increase productivity, improve security, and help you navigate change for years to come.

At the end of 2018, Microsoft released the newest version of Windows Server, launching their small to medium business customers into an unexpected dilemma. A new era had arrived. Windows Server 2019, much like previous iterations, has three different editions geared toward every business type from small to enterprise.

How Canada Is Seeking a Private and Equitable Digital World

Canada Digital Information Technology

As in so many areas, Canada is now pushing to make the online world a more equitable one. It also wants Canadians to have their privacy online instead of having their information sold by whoever can get ahold of it. The use of the data that companies do collect about you is now being regulated by the expanded Canadian Digital Charter. Here’s how it seeks to create a better experience for Canadians.

Technology in Canadian Ecommerce

Using up-to-date technology is increasingly a part of daily life, and innovators who don’t have it will be left behind by those who do. Canada’s Digital Charter is a way to protect Canadians from some of the ways their data could be used as well as to make it easier for everyone in the country to have internet access. E-commerce is a larger and larger portion of the economy all over the Western world, and Canada would fall behind this march to the future if Canadians had trouble getting online and feared for their very privacy if they were to do so.

Canadian Access to Internet Connectivity

With so much of the world now online, keeping Canadians able to connect is a key factor in keeping them competitive. Part of the Canadian Digital Charter is to give universal access to all Canadians, no matter where they live or how much they know about computer use. The charter seeks to ensure that every Canadian is not only offered connectivity but is given the computer literacy they need to be able to use one. In addition, the charter rolls out a new standard for safety online. With so many new internet users about to join the online sphere, the government is focused on making sure they don’t get taken advantage of, threatened or targeted with scams. To help create a better atmosphere of safety, the government plans to put multiple laws in place to deliver punishments for breaking cyber-safety laws.

Data Privacy Compliance in Canada

The charter further calls for every online user in Canada to have their privacy protected by the sites they use. If a company wants to use their personal data for any reason, the internet user should know exactly what it will be used for and must consent to share it for that purpose. In addition, Canadians are declared to be free to see their own personal data as well as to move it or share it easily. Websites that have Canadian visitors must comply with these privacy laws in order to stay compliant and available to online users in Canada. Clear, open disclosure of data collection, usage and storage will be needed to maintain that compliance.

Free Speech Online for Canada

As in most countries, free speech is not an absolute right in Canada. The charter spells out the kind of speech that Canadians shouldn’t have to come across online. These include hate speech, threats, extreme views advocating violence and content that is otherwise illegal. The government also seeks to keep false news stories away from readers who may not realize that what they’re reading isn’t factual. Keeping Canadians safe from these problems is considered a right that Canadians have in order to create a better online experience and to encourage more people to use the internet to make their lives easier.

With this charter, Canada is expected to become more competitive on a global scale. Unburdened by false news stories and hate speech, the government hopes that the online atmosphere will be more conducive to Canadian innovation.

As in so many areas, Canada is now pushing to make the online world a more equitable one. It also wants Canadians to have their privacy online instead of having their information sold by whoever can get ahold of it. The use of the data that companies do collect about you is now being regulated

Should Your Business Outsource IT Operations?

There never seem to be enough hours in the day to get everything accomplished, and that goes double for small business owners. When you’re top dog in charge, every small problem or frustration heads your way. Technology support is one of the key complaints from staff members, especially when there are problems with slow network connections or aging computers. You need your staff members to be contributing 110% every day, and that goes for your network infrastructure as well. If you’re struggling with finding the time to respond to dozens of IT challenges while also driving your business forward, it may be time to consider outsourcing your IT operations so your internal teams can focus on the future.

Outsourced IT Operations

Predictability in Pricing

Whether your business is running on a shoestring or you have a healthy budget, it is tough to get hit with an unexpected bill that can reach tens of thousands of dollars. If your business experiences any type of disaster event that affects your technology, the cost to get everything back up and running can be staggering. The word “disaster” makes you think of something that won’t happen to you, but the reality of technology disasters is much different. Malware and ransomware are rampant in small businesses, with approximately 60% of all data breaches occurring in a small business. When you work with an IT managed services provider, you have an added layer of support for your team that is priced consistently throughout the year. Plus, you have the peace of mind knowing that you have experts that are an extension of your business who already understand your infrastructure — a great step towards being able to rebuild it successfully.

Reducing Overhead — and Improving Quality of Service

Technology is extremely complex and hiring all of the specialists that you truly need to run a complex business would be exorbitantly expensive. With outsourced IT operations, your staff has a platform of consistent support that they can trust to always be there when they are needed. Response times are guaranteed so staff members can focus on doing their job instead of stressing about whether their technology is working properly or quickly enough for their needs. An added benefit is the access to a stable of trained professionals with a broad range of technical knowledge in fields such as cybersecurity, network engineering, customer support, data utilization and more.

Scale Your Business With Ease

Growing your business technology used to be expensive and stressful: how can you make a major purchase of hardware and software based on the scale you think your business will be for the next few years? If you’re in an active growth stage, a poor decision could be disastrous. Either you end up with inadequate hardware that won’t support your business, or you overspend and have crucial capital reserves tied up in resources that aren’t being fully utilized. With IT managed services, scaling your business couldn’t be easier. Bringing a new server online is no longer a tortuous process of weeks, but can be accomplished very quickly by your external support team. Adding software licenses and data storage capacity is also easier, allowing you to focus on growing your business and providing exceptional service to your customers.

Enterprise-Level Technology — Sized for Your Business

It would be difficult for a small business to afford to implement the same type of advanced help desk software, cloud-based software and security measures that you would receive as a client of a managed IT services company. IT support companies are able to afford enterprise-level technology as they are spreading the costs between a variety of clients. You benefit from the advanced tech at only a fraction of the price. Your help desk support requests become more predictable and your business becomes more secure — all while you’re gaining the benefits of an enhanced network infrastructure to power your business.

Outsourcing your IT operations may not be for every business, but the majority of small businesses can see a significant benefit by reducing the burden on internal technology professionals. As an added bonus, the active monitoring provided by IT support specialists can help ensure that your business is protected from cyberattack, with quick remediation and support if you do experience an attack. Accelerate your business growth and support the innovative ideas of your teams when you rely on trusted, experienced technology professionals to provide support for your business.

There never seem to be enough hours in the day to get everything accomplished, and that goes double for small business owners. When you’re top dog in charge, every small problem or frustration heads your way. Technology support is one of the key complaints from staff members, especially when there are problems with slow network

How To Use Incognito Mode To Privately Watch YouTube Video

When it comes to watching videos online, no name comes to mind more often than YouTube. They host nearly 2 billion users each month. 60% of people now prefer watching YouTube to watching TV. 80% of people under 49 are watching videos on YouTube.

Youtube videos

It’s popular. We get it. Everyone is on it. And there’s a huge variety of content from funny cat videos to videogame walkthroughs to guided meditation. And the fact is that regardless of whether or not you have any reason to hide what you’re watching, it’s no one’s business what you watch on YouTube as long as it’s not illegal. And even that can be a gray area.

Despite this fact, you should know that everything you do on YouTube is very carefully monitored by the company. And you have to ask yourself, just how many of your personal preferences does YouTube have a right to? According to the privacy policy, they have a right to everything. But you do have the option to go incognito. And we’ll show you how.

But first, what does YouTube do with your viewing history?

A.I., Automation & Analytics

YouTube is owned by Google, one of the biggest and most powerful tech companies in the world. Through Google’s many tech assets, they can gather endless amounts of data about you. While we don’t believe Google has any nefarious intentions for this data, we do know that Google puts this data to work to expand the empire they’ve built, primarily by enhancing their ad platform.

In a practical sense, they use this data to learn about individual and demographic behavior. What ads do you click? What makes you click? How long do you watch videos? What do you watch? All of this information helps a company like Google show you more relevant and targeted ads that may be hard not to click because they’ve been engineered with such precision.

Modern analytics allows Google to glean endless amounts of data and aggregate it into a useable form. Using artificial intelligence (A.I.), they can automate this entire process. Each time you visit, it learns something new and continually adjusts the algorithm to deliver more targeted ads.

In YouTube specifically, they can also use viewing data to make relevant recommendations to you.

This technology is actually great. It has opened the doors for personalization and relevancy in advertising that can’t otherwise be achieved. And people love that. 57% of people say they’re willing to share more data for a more personalized experience. But you have a right to control this flow of information.

Watching YouTube Videos

How to Set up Incognito in YouTube

These instructions are the same whether you’re on Apple or Android. In order for this to work, you do need to log into your YouTube account. And before we go any further, let’s get one misunderstanding out of the way. Just because you don’t log in doesn’t mean they don’t track you. They put cookies on your device to track every visitor.

Follow these steps.

  1. Open the YouTube app.
  2. Tap the profile icon
  3. Tap “turn on incognito”.
  4. Check to see that your profile icon is replaced with the “incognito symbol” to know you can privately watch YouTube videos.
  5. Whenever you go into YouTube, check for this icon first to know that it’s active.
  6. When you finish private viewing, we recommend that you turn this feature off.
  7. Tap the profile icon again.
  8. “Turn off incognito”.
  9. YouTube is again tracking what you do.
  10. Switch back and forth, as needed. It’s so easy to do so.

But you may still have a pressing question. We’d like to address it.

Why Would You Want YouTube to Track You?

Personalization is pretty cool. YouTube can very quickly figure you out and recommend things that you weren’t even thinking to search for but would love to view. YouTube’s personalization is kind of like having your own personal assistant that knows you so well that they can always recommend the perfect thing.

Sometimes that you might want to consider privately watching include:

  • If you’re viewing something somewhat embarrassing. Seriously, it’s no one’s business.
  • If you want to view something without seeing ads for it later.
  • If you’re letting your child, spouse, etc. watch on your account. This way they don’t see recommendations intended for you, which may not be appropriate. And their viewing on your account doesn’t mess with the algorithm. Otherwise, YouTube is recommending children’s cartoons for a month after you let your 4-year-old use your phone.

Remember, You Have the Power

Yes, YouTube and their parent company Google are collecting a lot of data about you. They use this data to enhance your online experience. And most of the time, personalization is awesome. But you may not always want this data collected. And you have the power to say when you’d prefer not to share. Use incognito to watch YouTube videos privately when you want to and turn it back off to get the best recommendations.

When it comes to watching videos online, no name comes to mind more often than YouTube. They host nearly 2 billion users each month. 60% of people now prefer watching YouTube to watching TV.

What Are Google’s Local Guides?

Google Local Guides

Local Guides have contributed content about hundreds of thousands of businesses. They get together and have held meetups and conducted projects in Europe, India, South America, North America, Australia, and Asia.

How Are Google’s Local Guides Different From Google Users?

People have been contributing reviews, photos, and videos to Google for years. Google Local Guides are part of a program that offers benefits provided through Google Maps.

The Local Guides provide a way for Google to improve its maps and local business information. Local Guides can post photos, reviews, and answer questions about businesses — all tied to Google Maps.

What Do Google Local Guides Get From Contributing?

The Local Guides program offers a rewards program for participants. The points-based program offers a way for guides to get points for contributing nine different kinds of information based on their local area.

The types of information and points include:

  • Answers: 1 point
  • Edits: 5 points
  • Fact Checks: 1 point
  • Photos: 5 points
  • Places: 15 points (for places and roads)
  • Q & A Answers: 3 points
  • Ratings: 1 point
  • Reviews: 10 points, plus additional 10 points for reviews over 200 words
  • Videos: 7 points

Guides advance through the point system. They start at Level 1 and can achieve Level 10. People using Google Maps can see the Guide’s level and use it to decide the trust level and authenticity of the information.

What Other Benefits Do Local Guides Get?

Local Guides have access to perks from Google’s partners and also get early access to Google features. They can also get badges and recognition from other Google Maps users.

Google Local Guides have profiles that display badges and recognition. Recognition from users shows next to the Guide’s level on their profile.

How Do Local Guides Level Up?

Local Guides advance through Levels by accumulating points from their contributions. Level 1 Guides are just starting out. They have 0 points. By Level 2. guides have achieved 15 points.

Here are the other Local Guide levels and points needed to achieve them:

  • Level 1: 0 points
  • Level 2: 15 points
  • Level 3: 75 points
  • Level 4: 250 points and a badge
  • Level 5: 500 points and a new badge
  • Level 6: 1,500 points and a new badge
  • Level 7: 5,00 points and a new badge
  • Level 8: 15,000 points and a new badge
  • Level 9: 50,000 points and a new badge
  • Level 10: 100,000 points and the highest badge

Level 10 is a high level of achievement requiring many contributions over a significant period. As of 2018, members of the Local Guide community identified over 500 Level 10 Local Guides around the world. The number of Local Guides of different levels in each area shows on each Local Guide’s profile.

How Do You Become a Google Local Guide?

Anyone with a Google account can visit the Local Guides page and choose “Join Local Guides” to get started. Provide your home location and confirm the details, and then sign up.

Local Guides have contributed content about hundreds of thousands of businesses. They get together and have held meetups and conducted projects in Europe, India, South America, North America, Australia, and Asia. How Are Google’s Local Guides Different From Google Users?

What Can A Business Impact Analysis Do For Your Organization?

Business Impact Analysis

When a company functions at a high level, productivity and profitability appear seamless. But it’s also incumbent on decision-makers to understand the potential ramifications for business disruption. Without a working knowledge of how a breakdown in one area of an operation impacts the other moving parts, viable solutions remain out of reach. Determined industry leaders take proactive measures to conduct a business impact analysis (BIA), so they are prepared for adversity.

Importance of a BIA

One of the primary reasons that some organizations fail to conduct the initial and subsequent BIAs is that it seems abstract. It’s common for CEOs and other decision-makers to have earned their position through experience and expertise. That offers a sense of confidence they can captain the ship during a crisis. A decade or two ago, that may have been sound thinking. However, today’s technology-driven companies are far removed from nuts and bolts fixes.

Data loss, hackers, malware infiltration, or just lost connectivity between departments can down an outfit’s productivity. Such realities create a burden to have multi-level solutions available that often are outside a CEOs area of expertise. Business leaders are wise to tap department heads to review likely and even unlikely vulnerabilities and develop a contingency plan for as many critical interruptions as imaginable. Consider this pair of foundation ideas in terms of your operation.

  • Idea 1: Your company functions like a living organism with each system relying on the others for its health and vitality.
  • Idea 2: Certain parts of the whole are more crucial to survival and long-term success. These areas require heightened resources.

With this anatomy analogy in mind, consider your operation with the perspective that specific departments and systems are vital. If the heart, brain, or lungs of your operation shut down, so does the entire company. Stubbing your toe, on the other hand, may only slow things. The point is that certain aspects of any business are critical, while others are support.

Once department heads are tapped to conduct a BIA due diligence and submit a report, leadership is tasked with understanding how all the moving parts work. With this in mind, first-run BIAs generally require interdepartmental meetings or communication to ensure key stakeholders are on the same page.

Motivation for Conducting BIA Due Diligence

Having the support and blessing of the leadership team remains critical to a thorough BIA. When such stakeholders view this as just an additional duty impeding their daily, profit-driving work, potential challenges are unlikely to get the due diligence necessary for improved success when a crisis occurs. Before moving forward, direct communication and articulation of why thoroughness is a priority must be established. Clarifying the following benefits of a BIA early in the process may improve team motivation.

  • BIA delivers management with vital data to make real-time decisions to ensure business continuity
  • BIA delivers insight about interdepartmental reliance
  • BIA provides a playbook for employee roles in critical situations
  • Identifies company-wide priorities for sustaining operations during crisis
  • Provides a tangible road map to restore full operations

At the end of the day, the BIA removes the fear of the unknown and puts guidance in its place. That offers otherwise panicking employees the confidence their jobs are secure and empowers them to work through adversity.

Working through the Tedious BIA Process

Getting leadership and rank-and-file employees on board to undertake a BIA is not a difficult sell. The bottom line for everyday workers is that it provides a rare level of job security. Infusing that positive attitude will likely go a long way toward working through the sometimes tedious information collection process. For each department or aspect of the company, data collection is necessary.

  • Lead function of a process or department
  • Detailed analysis of department function and processes
  • Disruption analysis and timetable regarding increased impact
  • Identify interdepartmental disruption
  • Analysis of the financial, legal and regulatory impact of disruption

With a detailed report, departmental leaders garner an enhanced understanding of impacts across the organization. Each department head can identify likely and unlikely disruptions and craft realistic solutions or ways to bridge crisis. This information can be compiled and shared with the goal of building a final report.

Value of a Comprehensive BIA Report

The final report moves beyond the data collection and single department solutions. The concept is to deliver a company-wide plan of action. It generally proves beneficial to make a hardcopy or online report that articulates reasoning, goals, strategies and empowers employees during duress. These are headings often found in a comprehensive BIA report.

  • Executive Summary
  • Analytic Methods Used
  • Potential Department or Function Disruption
  • Impact of Disruption
  • Protocols to Mitigate Disruption
  • Guidance for Organization Restoration

CEOs and other decision-makers generally enjoy enhanced confidence in their leadership abilities following a comprehensive BIA. It’s also imperative to set a schedule for BIA updates and create a policy that requires emerging technologies, business developments, and other evolutions to be included in the report. In many ways, a BIA gives everyone in your organization security.

When a company functions at a high level, productivity and profitability appear seamless. But it’s also incumbent on decision-makers to understand the potential ramifications for business disruption. Without a working knowledge of how a breakdown in one area of an operation impacts the other moving parts, viable solutions remain out of reach.

Spoofing & Hacking: What’s The Difference?

Hacking and Spoofing

Most people know not to open email attachments from senders that they do not know. Unfortunately, it is not just attachments from strangers that you have to be on the lookout for. It happens quite often that people will get emails that seem to be from known senders that have malicious attachments, or that ask for confidential information. If you get such an email—or if someone gets such an email that appears to be from you but that you did not send—does that mean that your email has been hacked? Not necessarily.

Hacking and spoofing are two methods that bad actors use to manipulate individuals and businesses into doing things that are against their best interests. Hacking and spoofing can appear to be the same at first glance but are actually quite different. The risks of hacking, especially for businesses, are much greater than those posed by spoofing. Neither is desirable, but you want to know the differences between the two so that you and your employees can identify potential compromises to your email accounts.

Hacking vs Spoofing—What You Need to Know

What does it mean when your email account has been hacked?

A hacked email account is something you should be very concerned with. Being hacked means that a bad actor has managed to gain full access to your email account—which could mean that they have access to more than just your email account. There are a variety of ways to hack an email account, including:

  • Guessing your email password (seems unlikely, but you would be surprised how simple many email passwords are, such as birthdays, anniversary dates, and other information easily obtained on social media)
  • Answering your security questions correctly
  • You entered it into a website or form (it may have been a phony website, one that offered you a free gift, or a site you visited from a link in an email)
  • You used the same password on a different site and the site used it to access your email
  • You have a spyware program on your computer that recorded you typing in your password and sent it to a hacker
  • Viruses, malware or other undesirable software is on your computer and allowed a hacker to get your email password

If your email account has been hacked it means you need to take immediate steps to correct the situation. The risks to your system and your company information vary based on the way that the email password was obtained. A hacker guessing the password is much less problematic than having viruses, spyware or malware on your computer. A guessed password simply needs to be changed, whereas an infected computer needs to be cleaned up before more compromises occur that may be even more damaging to your business.

Even if the hacker guessed the password, there is a real risk that he or she could use the email account to access other information or accounts. If you suspect your email account has been hacked you need to take immediate steps to remedy the situation, including:

  • Check your recent email activity to see if anything was sent that you were not aware of
  • Change your password
  • Use different passwords for every account
  • Start using a password manager to generate random, complex passwords
  • Update your system to the latest OS and update your security software
  • Run your antivirus and malware detection programs

Spoofing and Hacking

What does it mean when your email account has been spoofed?

Although spoofing can look a lot like hacking, it is actually something completely different. When your email has been spoofed, it means that someone sent an email that appeared to be from your email account but was not actually from your account. You can think of it as someone sending a letter and putting your return address on the envelope. Doing this is not too complicated with the right software. The bad actor does not need access to your email account to spoof your account.

Your account is safe even if you have been spoofed. However, having your account spoofed can be quite concerning, especially in a business setting. A bad actor could spoof your email and send a message to an employee asking for sensitive company information. There are a few things you can do to help prevent spoofing of your email address, including:

  • Do not share your email address with anyone who does not need it for business purposes
  • Do not allow employees to share your email address

Improving Business Email Security

For more information about improving email security for your business, please contact our IT services team.

Most people know not to open email attachments from senders that they do not know. Unfortunately, it is not just attachments from strangers that you have to be on the lookout for. It happens quite often that people will get emails that seem to be from known senders that have malicious attachments, or that ask

Your Windows 7 Checklist

Windows 7 Checklist

When you’re working hard to grow your business, you can get caught up in things that take your attention away from your technology. Before you know it, your IT system isn’t up to speed because you failed to update an operating system. We don’t want this to happen. This is why we’ve provided a checklist about Windows 7, its approaching End of Life (EOL), and what you should do.

It’s Time To Upgrade From Windows 7

Extended support for Windows 7 will end on January 14, 2020. This means that Microsoft won’t provide security updates for PCs running Windows 7. This could put your IT system at risk for security and reliability issues.

We recommend that you plan your upgrade now. And, if you run a business, we advise that you skip Windows 8 and upgrade to Windows 10 Pro.

Skip Windows 8 and Migrate To Windows 10 Pro

Windows 8 product enhancements (mainstream support) ended back on January 9, 2018. And reliability and security patches will end on January 10, 2023 (the end of extended support). This may seem like a long time from now, but if you’re upgrading anyway, shouldn’t you use the most current Windows program? Windows 10 Pro offers the very latest technology, and it’s built for business use.

Windows 10 Pro Will Benefit Your Business

  • Increased Security is incorporated with ongoing protections like Windows Defender Antivirus, BitLocker, a Firewall and more (at no extra cost to you).
  • Windows Remote Desktop ensures that you can access your files from any PC or tablet with an internet connection.
  • Automatic Cloud Storage will store and protect your Word, PowerPoint and Excel files from system crashes.
  • Sign In 3 Times Faster by using Windows Hello with Facial and Fingerprint Recognition.

Take Advantage of New Features In Windows 10 Pro

  • Windows Ink with Touch Screen & Digital Pen Capabilities
  • Windows 10 Pro pairs with Office Documents and Other Apps
  • Microsoft Edge with faster and safer web browsing, automatic form filling, type or write on webpage capabilities, and much more
  • Cortana voice-activated digital assistant integrates with your calendar and other Windows apps.

You Have Two Choices For Upgrading

1. Migrate your existing machines to Windows 10 Pro.

2. Replace your old computers with new Windows 10 devices.

Consider This Before You Migrate To Windows 10 Pro

Are your current apps compatible with Windows 10? (Check Microsoft’s App Directory to be sure.)

Do your existing computers meet these system requirements?

  • 1GHz processor or faster
  • 1GB RAM for 32-bit; 2GB for 64-bit
  • Up to 20GB available hard disk space
  • 800 x 600 screen resolution or higher
  • DirectX 9 graphics processor with WDDM driver

There are 2 Migration Tool Options

1. Windows Easy Transfer

  • For a small number of computers or a single customized deployment.
  • Transfer files and settings via a network share, USB flash drive, or Easy Transfer cable.
  • Can’t use a regular USB cable to transfer files and settings

2. User State Migration Tool (USMT) 10.0

  • Best for large-scale automated deployments.
  • Uses .xml files to control which user.
  • Accounts, files, and settings are migrated.
  • Use for side-by-side migrations for hardware replacements, and wipe-and-load migrations.

Test The Quality & Performance of Your New System

Use the Windows Assessment and Deployment Kit (ABK) to test the quality and performance of your system, and to customize Windows images for large-scale deployments.

Need Help Upgrading To Windows 10 Pro?

We’re always here to help and answer your questions

When you’re working hard to grow your business, you can get caught up in things that take your attention away from your technology. Before you know it, your IT system isn’t up to speed because you failed to update an operating system. We don’t want this to happen.

Important Warning From The FBI

https fbi warning

Hackers Now Using HTTPS To Trick Victims Via Phishing Scams

Everything you’ve heard about the safety of https sites is now in question. According to a recent FBI public service announcement, hackers are incorporating website certificates (third-party verification that a site is secure) when sending potential victims phishing emails that imitate trustworthy companies or email contacts.

These phishing schemes are used to acquire sensitive logins or other information by luring people to a malicious website that looks secure.

Can You Still Count On HTTPS?

The “s” in the https along with a lock icon is supposed to give us an indication that a website is secure. And your employees may have heard this in their Security Awareness Training. All training will now need to be updated to include this latest criminal tactic.

What Should You Do?

Be Suspicious of Email Names and Content

The FBI recommends that users not only be wary of the name on an email but be suspicious of https links in emails. They could be fake and lead you to a virus-laden website. Users should always question email content to ensure authenticity.

  • Look for misspellings or the wrong domain, such as an address that ends in “com” when it should be “org.” And, unfortunately, you can no longer simply trust that a website with “https” and a lock icon is secure.
  • If you receive a suspicious email that contains a link from a known contact, call the sender or reply to the email to ensure that the content is legitimate.
  • If you don’t know the sender of the email, the FBI warns that you shouldn’t respond to it.
  • Don’t click links in any emails from unknown senders.

If You Run A Business Ask Your IT Service Company About New-School Security Awareness Training For Your Employees

This will give your staff the latest information about cyber threats and exploits. They’ll learn what they need to know to avoid being victimized by phishing and other scams.

Why Use New-School Security Awareness Training?

Your employees are the weakest link when it comes to cybersecurity. You need current and frequent cybersecurity training, along with random Phishing Security Tests that provide a number of remedial options if an employee falls for a simulated phishing attack.

New-School Security Awareness Training provides both pre-and post-training phishing security tests that show who is or isn’t completing prescribed training. And you’ll know the percentage of employees who are phish-prone.

New-School Security Awareness Training…

  • Sends Phishing Security Tests to your employees to take on a regular basis.
  • Trains your users with the world’s largest library of security awareness training content, including interactive modules, videos, games, posters and newsletters, and automated training campaigns with scheduled reminder emails.
  • Phishes your users with best-in-class, fully automated simulated phishing attacks, and thousands of templates with unlimited usage, and community phishing templates.
  • Offers Training Access Levels: I, II, and III with an “always-fresh” content library. You’ll get web-based, on-demand, engaging training that addresses the needs of your organization whether you have 50, 500 or 5,000 users.
  • Provides automated follow-up emails to get them to complete their training. If they fail, they’re automatically enrolled in follow-up training.
  • Uses Advanced Reporting to monitor your users’ training progress, and provide your phish-prone percentage so you can see it reduce as your employees learn what they need to know.  It shows stats and graphs for both training and phishing, ready for your management to review.

Your employees will get new learning experiences that are engaging, fun and effective. It includes “gamification” training, so they can compete against their peers while learning how to keep your organization safe from cyber attacks.

Add New-School Security Awareness Training To Your Current Employee Training

The use of https is just the latest trick that hackers are using to fool victims into falling for malicious emails. Hackers have many more “up their sleeves.” This is why regular, up-to-date New School Security Awareness Training is so important for any organization.

Hackers Now Using HTTPS To Trick Victims Via Phishing Scams Everything you’ve heard about the safety of https sites is now in question. According to a recent FBI public service announcement, hackers are incorporating website certificates (third-party verification that a site is secure) when sending potential victims phishing emails that imitate trustworthy companies or email contacts.

How Much Should A Small Business Spend On Information Technology?

Investing In Technology

For small businesses, information technology spending is always a balancing act. On the one hand, you need to keep to your budget to maintain financial stability and weather the unexpected. On the other hand, you are well aware of the constant tech advances happening all around you and the last thing you want is to be left behind by the competition. So, how do you determine your IT spending? The answer is, “It depends.”

Spending on IT technology needs to be based on your unique business needs. While it can be helpful to know what the average spending is for businesses, particularly businesses similar to yours in your industry, duplicating what another company does will not necessarily yield optimal results. You have a limited budget. You need to make it count. Doing so requires carefully examining your business, your options, and most importantly, your company objectives. Only when you know where you are and where you want to go can you determine exactly what you need to spend on IT.

What is Everyone Else Spending on IT?

Just because you need to define your own path does not mean you should ignore what everyone else is doing. It can be a helpful starting point to examine how much other small businesses are spending on technology. According to one study, the average spending on IT across all industries was 3.28 percent. The average came from considering a wide range of industries, with the lowest spender being construction at less than 2 percent and the biggest spender being banking and securities at 7 percent.

A study focusing on industry alone does not give a clear idea of what small businesses are spending, though. Other studies that looked at the size of the business found that small and mid-sized businesses actually spent more on IT as a percentage of their revenue than large businesses. Small businesses spend around 6.9% of their revenue on information technology, while midsized businesses spend around 4.1% of their revenue on IT. For large companies, the percentage drops to 3.2%. The smaller percentage spent by larger companies is often the result of scale—they put so much money into IT that they get better rates, perform the work in-house, etc.

How to Decide What You Should Spend on IT

The best way to choose how much to spend on IT is to ask targeted questions designed to paint a clearer picture of what your IT needs actually are. These questions should include:

What are you spending on IT right now?

Every business needs an IT budget, regardless of size. If you don’t have an IT budget, now is the time to make one. To see how much you have been spending on IT, add up your expenditures on information technology over the past year.

What are your business goals?

With so many options available, it is normal to feel a little overwhelmed when you consider information technology. Clarifying your business goals gives you perspective on your IT needs. Your IT expenditures should help you achieve specific business objectives. If the money you are spending on IT is not helping you achieve those objectives in a measurable way, it can likely be better spent elsewhere—either on different IT tools or on other areas of your business.

How is your current IT spending related to your business goals?

Each IT area that you invest money in, can and should be connected to your business objectives. Go through all of your information technology spending and verify that it is doing something for your business. If it is not working for you it is time to make some changes.

What specific IT spending can improve your ability to achieve your objectives?

There are specific areas in IT that offer leverage for your industry. You will need to identify what these are and determine how they fit into your overall strategy. Collaboration, security, data collection, marketing—what tech are you fairly certain will make a substantial impact if you add it to your business?

In what ways can you delegate or outsource the IT budgeting process?

If you are like most owners or managers, you have limited bandwidth that is already mostly consumed by running your business. Assessing your IT needs and embarking on a path to meet those needs will take time, energy and expertise. Consider who you can get to help with this process, whether internally or externally.

Are you interested in learning more about your IT options? If so, please contact our managed IT services team. We can help you clarify your IT needs.

For small businesses, information technology spending is always a balancing act. On the one hand, you need to keep to your budget to maintain financial stability and weather the unexpected. On the other hand, you are well aware of the constant tech advances happening all around you and the last thing you want is to

Was Your Photo and License Plate Number Breached?

 CBD Reports 100,000 Photo and License Plate Breach

The U.S. Customs and Border Protection (CBP) reported today that nearly 100,000 travelers’ photos and license plate data were breached. If you’ve driven in or out of the country within the six-week period where the data was exposed, you could have been victimized.

CBP License Plate Breach

The department said on June 10th that the breach stemmed from an attack on a federal subcontractor. CBP learned of the breach on May 31st.

CBP report:

“Initial reports indicate that the traveler images involved fewer than 100,000 people; photographs were taken of travelers in vehicles entering and exiting the United States through a few specific lanes at a single land border Port of Entry over a 1.5 month period.”

CBP hasn’t reported when this 6-week period was.

Who Was The Subcontractor That Was Affected By The Breach?

CBP hasn’t said who the subcontractor was either. But the Register reports that the vehicle license plate reader company Perceptics based in Tennessee was hacked. And, these files have been posted online.

Additionally, the Washington Post reports that an emailed statement was delivered to reporters with the title: “CBP Perceptics Public Statement.”

Perceptics’ technology is used for border security, electronic toll collection, and commercial vehicle security. They collect data from images on license plates, including the number, plate type, state, time stamps and driver images.

Where Were The License Plate Readers Installed?

Perceptics license plate readers were installed at 43 U.S. Border Patrol checkpoint lanes in Texas, New Mexico, Arizona, and California.

CBP reports that “No passport or other travel document photographs were compromised and no images of airline passengers from the air entry/exit process were involved.”

CBP uses cameras and video recordings at land border crossings and airports. The images they capture are used as part of a growing agency facial-recognition program designed to track the identity of people entering and exiting the U.S.

Do We Know Whose Data Was Exposed?

No, we don’t. And to date, CBP hasn’t said if this data will be released. If we hear differently, we’ll be sure to report any updates, so keep watching this space.

Is Facial-Recognition A Security Threat?

Facial-recognition is a hot topic right now. The American Civil Liberties Union states:

“This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency’s data practices. The best way to avoid breaches of sensitive personal data is not to collect and retain such data in the first place.”

Congressional lawmakers have questioned whether the government’s expanded surveillance with facial recognition could threaten constitutional rights and open millions to identity theft.

Today’s technology can recognize and track us without our knowledge or an option to prevent it. It’s inevitable that a new battle between surveillance and privacy will be taking place as more breaches occur.

 CBD Reports 100,000 Photo and License Plate Breach The U.S. Customs and Border Protection (CBP) reported today that nearly 100,000 travelers’ photos and license plate data were breached.

How to Stop Spam from Ever Hitting Your Inbox

Spam Emails

Spam emails can be incredibly annoying. Not only that, it can be downright dangerous, considering the phishing schemes and other email scams that are prevalent today. We can’t avoid spam completely and hope to have any kind of digital life, because so many services require an email address as part of the sign-up process. These can tend to clutter our inboxes with (technically not spam) promotional emails, and the less scrupulous of these may send real spam. That’s not to mention the frequency with which these companies’ databases are breached, creating a whole new layer of spam potential.

How to Avoid Seeing Spam

All of the most prevalent email services offer some degree of spam protection. Great spam protection is one of the reasons Gmail rose to such prominence a decade ago. Most services enable spam filtering by default, but check your email service’s settings to ensure that this setting is turned on.

If you’re still seeing a lot of spam, or if you’re using a service that doesn’t offer much in the way of spam filtering, here are some other suggestions.

Create Filters or Rules

You can create your own rudimentary spam filter by setting a filter or a rule. The terminology varies based on your email service, but you should find something by a similar name. You can create rules that auto-route email based on certain characteristics. For example, you can create a rule that sends any message containing NSFW language straight to the trash. Simply insert all those explicit terms in the field “message contains” and select “move to trash” as the action that is taken.

You can use filters or rules to move less important messages to a folder, too. If you still want to know about the latest sales at a few retailers, but you don’t want to be inundated right alongside emails that are actually important, create a rule that sends these emails to a “Retail” folder that you can check when you get the shopping urge.

Block Addresses

In the same area of settings, you should also have the option to block specific email addresses or even all addresses from a particular domain. Granted, it’s rare these days for spammers to frequently reuse the same address, but this function can still help with overly persistent individuals as well as companies or domains that refuse to take you off their mailing lists.

How to Stop Spam from Ever Arriving

There are other tools available to stop spam from ever showing up in your inbox.

Use “Report Spam” Button

The spam filters from email services like Gmail aren’t static. They can actually learn from you. When a spam message leaks through, you can help the spam filter learn. Look at the menu options available on the message. You should see one that looks like a stop sign with an exclamation point. Click this button to report to Gmail that the message is spam, and you should never see a similar message again.

If Gmail recognizes that your spam message is actually from a mailing list, it will try to unsubscribe for you if you click that option.

Set Up a Spam or Throwaway Account

Another savvy way to avoid spam is to set up a “spam account” that you use only for email signups, website logins, and the like. Give your main email address only to those personal and professional contacts you actually want to hear from, and sign up for everything else using your “spam account.”

If your current account is beyond hope, turn it into your spam account. Create a new main account, and let all your real-life contacts know about the switch.

These tips should help cut down on the chaos in your inbox. Got your own tips? Let us know!

Spam emails can be incredibly annoying. Not only that, it can be downright dangerous, considering the phishing schemes and other email scams that are prevalent today. We can’t avoid spam completely and hope to have any kind of digital life, because so many services require an email address as part of the sign-up process.

LabCorp Data Breach: What We Know

Labcorp Data Breach

Are You One Of Many Affected By The LabCorp Data Breach?

Financial & Personal Information of 7.7 Million Exposed

Just yesterday we wrote about the Quest Diagnostics’ breach affecting nearly 12 million. Today we’re writing to tell you about a LabCorp breach affecting 7.7 million people. Both of these breaches were caused by a third-party; the American Medical Collection Agency (AMCA). AMCA provides billing collection services to both LabCorp and Quest Diagnostics.

AMCA has informed LabCorp that it is in the process of sending notices to approximately 200,000 LabCorp consumers whose credit card or bank account information may have been accessed. AMCA has not yet provided LabCorp with a list of the affected LabCorp consumers or more specific information about them.

In a filing with the U.S. Securities and Exchange Commission, LabCorp said the breach happened between August 1, 2018, and March 30, 2019.

A section of the filing reads:

“AMCA’s affected system also included credit card or bank account information that was provided by the consumer to AMCA for those who sought to pay their balance. LabCorp provided no ordered test, laboratory results, or diagnostic information to AMCA. AMCA has advised LabCorp that Social Security Numbers and insurance identification information are not stored or maintained for LabCorp consumers.”

The information included in the breached system includes:

  • Bank account information,
  • Credit card information,
  • First and last name,
  • Date of birth,
  • Address and phone,
  • Date of service and provider, and
  • Balance information.

Forensic experts are investigating the breach. It’s possible that the AMCA breach could impact other companies and millions of more consumers.

What Should You Do?

Anyone who was affected by the data breach should freeze their credit report to prevent criminals from opening credit card accounts in their name. They should also be concerned that their Social Security numbers were exposed.

If you believe that your information has been leaked, you can contact LabCorp customer service on their contact page.

Are You One Of Many Affected By The LabCorp Data Breach? Financial & Personal Information of 7.7 Million Exposed Just yesterday we wrote about the Quest Diagnostics’ breach affecting nearly 12 million.

Quest Diagnostics Breach: Latest News

Are You One Of Many Affected By The Quest Diagnostics Breach?

Financial & Medical Information of 12 Million Exposed

Quest Data Breach

Quest Diagnostics reports that almost 12 million people could have been affected by a data breach.

On Monday, June 3, 2019, Quest Diagnostics said that American Medical Collection Agency (AMCA), a billing collections provider they work with, informed them that an unauthorized user had managed to obtain access to AMCA systems.

Quest Diagnostics is one of the largest blood-testing providers in the U.S.

Anyone who has ever been a patient at a Quest Diagnostics medical lab could be affected by the breach.

AMCA provides billing collection services to Optum360, which is a Quest contractor. AMCA first notified Quest about the breach on May 14th. Quest reports said that they are no longer using AMCA and that they are notifying affected patients about the data exposure.

The information included in the breached system includes:

  • Bank account information
  • Medical information
  • Credit card information
  • Social Security Numbers
  • Other personal information

In its filing, Quest reported:

“Quest Diagnostics takes this matter very seriously and is committed to the privacy and security of patients’ personal, medical and financial information.”

What Should You Do?

Anyone who was affected by the data leak should freeze their credit report to prevent criminals from opening credit card accounts in their name. They should also be concerned that their Social Security numbers were exposed.

If you believe that your information has been leaked, you can contact Quest Diagnostics’ customer service at 1 (866) 697-8378 or on their contact page.

Are You One Of Many Affected By The Quest Diagnostics Breach? Financial & Medical Information of 12 Million Exposed Quest Diagnostics reports that almost 12 million people could have been affected by a data breach. On Monday, June 3, 2019, Quest Diagnostics said that American Medical Collection Agency (AMCA), a billing collections provider they work with,

Managed IT Helps Your Bottom Line: 6 Ways How

Managed IT Services

Here’s an honest truth: managed IT services cost money. With any business expenditure, it’s a good idea to understand the value that the expenditure will bring to the organization. We believe businesses can improve on many fronts by implementing managed IT services. One of the biggest areas of benefit is financial. Here are 6 ways that implementing managed IT services helps your bottom line.

Increase Productivity

Equipment downtime can be a huge detriment in any business setting. In the “break it fix it” model, businesses operate normally until something breaks, then work stops. If it’s IT equipment, the in-house IT team descends and attempts to fix. If, after some amount of time has passed, IT decides the problem is beyond them, they call in outside help. Then they wait. And wait. And wait some more. Work isn’t getting done while that piece of equipment is down. Waiting for an outside specialist can cost your company in a big way.

With managed IT, your managed service provider (MSP) is the outside specialist. As soon as something goes down, the MSP is on it, bringing their skills and specialties to bear on the problem. Use managed IT to get your business back up and running faster than the traditional model can.

Stabilize Monthly Spending

With the “break it fix it” model, your IT spend can spike wildly from time to time. When a high-value piece of your IT infrastructure goes down or even just needs replacing due to age, your costs soar. Companies self-managing their IT services also face sudden spikes in software upgrade costs.

Managed IT can stabilize your monthly IT spend. In this model, you pay a stable monthly rate for service regardless of how much or how little help you need in a given month. Software upgrades (or, more likely, subscription and licenses) are rolled into this monthly fee as well, removing those software spikes from your budget. Your finance team will appreciate this predictable expense.

Lower Your Initial Investment

Along the same lines, you can lower your initial IT infrastructure investment through managed IT. Depending on the terms of your agreement, some amount of your equipment may be owned by the MSP. The less equipment you have to purchase yourself, the lower your initial IT infrastructure investment.

Every MSP agreement is different, customized to the needs of the client business. If up-front costs are an obstacle for your business, be sure to craft a service agreement that lowers these costs.

Lower Overall IT Infrastructure Costs

Even if your MSP isn’t providing all your hardware as part of your plan, you’ll still lower your overall IT infrastructure costs in many MSP arrangements. For example, if hosting, storage, and backup are part of your MSP agreement, you eliminate some of your need for on-site servers. You’ll save money on hardware, power, and even real estate — since you won’t need space to house those servers.

The same principle applies to a number of other functions, including network monitoring and security. You won’t need to devote systems and system resources to functions that you offload to a managed IT provider.

Free Your IT Staff

Partnering with a managed IT services firm frees your IT staff to do what matters most. Contrary to what many assume, the goal of implementing managed IT isn’t necessarily reducing staffing levels. Sure, some larger businesses may benefit from reducing a bloated, inefficient in-house team, but the real value in managed IT service is freeing up your in-house team.

Your existing IT staff adds value to your company by wholeheartedly pursuing whatever high-value IT interests your business has—or, at least, it should. Many times, though, IT employees are too busy troubleshooting PCs and malfunctioning equipment to focus on the IT elements that are truly core to your business. Enlist a good MSP to handle the day-to-day IT troubles (among other things), and you’ll enable your IT staff to focus in and add value in the areas that are truly critical to your business.

Scale Your Business

It’s great to be a part of a growing business, but the growing pains are real. Scaling your business can cause IT headaches: new equipment is needed for each new employee, not to mention all the behind-the-scenes tech infrastructure, like server space, bandwidth, and software licensing.

Managed IT is the solution here, too. Your MSP has far more capacity than you need, so they can handle scaling issues during periods of growth or reduction.

Conclusion

By now it’s clear: that managed IT can help your bottom line. If you’re ready to begin the conversation about how we can help you, contact us today.

Here’s an honest truth: managed IT services cost money. With any business expenditure, it’s a good idea to understand the value that the expenditure will bring to the organization. We believe businesses can improve on many fronts by implementing managed IT services.

SharePoint Introduces Intelligent Workplace Through Home Sites

Sharepoint Homesites

Microsoft recently announced major enhancements to Microsoft 365 (yes, you read that right — Office 365 is now a part of Microsoft 365), including significant upgrades to SharePoint. The innovation with perhaps the greatest potential is Home Sites. In today’s tech blog, we’ll explore what Microsoft is up to with this new feature.

SharePoint Home Sites

If you’ve used Office 365 for any length of time, you’ve probably come across SharePoint. Most users know it as the name of the cloud storage component of Office 365. SharePoint has also been the underpinnings of some companies’ intranet sites for the better part of a decade.

SharePoint home sites is a huge evolution for the intranet component in the Microsoft 365 platform. Corporate vice president for OneDrive, SharePoint, and Office Jeff Teper calls them “a dynamic, engaging, and personalized employee experience for your organization.” What are home sites exactly, though?

Intranet, Evolved

SharePoint home sites are Microsoft’s vision for the future of the workplace intranet. They are intelligent — powered by AI, and they provide a landing page for employees that customizes based on the employee’s role.

Here are a few of the new features in SharePoint home sites.

  • SharePoint home sites include powerful Microsoft Search technology that reaches every corner of the company’s intranet.
  • SharePoint home sites intelligently share content that’s relevant to users depending on each user’s position in the company.
  • SharePoint home sites pull together collaboration tools like Yammer and Stream into one location that’s customized for each user.
  • SharePoint home sites offer additional personalization options, allowing users to customize their page for maximum productivity.

What SharePoint Home Sites Can Do for You

Part of the strength of home sites is their customization options, but users and organizations will see benefits even with a straight “out of the box” deployment. Here are a handful.

News, For All

By default, home sites serve as an organization-wide news source. Anything published as news to the home site is shown to every user as organizational news. With SharePoint home sites, you can take your news out of the email vortex and put it front and center on your home site.

A Powerful, Connected Page

Home sites are also linked up with the newly enhanced SharePoint start page, which allows you to jump right into work. The search box provided is also powerful and connected. It’s powered by Microsoft Search, and it reaches across your enterprise—anywhere the user has access to.

Low Barrier to Entry

Another feature is the low barrier to entry. With home sites, you can build out an intranet portal in just minutes, not months. You don’t need to know how to code, and you can brand your site to fit your company image.

Conclusion

Are you ready to take the leap to Microsoft 365 and explore SharePoint home sites? We’re here to guide you. Contact us today!

Microsoft recently announced major enhancements to Microsoft 365 (yes, you read that right — Office 365 is now a part of Microsoft 365), including significant upgrades to SharePoint. The innovation with perhaps the greatest potential is Home Sites. In today’s tech blog, we’ll explore what Microsoft is up to with this new feature.

How To Make Awesome Slides In Microsoft PowerPoint

Microsoft PowerPoint is the industry leader in presentation software, a venerable application that’s over 30 years old. Awesome PowerPoint slides can greatly enhance the visual impact of a meeting presentation. The inverse is also true: terribly designed PowerPoint slides can create serious distraction or disinterest.

Today’s tech tip will teach you how to make your Microsoft PowerPoint slides a little more awesome. For a more in depth look at Microsoft PowerPoint, take a look at our video on YouTube.

Step 1: Choose a Theme

PowerPoint offers a variety of prebuilt themes. Choose one that fits the tone of your presentation and your company. To do so, open PowerPoint and click the Design tab in the menu ribbon. One of the sections is named Themes. Click on a theme to apply it to the default slide. Don’t like it? Try another.

PowerPoint also allows you to find additional themes online. Click the drop-down arrow in the Themes pane and select “Browse for Themes…” to start that process.

Bonus tip: If you have a presentation that’s already filled with content, you can still experiment with changing the look by changing themes. Changing themes never removes or erases existing content, though it will change fonts and sometimes reposition text.

Step 2: Insert Your Raw Data

Whether you’re typing all your content in manually or pasting it in from another document, now’s the time to get the raw data into your file. Don’t worry very much about looks at this point. Just get the information in there.

If you’re working in a theme, remember to right-click on each new slide and select the appropriate layout. Placing content into slides with the proper layout now will save you headaches later.

Bonus tip: Not all themes have the same set of slide layouts available. Make sure the theme you choose has all the ones you need.

Step 3: Check Out Design Ideas

A new feature in Office 365, Design Ideas is a powerful, AI-assisted tool. It will dynamically analyze the contents of a slide and suggest a handful of alternative ways of displaying the information. It’s truly marvelous when it works just right (for example, turning a bulleted list into a sleek timeline), and you have to see it in action to fully appreciate it.

To access Design Ideas, click on the Design tab in the menu ribbon. At the far right, you’ll see a Design Ideas button in the Designer section of the ribbon. Click this button to open a sidebar. You may see “Generating design ideas…” for a few seconds. Next, a handful of design ideas will appear. Click through them and select the one that works best for you.

Using Design Ideas is the easiest way to create awesome, powerful PowerPoint presentations. Check out our full training video here.

Powerpoint Presentation

Microsoft PowerPoint is the industry leader in presentation software, a venerable application that’s over 30 years old. Awesome PowerPoint slides can greatly enhance the visual impact of a meeting presentation. The inverse is also true: terribly designed PowerPoint slides can create serious distraction or disinterest.

What You Need to Know About NextGen Malware and AntiVirus Protection

If you’ve heard the terms “NextGen Malware and Antivirus Protection”, you might think they were made up by a marketer who had a few too many lattes — but this type of security truly takes it up a notch from more familiar offerings. Today’s cybercriminals are becoming increasingly savvy and are finding ways to short-circuit or completely bypass traditional protective measures. These well-organized criminals understand white hat security procedures. They are tracking the activity of your key business leaders online or on social media. They are developing malware and viruses that can mutate to avoid detection. And make no mistake: these hackers can bring your business to a halt in a matter of hours by limiting access to your important business data or trashing crucial systems. Here’s what you need to know about the next generation of tools that cybersecurity professionals are developing to combat this escalating threat to America’s businesses.

Nexgen Firewalls Cybersecurity

Cyberthreats Were Created to Evade Your Current Security Systems

What are these dangerous and slippery lines of code? They’re developed specifically to circumvent or defeat your security processes and procedures and are becoming extremely effective at doing their job. Traditional antiviruses are often blocked before they are able to cause a great deal of mischief, but this new generation of threats requires some next-level tools for protection. Ilan Sredni of Palindrome Consulting shares: “Advanced threat protection has changed its nature. Using artificial intelligence tools that can understand any type of malware will be the standard and the only way to stay ahead, if not current, with the threats”. Early on, threat actors figured out ways to leverage the most basic of business software, such as Microsoft Excel and Word, in order to deliver their nefarious payloads. Software engineers and security professionals grew savvy to these tactics — causing a new wave of threats to come to the forefront. As the threats continue to evolve, cybersecurity professionals will need to remain diligent if they want to protect their organizations. As endpoints become more amorphous, cyber attacks increasingly take advantage of the slipperiness of maintaining security on mobile phones, WiFi locations and other potentially risky endpoints.

What Makes Antivirus Protection “NextGen”?

While it’s difficult to tie down a single definition for “NextGen” in terms of antivirus protection, this term is often used to describe strategies and products that provide a more comprehensive and scalable approach to preventing this type of attack. This system-centric approach often leverages machine learning to improve protection capabilities, uses cloud-based computing to scan for threats and unusual actions, immediately begins resolution without requiring direct input and provides a more comprehensive set of data that can be analyzed to determine the duration and extent of a breach or hack. These forensics are particularly important as organizations seek to shore up any holes in their security grid to prevent other attacks in the future. Traditional antivirus protection is proactive to some extent, in that it is continually scanning for known signatures and performing heuristic analysis. The next generation of malware is quite crafty in the way it interacts with your systems.

What’s the Difference Between Metamorphic and Polymorphic Malware?

According to Don Baham, President and CEO of Kraft Technology Group, “Polymorphic and metamorphic attributes of malware are harder to detect and prevent, and more dark web marketplaces are providing access to malware code. Together, this has resulted in a greater number of hard-to-detect malware variants attacking our enterprises”. Defining the difference between metamorphic and polymorphic malware starts with understanding the root of the terms: “Metamorphic viruses are considered to be more advanced threats then polymorphic malware because the internal code and signature patterns are changing with each with iteration, making metamorphic malware impossible to be detected with signature-based endpoint tools,” Sredni shares. Protecting against this type of malware requires reaching beyond a simple monitoring program and defining endpoint security solutions that will monitor for abnormal activity, analyze what rogue programs are attempting to do and either halt the activity or actively alert an admin. “Since this type of attack can happen rapidly, it’s crucial that your solution is able to report this newly learned behavior to other endpoints in the enterprise to help mitigate the spread of the malware,” notes Baham.

Protecting Against Next-Generation Threats

For information on protecting against this type of advanced threat, we turn to Keith Marchiano, Director of Operations for Kyocera Intelligence. “Your first step is to implement a password policy to have your end user passwords changed every 90 days. Having your server and network passwords changed as frequently is challenging. Second, implementing 2-factor authentication for anybody trying to log into your server or network is recommended. Third, implement a multi-layer plan for security- antivirus, malware/spyware/ransomware protection, and cloud DNS security to protect the network. Fourth, implement mandatory security training for all employees. Finally, have a disaster recovery/business continuity solution that will detect ransomware attacks and allow your network administrator to restore the network to the time prior to the attack. Taking this approach will improve your security and ensure if you are attacked, that you can restore without loss to your data or major damage to your company’s reputation. All of these steps can be implemented rather quickly without interruption to your business”.

Creating a holistic approach to security starts with a firm understanding of the threat landscape, something that you simply cannot gain overnight without assistance. Your business is depending on you to reduce the risk around malware and viruses — are your solutions and technology team ready to rise to the occasion?

If you’ve heard the terms “NextGen Malware and Antivirus Protection”, you might think they were made up by a marketer who had a few too many lattes — but this type of security truly takes it up a notch from more familiar offerings. Today’s cybercriminals are becoming increasingly savvy and are finding ways to short-circuit

How to Share Screens with Microsoft Teams

 

Microsoft Teams is an amazingly powerful collaboration tool that’s available as a part of the Microsoft Office suite.
At its core, it’s kind of like Slack on steroids, but that core functionality is just the tip of the iceberg. Because it’s integrated with the rest of Microsoft Office, it has so many powerful features.

One feature area in Microsoft Teams is the ability to host and join virtual meetings. Users can join or host meetings from desktop or mobile. Mobile users can share files with the group, and we covered that in a previous post. Desktop users can share screens with other users, and with a surprising degree of control. Here’s how to take advantage of this feature.

Step 1: Create a Meeting

The Share Screens feature works from within the Meetings function, so the first step is to create or join a meeting. Locate the tabs bar (usually on the left side), where you’ll see icons like Activity, Chat, Teams, Meetings, and Files. Select Meetings, and then create a meeting (or join a meeting that someone else is hosting). The Meetings tab is tied into your Outlook calendar, allowing you to see potential conflicts.

Quick note: Teams features can be enabled or disabled at the enterprise level. If you don’t see a Meetings tab at all, your IT department hasn’t enabled it yet. Contact IT and plead your case for enabling this awesome feature.

Step 2: Click the Share Button

Once the meeting is in progress, you’ll see a series of buttons in the bottom middle of your screen. If you don’t see them, move your mouse to that location to make them show up. You’ll see buttons for video (if enabled), microphone (for muting yourself), ending the call, and more. The one you want looks like a rectangle with an upward arrow. This button, aptly named the Share button, represents screen sharing. Click it to continue.

Step 3: Choose What to Share

Screen sharing isn’t exactly new technology, but the implementation here is particularly well done. When you click the Share button, Teams doesn’t immediately share your entire screen. Instead, you have options. “Desktop” allows you to share one of your desktops. “Window” lets you choose a single window or app to share. “PowerPoint” shares the presentation you choose. There are even more options available under “Browse”.

Conclusion

This level of granular control makes screen sharing in Teams a killer feature, and there’s so much more that Teams can do for you. Team-based chat, productivity tools, and real-time collaboration on nearly any Office file are a few more ways it can help. If you’re ready to keep exploring, contact us to keep learning.

Microsoft Teams

  Microsoft Teams is an amazingly powerful collaboration tool that’s available as a part of the Microsoft Office suite. At its core, it’s kind of like Slack on steroids, but that core functionality is just the tip of the iceberg. Because it’s integrated with the rest of Microsoft Office, it has so many powerful features.

Small Business Guide to Protecting Critical Data

Small Business data protection guide

Small businesses technology and business leaders may feel as though their data is safe, but nothing could be further from the truth. According to SmallBizTrends.com, nearly 43% of phishing campaigns are targeted specifically at small businesses, a dramatic increase from 18% in 2011. Unfortunately, a 2017 report from Keeper Security also shows that the greatest cybersecurity threat to small businesses is their employees, with more than 54% of data breaches caused by employee or contractor negligence. Protecting the data within your organization is crucial, and the costs that are associated with a data breach continue to rise. Small businesses are increasingly focused on ways to mitigate the risk associated with data storage and use and that often starts with having a comprehensive backup and data recovery process in place. Here are some suggestions from industry leaders on how to protect your critical small business data from a cyber attack or other loss of access.

Importance of Immediate Data Access

Your business data is arguably your most important digital asset and one that is accessed hundreds or even thousands of times each day. Your employees utilize business data from a variety of systems to look up customer orders, create POs and track shipments while consumers are online placing orders and tracking status. Until you truly experience a major loss of data access, you may not realize the crippling effect that it would have on your organization’s operations.

Dangers of Data Loss

The first hit that you would feel with the loss of access to your data is in the productivity of your teams. Workflows grind to a halt as employees scramble to figure out how to perform their daily activities without access to the information that they take for granted. In many businesses, the data stored within your CRM or other data repository is driving your website, meaning ordering comes to a crashing halt should the secure connection to your data falter. Technology teams scramble to figure out where the problem lies, putting all other IT needs on the back burner for the foreseeable future. Plus, your team may need to call in consultants to help identify a breach and begin remediation as quickly as possible. If your team identifies that a breach has occurred, you may have to report to customers and stakeholders that sensitive data has been accessed by unauthorized parties. This can devolve into trust issues with your business, negative publicity and ongoing loss of revenue even while you’re attempting to return to operational readiness.

Data Consolidation Makes Protection Easier

Business data structures often grow organically, with additional databases and information structures added over time. While this may make sense as you’re bolting systems together, eventually it can become an unruly tangle of disparate systems that makes security and data integrity more challenging for your teams. A regular review of business systems with an eye towards data consolidation is a project well worth considering as your timeline permits. It’s often helpful to work with a trusted technology partner to ensure that you are considering all the options that are available for the security of your data both in transit and at rest.

Protecting Business-Critical Data

There are a variety of protections that you can put in place to maintain both access to your data as well as its integrity. Creating a robust backup and disaster recovery process allows your team to define the best case scenario for data backups — local only, short-term local with a regional cloud-based backup or cloud only. There are dozens of different ways you can configure your backup process, but what’s important is that it meets the needs of your business both now and in the future. When you have a documented backup and disaster recovery process in place and test it on a regular basis, you have added peace of mind that your small business data is protected and quickly accessible in the event of a cyberattack or natural disaster.

Assessing and Managing Cybersecurity Risks

As your business matures, it’s imperative that you create a review schedule to assess and manage your cybersecurity risks. This includes everything from monitoring employee activity logs to protecting passwords to educating staff members and contractors against tapping, clicking or interacting with suspicious website content or email attachments. Data encryption, email and web filters and the regular application of patches to your servers and applications can also help reduce the risk of a cyberattack on your small business. Sometimes, the challenge is as simple as assuring that you have redundancies on your power supply so you don’t run the risk of losing servers during a power surge. Other remediation issues can be much more intensive, but putting together a full list of options helps you understand and ultimately reduce the risk to your organization.

Your data is being bombarded with threats on all sides, and it’s up to your technology team to help protect your organization. Creating a robust backup and disaster recovery plan with a trusted technology partner can help you walk through an audit of all pertinent systems and quickly identify problems that can be resolved quickly and define a strategy for ongoing review and support. Without access to your data and business information systems, you can quickly find that your organization is grinding to a slow and painful halt.

Small businesses technology and business leaders may feel as though their data is safe, but nothing could be further from the truth. According to SmallBizTrends.com, nearly 43% of phishing campaigns are targeted specifically at small businesses, a dramatic increase from 18% in 2011.

Most Small Businesses Pay The Ransom

Are you willing to pay the piper when it comes to cyberattacks?

Do You Pay The Ransom

Despite the growing number of cyberattacks on small- and medium-sized businesses, there is still a lack of awareness or proactive defense of the networks, computer systems, applications and devices being used. This inattention means it’s even easier for criminals to attack your business by worming their way into your data, stealing it and threatening to expose it. Other cyberattacks target the business itself, making systems and websites inoperable, costing businesses millions in the process.

Freeing the data or access often means paying a ransom, usually in the form of Bitcoin or some other cryptocurrency that’s impossible to trace.

How Much of an Issue is Cybercrime?

When it comes to cyberattacks on small businesses, the reality is, if you haven’t already been attacked, you will be. What matters is that you have the security protocols in place to make sure your business withstands these attacks and is not victimized by intruders looking to do harm.

The scope of cyberattacks, especially on SMBs, is staggering.

According to the 2018 HISCOX Small Business Cyber Risk Report, almost half (47 percent) of small businesses suffered a cyberattack in the previous year. Of those attacked businesses, 44 percent encountered a second, third or fourth attack. Eight percent had five or more attacks.

Yet the report shows a paradox. Business executives surveyed identified cyberattacks as one of their top two concerns, along with fraud. Sixty-six percent said they were concerned or very concerned about cyberattacks.

However, among those executives, the majority haven’t taken even basic steps to protect their businesses.

What Does a Cyberattack Mean to My Business?

If you do not invest in cybersecurity measures, you are a sitting duck. That means you’ll have to pay a ransom when your business is attacked. You will incur costs as well, including steps to identify and eradicate the intrusion, notify customers and regulators and pay for deep web monitoring or credit monitoring.

What is that financial cost? According to HISCOX, it’s $34,600 for small businesses. The 2018 Cost of a Data Breach Study: Global Overview conducted by the Ponemon Institute shows that among SMBs and enterprises, the worldwide average total cost is $3.86 million. The costs are increasing each year, too.

The Ponemon study shows some of the other inherent threats and disruptions a data breach can bring upon your business. Among key factors influencing the cost of a data breach, according to the study, are:

  • The unanticipated loss of customers after a data breach is reported. Organizations that have established institutional trust and offer identity protection to victims are more successful in retaining customers.
  • The scope of the breach and the number of records lost or stolen. Ponemon calculates the per-record cost at $148.
  • Time. The longer it takes to discover the data breach and contain it, the more costly it is to the affected business.
  • Scope of remediation. When an attack is discovered, your business is going to incur expenses it didn’t plan for, including for independent investigators, forensic analysis, auditing services, crisis PR management and continuing brand and reputation repair initiatives.
  • Service needs. These included the demands for help desk services, marketing and communication, distribution of new account information or credit cards, legal costs, regulatory investigations and fines, product and service discounts to retain customers and increased insurance premiums.

The costs, both real and impressionistic, can cripple a small business that does not have the resources to recover from a cyberattack.

What Should Our Business Do To Protect Itself?

Protection begins with a thorough assessment of your systems and procedures to determine where there are vulnerabilities that need to be addressed. Working with a qualified managed service provider, you can understand where the exposures are and plan to fix them.

Your managed service provider will want to look at several components, including:

  • Network security that’s based in next-generation firewalls to identify and contain unwanted activity
  • Automated solutions to update anti-malware applications and install updates and patches
  • Policies regarding access, password protocols and authentication

With the proper security in place, you can avoid paying a ransom and putting your business at risk.

Are you willing to pay the piper when it comes to cyberattacks? Despite the growing number of cyberattacks on small- and medium-sized businesses, there is still a lack of awareness or proactive defense of the networks, computer systems, applications and devices being used. This inattention means it’s even easier for criminals to attack your business

Critical Update From Microsoft: Remote Desktop Services

Impacted Systems:

  • Windows Server 2003
  • Windows XP
  • Windows7
  • Windows Server 2008

Nonimpacted Systems:

  • Windows 10
  • Windows Server 2016
  • Windows Server 2019

If you are still using Windows Server 2003 or XP, Windows 7, Windows 2008 R2, or Windows 2008 you could be in trouble. A wormable virus may be coming your way. The virus is designated as CVE-2019-0708.

CVE-2019-0708

This means that the virus can get into your system without you doing anything like clicking a malicious link. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights without your knowledge.

What Should You Do?

Microsoft has released a critical update for their Remote Desktop Services that impacts multiple Windows versions. The patches are for devices and systems that are both in and out-of-support, which is rare for Microsoft to do. This shows the importance of these patches.

The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. To apply the patches, go to the Microsoft Security Update Guide for in-support systems and KB4500705 for out-of-support systems.

Note: Clients & Customers on a valid managed services agreement are being taken care of and there is no immediate action for any computer, server or other devices under a valid managed services agreement.

Microsoft recommends that customers running one of these operating systems download and install the update as soon as possible.

Does This Mean Even Systems Without Support Can Get The Patch?

Yes, Microsoft is aware that some customers are running versions of Windows that no longer receive mainstream support. This means that you wouldn’t have received any security updates to protect your systems from the CVE-2019-0708 virus.

Given the potential impact on customers and their businesses, Microsoft decided to make security updates available for platforms that are no longer in mainstream support.

All Windows updates are available from the Microsoft Update Catalog.

What Should We Do Before We Apply The Update?

It’s recommended that you back up all of your important data first. If you have a reliable backup, if the patch creates problems you can still access your data. You should do this before you install any patches.

What If We Can’t Apply The Patches?

If you can’t apply the patch for your system there are other things that you can do:

  • If you don’t need the Remote Desktop Services, you can disable it.
  • Block the TCP port 3389 (this prevents unauthorized requests from the Internet).
  • Enable NLA (Network Level Authentication) for Windows 7 and Windows Server 2008.

Of course, the best thing to do is to contact your local IT services company. They’ll know exactly what to do.

What Is A Wormable Virus?

This means that any future malware that uses this vulnerability could propagate from one vulnerable computer to another. This is how similar malware like WannaCry spread around the world. Experts are worried that this flaw could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.

Here’s what Simon Pope, director of incident response for the Microsoft Security Response Center tells us:

“This vulnerability is pre-authentication and requires no user interaction,” Pope said. “In other words, the vulnerability is ‘wormable,’ meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. It is important that affected systems are patched as quickly as possible to prevent such a scenario from happening.”

Have There Been Any Attacks Yet?

Microsoft said they haven’t found evidence of attacks against this dangerous security flaw. But one could happen at any time. Right now they are trying to prevent a serious, imminent threat with these patches.

Simon Pope goes on to say:

“While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.”

What Does The Microsoft Remote Desktop Do?

You use the Microsoft Remote Desktop application to connect to a remote PC or virtual apps and desktops made available by your admin. You can control your desktop computer and all of its contents from another computer.

The app lets you connect to your desktop from wherever you are. The access to the remote desktop happens over the Internet or via another network. It lets you interact as if you were physically working from your desktop.

The Remote Desktop application also gives the “master” computer access to all of the contents on the remote computer.

What Else Should We Know?

If you had updated from Windows 7 to Windows 10 or from Windows Servers 2008/2008 R2 to Windows Server 2016 or 2019, you wouldn’t need to worry. This is why it’s essential to keep your systems up to date.

Soon, on January 14, 2020, support will come to an end for all Windows Server 2008, 2008 R2 equipment and the Windows 7 operating system.

If you’re still using these servers or operating system, it’s crucial to replace them now so that there’s no disruption to your daily operations or loss of data.

Any hardware or software product that reaches its end of life is a potential gateway for hackers to enter through. In addition to the security hazard, there are other reasons why it isn’t a good idea to keep using old equipment such as unresolvable outages.

Where Can We Get Help?

Contact us to ensure your Microsoft desktops and servers are secure and protected from unauthorized intrusions.

Impacted Systems: Windows Server 2003 Windows XP Windows7 Windows Server 2008 Nonimpacted Systems: Windows 10 Windows Server 2016 Windows Server 2019 If you are still using Windows Server 2003 or XP, Windows 7, Windows 2008 R2, or Windows 2008 you could be in trouble. A wormable virus may be coming your way. The virus is

Does Open Source Software Have a Role in Enterprise IT?

Open Source Software

Open source software has come a long way since the 1980s. Back when the concept was first developed, it was a philosophical revolution in the software world. Releasing software for free wasn’t new, but releasing the source code behind the software and even encouraging others to improve upon it was game-changing.

In its infancy, open source software wasn’t the sort of thing most enterprises would consider. Times have changed, though. If your organization has never seriously considered whether open source software has a role in enterprise IT, you may be missing out on some serious advantages.

Open Source Software’s Changing Role

Open source software used to be viewed as the software equivalent of homebrew beer: an interesting hobby with sometimes attractive results, but not at all useful at scale. Over the twenty-five-plus years since its origins, things have changed. There’s no perfect analogy, but you might say the open source crowd has evolved into the equivalent of a network of craft brewers. Each brewer crafts something unique, and they all share their recipes and brewing techniques freely, both with other brewers and with consumers. Because of this collaboration and free sharing of information, the results just keep getting better.

Enterprise Adoption Grows

This evolution has had an effect on enterprise adoption. Today, most companies utilize some open source software. Red Hat, a Linux distributor and a major player in the open source space, commissioned a study of enterprise IT in 2019. The study determined that 83% of enterprises surveyed were using open source software, and 69% of those respondents described open source software as being either extremely or very important to their organization.

Uses of Open Source Software

Uses of open source software in enterprise settings vary widely, of course. Small businesses may not venture far outside OpenOffice, an open source alternative to Microsoft Office. Enterprise level businesses, however, tend to do more. That same Red Hat study names five areas where open source applications are being used in surveyed enterprise businesses at a rate of 41% or higher. These five are website development, cloud management, security, big data & analytics, and databases.

Pros and Cons of Open Source Enterprise Software

We don’t want to give you the wrong impression. The world of open source software isn’t a miracle utopia that will solve your every business IT problem. There are pros and cons to using open source software for enterprise IT. Here are a few.

Pro: Open Source Software Is Almost Always Free

If the source code is freely available, the software itself is almost by definition offered for free as well. There are limited exceptions, but most of the time, open source software is free to use. This makes sense practically, as it’s challenging to charge for the shell when you’re giving away the innards for free. It’s also a philosophical decision, as the open source movement is closely connected to the ideas of the free software movement.

Con: Supporting Open Source Software Isn’t Free

Open source software at the enterprise level isn’t being designed by hobbyists with day jobs. This is complex software that takes real development work. You may be wondering, then, how the developers put food on the table. In many cases, the answer is support.

When you purchase enterprise software from a traditional source, you usually enter into a license agreement where the seller or the developer will support your use of the software, for a yearly fee. Similar arrangements are available to help you support many open source enterprise applications. The software is free, and you’re free to customize it. If you need support, though, you’ll need a service level agreement (SLA) or something similar. These aren’t free.

Pro: Open Source Software Is Customizable

Off-the-shelf software solutions don’t allow you to customize the software beyond whatever settings the developer offers. You’ve likely experienced this on a small scale. Many people who use Microsoft Outlook for email, for example, aren’t thrilled with the program’s search function. Too bad: neither users nor company IT departments have the ability to enhance this feature beyond what Microsoft provides.

Open source software is different. Companies can tailor the software to their needs and can tweak the source code so that the new software interfaces properly with their existing systems.

Con: You Have to Do It Yourself

The previous pro is a bit of a double-edged sword. The ability to customize software is great, but your company needs people with the skills to do that customization well. Even the best IT pros may get stuck in this process, and finding dedicated support can be a challenge.

Contrast this with complex high-end proprietary enterprise software suites, which often come with support from the vendor. Vendor agreements may include some custom interfacing work. The software and service agreements are costly, but you aren’t left on your own to do the customizing.

Conclusion

For many businesses, open source enterprise software can save money and improve functionality, but navigating the open source waters can be a challenge. If you need help, contact us today!

Open source software has come a long way since the 1980s. Back when the concept was first developed, it was a philosophical revolution in the software world. Releasing software for free wasn’t new, but releasing the source code behind the software and even encouraging others to improve upon it was game-changing.

Evaluating Digital Transformation Efforts

Digital Transformation

Today’s businesses are nearly all in a period of transition. If you aren’t old enough to have lived it, all you need to do is stream a few episodes of just about any ’90s sitcom to realize that business has changed at an overwhelming pace since then. This change continues today. Companies are all at varying points on the journey of digital transformation. Some are on the bleeding edge, while most are taking a cautious or catch-up approach. A few remain blissfully unaware, but these aren’t likely to last much longer.

Doing Digital Transformation Right

Digital transformation sounds great, and I’ve already implied that it’s essential. That’s not quite accurate, though. What’s essential is doing it right. A poorly executed digital transformation can be just about as harmful as burying your head in the sand and hoping things will stay just as they are. (They won’t.)

Digital Transformation as a Journey, Not a Destination

One of the first aspects of a good digital transformation plan is to understand its nature. Digital transformation isn’t a one-and-done initiative. How do we know? For starters, we aren’t using Windows XP (or, shudder, the dreaded Windows ME) anymore. Technology will continue to evolve, and your digital transformation will continue as it does.

It’s better to think of digital transformation as a journey. Where are you right now? Where are your competitors? What do you need to do, procure, or implement to catch up with (or better, pass) your competitors? Once you’ve implemented those steps, start to look at what’s next.

Digital Transformation as Mission Critical

Businesses today must understand that digital transformation is mission critical. It’s not something you spend money on when business is booming and squeeze out of the budget when money is tight. As soon as you stop failing to innovate, you give your competitors an open door to squeeze you out of the marketplace. Keep up with your digital transformation journey and stay competitive.

Digital Transformation as a Monitored Initiative

Many companies that do form a digital transformation plan fail to follow through in some way. It’s important to regularly evaluate the progress of your company’s digital transformation plan (be it quarterly or monthly). If digital transformation is a journey rather than a destination, a company working from a 3-year-old digital roadmap is doing it wrong.

Evaluating Your Company’s Digital Transformation Efforts

Evaluating your company’s digital transformation is a complex process. If your company doesn’t have an evaluation plan in place, you might be wondering where to start. Here’s how to get started evaluating your company’s digital transformation.

Ask Questions

It’s easy to assume that a process or plan that’s not making too much noise is working well, but doing this is a mistake. As you should with any process or plan, ask plenty of questions at regular intervals. What is and isn’t working? What new implementations are causing friction among the staff? Is that friction due to lack of training or because the technology solution is failing to deliver? Is the plan sticking to budget? What new technologies or platforms are developing that should be added to the company’s digital transformation journey? What is the right time to add those technologies? Is a particular technology failing to deliver or costing more than you’d budgeted for?

Asking good questions of the right people can greatly improve your digital transformation efforts. Don’t be afraid to include a wide range of departments and seniority levels in your questioning, either.

Review Business Needs

Just as available technology changes over the years, so do your business needs. A piece of software that was mission critical in Accounting 10 years ago may be peripheral or even obsolete today. Similarly, the business needs of your Data and Analytics department today are likely quite different (and far more evolved) than they were 20 years ago. That’s assuming you even had a data and analytics group 20 years ago!

An important part of reviewing your digital transformation efforts, then, is reviewing each department’s business needs and processes. Providing new solutions to long-solved problems isn’t the best bang for your buck. Be sure you understand the problems and processes of each business unit so you can focus your digital transformation efforts in the areas that matter most.

Get the Right People in the Room

A digital transformation plan that no one really knows about isn’t going to accomplish much. A review of that plan that no one knows about won’t, either. Your digital transformation evaluation efforts should include a pretty decent cross-section of organizational leadership. The CFO and CIO (or their delegates) are key stakeholders, as are the leaders of various business units. The CEO must be informed and on board for this to be effective, though of course the size of your organization will likely guide the CEO’s level of real involvement.

Buy-In Is Key

You need the right people in the room, but you also need buy-in from those people. If digital transformation evaluation is a new concept (or a loathed one), you may need to educate first. Get the key stakeholders in a room and use points like these (not this one, of course) to help them understand the mission-critical importance of this process.

Data Is Everything (Else)

You don’t want your review meetings to be based solely on feeling. If your meetings sound a lot like “Well, Jane in Accounting is frustrated using this new software” and “I believe implementing this new platform will really help!”, you need a heaping helping of data. Task your analytics group with researching the effects of a new software suite, for example, so you have real data to go along with feelings.

Conclusion

The digital transformation journey is never-ending, and your efforts to evaluate that journey are as important as they’ve ever been. If you could use a hand, whether with the journey or its evaluation, let’s start a conversation today.

Today’s businesses are nearly all in a period of transition. If you aren’t old enough to have lived it, all you need to do is stream a few episodes of just about any ’90s sitcom to realize that business has changed at an overwhelming pace since then. This change continues today.

Malware attack hits US accounting firms

Malware Threat

A major accounting software and cloud services company has been hit by malware, affecting their many clients across the US.

Wolters Kluwer, a major provider of tax accounting software and cloud services, has been hit by malware. The many financial software services they offer to clients across the country have been down since Monday, May 6.

The software provided by Wolters Kluwer is extremely popular in the US accounting industry. Users include every one of the top 100 American accounting firms, as well as 90% of the top banks worldwide, and 90% of Fortune 500 companies.

This malware attack comes at an especially vulnerable time when many accounting firms (and their clients) are intending to file their taxes. With their primary accounting systems offline, they won’t be able to do so, or at least not with Wolters Kluwer software.

However, it’s not as simple as just using different accounting software. Wolters Kluwer also provides cloud services to their clients, which means that necessary client financial data is stored in their servers, and inaccessible by the accounting firms during this outage.

Since the attack began Monday morning, Wolters Kluwer took many of its systems offline to slow the spread of the malware. According to representatives, they have since been working non-stop to try to eliminate the malware and bring their systems back online. They have contacted authorities and third-party forensic teams to investigate the attack.

“We’re working around the clock to restore service, and we want to provide [clients] the assurance that we can restore service safely,” said Elizabeth Queen, vice president of risk management for Wolters Kluwer, to CNBC. “We’ve made very good progress so far.”

However, end-users have still not been able to access their tax documents that are stored in Wolters Kluwers cloud servers. The many systems that Wolters Kluwer took offline on Monday include the customer services lines that end users have relied on to get info from the software provider.

When a backup customer service number was finally provided, users were told that there is no estimated window in which the services will be fully restored. For the time being, thousands of accountants at numerous firms across the US are being expected to wait and see.

A major accounting software and cloud services company has been hit by malware, affecting their many clients across the US. Wolters Kluwer, a major provider of tax accounting software and cloud services, has been hit by malware. The many financial software services they offer to clients across the country have been down since Monday, May

Is Your Business Ready for Voice Search?

Voice Search

It’s already obvious to most businesses that search engine optimization (SEO) is critical to business success. That’s because, being listed high in search engine results means a higher likelihood that consumers will go to your website and choose your company to do business with.

But what about voice search optimization? Is your business ready?

If you’re not familiar with the term, let’s start there before exploring how your business can prepare for this new wave of online searching.

What is a voice search?

Voice search simply refers to online searches (via sites like Google or Bing) that are carried out with a user’s voice. Think of someone driving in their car, looking for a place to have dinner. They may ask Siri, “What’s the closest Chinese food restaurant to where I am?” This is a voice search.

Why is voice search optimization important?

Alas, if you feel like you’ve only just begun to grasp the importance of SEO for text searches, strap in. The next new frontier is voice search optimization. It’s important because more and more people are doing it.

According to Andrew Ng, co-founder of Coursera, half of all online searches will be voice searches by 2020. While this has yet to be confirmed, there are certainly signs that the prediction is accurate.

For one thing, an increasing number of people are investing in smart speakers like Google Home, Apple HomePod, and Amazon Echo. Additionally, use of virtual assistants like Google Assistant, Alexa (Amazon), Siri (Apple), and Cortana (Microsoft) are being utilized more.

While voice search use rates aren’t sky-high quite yet (a recent study found that 21% of respondents used voice search on a weekly basis), experts estimate that they soon will be.

What does this mean for your business?

At this time, it’s not necessary to put all of your efforts and marketing funds into voice search optimization. Furthermore, many of the things you’ve ideally already done to optimize your business for text searches will also help when it comes to voice searches.

Still, there are several key things that are unique to voice searches and voice search optimization:

  • Only “position zero” gets the spotlight. With a regular Google text search, search result position 1 (“position zero”) is best, but positions 2, 3, and 4 are still pretty good. When it comes to voice searches, however, Sir or Alexa will only read the first search result, which means you won’t even be seen if you’re in position 2 or beyond.
  • People use longer key phrases and questions with voice search. While a user might type “best dentist Denver” into Google Search, they might vocally ask Google Assistant: “Who is the best dentist in Denver?” This means you must optimize your content for both text and voice search key phrases.
  • There are several core inquiries that voice searchers will continually ask. Think about who usually voice searches and when. Often, it’s in situations where typing isn’t possible (e.g., while driving) or when the user wants one simple answer (e.g., “What time does the post office open?”) In these cases, businesses must first ensure the accuracy of their location information (address, phone number, hours, etc.). Second, they must optimize their content for quick and succinct answers to their most commonly asked questions.

As you can see, it’s wise to at least take some preliminary steps right now in order to ensure a seamless transition into the soon-to-be world of prevalent voice searching. This starts with assessing your company’s current voice search status and speaking with SEO professionals who can help optimize your content for voice search.

It’s already obvious to most businesses that search engine optimization (SEO) is critical to business success. That’s because, being listed high in search engine results means a higher likelihood that consumers will go to your website and choose your company to do business with. But what about voice search optimization?

How Can You Save Money With The Cloud?

Cloud Computing

Cloud computing transformed the way companies approached their infrastructure. You’re not locked into using on-site resources only. Instead, you have access to a range of cloud-based service providers. It’s common knowledge that the cloud saves businesses money, but you may be wondering about the specifics of how that works and how to get the best value out of these solutions.

Easier Collaboration

Many cloud solutions have features that streamline collaborative efforts between employees, teams and departments. Everyone accesses the files from a centralized location and can make changes at the same time. Employees don’t need to be in the office to make that possible, as cloud-based systems support remote access from a variety of devices.

Improve Customer Experience

Customers have high expectations of the companies they do business with. They want rapid responses through a variety of platforms. Trying to maintain that level of availability through customer support solutions that are tied to a specific workstation is difficult. A cloud-based unified communications solution brings all of the customer contact channels together in one place and provides the necessary mobility. The improved experience and response time leads to more customer recommendations, higher satisfaction ratings and a loyal audience.

Securing Bring Your Own Device Environments

Employees enjoy working on devices that they’re most familiar with, but it’s challenging to maintain a safe environment. Malicious applications installed on personal smartphones, tablets and laptops can compromise your entire network. The IT department can go through every piece of equipment that comes into the workplace, but that takes their time away from other critical tasks.

Cloud-based solutions eliminate this need since it takes your network out of the equation. The service provider has security measures in place to stop compromised devices from accessing its application. They handle the security measures necessary to work with remote connections from a variety of devices.

Eliminating Update Downtime

Updating software is a time-consuming process for your IT team. Patches come out regularly, and they have to track all of this information and find the time to deploy them to the network. If an application’s updating process is difficult to program a script for, the IT technicians have to go to individual workstations to push out the latest version. Cloud-based solutions are updated by the service providers on their own servers. Your employees connect to the cloud resource as usual. Downtime is minimal or nonexistent, and you don’t have to dedicate your in-house IT team to this process.

Since the cloud provider covers the ongoing maintenance and support of the product, your IT workers have more bandwidth to handle their daily duties. They can move to a proactive and strategic approach that improves your company’s infrastructure and supports your business goals.

Avoid Expensive Licensing Fees

The software licensing structure for non-cloud applications can be cost-prohibitive, especially when you consider that a new version typically comes out every few years. The subscription model that cloud-based services use does away with the upfront cost and spreads the total cost of ownership throughout the life of the product.

Reduce the Need for New Hardware

Hardware failures are a fact of life. Servers stop working or grow too outdated to support the applications. Over time, these expenses far outweigh the total cost of ownership associated with cloud-based systems. Consider the long-term equipment expenses when you’re evaluating whether a cloud infrastructure is the right choice for your organization.

Cost-effective Backups

Disaster can strike your business at any time, whether it’s a tornado or a malicious internal actor. Downtime eats away at your profitability and causes long-term damage. Robust backup solutions that give you all the features you need to have business continuity are expensive and require a lot of upkeep. When you use cloud-based solutions, you’re automatically moving vital systems and data offsite. The typical cloud company handles the necessary backups and follows best practices for this process.

Getting Help with Compliance

Regulated industries have many compliance rules that they need to adhere to. Businesses without a compliance team have to bring in costly consultants and legal experts to ensure that they are following the requirements. If you fail to comply with these regulations, you may be subject to financial or criminal penalties. Working with cloud-based platforms allows you to leverage the provider’s legal team rather than shouldering the cost yourself.

Seamless Scaling in Both Directions

Demand for your products and services isn’t a static number. Traditional IT infrastructure requires you to have enough on-site hardware to accommodate the capacity needed at your highest demand levels. When you have seasonal shifts and other factors that impact your company’s activity level, you’re stuck maintaining equipment that’s not actively in use. One of the best cost benefits of the cloud is the ability to scale up and down as needed. Since many cloud-based systems have a subscription model based on actual use, it’s easy to adjust your payments.

Moving part or all of your infrastructure to the cloud provides many direct and indirect cost benefits. While on-premises equipment has its uses, especially when you’re dealing with extremely sensitive data, the cloud drastically reduces how much you pay for vital systems.

Cloud computing transformed the way companies approached their infrastructure. You’re not locked into using on-site resources only. Instead, you have access to a range of cloud-based service providers.

Have You Heard of DuckDuckGo?

DuckDuckGo

The self-proclaimed “search engine that doesn’t track you,” DuckDuckGo is likely the most successful search engine available when it comes to privacy and security.

While Google remains the most popular search engine by far, many users are concerned about its practice of collecting and using your personal data. Namely, Google tracks what you search (yes, everything), stores it, and uses it to provide you with a personalized user experience. Oh, and they also make a profit from it.

What Are the Specific Benefits of Switching to DuckDuckGo?

No Tracking

Of course, this is the biggie. DuckDuckGo doesn’t track you or what you look up online. All searches are 100% anonymous.

No Ads

Google tries to trick users by situating ads at the very top of the page — ads, by the way, that look like search result listings. The only difference is a little box that says “Ad” next to the web address. DuckDuckGo foregoes ads like these, generally starting at the very top of the page with your first search result listing.

Minimalist Interface

Speaking of no ads, DuckDuckGo provides an overall clean and minimalist appearance. Like Google’s results pages, you can toggle between “Web,” “Images,” “Video,” etc. at the top. You can also filter results by region, “Safe Search” mode (for strict or non-filtered adult content), and time period.

Non-personalized Search Results

“Why wouldn’t I want personalized search results?”

Well, you might. But the advantage of not having personalized results is that you’ll see exactly what everyone else sees. In other words, when you search “cocktail recipes” in Duluth, Minnesota, you’ll get the same results as someone searching for “cocktail recipes” in Lyon, France.

Seriously, What’s Actually So Bad About Search Tracking?

Many people’s argument against worrying about Google and other tech giants tracking them (hi, Alexa) is this: “I don’t do anything bad or shameful on the Internet, so why should I care if I’m tracked and my data’s stored?”

That may be true. Certainly, for some, the sheer fact that you’re being listened to, your movements are being tracked, and essentially everything about you (from your age and income to your shoe size and favorite local bar) is being stored … well, it’s alarming and disturbing.

But if that still doesn’t make you ponder the importance of personal data tracking and storing, consider this: Google is using your data to get rich, like, really rich. They’re monetizing everything you do through their platform and making billions in annual profits as a result. The stuff their using? Your shopping habits (Google Express), your online searches (Google Search), your personal conversations (Google Assistant and Google Hangouts), where you go (Google Maps), the news you read and your political leanings (Google News), and much more.

To make matters worse, in many ways, they’re being less than honest about their tactics. For example, their so-called “incognito” mode is far from fully private. Your employer and ISP can still track your searches when you’re in incognito. Furthermore, Google documents you’ve “deleted” and searches you’ve “cleared” aren’t really gone. Google stores them … indefinitely.

Consider a Switch to DuckDuckGo

There’s no doubt that companies like Google provide useful services to individuals and businesses of all kinds. Their search engine is definitely useful as well. Extensive, highly complex algorithms can help you find exactly what you’re looking for, often faster than other search engines.

But if you’re at all concerned with privacy and security for your business and/or at home, consider a search engine switch to the up-and-coming DuckDuckGo. Set it as your homepage, try it out, and see what you think.

The self-proclaimed “search engine that doesn’t track you,” DuckDuckGo is likely the most successful search engine available when it comes to privacy and security. While Google remains the most popular search engine by far, many users are concerned about its practice of collecting and using your personal data. Namely, Google tracks what you search (yes, everything), stores

Hackers Steal Company Information

Hackers Steal Company Information

Cybercriminals have started 2019 off by stealing more than 1.7 billion records. They look for data that is profitable in some way, whether they sell it directly or use it as part of another attack. A successful intrusion attempt comes from various factors, such as an employee downloading a malicious file or the business failing to follow IT security best practices. Here are 10 ways that hackers find a way to get into business networks

Tricking Employees into Opening Malicious Files

Phishing accounts for 91 percent of successful network intrusions. Employees see an email that looks authentic. The hacker makes it appear like it comes from someone in leadership, an external partner or another significant entity in the organization. The email has a file attached or a link included in the body of the email. If the employee opens the file, it loads malware onto that system or directly to the network. The phishing emails with links work by taking the user to a fake login page or another screen that requests username and password information. The hacker uses this to get into sensitive systems. The URL could also lead directly to malware.

Visiting Unsafe Websites

You can block suspicious websites and downloads for equipment that connects through your business network, but if someone uses a personal device, they don’t have the same level of protection. The next time they get on the network with the compromised device, the malware has a way to get on your systems and spread throughout your organization.

Lack of Control Over Personal Devices

If your company doesn’t have “Bring Your Own Device” policies in place, then you could end up with unapproved personal devices using your resources. IT doesn’t have any oversight on these unauthorized devices, so they represent a significant threat.

Lack of Cyber Security Awareness

IT security measures can only accomplish so much. Cybercriminals know that organizations have people of varying technical proficiencies. When an end user doesn’t have sufficient cybersecurity awareness, they fall victim to phishing and other attacks. Employees need to understand the steps they can take to protect against hackers, and get the training to learn about IT security best practices.

Poor Password Management

Employees may have weak passwords for their work accounts. In some cases, they may opt for no passwords. Data breaches at other companies could expose common username and password combinations that end up being in place at your business. Password cracking software makes figuring out this information trivial.

Insufficient Backups

Data backups are critical to helping your business recover from a cyber attack or another disaster. If the backup solution doesn’t work correctly or it fails at creating a complete backup, you could face losing months or years of work. The financial loss would be enormous and puts you in a situation that’s difficult to recover from.

Failure to Proactively Monitor and Maintain Infrastructure

Hackers look for vulnerabilities in your network that would allow them to launch a successful attack. If you don’t have IT security professionals monitoring your infrastructure and keeping hardware and software up to date, then you’re creating an environment that’s ripe for a data breach.

Lack of Cyber Security Measures

A failure to follow IT security best practices can lead to a workplace that doesn’t have enough cybersecurity measures in place. Some companies may be misinformed that all they need is perimeter defense to keep hackers out. You may be vulnerable to an intentional or unintentional breach by an internal actor, or be unable to defend against a sophisticated attack.

Unprotected Wireless Networks

Public wireless networks may be convenient for employees, but anyone within range can connect to them. A hacker can intercept the data traveling on the public Wi-Fi and use that information to get into company resources.

Sophisticated Social Engineering Efforts

Some hackers have attacks that involve a lot of social engineering. They may be trying to get into the financial accounts of upper management or accounting, or they could want to access trade secrets and insider information. They act like they’re an authorized person with a legitimate need to have the data or access that they’re requesting. Cybercriminals can be very convincing, especially when they have well-funded operations. If your company has a lot of turnover, or departments that don’t interact with each other, it’s difficult for employees to keep track of who actually works there.

Lack of Physical Access Control

One area that gets overlooked in a cybersecurity strategy is physical access control to data centers and other rooms that contain servers with sensitive data. A hacker could download that data directly from your systems or take the opportunity to load malware onto your infrastructure. If employees write down their account information and post it on their workstations, the hacker could save this information for later use.

Hackers have many ways to break into your business infrastructure and compromise your systems. Intrusions can lead to long-term consequences, such as major financial losses and damage to your reputation. Protecting against these common attack methods puts your company in a better position to limit your cybersecurity risk.

Cybercriminals have started 2019 off by stealing more than 1.7 billion records. They look for data that is profitable in some way, whether they sell it directly or use it as part of another attack.

Microsoft Accounts Targeted For Months, Hackers Serve A Security Reminder

Microsoft Outlook Security Breach

Microsoft began notifying Outlook.com users of a 2019 security breach that occurred between January 1st and March 28th. Hackers were unintentionally given unauthorized access to some accounts, where they were then able to view subject lines, email addresses, and folder names. While no login details—including passwords—were directly accessed as part of this breach, Microsoft did warn users to reset their passwords.

Although the hackers could not view the actual content in the bodies of emails nor download attachments, this incident still represents a major—and disturbing—security incident. This breach serves as a reminder to every business to tighten up its security measures and protect its assets.

Use multi-factor authentication.

Do not leave this as an optional measure for your employees; require it. Multi-factor authentication uses more than one form of identity confirmation—this is the “multi-factor”—to prove the identity of the person attempting to access a particular platform—this is the “authentication.”

Depending on where in the product the Microsoft breach happened, multi-factor authentication could even have possibly prevented or limited the breach. In general, this authentication process adds a strong layer of security. Hackers don’t usually have both the password and the PIN, secret questions, or other ability to verify their identity.

When vetting which type of authentication to implement—if you have this option—consider using the one that is easiest for employees to have on hand, but hardest for others to get a hold of. Trying to make this relatively convenient for your employees will make it easier for them to comply, which will keep your business more secure. Multi-factor authentication is a measure that should go hand-in-hand with training your employees to use strong passwords.

Account for all devices—including mobile—in your security processes.

Very few companies still limit employee access to business assets strictly to desktops at work. There is a growing trend of employees being able to work remotely, even if it is not full-time. A recent study showed that as many as 70% of employees work remotely at least once a week. Whether working from home, a rented office space, or on-the-road, they are using their devices to log in from a distance, well beyond the secured confines of your office. This figure was accounting for full-time employees; contractors only increase the number of remote workers further.

The security processes implemented at your company needs to account for how all of your employees are accessing company resources. Email access on mobile devices is one of the most common ways in which employees take their work on-the-go, and so it’s a strong starting point for building out these protocols. Because confidential company information is being accessed on these devices via networks over which companies have no control, it is critical that both the email servers as well as the devices being used have robust security systems in place.

While new improvements continue to roll out to tackle these issues, solutions that work across all devices are the norm. Security software, as well as encryption tools, can help protect data regardless of the device, particularly when combined with encouraging employees to log-in via secure VPN networks. Cloud options for data storage are offered by providers with a menu of security options; it’s worth walking through your needs and investing in top-quality solutions.

Document your security processes.

With all of the work that goes into developing security processes, even more needs to be carried out to maintain their implementation and ensure that they remain up-to-date with new tech trends and emerging risks.

This is a vast and complex undertaking. All existing assets must be brought onto any updated infrastructure. Employees must be set-up for and onboarded to the security procedures, and checkpoints must be established so that their compliance may be monitored. Systems must be monitored for any breaches, as well as smoothly updated across all users and data to accommodate any new vulnerabilities that arose since the previous update. Different components, whether hardware (including different devices, such as mobile) or software, may experience issues with any updates. New members of the internal information technology must be introduced to the systems while existing members must stay abreast of any new developments; even team members working simultaneously on the same project must address potential communications issues.

Thorough documentation of processes helps achieve this by providing an objective record of the systems in place. This can be used for onboarding; for internal audits; for evaluating alternatives or potential improvements; and even for reviewing the source of vulnerabilities and providing accountability should an issue arise. This sort of record-keeping is an essential component of transparency in company policy and helps enforce quality control on internal processes. Of course, it must also be protected with the highest measure of security since it arguably contains “the keys to the castle.” Decentralizing its storage and scattering protected, encrypted components of it across multiple storage solutions can help protect company assets from the sort of large-scale breach that could otherwise bring your data assets to their knees.

And so, the large-scale Microsoft breach serves as a reminder that active vigilance must always be maintained over internet security, without relying entirely on one single individual, provider, or service. No single entity can be trusted to be entirely safe when major players like Microsoft are clearly vulnerable, despite the teams of brilliant engineers hired to implement safeguards and the millions of dollars invested in diverse preventive measures. Every business needs to be proactive in protecting itself through rigorous internal standards, ranging from staff training through the implementation of mandatory security precautions, to minimize the risk of vulnerabilities being exposed and exploited. Factoring in every employees’ data paths and employing multiple layers of overlapping security efforts at every step of the way—and documenting these processes for easy internal accountability and refinement—are critical for business informational security in this highly connected digital age.

Microsoft began notifying Outlook.com users of a 2019 security breach that occurred between January 1st and March 28th. Hackers were unintentionally given unauthorized access to some accounts, where they were then able to view subject lines, email addresses, and folder names.

How To Encrypt an Email In Microsoft Outlook

Encrypt Email In Outlook

There is any number of reasons to encrypt an email in Microsoft Office Outlook, anything from details about your salary to negotiations to purchase a business. With the state of cybersecurity, you need to know that you are protected from individuals who may attempt to hijack your email as it is in transit between locations, too. Fortunately, Outlook has the functionality built in that will allow you to quickly and easily encrypt your email as well as stop people from forwarding the email message.

Why Is Email Encryption Important?

The rise of malware and ransomware has made many users wary of opening emails, and definitely can make you question opening any attachments — even those from a known user. One of the key reasons for utilizing email encryption is to prevent an attacker from intercepting emails and reading them, or even adding a questionable attachment that could be infected with malware. While there are some web-based encryption platforms, the most effective are often those that are built directly into the email platform being used by staff members on a daily basis.

Email Encryption in the Enterprise

Email encryption options have been around for years and can provide your email and attachments an added level of security that could be necessary for sensitive conversations. In the past, it’s been a bit more challenging to apply encryption and even required an add-in or separate application in order to ensure that your corporate emails are safe in transit. As far back as Office 2007, there’s been the ability to add one-click encryption that applied to a single message. You also have the option to encrypt all outgoing messages, a crucial addition for financial and legal organizations. Network eavesdroppers will be thwarted by this advanced function of Microsoft Outlook. If you are using the Office 365 suite, you can find instructions for encrypting your emails on Microsoft’s help site.

How Does Email Encryption Work?

It’s important to understand that email encryption is a two-way street. Not only is it required that you have the software options available to encrypt messages that you are sending, but your recipient must also be able to remove the encryption with a key in order to view the message or attachment. In Outlook, there is a certificate generated that allows you to store the email in your Sent items as well as provides recipients with a way to respond to the email — as you’ll have to open the encrypted file when it is returned to you. This can become problematic when you have multiple people on a distribution list for your email. When recipients are within your organization, Exchange server stores a copy of the encryption key for each individual on the server for ease of use.

Microsoft Outlook is one of the most widely-used email platforms in the country, especially for business professionals. The simple instructions for email encryption and the quick application of the rule for all emails means it is easier than ever to protect your confidential messages.

There is any number of reasons to encrypt an email in Microsoft Office Outlook, anything from details about your salary to negotiations to purchase a business. With the state of cybersecurity, you need to know that you are protected from individuals who may attempt to hijack your email as it is in transit between locations,

What Are the Benefits of Outsourcing IT Services For Small Business?

Technical Services

There is a point in every small business’s lifecycle when technology becomes integral to the business. With some organizations, this could be the first day they are in existence — with others, it may be several months to a year or more before technical challenges begin to invade business operations. This can come on slowly, starting with a backlog of support requests, patches that are applied several months later and software licenses that are shared “for now”. Each of these small steps are leading your business away from secure operations, and into a spiral that can be difficult and expensive to undo. Before you get to that point, it’s important to consider the benefits of outsourcing the IT needs of your small business.

Technology Challenges Start Early

Simply managing your software licensing needs can be a challenge when your IT team consists of a single individual or perhaps a few overworked souls. Creating a cohesive strategy for your business should involve technology partners, but if they are focused on keeping the (digital) lights on it’s tough for them to be strategic in any meaningful way. Leveraging the minds that know your business best in places that they can add real value starts by removing some of the nuisance tasks from their plate, and passing them off to individuals who are able to act upon them in a timely manner. That way, you can take full advantage of the thoughtful advice and research that your internal team can provide to drive the business forward.

Why Should I Outsource My IT Services?

Small business owners and leadership wear a variety of hats: your customer service manager may also be supporting web design, while your operations head is juggling production levels as well as infrastructure and wiring. Having these professionals stretch outside their comfort zone is how many small businesses get started, but growing into the next level requires a strategic focus within several dimensions. Cybersecurity is a major concern for businesses these days, with thousands of attacks happening on an annual basis to organizations of all sizes. Experts estimate that email compromises alone constituted over $12.5 billion in losses over the past five years — a staggering sum when you consider that small businesses bore a large percentage of that loss.

Outsourced IT = Added Peace of Mind

Working with an outsourced IT service provides you with the peace of mind knowing that there are dedicated professionals fully focused on ensuring that your business stays secure. With active monitoring solutions that can quickly trigger an alert, you’re already avoiding the average 191 days that it takes a business to discover that they have been infiltrated by cyber attackers and that their data has been breached. Once a breach is identified, you’ll still need to remediate the problem — and it can be extremely costly in terms of both time and money to bring in an outside organization that is not familiar with the data or infrastructure of your business.

Consistent Billing Provides Budgeting Benefits

Technology budgets can be quite complicated, as you’re balancing the reasonable lifecycle of hardware products, software upgrades and the unexpected IT needs of the business on an annual basis. One way that you can add some consistency to your budgeting is by working with an outsourced IT provider. Instead of massive unexpected bills for services that you weren’t anticipating, your technology services provider is able to work with you on a retainer basis so you can spread your costs more equally throughout the year. This allows for a higher level of predictability when you’re working through your annual budgeting period.

With outsourced IT services, your business also gains around-the-clock protection for your data and network, robust backup and recovery platforms, access to professionals who can help quickly upgrade hardware and software as well as advanced security processes and procedures for your business. Together, you’ll find that your operations and service levels are higher for both internal and external constituents when you’re working with an IT solutions provider to support your business needs.

There is a point in every small business’s lifecycle when technology becomes integral to the business. With some organizations, this could be the first day they are in existence — with others, it may be several months to a year or more before technical challenges begin to invade business operations. This can come on slowly,

Using Delayed Delivery With Email to Boost Productivity

 

Email is one of the best ways to communicate with people in the business world, but it’s also one of the biggest time drains for those same individuals. Some of the most productive people turn their email completely off and only check it a few times a day, but is there more that you can do to stay productive throughout the day without stressing out that you’re missing important messages? This quick email productivity hack may be the answer that will help you stay more organized and less distracted throughout the day.

Delayed Email Delivery

Even though it’s a core part of Microsoft Outlook, few people realize that you’re able to delay the delivery of emails until a later date or time — and even fewer people use this function on a regular basis. Delaying the delivery of your email is a great way to ensure that people receive your message when they are most likely to act upon it. If you need someone to provide a crucial report for you but they’re currently on vacation, sending an immediate email request is likely to get lost in the waves of requests they will be wading through when they return to the office. If you delay the message until a day or two after they are back in the office, you’re much more likely to receive a response without having to follow up again.

Scheduling Your Day

Another great way to stay focused during the day is to schedule all of your emails to go out at a certain time, perhaps around the time you will be leaving for the day. This allows you to answer emails at preprogrammed times throughout the day, but not being a slave to pinging notes back and forth when you would prefer to focus on other tasks. The hope is that others will respond to your requests at the end of their day, and you’ll have a wealth of actionable responses waiting for you when you come into work the next morning. It’s not difficult to schedule emails for delivery at a later time, and this simple productivity hack could save you over an hour each day — providing you with a significantly greater amount of targeted time to pay attention to what you need to accomplish each week.

You’re not getting more hours added to your day, and there’s almost always more than you can accomplish in any given week. Using these simple email scheduling tips to delay your email deliveries helps you eke more work (and fun!) out of the time that you do have available.

Delayed Delivery With EMail

  Email is one of the best ways to communicate with people in the business world, but it’s also one of the biggest time drains for those same individuals. Some of the most productive people turn their email completely off and only check it a few times a day, but is there more that you

Security Update: What’s PhishPoint?

Phishpoint

The attack dubbed “PhishPoint” is a recent cyber-attack scheme being used by foreign hackers. It demonstrates the craftiness and the extent that cybercriminals will go to in order to harvest your Microsoft Office 365 credentials. It uses several familiar aspects of Office 365 to lull potential victims into an assumption that everything is above board. But it’s not. Here’s what you need to know about PhishPoint and how to protect your organization.

How Did The PhishPoint Attack Get Into Office 365?

The PhishPoint hackers use Microsoft SharePoint files to host their phishing links. Typically hackers use emails to host malicious links. Now, these crafty hackers have figured out how to bypass Office 365’s built-in security to leverage their attacks. This shows that there’s a critical flaw in Office 365 in this respect.

How Does The PhishPoint Attack Work?

You can recognize a PhishPoint malicious email by its use of “URGENT” or “ACTION REQUIRED” to urge you to respond. But beware, this email contains a link to a SharePoint Online-based document that you don’t want to click.

Here’s how it works:

The link will direct you to SharePoint. It will look legitimate and could trick you or your users unless you know what to watch for it.

At this point, you’ll be shown a OneDrive prompt –The SharePoint file will impersonate a request to access a OneDrive file with an “Access Document” hyperlink. This is actually a malicious URL, as shown below.

Then you’ll see a Microsoft Office 365 logon screen – Don’t enter your information even though it’s very authentic-looking login page. if you do, the hackers can access your user credentials!

What Else Should We Watch For?

Several things stand out here, and you should watch for them:

1. The email is unsolicited and has a generic subject of “ has sent you a OneDrive for Business file.”

2. Opening the document requires you to take a number of steps.

3. The URL for the logon page isn’t on the office365.com domain.

Why Didn’t Microsoft Stop This Scam?

Unfortunately, Microsoft didn’t see this coming. They continually scan emails for suspicious links and attachments, but even they were fooled. They didn’t think that a link to their own SharePoint Online would be malicious.

Another problem is that Microsoft link-scanning only goes one level down. It scans links in the email body but doesn’t scan files that are hosted on their services like SharePoint. If they did, they would have to scan for malicious links within shared documents.

And there’s another problem…they couldn’t blacklist the malicious URL unless they did this for the full URL for the SharePoint file. In this case, the hackers could just make a new URL in an uploaded file that contained content similar to SharePoint.

Since Microsoft isn’t scanning files hosted on SharePoint, hackers can easily use the platform to con their users and steal their credentials.

This scam exemplifies the risk associated with cloud-based applications. Using context and services that users are familiar with, cybercriminals can take advantage of a lowered level of alertness, and gain access to corporate resources online – all without the user or organization ever knowing it.

What Is Microsoft Doing To Prevent Scams Like PhishPoint?

Microsoft has been working behind the scenes to stop foreign attackers. Court documents that were unsealed on March 27, 2019 show that they’ve been waging a secret battle against a group of Iranian government-sponsored hackers.

Microsoft said it received substantial support from the domain registrars, which transferred the domains over to Microsoft as soon as the company obtained a court order.

What Can We Do To Prevent Being Affected By PhishPoint?

It’s important that you share this message with all of your users:

Be on alert! The bad guys have a new way of stealing your login credentials. They target you by sending an invite via email to open a SharePoint document.

The link takes you to an actual SharePoint page where you will see a OneDrive prompt. The prompt will have an “Access Document” link in it- don’t click this link!  

This link is malicious and will take you to a fake Office 365 login screen. Any credentials you enter here will be sent to the bad guys. Don’t be tricked!  

Whenever you’re submitting login credentials to any site, make sure to check the URL of the page for accuracy. Also, remember to always hover over links to see where they are taking you. Remember, Think Before You Click.

Here are some other things that you and your users should do:

  • Be wary of any email subject line that contains an imminent threat like “URGENT” or “ACTION REQUIRED.”
  • Always suspect URLs in the body of an email. It’s best not to click them. Most legitimate businesses no longer send links in emails.
  • Carefully review any logon page. Check to make sure that the URL is actually hosted by the service that you want to use.
  • If an odd-looking email shows up in your inbox from someone in your organization and you question its authenticity, contact the person by phone to see if they sent the email.
  • Use Multi-Factor Authentication for all of your software platforms and online accounts.
  • You should also sign up your users for Security Awareness Training. When you do, they’ll have a better chance of spotting the telltale signs of a cyber threat.

The attack dubbed “PhishPoint” is a recent cyber-attack scheme being used by foreign hackers. It demonstrates the craftiness and the extent that cybercriminals will go to in order to harvest your Microsoft Office 365 credentials. It uses several familiar aspects of Office 365 to lull potential victims into an assumption that everything is above board.

What Is The Estimated Cost Of Your Next Ransomware Attack?

ransomware

Successful businesses require smart leadership. How does a company effectively protect its profits? Planning for profits should also include company-wide management of expenses and security planning is high on the list. If the average ransomware payment has reached close to $15,000, a company’s leaders would want to plan ahead and ensure all security best practices for backups, network systems, cloud storage, and servers. Real profits include all revenues with an understanding of cost allocations for a business. Effective technology solutions can help make sure the right focus is on the products or services with higher profit margins. Security planning fits nicely with successful leadership, along with prevention plans to reduce all risks. Eliminating any unnecessary expenses from ransomware attacks could allow better allocations for salaries, employee satisfaction, company reinvestments, and provide improved planning for sales and profits.

How do you put a cost on employee reassurance for successful security planning? Do not allow a ransomware attack to affect your profits, employee satisfaction or customer confidence. How can you improve customer satisfaction with your plans for security? Employees and customers can benefit from understanding the successful planning for eliminating all security risks. Smart leadership with security planning includes documentation for policies, procedures and adequate communication for employees. Employee training should consist of documentation that clearly outlines security requirements. Employee retention and job satisfaction may not seem completely quantifiable but effective leadership is able to provide the best planning for staff morale.

Security planning

Effective leadership includes communication strengths, simplified technology solutions, employee support, and operational planning for client satisfaction. Marketing, client support, and branding require appropriate security planning and any security issues, such as ransomware attacks, are disallowed. On-demand support is important for employee support and client satisfaction. Security planning should be the focus of any customized IT services and flexible technology solutions. Support plans may include additional hiring and training for technicians. Packaged solutions and IT managed services are easily researched with the correct leadership involved and reviews of the cost-benefit analysis. Effectively managed IT support can help prepare a company for leading-edge technologies, cost savings, and marketing strategies. The improved promotions for profitability are part of the smart leadership of a successful business.

Business growth

A company’s growth can be comfortable for leadership teams and employees. Appropriate planning would be for new hiring, cost management, accounting and administration, and information security. A company’s asset allocations for new hires are a smart focus for scalable business growth. Support for the human resources departments can help simplify the hiring process, training procedures, and employee effectiveness. The technology staff and any partners for technology solutions should be high on the priority list for smart business growth. Technology teams can be some of the best for effective cost management, profitability, operations planning with sales projections, and marketing priorities. Experienced IT consultants can help with planning and success throughout a company.

Expense management

Appropriately allocating expenses with accounting and administration is an effective strategy. Technology teams and business executives are able to better focus on profitability and growth strategies. A thorough understanding of staffing needs is improved with effective expense management reviews. Some of the expenses and cost projections to consider include the following:

  • Employee expenses including computers, mobile devices, and salaries
  • Administration overhead with product and services support
  • Technology costs with security planning, salaries, commissions, and partnership agreements
  • Asset allocations and maintenance costs
  • Trained technicians and experience with cost cutting are improvements for the business
  • Product development expenses and allocated costs with packaging, distribution, and promotions
  • Sales and marketing costs are monitored continuously for profitability and growth projections
  • Costs for press promotions, media announcements, and public relations
  • Social media support with company messages and communication plans

Regular security assessments

Reviews can include usability of information systems and an analysis of graphical user interfaces for all technology implementations with user access. Smart leadership could consist of a review of the regular security assessments for planned improvements, user support, and communication enhancements. Confirmation of success is smart for operations and client reassurance. Sales and marketing teams can use healthy reporting to demonstrate successful planning for security procedures and privacy of client information. Looking organized is also part of effective management with security reviews and regular assessments. Security plans should be a part of expense management and corporate planning.

Network administration

The salary for a network administrator is important to review often for effective leadership and employee planning. “An in-house network administrator can cost your business somewhere around the salary range of $45,000 to $80,000”,  https://www.payscale.com/research/US/Job=Network_Administrator/Salary. Having the right successful leadership in place is a smart way to manage all business expenses and plan for successful growth. Working with the managerial staff, the network administration team can prepare the best documentation for employee training and new hiring processes. As some of the smartest planning for sales and marketing promotions, smart plans for the employees can help improve profitability for a business. Smart priorities can help assure employees are impressed with a company’s plans for success and business growth. Security planning can be improved with communication of the policies for networking, backups, remote access, client information, and employee administration.

Employee training

Training can be helpful for all employees, including new hires. Plans to prepare training can include impressive presentations or documentation to impress potential or current clients. The best type of training for technology and information systems, such as security plans, can easily be prepared to benefit the entire company. Communication with all levels of employees is friendlier with documentation or reports highlighting prevention plans and confirming the correct policies for security. Risk assessments and security reviews can foster better communication with employees or clients. The focus can benefit plans for profits and sales successes.

Successful planning to completely dismiss any risks of ransomware attacks is smart business. Preparing for profits and protecting your business work are good leadership plans. The appropriate planning can be appreciated by business executives, business owners, and managers. Confirmation of the best preparation for salaries and commissions is important for the network administrators and the entire staff for a company. Having the right leadership in place can help reduce all security risks and eliminate unneeded expenses of any cyber attacks or vulnerabilities.

Successful businesses require smart leadership. How does a company effectively protect its profits? Planning for profits should also include company-wide management of expenses and security planning is high on the list.

Microsoft Excel Training [Free Online Course]

Microsoft Excel Training

 

Microsoft Excel Training

Excel is one of the most versatile and most useful programs in the Microsoft Office suite. It’s also one of the trickiest to master without a little help from someone who understands the ins and outs of Excel.

Join us for a special three-part online Microsoft Excel training session, available on-demand.  Tune in from the comfort of your office, learn about Excel over your lunch hour or just check it at home. Our Microsoft Excel training is available, FREE of charge and around the clock.

  • Session 1 – Introduction To Microsoft Excel
  • Session 2 – Intermediate Microsoft Excel
  • Session 3 – Advanced Microsoft Excel

Register online by clicking here.

Microsoft’s spreadsheet program has a wide array of features that make it a handy tool for just about any project, and a host of functions you might not even realize have been there the whole time.

Learning how to use this amazing program to its full advantage and put it to use for your business starts with getting an up-close look at how Excel’s features work.

Have questions? Send me an email by emailing sales@pacetechnical.com or phone me at 905.763.7896 Ext. 214.

Microsoft Excel Training   Excel is one of the most versatile and most useful programs in the Microsoft Office suite. It’s also one of the trickiest to master without a little help from someone who understands the ins and outs of Excel. Join us for a special three-part online Microsoft Excel training session, available on-demand.

Windows 7 Support Is Ending

Windows 7 Updates 

Did you know? Microsoft is ending support for Windows 7 in January 2020. Beginning this April, Microsoft will start displaying pop-ups on all Windows 7 computers alerting the users that their support for Windows 7 will be ending.

Don’t be alarmed.  Microsoft also did the same thing with Windows XP before shutting down their support for the Windows XP Operating System.

Read More

PACE Technical Services is in the process of discussing upgrade options with every one of our clients and local companies. We’d like to schedule time with you to discuss your options. Feel free to connect with us by calling 905.763.7896 Ext. 214 or sending an email to sales@pacetechnical.com.

  Did you know? Microsoft is ending support for Windows 7 in January 2020. Beginning this April, Microsoft will start displaying pop-ups on all Windows 7 computers alerting the users that their support for Windows 7 will be ending.

5 Things You Need To Know About the End of Windows 7 Support

Windows 7

Windows 7 has had a great run, but Microsoft has decided that it’s finally time to retire the platform. Windows 7 isn’t being deprecated by customers as quickly as Windows would like, with more than 38% of all PCs still running the aging OS. It seems that businesses like to hang onto an operating system once it becomes stable, because even Windows XP still owns 3.3% of the market share after support ended in April 2014. Windows 10 is still the top operating system for PCs, but it’s only a few basis points above the much older Windows 7.

As Microsoft enters the final stretch for offering support for Windows 7, there are 5 things you need to know to keep your PCs stable and operating in peak condition.

1. Windows 10 Offers Better Security

Cybersecurity is one of the topics on everyone’s mind in the technology field, and Windows 10 offers additional security measures you won’t find in the older OS. Ransomware, in particular, is being targeted to computers running older operating systems such as Windows 7, because there’s the perception that updates and patches may not be put into place. Windows 10 has a significantly more advanced end-to-end defense stack than you’ll find on Windows 7.

2. Get Ready for Windows as a Service

Another key benefit of migrating to Windows 10 is the speed of releases. While Windows 7 and previous operating systems from Microsoft had an extended release schedule, the team behind Windows 10 will be pushing out updates approximately every 6 months. What’s more, the updates each have a limited lifespan of support, a move to encourage businesses to shift to a more frequent schedule of updates. This requirement can be a burden on an overtaxed technology department, especially when Microsoft is expecting the updates to be completed at least every 18 months.

3. Are Your Business Applications Compatible?

Organizations that put off an upgrade to the newest in Microsoft’s operating system lineup may be doing so due to a concern about lack of compatibility with current business applications. Turns out, this is definitely a consideration, as some organizations are having to roll back their Windows 10 upgrade due to interoperability issues with line-of-business applications. Application compatibility is an important consideration any time operating systems are upgraded, so Microsoft is providing free assistance with app compatibility as part of their upgrade program.

4. You May Need to Refresh Your Hardware

You may find that older PCs are not hardy enough to handle the requirements of a newer operating system. While it will make your upgrade journey more complex, it’s best to ensure that you’ve got the best possible start with computers that will handle the additional computational load that Windows 10 requires. This is one of the steps where it is helpful to get a second opinion from a trusted service provider, as upgrading and then determining that your legacy equipment won’t handle the new business apps and systems could require labor-intensive and expensive rework. The load from Windows 10 is not extremely heavy, but it could burden older systems.

5. Need Extra Time to Upgrade?

Of course, there’s always the option that you can pay your way into a few more years of Microsoft support for Windows 7. While Microsoft isn’t recommending this option, it could be viable for an organization that is deeply rooted in the Windows 7 ecosystem — at least for the short term. The need to upgrade eventually is inevitable, but this extension on the January 2020 deadline may allow businesses to have a more orderly migration than rushing to get in under the wire. If you’re ready to upgrade the majority of your hardware and have a legacy application or two that is incompatible with Windows 10, there’s always the option of running a virtual machine with Windows 7 until you’re able to patch or rebuild your incompatible software.

Whether you’re going to stick it out or ready to make an upgrade, you’ll need to keep in mind the age of your current fleet of PCs as you carefully weigh the costs and benefits of taking this step. What is most important is that your team has the support that you need to make decisions as well as the technical support in the event of any bumps along the road.

Windows 7 has had a great run, but Microsoft has decided that it’s finally time to retire the platform. Windows 7 isn’t being deprecated by customers as quickly as Windows would like, with more than 38% of all PCs still running the aging OS. It seems that businesses like to hang onto an operating system once it

Instagram Users: Fake Copyright Infringement Notices

There’s a new scam targeting highly-trafficked Instagram accounts, and anyone with several thousand followers on their account — including businesses and clients — are fair game to the fraudsters. The scheme masquerades as a false claim of copyright infringement, according to Kaspersky Labs, who first noticed the new way influential and popular users are being cajoled into giving up their credentials to attackers.

Fake Instagram

How can you tell if your company or a client is in the crosshairs? The first sign of attack comes in the form of an official-looking email, seemingly from the team at Instagram.

“Your account will be permanently deleted for copyright infringement,” the email threatens. Tripwire reports in a recent article that the scam then requires action in the next 24-48 hours that involves “addressing the claim” and “verifying credentials.” This is where the user is required to type in the account’s password, which hands over the keys to the social media account to the attackers. It doesn’t end there, though — Tripwire warns that an “email verification” is required in addition to the credentials verification, where the user is asked to choose their email provider and give up the username and password for that login as well.

Kaspersky warns the false emails from Instagram are extremely similar to actual Instagram addresses. They include “mail@theinstagram.team” or “info@theinstagram.team.” Protecting your business or your clients from giving up the information in the first place is paramount — once the information is handed over, scammers can then demand ransom to return the account, spread malicious content across the page, and of course, change the information required to assert control over the account, like passwords and security questions. Tripwire encourages managers of popular Instagram accounts to enable two-factor authentication to make it significantly more difficult for attackers to gain access to the account. Kaspersky advises staying up-to-date on best practices, like avoiding suspicious links and only logging into Instagram through the official app.

There’s a new scam targeting highly-trafficked Instagram accounts, and anyone with several thousand followers on their account — including businesses and clients — are fair game to the fraudsters. The scheme masquerades as a false claim of copyright infringement, according to Kaspersky Labs, who first noticed the new way influential and popular users are being

5 Cybersecurity Tips For Employees

Cybersecurity Employees

Imagine waking up one day only to realize that the company you work for has been hacked. Your files are missing, bank accounts are hijacked, and sensitive information is on the loose. Although this sounds like a rare situation, it has become more prevalent in this day and age. While there are some solutions to catching hijackers and cybercriminals, the damage done can be quite extensive. Furthermore, cyber attackers can now attack a company from many different angles. This is why, today more than ever, it is extremely important to understand cybersecurity best practices and to make sure you’re staying as protected as possible. However, cybersecurity isn’t only about protecting your infrastructure and device endpoints. There are other assets that cyber attackers have been focused on — employees. While there are many employees trained in cybersecurity best practices, many employees act carelessly when it comes to staying protected. Employees may not care about protecting the company or they may not know how to best protect their information. Whatever the case may be, ensuring top-notch cyber protection at the workplace can help prevent a disaster. Not only can a hijacking lead to the release of confidential information, but it can also result in the termination of an employee. In this post, we’ll discuss 5 cybersecurity tips for employees.

Keep an Eye on Your Devices

A top method for a cyber attack starts with the theft of important devices. Whether it’s a phone, computer, tablet, or even a notebook, these all can contain valuable information that might be used for a cyberattack. No matter how small your business is, keeping your devices safe is a best practice to follow. Devices such as laptops are very important to keep an eye on, as these can be used to stir up a great deal of confidential information. In addition, if you don’t need a password to enter into your device, it makes it that much easier for a cyberattacker to access very important material. Therefore, it’s always best to keep a close eye on your devices. If you have your devices in a public place, always have them in an arms reach. If you have to step away for a few minutes, take your devices with you. However, watching your stuff doesn’t only pertain to being in public. Even at the workplace, things get stolen and devices get hijacked. Always keep a close eye on your phone, laptop, and other devices. While this mostly pertains to large companies with many employees, small businesses too are also at risk. It’s best practice not to get careless with your devices and to always know where they are.

Practice Proper Web Browsing Techniques

Another popular way for cyberattackers to make their money happens when employees carelessly use the web. While an employee may feel that they’re doing nothing wrong, an attacker may take advantage of their careless mistakes. While there are some obvious threats that you know not to fall for, other threats aren’t so apparent. Keep reading to find out some common threats to be aware of while browsing the web.

Maladvertising

This threat is a type of malicious code that distributes malware through online advertising. This can be hidden within an ad, included with software downloads, or embedded on a web page. What makes this so threatening is that maladvertising can be displayed on any website, even ones thought to be trustworthy.

Social Media Scams

With the explosion of social media in the last 10 years, cyberattackers have been hard at work developing scamming techniques. Whether it’s through click-jacking, phishing techniques, fake pages, or rogue applications, hackers have been very successful with these social media scams. While Facebook is a common platform used for hacking, Twitter also poses many threats. This is because Twitter is both a microblogging site and also a search engine.

Web Browsing Tips

  • Don’t click on any ads or links that seem fishy
  • Don’t click on links in emails
  • Only interact with well-known sites
  • Confirm you’re using non-fraudulent sites
  • Be cautious with online downloads

Keep Mobile Devices Secure

While you might think that the biggest threat to cyberattacks involves the use of your computer, your mobile devices are also something to pay attention to. With the growing sophistication of cell phones, tablets, and laptops, hackers are chomping at the bit trying to get their hands on any of these devices. Cell phones are basically a mini-computer nowadays and tons of confidential information can be easily assessable on them. This is why mobile security is more important than ever. However, given the small size of these devices, it poses many challenges to stay safe. Since laptops and phones are getting smaller by the day, it’s now harder to keep an eye on these devices, in addition to trying not to lose them. However, there are multiple security measures you can take to ensure that your mobile devices are secure. From security apps to creative passwords, there are numerous things you can do to keep these cyberattackers at bay. Take a look at a few of these solutions below:

  • Keep Devices Clean — As with most things in life, a good cleaning is usually beneficial. Same goes for your mobile devices. With so much information on such a small device, it’s vital that you clean up your device from time to time by deleting files and using an antivirus program.
  • Setup a Passcode — Sometimes all it takes to stay protected from a cyberattacker is a strong password. This is the first thing that the attacker has to crack, so this is your first line of defense. Make the password unique and difficult to guess.

Keep a Clean Desk

Another tip for staying safe in the workplace involves cleaning your desk. It may sound so simple, but a messy desk has a strong chance of obtaining some important information. Remember that note you got from your boss last month? How about those files that were put on your desk last Tuesday? If you forget about these materials and they contain some confidential information, you could risk a cyberattack. Furthermore, if someone steals something from your messy desk, it can be very difficult to notice. Sometimes days or even months go by before you notice that note is missing or that folder isn’t there anymore. While you’ve gone a long period of time without even knowing these materials went missing, you could already be a victim of a cyberattack. Here are some other common mistakes to avoid:

  • Leaving USB drives or phones out in the open
  • Writing down usernames and passwords and leaving them on your desk
  • Leaving credit cards out in the open
  • Forgetting to erase notes
  • Leaving confidential papers on your desk for extended periods of time
  • Forgetting to lock a cabinet or drawer

Be sure to avoid these mistakes as they can make it that much easier for a cyberattacker to access your important information.

Beware of Phishing Attacks

Phishing is a fraudulent practice that involves emails being sent to entities to induce the exposure of credit card numbers, usernames and passwords, or other valuable information. Attackers may pose to be friends, family, or trusted businesses in order to gain information from an employee. Another tactic that makes these attackers successful is the appearance of authority. They may mention something requested by the CEO or something that involves some of the higher-ups. Since employees never want to disappoint the CEO, falling victim to these attacks is common. While it’s very common for an attacker to try to impersonate someone else, they might take another approach. Sometimes links are embedded into emails that will redirect the employee to a fraudulent web page, or sometimes the attacker might attach a file that can expose confidential information if downloaded. Understanding these different methods used by hijackers can help protect you from a cyber disaster. Take a look at a few other best practices below:

  • Verify suspicious email requests by contacting them directly
  • Utilize malware and antivirus protection programs
  • Check the security of websites
  • NEVER reveal personal or financial information via email

While phishing is a common technique used by cyberattackers, understanding how to protect yourself can make you well-prepared for anything that comes your way.

Say Goodbye to Cyberattackers!

Even with the many methods of attack for these cyber-hijackers, there are many things you can do to ensure you’re staying protected. While following the list above will get you well on your way to staying educated on the topic, your employers should also consider training their employees on best practices. Even if it’s done once a year, cyberattack trainings can go a very long way. Try talking to your boss about it in the next meeting or go the extra mile and talk to your whole team about it in a group discussion. Another method of protection involves hiring a company that specializes in cybersecurity. These companies are growing by the second and there are many services available for both large and small businesses. Whether you seek external resources for your cybersecurity efforts or you prefer an in-house approach, cybersecurity is something not to shy away from. Not only can a cyberattack lead to lost revenue and the exposure of confidential information, but it can also send a company burning to the ground. By using the five tips mentioned above, employees can stay safe from the trickery of cyberattackers.

Imagine waking up one day only to realize that the company you work for has been hacked. Your files are missing, bank accounts are hijacked, and sensitive information is on the loose. Although this sounds like a rare situation, it has become more prevalent in this day and age.

Severe Ransomware Attack Hits Global Firm

Ransomware Breach

Norsk Hydro just got hit with a major ransomware attack that took down their entire worldwide network. It happened this morning, Tuesday, March 19, 2019, and we wanted to share this with you.

They experienced widespread system outages. This has been such a disaster that their aluminum production plants are now operating manually. All of their 35,000 employees worldwide have been affected.

For details view this 18-minute briefing from Norsk Hydro.

Feel free to contact us if you have any questions.

Norsk Hydro just got hit with a major ransomware attack that took down their entire worldwide network. It happened this morning, Tuesday, March 19, 2019, and we wanted to share this with you. They experienced widespread system outages.

New Threat Advisory: TrickBot (Warnings/Recommendations)

TrickBot is up to its tricks again. Once cyber experts get a handle on it, TrickBot releases new modules that advance its capabilities. Here’s what you need to know to protect your organization from TrickBot.

Trickbot

Don’t Get Tricked By TrickBot

TrickBot is up to its tricks again. Once cyber experts get a handle on it, TrickBot releases new modules that advance its capabilities. Here’s what you need to know to protect your organization from TrickBot.

What Is TrickBot?

The Multi-State Information Sharing and Analysis Center (MS-ISAC) recently released a security primer on TrickBot. Originally developed in 2016 as a Windows-based banking Trojan, TrickBot has recently advanced its capabilities.

TrickBot is a modular banking trojan that targets user financial information and acts as a vehicle for other malware. It uses Man-in-the-Browser attacks to steal financial information such as login credentials for online banking sessions. (The majority of financial institutions consider Man In The Browser attacks as the greatest threat to online banking.)

Malware developers are continuously releasing new modules and versions of TrickBot— And they’ve done this once again.

How Is TrickBot Distributed?

TrickBot is disseminated via malspam campaigns. Malspam is a combination of malware and spam. It’s usually delivered through phishing or spear-phishing emails. Its goal is to exploit computers for financial gain.

These malspam campaigns send unsolicited emails that direct users to download malware from malicious websites or trick the user into opening malware through an attachment.

TrickBot is also dropped as a secondary payload by other malware such as Emotet. Some of TrickBot’s modules abuse the Server Message Block (SMB) Protocol to spread the malware laterally across a network. (SMB is an application-layer network protocol that facilitates network communication while providing shared access to client files, printers and serial ports.)

The developers behind TrickBot have continue to add more features via modules to this potent trojan virus. It can download new modules that allow it to evolve if left unchecked.

How Does The TrickBot Malspam Campaign Work?

The malspam campaigns that deliver TrickBot use third-party branding looks familiar to you and your staff such as invoices from accounting and financial firms. The emails typically include an attachment, such as a Microsoft Word or Excel document. If you open the attachment, it will execute and run a script to download the TrickBot malware.

And, TrickBot is really tricky. It runs checks to ensure that it isn’t put in a sandboxed (quarantined) environment. Then it attempts to disable your antivirus programs like Microsoft’s Windows Defender.

And even worse, TrickBot redeploys itself in the “%AppData%” folder and creates a scheduled task that provides persistence. Persistence is the continuance of the effect after its cause is removed. So, even after you remove TrickBot, it can still create problems.

What Happens If Your Network Gets Infected With TrickBot?

TrickBot’s modules steal banking information, perform system/network reconnaissance, harvest credentials and can propagate throughout your network.

TrickBot:

  • Will harvest your system information so that the attacker knows what’s running on your network.
  • Compares all files on your disk against a list of file extensions.
  • Collects more system information and maps out your network.
  • Harvests browser data such as cookies and browser configurations.
  • Steals credentials and configuration data from domain controllers.
  • Auto fills data, history, and other information from browsers as well as software applications.
  • Accesses saved Microsoft Outlook credentials by querying several registry keys.
  • Force-enables authentication and scrapes credentials.
  • Uses these credentials to spread TrickBot laterally across your networks.

What’s New With TrickBot?

In November 2018, a module was developed and added that gave TrickBot the ability to steal credentials from popular applications such as Filezilla, Microsoft Outlook, and WinSCP.

In January 2019, three new applications were targeted for credential grabbing: VNC, Putty, and RDP.

In addition, it can also steal credentials and artifacts from multiple web browsers (Google Chrome/Mozilla Firefox/Internet Explorer/Microsoft Edge) including your browsing history, cookies, autofills, and HTTP Posts.

How Can You Protect Your Organization From TrickBot?

We recommend that you contact us and arrange for the following to protect against the TrickBot malware:

  • Implement filters at the email gateway to filter out emails with known malspam indicators such as known malicious subject lines, and block suspicious IP addresses at the firewall.
  • Use managed antivirus programs on clients and servers, with automatic updates of signatures and software. Off-the-shelf antivirus isn’t enough.
  • Arrange for vulnerability scans to detect TrickBot or other malware threats that are hiding in your IT systems.
  • Apply appropriate patches and updates immediately after they are released.
  • Provide Security Awareness Training for your users. Regular training will ensure that they can recognize social engineering/phishing attempts, and refrain from opening attachments from unverified senders.
  • Help you employ a Password Management solution so your usernames and passwords aren’t disclosed to unsolicited requests.
  • Deploy a managed Anti-Spam/Malware Solution with the latest signature and detection rules.
  • Review security logs for indicators of TrickBot. If any are found, we can isolate the host and begin investigation and remediation procedures.
  • Make sure you adhere to the principle of least privilege, ensuring that users have the minimum level of access required to accomplish their duties. We’ll also limit administrative credentials to designated administrators.
  • Implement Domain-Based Message Authentication, Reporting & Conformance (DMARC). This is a validation system that minimizes spam emails by detecting email spoofing using Domain Name System (DNS) records and digital signatures.
  • If you don’t have a policy regarding suspicious emails, we can help you create one and specify that all suspicious emails should be reported to security and/or IT departments.
  • And more…

Don’t let TrickBot use its tricks to steal your confidential data. Contact us for comprehensive IT Security Analysis and Remediation to keep TrickBot out of your network.

TrickBot is up to its tricks again. Once cyber experts get a handle on it, TrickBot releases new modules that advance its capabilities. Here’s what you need to know to protect your organization from TrickBot.

How Composing Email On Multiple Devices Keeps Business Moving

Email is one of the primary forms of communication for today’s active businessperson, but there are certainly some challenges when you’re on the go. It’s not unusual to start an email on one device and save it as a draft to finish up later from your desktop. This productivity hack allows you to quickly jot down ideas on your mobile phone and save the email for further refinement when you’re back in the office. See some additional best practices for keeping your email synced across devices.



The Rise of Mobile Email

The share of global web pages served to mobile phones has changed dramatically over the past 10 years, from less than 3% in 2010 to over 52.2% (and climbing!) in 2018 according to Statista. This doesn’t even include tablet traffic, which accounts for approximately another 10% of traffic in the United States. The same shift can also be seen in email, with the percentage of emails being opened on mobile devices growing to 55% or greater. Return Path, an email data aggregator, shared that the converse is true for emails opened within an internet browser; this number has dropped from 37% in 2012 to 28% in 2017. These dramatic shifts are representative of the way we create emails, too.

The End of Poorly-Worded Mobile Messages?

While it would be great to note that the increased ability to work cross-platform would mean that you’re less likely to receive poorly-worded, autocorrected emails that originated on a mobile phone, but that’s probably too much to ask. However, the ease with which you can save messages for later editing and sending may reduce the possibility that it’s obvious your email was jotted down on a mobile phone. Business professionals are more likely to take the time to create a well-written message that covers the necessary points when they’re able to re-read the note on their laptop. Few people are able to flawlessly compose a thoughtful email message on a 4″ mobile screen.

Taking Control of Your Inbox

It’s all too easy to allow your inbox to control your life and make you extremely reactive, especially when your emails are close to hand at all times on your mobile devices. It’s essential to stay organized to reduce the possibility that you’ll miss replying to an important message when you’re on the go. Try using labels for “Need to Reply” or “Respond Tomorrow” that will prompt you to draft a reply the next time you’re in the office.

Don’t lose productivity when you’re out of the office — simply jot notes to yourself for later refinement! You’ll love this time-saving trick, and your email recipients will appreciate that your emails have had a few minutes of review and editing before they’re fired out of your Sent mailbox.

Email Sync

Email is one of the primary forms of communication for today’s active businessperson, but there are certainly some challenges when you’re on the go. It’s not unusual to start an email on one device and save it as a draft to finish up later from your desktop. This productivity hack allows you to quickly jot

Windows Server 2008 End of Support (Questions and Answers)

Windows Server 2008 End Of Support

Unfortunately, all good things must come to an end — and on January 14, 2020, Microsoft will be stopping mainstream service for their highly popular Windows 2008 Server. If you are one of the millions of organizations who are still using this secure and highly stable solution, it may be time to look for other options before maintenance becomes an even greater challenge. The current Windows Server 2019 was released in November 2018 and since this is the fifth software release since Windows Server 2008, it’s not surprising that Microsoft has finally decided to deprecate mainstream support. Here are the answers to your burning questions about Windows Server 2008 end of support transitions.

What Does End of Service Mean for Windows Server 2008?

While the end of support period (EOS) for Windows Server 2008 is looming, that doesn’t mean the platform will stop working on January 14, 2020. It simply means that Microsoft will no longer be required to provide support and patches unless your organization has a specific contract in place to maintain support. All software and hardware have an effective lifecycle and Windows Server 2008 has been in a period of maturity for many years. This planned EOS period means that non-security updates, free support options, online technical content updates and free security updates on-premises will be halted by the Microsoft support team. Microsoft recommends that organizations immediately review options to shift to cloud-based options such as Microsoft Azure as this allows businesses an additional 3-year window of updates that are classified as Critical or Important by the Microsoft support teams. There are also options that allow customers to purchase Extended Security Updates at a premium to provide additional time to perform a migration.

What Are the Dangers of Windows Server 2008 Being Unsupported?

The security vulnerabilities alone should be reason enough to drive your business to make a decision to shift to a new solution. Cybercrime accounts for over billions of dollars of expenses and lost revenue for businesses each year, and a lack of security updates and patches can provide hackers with a door directly into your most valuable digital systems and information. With Accenture estimating that cybercrime could cost businesses over $5.2 trillion in the next 5 years, creating a secure environment for the backbone of your business is more crucial than ever before. That staggering statistic is based on the possibility of losses primarily to major health and life sciences organizations such as pharmaceutical companies. The potential for industrial espionage is significant when you consider the value of pharma knowledge and the capture of personally identifiable information.

What Happens to My Business When Windows Server 2008 Support Ends?

System vulnerabilities are nothing new for technology professionals, but many security-minded teams recommended freezing technology at Server 2008 as a stable and reliable solution for their business in years past. Now that the support is due to be deprecated, data managers are looking for ways to upgrade their server solutions or move directly to the cloud. Cloud-based solutions provide you with the flexibility and scalability that is needed for today’s modern organizations while offering a high level of security to combat the continual threats to your systems and data.

What Steps Should I Take Before Windows Server 2008 End of Support Date Arrives?

It’s not unusual for server upgrades to take quite some time, so it’s prudent to begin researching alternatives immediately. Begin with an audit of all the servers that are being used to determine the scale of the upgrade as well as any possibilities for consolidation. Server migration can cause a significant impact not only to your budget, but also to your users. If you do not already have a server migration strategy in place, now would be the time to map out those recommendations with a trusted technology partner. Finding a partner with a great deal of experience in Windows Server 2008 migrations or upgrades can help you avoid many of the land mines that might otherwise have a negative impact on your project.

What Are Best Practices for Windows Server 2008 Upgrades or Replacement?

While some organizations choose to go directly to the cloud for their server needs, there are other options for your business. You could decide to simply upgrade to a newer, stable version of Windows Server on-premise or utilize a private cloud or other hybrid solution to meet the needs of your business and stay within your budgetary requirements. Working with a technology solutions provider gives you the added firepower of external backup and recovery mechanisms in case something goes dramatically wrong during your transition period or in the event of a cyberattack.

Whether you decide to push forward with a full migration using your internal team or decide to work with a technology solutions partner, it’s crucial that you complete your investigations and make a plan of attack to migrate away from Windows Server 2008. There is an extremely high-risk factor when you stay with an unsupported software platform, making it all too easy for cybercriminals to infiltrate your weakened digital defenses.

Unfortunately, all good things must come to an end — and on January 14, 2020, Microsoft will be stopping mainstream service for their highly popular Windows 2008 Server. If you are one of the millions of organizations who are still using this secure and highly stable solution, it may be time to look for other

Is Having a vCIO Essential?

vcio services

Are your company processes aligned with the technology you have? Have you purchased different software for different things when one software could have been used for multiple things? Do you feel there are technological gaps or challenges not being appropriately addressed? Is your company providing its services or products in the most optimal way? Do you want systems streamlined to meet company goals?

If you have any one of these questions or any others like them, then you may be in need of a vCIO. But is a vCIO just another expense for your company or is it essential to obtaining optimal performance and achieving goals? Here’s what you need to know and should consider.

What is a vCIO?

A vCIO, short for virtual Chief Information Officer, provides all the functions of a CIO that large firms employ to develop strategies designed to leverage technology for optimal business performance. The CIO looks to technology for solutions, aligns it with business needs and goals, and measures its success by establishing metrics. In addition, the CIO keeps informed of all new opportunities and technological developments to ensure the company is up-to-date and on course for success.

Thus, a CIO is vital to an organization’s development, growth, and continued success. The one difference between a CIO and a vCIO, however, is this: resources. A full-time CIO is expensive and requires a lot of resources. You have to provide an office, a workstation, a good salary, and benefits. Those are costs that medium to smaller sized organizations would like to avoid. A vCIO allows these companies to benefit from the skills and knowledge of a CIO without having to put forth the full expense of one. A vCIO can be retained on an as-needed basis, so you pay only for the times you benefit from his or her services. In sum, your smaller company outsources a vCIO and receives larger company executive-level expertise at an affordable basis.

What benefits can a vCIO bring to your company?

To know the benefits a vCIO would bring to your company, a good starting point is understanding better what a vCIO actually does.

A vCIO is equipped with pretty much the same duties and responsibilities that a CIO is, and these include:

  • Analyzing IT. A vCIO assesses the hardware and software you use as well as your overall IT infrastructure and aligns it with your business processes and business goals. This analysis allows the vCIO to understand your work processes as well as to identify any challenges, gaps, and tech solutions. Based on this analysis, a vCIO will recommend hardware, software, and IT infrastructure expenditures.
  • Strategizing. A vCIO’s primary goal is using technology strategically. The vCIO will develop a plan to create and manage an IT system that helps the company achieve goals. The vCIO has a deep knowledge of technology and business and is able to incorporate both to benefit companies. To incorporate the strategy, the vCIO will work with other stakeholders and direct the IT roadmap.
  • Adding Value. A vCIO makes sure that the technology used brings value to the company by helping employees do their jobs better and by providing services and information, among other things, to clients more efficiently. A vCIO makes sure employees and clients get what they need.
  • Providing information. They are not called chief information officers for no reason. vCIOs must stay current on all things related to technology, including things that pose as risks to the company, technologically speaking. The vCIO will know all the industry trends and will analyze what the future holds so that the company invests in the right technology now and does not lose out later because of it.

These are the broad responsibilities of a vCIO, and through these responsibilities — if executed well — the company benefits. By leveraging technology strategically and successfully, a vCIO helps the company increase its employee and customer/client satisfaction while also increasing revenue and decreasing expenses.

In this way, the ultimate benefit of a vCIO is this: competitive edge. A vCIO can be that competitive advantage your company has over the competition.

Does your company need a vCIO?

In today’s market, no matter what industry you are in, technology plays a role. And technology is changing and evolving all the time, and with the latter come new opportunities as well and new challenges. No company today should be without an information officer, but so many are, and that’s why so many companies fail to achieve their goals. An information officer brings together technology advancements with company goals, and through this strategic alignment, magic happens.

So the question should really be: do you need a full-time CIO or a vCIO? The answer is dependent on several factors.

  • Number of employees. How many employees does your company have? Generally speaking, a company employing 250 people or fewer may benefit from a vCIO, but larger companies typically require full-time CIOs.
  • Technology. How much is your company reliant on technology? What are your security needs? How many employees are dependent on technology for their day-to-day tasks? How is data stored and managed?
  • Company Growth. Do you intend to grow your company? If so, when and how?
  • Business Goals. What are your business goals? How do you intend to reach those goals?
  • Resources. What resources, especially in terms of financial resources, does your company have? A vCIO saves you money and helps you increase profits, but the initial costs must be considered.

There are no straightforward means to determine if your company needs a vCIO or not. You must consider the above factors and weigh your answers. Technology today is complex. Its application for strategic purposes is complex. Its benefits, however, are many. Can a vCIO take your company where you want it to go, and can it do so faster, more efficiently, and more effectively?

Is a vCIO essential to your company?

Now for the real question: is the vCIO essential to your business? The short answer: yes. But if you are still unsure, ask yourself these questions:

  • Does your company have a go-to IT person who knows all things technology?
  • Is the technology your company has being used fully and strategically?
  • Are you creating value through your technology?
  • Is your data safe and secure?
  • Are your employees satisfied?
  • Are your clients/customers satisfied?
  • Do you see growth in the future?
  • Do your IT infrastructure and your business procedures lead to outcomes that achieve business goals?
  • Do you have a competitive advantage over your competitors?

If you answered no to any of these questions, then that can be problematic. A vCIO can ensure that all the above questions are answered affirmatively, and when that’s the case, you can rest assured your company is performing optimally. So, ask yourself now: is a vCIO essential to your company? Then act; do your research and find a vCIO that will fit well with your company.

Are your company processes aligned with the technology you have? Have you purchased different software for different things when one software could have been used for multiple things? Do you feel there are technological gaps or challenges not being appropriately addressed?

Warning: Foreign Hackers Compromised Citrix Systems

Citrix Data Breach

Citrix said the FBI warned them on Wednesday, March 6th that hackers compromised its IT systems and stole “business documents.” Citrix doesn’t know precisely which documents the hackers obtained nor how they got in.

It’s suspected that this is a sophisticated cyber espionage campaign supported by a nation-state. The consequences of the Citrix security incident could affect a broader range of targets, as the company holds sensitive data for many companies, including critical infrastructures for governments and enterprises.

For more information click here. Feel free to contact us for assistance if you’re concerned about your IT security.

Citrix said the FBI warned them on Wednesday, March 6th that hackers compromised its IT systems and stole “business documents.” Citrix doesn’t know precisely which documents the hackers obtained nor how they got in. It’s suspected that this is a sophisticated cyber espionage campaign supported by a nation-state.

How To Limit What Others See From Your Browsing History

Browser History

If you’re like most people, you’ve got valid concerns about your personal privacy while browsing the internet. After all, Facebook and other organizations with a huge online presence have recently been caught dropping the ball regarding protecting the privacy of their users, so it’s only natural to wonder if your privacy is being further compromised and how it’s being done, which leads us to the primary question: What measures can the average internet user take to help ensure that the details of their browsing histories are limited to anyone who may be keeping tabs?

Fortunately, you’re not helpless in this situation. However, if you’re like many current users, you may be already using the Do Not Track option in your browser and possibly gaining a false sense of security by doing so. Unfortunately, all this option really does is convey to the websites you visit that you don’t want them to log your browsing history, but it doesn’t prevent them from doing so, and many completely ignore the request. In fact, this option will probably be removed in the near future.

Fortunately, your browser offers other ways to help ensure your privacy. Following are several browser-specific tips and tools designed to help keep your history safe from the prying eyes of cyberspace.

Firefox

Firefox’s privacy controls are found under the Privacy & Security tab in the Options menu. You can block third-party cookies from there, accessing Content Blocking and selecting Private Mode. You can also choose to have your cookies automatically erased each time you end your browsing session. Firefox also allows users to customize this option on a site-by-site basis under the Settings menu, which results in pop-prompt requesting permission the first time you access individual websites. You can also specify and limit the kinds of data that you allow the browser itself to collect and store, such as technical details about Firefox’s performance and various extensions you’ve installed on your computer.

Safari

If you’re running Safari, you’ll be glad to know that the browser already does some of the work for you when it comes to protecting your privacy — disabling third-party cookies is Safari’s default mode. It also gives you the option of blocking all cookies, but users often consider that a pain because it creates a situation where auto-login doesn’t work, and they must log in every time they visit their favorite sites, including email and social media. Like Firefox, Safari has a private browsing mode that deletes cookies and history once the browser has been closed.

You can also access Safari’s Manage Website Data tab to see what websites have already logged and to delete that data if you want. Under the Preferences setting, you can click Websites to control which apps and sites you want to allow to access your computer’s microphone and camera.

Chrome

Chrome provides users with the capability to adjust their privacy settings using Content Settings under the Advanced Settings option. You’ll be able to disable cookies here, but that will leave you with the inconvenience of losing auto-login. Some people find the extra layer of protection worth the hassle, but cookies aren’t really a major culprit when it comes to privacy breaches because regular cookies can’t be seen by apps or other websites.

Third party cookies, on the other hand, are those used by advertisers to track the overall browsing activity of users for the purpose of creating targeted ad campaigns. You can easily disable these in Chrome by simply switching the block third-party cookies option to ON in the Content Settings permissions. You can also limit access to your location, camera, microphone, and USB devices.

Edge

Microsoft Edge functions as a part of Windows, and its user-friendly interface makes customizing privacy controls easy. Under the Privacy & Security tab in Settings, there are options allowing users to allow all cookies, disable all cookies, and disable only third-party cookies. Edge also offers a private browsing mode similar to those of the other browsers mentioned above. Under the Advanced tab in the Settings menu, you can access Manage Permissions to control who sees your location and can access your microphone or camera.

However, the browser options given here are just a part of a bigger, more complex picture when it comes to online privacy. Google still records user activity and even saves all of your search history. You can delete this by going to your My Activity page on Google, selecting Search History from its dropdown menu, and clicking on Delete. To stop it for good, you can access Activity Controls and turn off tracking for Web & App Activity. Google also saves all of your voice searches, but you can remove them by going to their Voice & Audio page and clicking on Manage Activity.

Some users opt to use a VPN when browsing the internet because it generates proxy IP addresses, so although activity is tracked, it can’t be traced back to the user. Others install various ad blockers for even more protection, and the super-vigilant often opt for the added security of using a private browser. No matter what your privacy concerns, there’s a workable cocktail of tools and strategies that can provide you with a customized solution.

If you’re like most people, you’ve got valid concerns about your personal privacy while browsing the internet. After all, Facebook and other organizations with a huge online presence have recently been caught dropping the ball regarding protecting the privacy of their users, so it’s only natural to wonder if your privacy is being further compromised

The Ultimate Small Business Owner’s Guide to Ransomware

Small Business Ransomware

Your employee innocently clicks a link within an email or visits a sketchy website and the next thing you know your digital assets are being held hostage by a cyber attacker. It only takes a few keystrokes to cause potentially irrevocable damage to your systems, and hackers are always looking for new victims. With ransomware, you may be able to regain full access to your files and other digital assets — but at what cost to your business? No size of business is immune to cybersecurity assaults, and ransomware is on the rise in small businesses. In this Ultimate Small Business Owner’s Guide to Ransomware, you’ll learn more about the threat, tips to protect your business and suggestions on how to recover after your business has been infiltrated.

What is Ransomware?

Ransomware is a specific type of malware that results in you losing access to your digital assets until a ransom is paid to the attacker. The assumption is that as soon as you have paid the cybercriminal, you’ll regain access to your information — but there is no guarantee that hackers will unlock your files after payment. The loss of access to your information and business systems can be crippling for your business, sending productivity into a downward spiral and frustrating customers and vendors alike. The faster you or your IT security provider are able to react, the more you will be able to limit the damage done to your organization and reputation due to ransomware. The three primary types of ransomware are:

  • Data encryption or fundamentally changing the format of your files
  • Programs that hijack your desktop files and require payment to unlock them
  • Mobile ransomware that prompts you with payment instructions

Each type of ransomware presents particular challenges for your organization.

Dangers of Ransomware

Aside from losing access to your files, your business may effectively be at a standstill with a widespread ransomware attack. Computer and phone systems, your website, your email servers — all are interconnected and can be vulnerable to this type of aggressive malware. Today’s data and technology platforms are often tied tightly together which expands the reach of a particularly malevolent attack. The effects can be far-reaching, from an inability of customers to place orders or check order status to causing your automated production lines to grind to a halt. Until you are able to regain access to your data and files, your business may be relying only on printed information. This is particularly damaging when you consider how many of today’s offices are going paperless.

How is Ransomware Spread?

Ransomware is spread in a variety of ways, but the most common is through someone clicking a link within an email or visiting an infected website. These back doors to your systems provide hackers with easy access to business-critical systems and information, allowing them to virtually lock the door to your digital assets. Social engineering is another way that unsuspecting staff members are tempted to provide the keys to the virtual kingdom. Hackers are becoming extremely deft at using information stored on social networks to create ads or messages that seem to be from trusted colleagues — yet lead to malware.

Are Small Businesses Vulnerable to Ransomware?

You may think that only larger businesses with deep coffers would be tempting to cybercriminals, but small businesses are considered quite vulnerable and may be ideal targets for a quick attack. Small business owners are often lulled into having a false sense of security thinking that they are too small to be a target. A 2018 data security report by Verizon shows that 58% of malware attack victims were small businesses. Stealing your customer information can be the work of a few hours for a hacker, and these data points are extremely valuable on the dark web. It’s relatively easy for individuals to gain access to the tools that are required to break through basic security measures. It’s crucial for small businesses to stay informed and enhance their security profile in order to protect sensitive competitive and customer information.

How Can I Protect My Small Business from Cyber Attacks?

Protecting your small business from cyber attacks begins with assuming a more aggressive security posture. It’s no longer a matter of simply scanning emails for viruses and adding a firewall. The increasing scope of data breaches means you will need to either invest in internal security infrastructure or work with qualified professionals who specialize in cybersecurity. Protecting your business from ransomware and other cyber attacks requires a range of protective measures, including:

  • Staff training on creating adequate passwords and the importance of never sharing passwords
  • Limiting data and systems access for unauthorized users
  • Thorough review of endpoints, including secure employee and guest WiFi access
  • Close monitoring and review of when and how contractors are allowed access to systems
  • Maintenance of government regulations and compliance mandates
  • Advanced antivirus software, preferably with active monitoring
  • Regularly reviewing and enhancing backup and recovery strategies
  • Applying software patches and updates in a timely manner

Each of these strategies will take time and effort to implement, and they all work together to help protect your organization from being the target of a ransomware or other type of malware attack.

Recovering After a Ransomware Attack

Understanding the type of ransomware that has been added to your system is the first step in recovery. This will help you or your technology service provider determine the next steps for restoring full system usage. If you planned ahead and have a solid backup and recovery program, this is likely when you’ll begin taking those steps. IT security professionals recommend taking these steps to recover from a ransomware attack:

  • Disconnect everything to limit infiltration to unaffected systems
  • Take pictures or screen captures of the ransomware screen, including the payment requirements and information
  • Begin taking steps for recovery
  • Learn more about the specific type of ransomware that is affecting your system
  • Determine whether you are able to completely restore your systems from backups

Finally, create a crisis communication strategy that will allow you to provide customers and employees with the information they need to continue working after the attack.

The best option for your business to survive a ransomware attack is to avoid it — but that’s not always possible. Become educated on the dangers of this particular type of malware and how you can prevent it, or you risk becoming yet another statistic in the ongoing fight against cybercriminals.

Your employee innocently clicks a link within an email or visits a sketchy website and the next thing you know your digital assets are being held hostage by a cyber attacker. It only takes a few keystrokes to cause potentially irrevocable damage to your systems, and hackers are always looking for new victims. With ransomware,

Why Do Hackers Target Small Businesses?

Small Companies Hackers

Why Small Companies is the First Target for Online Hackers

According to the SBA, small business employs less than 500 people and realizes less than $7 million in profits annually. This standard defines a small company across the global business world. A large percentage of these smaller businesses operate as privately owned companies. Hackers are especially targeting these smaller businesses with 10-250 employees. Many of these companies use a weak online security system.

It is vital that business executives of these smaller companies sharpen their IT systems. Additionally, it is critical that all large company CEOs in this twenty-first century become educated about hackers targeting small businesses. Many business executives, business owners, C level executives, and business managers may ask.

What does this information have to do with my corporation?

Times have dramatically changed. The small business owner is now a big target to get to larger companies. This little fish in the world of trade leads to a much bigger catch, namely larger corporations. This method that hackers now use has seen an increase of over 250 percent over a year ago, an unnerving thought.

We live in a dramatically different world today. We live in a digital world, like it or not. Small business owners, especially aged business owners can no longer do things from an old school perspective. No longer can business be done via pencil and paper. If owners do not have an active internet presence, the company does not thrive. This increasing and necessary internet presence are dangerous. This internet presence is an immense playground for hackers who can close the doors of many small business owners and do irreparable damage to larger corporations.

Protecting Company Assets and Great Reputations

All business owners must protect their excellent reputation and a company’s assets. It is critical that business professionals across the globe seek to increase knowledge and information on how highly secured IT systems is so vital to their business and online presence. Sharpened IT technologies can protect your company from hackers targeting smaller businesses. Hackers now utilize the small business owner first as a stepping stone to gaining sensitive information from large corporations worldwide.

What is Drawing Hackers to Small Businesses?

Hackers are working hard to send dangerous viruses, malware, or phishing attacks through small business systems. Hackers are leveraging extortion against small business owners to get to larger corporations. Perhaps the small business owner does not have a quality, highly secured IT system to protect their company from these hackers. Hackers use information gained from small businesses linked to large companies to con the smaller companies into handing over sensitive corporate data.

The smaller business has a more significant presence online. These smaller companies use Cloud service which is grossly unprotected, unencrypted, and readily accessible to hackers.

What Do Hackers Want With Company Files?

There is a lot of personal customer information hackers find vital to their existence such as names, dates of birth, Social Security numbers, phone numbers, financial numbers, and more personal details. Hackers use this personal information to get money, or they sell this information to other entities who will use them. This private and sensitive information equals millions of dollars to hackers.

The methods by which hackers use to infiltrate companies cycle in popularity. IT systems find that the use of ransomware is dramatically increasing in popularity over the last few years. Ransomware infects a companies PC which in turn encrypts those files denying that company access to their records. Hackers hold this vital information for money. Companies know that the information contained is worth a lot more money than the pirates demand. This method leaves small business owners no choice but to pay up. Hackers target small businesses across the globe as a vital link to infiltrate larger companies. The best security a CEO can have is firm security for online presence. IT professionals highly recommend an up-to-date and secure computer system. Additionally, recommendations are for an offsite backup.

How Can Small or Large Companies Avoid Attacks by Hackers?

Companies across the globe must follow strict guidelines and laws in place protecting sensitive data. If companies do not follow these laws, there are severe penalties. These penalties can be so expensive to the company that it must close its doors. These set guidelines tell businesses the following.

  • How to store vital, personal information
  • How to safely access sensitive information
  • How to protect confidential information
  • How to save and protect a customer’s financial information such as credit card, and banking numbers.

A breach in any company’s files is a nightmare which is liable to ruin the reputation of an excellent company. It takes many years for that company to regain the trust of clients. Some corporations never recover the confidence of their clients.

It is vital that all businesses have reliable and secured IT systems to ward off online attacks by hackers.

Educate employees never to hand over sensitive information to people unknown to them. Employees must protect information about their companies customer base, their vendors, and their suppliers.

Stress the importance of employees developing strong passwords and frequently changing passwords.

Checking and deleting all emails sounding sketchy is vital.

Employees must be aware of all of their online actions.

Never store sensitive information in the Cloud services. This service does not offer encryption, and it is easy for hackers to access.

Security systems are continually changing as much as hackers change their methods of breaching firms. Initiate sound online security systems, backup sensitive information offsite, install updated software, remain vigilant concerning severe hacker attacks and possible damage to the company.

Large and small companies across the globe yearn to be a trusted entity for clients. Trust may take years to earn and longer to get back when lost. Sometimes trust, once acquired is never regained once lost to hackers.

Why Small Companies is the First Target for Online Hackers According to the SBA, small business employs less than 500 people and realizes less than $7 million in profits annually. This standard defines a small company across the global business world. A large percentage of these smaller businesses operate as privately owned companies.

Moving Into A New Office? (Free Guide)

Office Technology Moves

It doesn’t matter whether you are a 10-person team or a Fortune 500 conglomerate, relocating your office is going to take some planning and forethought. The last thing you want is to be forced to close up shop for an extended period, stalling your business due to unexpected issues.
Moving your office should signal growth to your client base; not chaos. So how can you take your business to the next level  and the next address? The key to a successful transition is preparation. You have a marketing strategy … a client care strategy … and a business building strategy … so why not a moving strategy?

Creating a Plan

It is never too early to start planning your big move. This means devising a plan for individual departments as well as the business as a whole. Remember, time is of the essence when it comes to moving an office. The faster you can get your new digs up and running, the faster your team can get back to work.
The first thing you need to do is to appoint a moving manager. This is the point man designated with coordinating the entire office relocation. This includes everything from packing up all necessary files and ordering new stationery to make sure every department has what they need to work on the go for a few days.

More than just a packing or moving expert, the relocation manager knows exactly what is necessary to get your office from point A to Point B with as little downtime as possible. Once you have a moving manager in place, it is time to begin assigning teams to handle individual aspects of the move.

Hire Professional Movers

Not every commercial moving company is equipped to handle large office relocations. Be sure to choose a company that understands the nuances of relocating a business. Remember, they will not be simply moving your desks and chairs from one place to another; they will also be responsible for securing sensitive files and making sure everything makes it to the new location safely.

Equip the IT Department Properly

One of the trickiest parts of moving an office is disconnecting and reconnecting quickly and efficiently. This can only be accomplished if your IT department has what they need to succeed. Here are some tips to create a hassle-free environment for them to work in:

  • Give the IT department at least three months to plan the transfer. This will include developing a step-by-step outline for the move.
  • Evaluate the new space well in advance of the move
  • Order upgraded equipment weeks before moving day to ensure everything has arrived
  • Coordinate all installations for several days before the actual office move
  • Make sure that all cabling is installed and tested prior to moving day
  • Move the IT department first. This will allow them to work to get the rest of the office up and running while boxes are still be brought to the new site.
  • Install and test all work stations prior to the first scheduled workday in the new office.

Relocating an office can be exciting, but that doesn’t mean the process is always easy, or that it will run smoothly. A lot of things can go wrong if you don’t plan properly, so be sure to follow the guidelines here to ensure that your staff isn’t stressed and your clients don’t feel abandoned during the move. When handled properly, you should be able to move the entire office and have everyone back to work within a day or two.

Moving soon? Contact PACE Technical Services to arrange a complimentary consultation on how we can assist in the technology side of your office move.  Call 905.763.7896 Ext. 214 or drop us an email.

It doesn’t matter whether you are a 10-person team or a Fortune 500 conglomerate, relocating your office is going to take some planning and forethought. The last thing you want is to be forced to close up shop for an extended period, stalling your business due to unexpected issues. Moving your office should signal growth

What Are Some Common Myths With Managed IT Services?

Managed IT Services

Managed IT Services is a transaction often required by businesses large and small in order to operate efficiently. It’s unfortunate that some owners and managers misinterpret the scale of services provided by a Managed IT Provider. To some extent, there is a contractual obligation toward the expected services, but there is also a simple limitation as to what the IT Provider is capable of doing for your company. Managing your network system, affording security to your records, or simply plugging in your new computer can all be aspects of what IT does, but it has to be contracted in order to hold an expectation of having a particular aspect of the job completed for you.

Contracts and Coverage

A common myth about contracted IT services is that “everything” is covered. No IT service provider is going to contract to enable the software your company uses and expect to spend a week developing your network. Likewise, nobody is going to contract to physically attach your hard components and then set up software for free. Although most IT people can do either job, they specialize. One person might run power cords to individual desks and set up the needs for a computer to run, another person will customize the individual computer to the needs of the job. Although either person can do either job, they don’t, so you need to describe to the Managed Services Representative which of their employees you need to hire to fill your needs and which services you plan to conduct in-house in order to find the right contract with the right specialists you need for consultation services.

Service Level Myths

Some companies offer tiered pricing platforms in the services they offer. To an extent, such offers allow individual businesses to choose what services they need, but at the same time, it has to be understood the provider is going to do their very best regardless of which pricing tier you choose. If you pay only to download new software, no legitimate provider is also going to install it for free, nor can a contract to install software be filled if the programs haven’t been bought and downloaded. No Managed Service can provide free service in addition to their contractual obligations, but it isn’t a myth that they will give you appropriate advice on how to meet your goals and needs.

Every IT Provider Is an Expert

Unfortunately, not everybody who offers IT Service is an expert in the needs of your company. A reputable Service Provider will tell you what they can and cannot do, and will have associates they can recommend toward the services you need which they don’t provide. It isn’t a myth that every IT Provider is an expert. They are, but they aren’t necessarily an expert in every aspect of the field. IT Services are a broad range of helpful ideas toward your company’s success, anyone who claims to be an expert in every aspect of those concepts should be viewed with skepticism.

Conclusion

IT Services are a necessary aspect of every successful business. Some IT work can be conducted in-house, but other jobs require an outside contractor. It’s important to understand what services are provided contractually and realistically as opposed to believing the myths about what an IT Provider can do for you before you hire them, and a reputable company will be prepared to answer such questions as part of their business proposition before you hire them.

Managed IT Services is a transaction often required by businesses large and small in order to operate efficiently. It’s unfortunate that some owners and managers misinterpret the scale of services provided by a Managed IT Provider. To some extent, there is a contractual obligation toward the expected services, but there is also a simple limitation as to

Should Local Companies Outsource IT?

Managed Service Providers

Technology is the backbone of every business from, the smallest family-owned retail store to the largest international corporations. Companies everywhere depend on their technology to help them to reach their goals and stay competitive in a rapidly growing marketplace. However, when you combine the importance of technology with the reality that it is continuously evolving, you wind up with a major IT problem for many smaller businesses.

Keeping up-to-date with these changes used to require hiring costly full-time IT professionals, but not anymore. Today, an increasing number of small- and medium-sized local companies are enjoying the experience of IT professionals, without the expenses of having to pay for their own IT department. They are able to do this by outsourcing their IT needs to an MSP.

What is an MSP?

The acronym MSP stands for ‘Managed Service Provider.’ MSPs are specialized IT companies which offer their services and expertise to other businesses, usually through a subscription-based payment model. Businesses contract with MSPs to take care of a variety of different ongoing IT issues for them, including:

  • Deploying, maintaining, and updating servers;
  • Securing company data from hackers and other cybercriminals;
  • Monitoring and managing critical applications and websites;
  • Answering technical questions for employees and clients;
  • Installing maintaining, and safeguarding company e-mail, and
  • Providing data storage, regular backup, and recovery services.

Five Advantages of Hiring an MSP For Your Local Business

  • Lower your upfront costs. Purchasing and replacing technology doesn’t come cheap. Can your business justify the need for spending tens of thousands of dollars on its own servers and other hardware when you know just a few years down the road you will have to replace all of it. Using an MSP eliminates a large initial outlay of money and guarantees you never have to worry about upgrading your system in the future.
  • Reduce your costs. The average annual salary of an IT professional is more than $80,000 a year. That can be a significant strain on any company’s labor budget, especially if you don’t need a full-time, on-site tech expert. However, when you hire an MSP to take care of your company’s tech needs, you only need to pay a fixed monthly fee for the security of knowing you can still receive the same level of support you would get from a full-time employee at a fraction of the cost.
  • Become more competitive. Hiring an MSP gives your business instant access to much of the same technological resources that larger companies have, and your local competitor down the street probably doesn’t. That means your employees will be more productive and have the ability to provide better and faster service to your clients allowing you to grow your business quicker than ever before.
  • Lets you concentrate on your primary business. Your company is outstanding at what it does, but it just doesn’t ‘do’ tech. And why should it? You and your employees need to be focusing on what you get paid to do, and not having to worry about coming up with ways to find a workaround when your tech fails. Give your staff members the peace of mind of knowing that whenever they have an IT question, there is always someone who can help. One phone call to your MSP can get everything back up and running in no time.
  • Reduce the risk to your business. Hackers love to target smaller businesses for their perceived lack of security. In 2017, over 60 percent of US small businesses were victims. How secure is your company and are you doing all you need to do to protect your clients’ data from cybercriminals? Your MSP can help keep your data safer and ensure that your company complies with the most-up-date PCI security standards and other tech laws.

Not Ready To Completely Transfer Your Company IT to an MSP? Try a Hybrid Solution.

If you already have employees who handle the IT for your business, it doesn’t mean that you can’t benefit from having an MSP as well. Lots of companies decide to keep some aspects of their IT support in-house well outsourcing other tasks to an MSP. This arrangement allows your IT guys the opportunity to concentrate on mission-critical tasks why letting others worry about routine jobs like backing up data.

So, whatever the size of your business, or whether or not you currently have your own IT staff, managed service providers can be an essential part of your business plan.

Technology is the backbone of every business from, the smallest family-owned retail store to the largest international corporations. Companies everywhere depend on their technology to help them to reach their goals and stay competitive in a rapidly growing marketplace. However, when you combine the importance of technology with the reality that it is continuously evolving,

Selecting The Right Business VoIP Provider [2019 Guide]

Business Phone Systems

To experience growth and stay relevant in their given industries, companies rely on productivity-enhancing and cost-effective communication systems that provide a robust, efficient platform for critical interactions, both internal and external.

Voice over Internet Protocol (VoIP) systems have risen to the forefront as a viable communication solution for businesses of all sizes, replacing traditional telephone systems and securing a spot as a standard for communication in the professional world. While VoIP systems require an Internet connection to operate, they can support high-quality long-distance calls while offering a number of other modern features, including integrated video conferencing, file sharing, and call recording.

Selecting a suitable service provider to set up and manage your VoIP system is an important decision, but if you know what you are looking for, the process becomes significantly simpler. We have organized the following list of criteria to guide you in picking the best VoIP service provider for your company.

Affordable Cost

Cost is an important factor in the decision-making process. Different vendors will have varying prices for the system hardware and installation, as well as a range of rates for managing, updating and maintaining a VoIP system. You should take stock of your company’s communication needs, as well as the budget you have available for meeting them. Keep in mind that with a quality service provider, you should not have to pay hidden service fees or extra chargers for standard features, including conference bridges, voicemail boxes, auto attendants, custom messages, and ring groups. Avoid VoIP providers who are not upfront about the costs associated with their technology and services.

Robust Cyber Security

Advanced security features should be a given. Even small- and medium-sized businesses can be targets of cyber attacks, including malware, phishing scams, and other viruses, which threaten their infrastructure and information. According to the U.S. Computer Emergency Readiness Team, VoIP, which relies on an Internet connection, “may be vulnerable to many of the same problems that face your computer and even some that are specific to VoIP technology.” Your VoIP service provider should be well aware of risks associated with this type of technology and ensure you have access to cutting-edge security features that protect your organization from cyber threats.

Call Management

A basic feature offered by top-notch VoIP providers is call management. This can include a number of functions that benefit your business, including call waiting for service, caller ID, call forwarding, voicemail, dial-in directories, call blocking, and other basic calling options. When shopping around for a provider, find out what call management options they offer that will be convenient and helpful for your organization’s employees.

Reliable Support

You should be able to access and use your VoIP system for business operations consistently and without delay. That is why a quality VoIP provider will emphasize a high level of uptime and round-the-clock technical support, which includes monitoring and maintenance. You should be able to reach your provider via email, phone call, or live chat when you need assistance with your service or encounter technical difficulties. Another important aspect of customer support is a plan for disaster recovery, in case you experience a system failure or other emergency. VoIP providers should have intensive protocols in place to quickly address the issue and get you back on track without losing valuable time or important information.

Intricate Integration

Any cost-worthy VoIP service should offer organizations more than the simple ability to make calls. To enhance productivity and efficiency, you should be able to integrate company smartphones, since many people rely on their mobile devices to do business outside of the office. You also should pick a VoIP provider that allows you to integrate your system with existing third-party processes, applications and extensions, including Google Drive, Dropbox, Salesforce, Desk.com, and office software, among others. Without easy integration, you could face the resource-intensive task of transferring business data or creating new databases.

Unified Communication

Unified communication is another industry standard that you should keep in mind when searching for the right VoIP solution for your company. Unified communication is a feature that allows you to integrate a variety of communication methods into a single system, mitigating your need to open separate apps or windows. Some of the communication methods you will likely want to access from your unified platform include email, video call, voicemail, and conference calls.

Local Area Codes and E911

You do not want clients, business partners, or other individuals to incur a charge when they call you on a traditional telephone system. That means you could look for a VoIP system that supports local area codes. Additionally, your provider should offer enhanced 911 (or e911) service, which enables emergency service dispatchers to automatically locate a caller’s geographic location.

Sound Quality

In this day and age, there is no excuse for subpar audio when using modern technology for business communications. Quality VoIP providers should be able to ensure high sound quality, as well as a guarantee to address technical problems if you experience choppy audio.

Obviously, there are numerous factors to consider when you are searching for the best VoIP system and service provider for your organization. Working alongside experienced IT consultants or information service providers can help you select an option that fits well with your existing communication systems, serves your professional needs, and stays within budget.

To experience growth and stay relevant in their given industries, companies rely on productivity-enhancing and cost-effective communication systems that provide a robust, efficient platform for critical interactions, both internal and external. Voice over Internet Protocol (VoIP) systems have risen to the forefront as a viable communication solution for businesses of all sizes, replacing traditional telephone

A Look At The 2018 Cybercrime Stats

2018 Cybercrime Stats

What Is the Big Picture in Terms of Cybercrime in 2018?

The past few years have revealed trends that show us cybercrime won’t just go away. The following stats put the breadth of the threat into perspective:

  • Cybercrime was the 2nd largest crime in terms of the number of incidents reported.
  • Cybercrime accounts for more than half all criminal activity in the U.K.
  • An attacker is present in a network an average of 146 days before getting caught. That’s enough time to get what they need without getting caught.

What Did Cybercrime Cost in 2018?

With technology continuing to advance in favor of cybercrime, 2019 is likely to see its share of hacking headlines. The Cyber Security Breaches Survey revealed that 43 percent of businesses experienced some kind of cybersecurity breach in 2018. California alone lost $214 million to cybercriminals.

VPNs are one way people try to protect their online privacy, but user behavior continues to counteract the best firewalls and security strategies. For example, despite knowing the risks of clicking an unknown link or email, many people do so anyway.

What is a Cybercrime Platform?

The cybercrime economy mimics the global economy’s shift towards a platform model. This mirrors the legitimate shift to social media, Amazon and Google. Platforms connect retailers and consumers and give people a place to interact in other ways. Unfortunately, this has given unscrupulous people an opportunity to get to know how these systems work and use that knowledge to commit cybercrimes.

What Is the Most Common File Format Used By Cyber Criminals?

Hackers love Microsoft Office file extensions. They know people trust them and are more likely to click on them. Emails are the most common way that cybercriminals defraud their victims, and they do so by sending files with familiar extensions to mask malware and spyware. People use emails every day for all kinds of communications, including very sensitive information. Unfortunately, it’s relatively easy for bad actors to send you an email that opens you up to viruses, identity theft and other risks.

How Are Cyber Criminals Making Money Off Your Computing Power?

Some hackers aren’t interested in your personal information or causing havoc with your sensitive files. Believe it or not, some cyber criminals break into your computer to steal your computing power. They may use these unauthorized resources to mine cryptocurrencies, for example.

One of the latest threats involves the use of your computer or other devices for bitcoin mining. Symantec has reported an increase of 8,500 percent in the number of people caught coin-mining. This indicates that there are hackers dedicated to accessing and using a victim’s computer resources in lieu of stealing personal data.

How Much Money Can a Cybercriminals Make?

The short answer to this is that an individual with the right skills can earn far more via cybercrime than most legitimate lines of work. Individuals can earn about half a million dollar a year by selling stolen data. There are several levels involved, however. Low-level hackers may be happy with petty crimes that put extra cash in their pocket. Highly specialized hackers can make millions working alone or as a team. Generally, though, hackers make about 15 percent more than those in traditional crime brackets. High earners bring home about$167,000 a month, mid-level earners rake in $75,000 a month and at the low end of the spectrum, petty cybercriminals make $3,500 a month. For instance, someone managing multiple card data forums can bring in millions each month.

How Do Hackers Use Existing Platforms to Make Money?

Just turn on the news any given night and you can find stories on data breaches, the bread and butter of cyber thieves. Personal data can be sold as is or used to created bank accounts and apply for credit cards, which are sold for small or large fortunes. Theft isn’t the only crime possible. Major platforms are targeted for the myriad of data they collect. Even Facebook is not immune. It was in the news for a significant data leak in 2018. Yahoo also had a major breach that compromised 3 billion user profiles. Cybercriminals aren’t shy about going after these giants, so it’s up to you to increase your vigilance at home and at the office.

Are Smart Homes Vulnerable to Cyber Attacks?

Smart home devices usually connect to your home network from an outside network. If your router is adequated protected, you’re opening the front door of your home for cybercriminals. With smart home devices becoming more common, savvy criminals are learning to take advantage of their vulnerabilities.

What Is the Big Picture in Terms of Cybercrime in 2018? The past few years have revealed trends that show us cybercrime won’t just go away. The following stats put the breadth of the threat into perspective: Cybercrime was the 2nd largest crime in terms of the number of incidents reported.

How Compliance Manager With Microsoft Office 365 Works

Companies today operate under strict regulatory conditions. Complying with those regulations can be daunting, but failure to do so has serious implications. Managing compliance, therefore, is imperative. Microsoft offers Compliance Manager, a unique cross-Microsoft-Cloud tool, that allows organizations to manage and navigate the complex terrain of regulations. Here is how Compliance Manager works to help your company comply with the law and applicable regulations and standards.



Who is Compliance Manager For?

Compliance Manager is for any company or organization that needs a comprehensive and proactive tool to assess, track, verify regulatory compliance and assign tasks related to the same. Anyone who must comply with regulations or standards like the following would benefit from this tool:

  • EU General Data Protection Regulation (GDPR)
  • Health Information Portability and Privacy Act (HIPAA)
  • International Organization for Standardization (e.g., ISO 27001 and ISO 27018)
  • National Institute of Standards and Technology (NIST)

Essentially, the tool allows you to protect data and meet regulatory requirements via Microsoft cloud services.

What are Compliance Manager’s built-in features?

Compliance Manager features various tools to help your organization comply with regulations and standards pertinent to data protection and security. Here are three specific capabilities featured:

  1. Assessment. The tool allows you to assess compliance from one place. Risk assessments are conducted on an ongoing basis.
  2. Protection. Users can protect data across all devices, applications, and cloud services by using encryption, controlling access, and implementing information governance.
  3. Response. Users can respond to regulatory requests through the incorporation of eDiscovery and auditing tools that allow you to locate relevant data for meaningful responses.

Through these features, Compliance Manager works to help you stay in and proactively manage compliance.

How does Compliance Manager Work?

Compliance Manager works by utilizing a single dashboard to see compliance stature. The dashboard provides summaries of your company’s assessments and action items. From those summaries, you can access controls and tools like exporting data to Excel.

You create assessments for the regulations and/or standards that matter to your company using Office 365, Azure, or Dynamic 365.

From these assessments, you receive actionable insights and detailed information about what Microsoft does to secure your data and help you comply with regulations.

Assessments

On the Assessments page, you are provided snapshots of your company’s compliance with specific regulations and standards — like those listed above — assessments of each.

For instance, compliance snapshots of your company will identify your company’s overall compliance with regulations like GDPR or standards associated with NIST or ISO. Each category is provided a “Compliance Score,” and the higher the score, the better your compliance stature.

On the same page, you are also provided with snapshots of assessments for each of these same categories. An Assessment Status is provided to let you know the status of the current assessment (e.g., in progress).

Under each of these snapshots, whether it is for compliance or assessment, you are additionally informed of:

  • The created date;
  • The modified date;
  • The number of customer-managed actions and the number of those actions that have been addressed; and
  • The number of Microsoft managed actions and the number of those actions that have been addressed.

Action Items

This page provides guidance on actions that could or should be taken to increase your Compliance Score. These are recommendations and are up to the company to implement.

Controls

Controls are the core of how Compliance Manager works. There are two controls: Microsoft and Customer.

Microsoft managed controls is a family of controls that align your company assessments with the standards and regulations. They are managed controls used to implement the assessment and assess compliance. Customer-managed controls, on the other hand, are controls that you as an organization manage. Here, you can implement actions recommended by Microsoft to increase your Compliance Score.

Compliance Manager

Compliance Manager is a tool to simplify compliance for organizations. It offers real solutions to a complex problem.

Companies today operate under strict regulatory conditions. Complying with those regulations can be daunting, but failure to do so has serious implications. Managing compliance, therefore, is imperative.

The Risks Of Using Auto-Complete For Passwords

Autocomplete Passwords

The auto-fill feature that makes it easy to enter in usernames and passwords on various websites may be putting your information at risk.

While auto-fill is a convenient way to keep track of the many combinations of letters, numbers and special characters you need to access sites, the feature is also being used by advertisers and hackers. That’s why many security experts are suggesting turning off the auto-complete feature in your web browser.

Password manager programs embedded in browsers are a simple way to get access to a password-protected website. The password manager auto-fills your details, giving you one-click access to account information meant to be kept private.

How Hackers Get Access

If hackers get access to a compromised website, they can put an invisible form on the site and easily collect users’ login information. If your browser automatically enters this information when it sees the appropriate boxes on a web form, it adds the info everywhere those boxes are found on a page, whether they’re seen by the user or not.

Because most web users use the same username and password for multiple sites, the theft of this information on just one website can expose your information on many others.

Not Just Hackers

It may come as a surprise to learn that hackers are not the only ones trying to use your login information. Some ad networks are using tracking scripts to grab email addresses stored in your password manager for auto-filling. That tech can be used to grab passwords too, whether stored on a browser or an independent password management site.

The ad networks are using the same technique as hackers — an invisible form that captures your credentials provided by the password manager. Here’s a helpful demo page that shows you how it works.

Ad networks are using this information not to hack your data, but to understand what sites you navigate to better target ads to you. And while they claim to only be grabbing email addresses, the potential for further abuse is there.

What Computer Users Can Do

Password managers by themselves are still useful tools, especially given the number of codewords we need to go about daily web browsing. It’s the auto-fill mechanism that needs to be disabled. That’s simple to do.

On Chrome

  • Go to Settings
  • Search for Passwords and click on the Passwords arrow
  • Toggle the Auto Sign-In tab to the left (it should be grayed out not blue)
  • For more protection, you can stop Chrome from saving any passwords by toggling the Offer to save passwords to the left

On Firefox

  • Open Options
  • Click on Privacy & Security in the left-hand navigation
  • Click on History
  • Select Firefox will: Use custom settings for history
  • A new submenu will appear
  • Unclick on Remember search and form history
  • To fully disable saving any passwords, go to the Logins & Passwords section (just above History) and unclick Ask to save logins and passwords for websites

On Safari (Desktop)

  • Open the Preferences window
  • Click on the Auto-fill tab
  • Turn off all features related to usernames and passwords

On Safari (iOS)

  • Go to Settings
  • Scroll down to Passwords & Accounts and click on it
  • Toggle the AutoFill Passwords tab to the left

Disabling the auto-fill features means spending a little more time finding and entering usernames and passwords manually. However, these steps protect you from prying eyes looking to gain more information about you and your accounts.

The auto-fill feature that makes it easy to enter in usernames and passwords on various websites may be putting your information at risk. While auto-fill is a convenient way to keep track of the many combinations of letters, numbers and special characters you need to access sites, the feature is also being used by advertisers and

The Most Common Errors Local Businesses Make When Hiring an IT Consultant

Hiring an IT consultant

Hiring an IT consultant is a proven method of boosting small to midsize businesses beyond their current capabilities. Rather than hiring full-time employees or tying up internal resources, businesses can allow an IT consultant to do some of the heavy lifting. That’s not to suggest that hiring an IT consultant does not have some pitfalls. Here are some of the most common errors that local businesses can avoid when hiring an IT consultant.

Rushing the Process

Hiring an IT consultant should be something that a business carefully plans for, rather than trying to pick one in an “emergency” situation. Take your time and conduct a proper candidate search. Vet IT consultants the same way that you would when hiring for an important management position.

Not Hiring an IT Consultant

A surprising number of businesses start the process of researching IT consultant firms and then decide they can do it all in-house. Contracting with an IT consultant is about business growth. Shuffling the routine tasks that an IT firm can handle off to internal employees can drain morale and waste the talents of staff who are better-suited to other aspects of the business.

Failing to Assess Business Needs

“Why are we hiring an IT consulting company?” needs to be a question that local businesses ask before signing a contract. Any IT consultant that a business is considering should be able to help assess any IT difficulties it has and provide an honest assessment of its plan to fix any issues or improve them. This will help a business to avoid paying for unnecessary services. Another great question to ask is, “What is your exit strategy in the event that we outgrow the need for your services?”

Not Protecting Intellectual Property

When a business does hire an IT consultant firm, it essentially hands it “the keys to the kingdom.” An IT consultant will have logins and passwords to virtually every aspect of the business. This is why the protection of the company’s intellectual property should be of paramount importance in the hiring process. If a substandard and unethical IT firm ends up in a dispute with the business, its entire network could be held hostage. Establish clear and firm rules regarding the handling of intellectual property, just as you would with any other outside contractor.

Not Having a Detailed Contract

A detailed contract that both the business and the IT consultant agree upon is vitally important. The contract can cover costs, number of hours of weekly or monthly service provided, goals and milestones to meet, deadlines, expectations if goals or deadlines are not met, annual price increases, and who pays for unforeseen outside services when they arise. Getting all of the expectations laid out ahead of time can lead to a successful business relationship with an IT consulting firm.

Not Choosing the Right IT Consultant

The world of IT consultant firms is expansive and yet there is a lot of specialization within the field. It’s not a field where “one size fits all”local businesses. Make sure that the IT firm you sign a contract with has the specific skills required to meet the specific needs of your business. If you’re hiring an IT consultant on a temporary basis, the problem they’re trying to fix will be resolved that much faster if they have the right skills for the job.

Not Interviewing Multiple Consultants

Talk with multiple IT consultants before selecting one. Treat the process just as you would when hiring for an important full-time position. A business should take the time to interview multiple candidates before making a selection. Is the IT consultant you’re hiring the right one to meet your business needs? This is an important business relationship and it should be approached as such.

Forgetting about IT Training

The regular full-time employees of a local business are the ones who will be using the resources and solutions provided by an IT consultant. Do they know how to use the solutions that are being provided? Before hiring a consultant, ensure that they agree to provide regular training for your staff on how to use any new or improved systems.

These are some of the most common errors that local businesses can make when it’s time to expand by hiring an IT consultant. A business can benefit tremendously when it hires the right IT consulting firm and has clear goals and expectations going into the relationship.

Hiring an IT consultant is a proven method of boosting small to midsize businesses beyond their current capabilities. Rather than hiring full-time employees or tying up internal resources, businesses can allow an IT consultant to do some of the heavy lifting. That’s not to suggest that hiring an IT consultant does not have some pitfalls.

Microsoft PowerPoint on the iPad: Sketching Your Thoughts

PowerPoint is a slideshow presentation program that is part of the Microsoft 365 office suite of tools. Now, PowerPoint makes it easy to create professional, engaging presentations right on an iPad Pro. PowerPoint for iPad is finally powerful enough so users can confidently leave their personal computer at the office and take their iPad Pro on the road to create, edit and present their PowerPoint slides.

One of the newest and most creative features of Microsoft Powerpoint on the iPad (This feature is available to Microsoft Office 365 subscribers on Windows and iOS) is the Ink Feature. This convenient and easy to use tool allows users to actually write, draw, scribble and sketch right on the screen with a finger, digital pen, or mouse. Shape recognition is part of the PowerPoint for iPad program and makes it easy to convert what is handwritten in free-form ink to Microsoft Office shapes, graphics and professional fonts. For example, if you need to create an Infographic presentation slide that combines text, graphics, and shapes, simply design it free-form on the iPad screen and then after a few clicks, it will automatically transform into a visually stunning slide. Here’s how:

1. From the toolbar, select Draw.

2. Select a pen. There are a variety of sizes and colors including the standard black, red, blue, or green, or for something more custom, select the available color wheel.

3. Create a sketch with a finger, digital pencil or mouse.

When ready to convert sketches, there is a Lasso Select tool so users can highlight everything on the slide or portions of the slide they want professionally converted. Here’s how:

1. Go to the Draw tab on the top toolbar and select Ink to Shape.

2. Drag a digital pen or finger around what content you’d like to be converted. A faded and dashed area will appear while dragging.

3. As each conversion option is clicked, a preview of how it will look appears. Tap on the one preferred. When completed, users can edit the text and other images as needed.

4. Select the Ink to Shape again to stop converting shapes.

Erasing images is as easy as drawing them. Here’s how:

1. Select the Draw tab from the toolbar.

2. Select the Eraser tool.

3. Using the digital pencil, draw over the top of any drawn image or mark. Note: Tapping a single line will erase an entire line.

View this informational video showing some of the features of Microsoft PowerPoint for iPad.

PowerPoint is a slideshow presentation program that is part of the Microsoft 365 office suite of tools. Now, PowerPoint makes it easy to create professional, engaging presentations right on an iPad Pro. PowerPoint for iPad is finally powerful enough so users can confidently leave their personal computer at the office and take their iPad Pro on the

How Can I Apply Styles With Microsoft Excel?

Excel’s ready-made formatting styles bring life and color to your spreadsheet. It lets you give printed versions a polished, professional look. Color coding makes it easier for audiences to interpret your data. Use this neat feature to take your worksheets up a notch.



What is a Preset Excel Style?

A cell style puts together font size and style, number formatting, borders and shading into pre-fab-style packaging you can apply with the click of a button. The software comes with built-in options in a variety of palettes to suit almost any taste. Once you become more familiar with them, you can customize cell styles and make them available in all your workbooks.

Keep in mind that cell styles are affiliated with the theme of your document and applied to the whole workbook. If a document’s theme is changed, the cell styles change as well. Also, you can use the lock cells feature to prevent other users from modifying the styles used in your workbooks.

How Can You Apply Cell Styles?

It’s relatively easy to apply cell styles to jazz up workbooks and impress your internal and external clients. Just follow the steps below:

  1. Select a range of cells to format.
  2. On the Home tab, click on Cell Styles to view a gallery of style choices.
  3. Click on the cell style that fits your spreadsheet or personal preferences.

How Can You Create Your Own Cell Styles?

You can also create customized styles that reflect your company or personal branding by taking the following actions:

  1. Select a single cell in your worksheet.
  2. Apply your favorite formatting options to the cell. A built-in style may be the easiest starting point. Then, you can tweak it to add your own flair.
  3. Click the Home tab on the ribbon and choose Cell Styles to access the Cell Styles Gallery.
  4. Now, choose the New Cell Styles option (It’s near the bottom.)
  5. Enter the name for your new style in the Style name box.
  6. Excel lists the formatting options applied to the selected cell for your reference.

How Can You Modify an Existing Cell Style?

To preserve the built-in styles, it’s safest to duplicate them and then make your modifications to a saved style. However, you can make changes to pre-set and custom styles, as follows:

  1. On the Home tab, select the Cell Styles icon.
  2. In the Cell Styles gallery, right-click on any cell style, then choose Modify to access the Style dialog box.
  3. Click the Format button to reach the Format Cells dialog box.
  4. Use the various tabs to apply your changes and click OK to get back to the Style dialog box.
  5. In the Style dialog box, under Style Includes, clear the check boxes of formatting elements you no longer want.
  6. Click OK to exit the dialog box.

Microsoft Excel

This takes you back to your worksheet and the modified cell style should now reflect the changes.

Excel’s ready-made formatting styles bring life and color to your spreadsheet. It lets you give printed versions a polished, professional look. Color coding makes it easier for audiences to interpret your data.

Urgent Tech Tip: Disable Facetime On Your iPhone

Apple Facetime

A major FaceTime bug discovered recently has left Apple device users skittish about yet another privacy concern and forced the tech giant to scramble for a fix for the issue.

For users of Macs or iPhones, understanding the FaceTime flaw and knowing how to disable the function are important steps until the issue is fully resolved.

What is the FaceTime Flaw?

The FaceTime flaw affects iPhone users running iOS 12.1 or later. Here’s how it works. Someone calls your number using the FaceTime feature. Before you pick up, the caller swipes up and adds their own number (or any number), creating a Group FaceTime interface.

At that point, the caller can hear all audio coming through your microphone — even if you never answered the call.

News of the glitch spread like wildfire over social media. Others discovered that taking further simple actions could give the caller access to video, too.

What Is Apple Doing About the Issue?

Within hours of broad disclosure of the issue, Apple disabled the servers controlling the Group FaceTime function. As of January 29, Apple’s system status page states that “Group FaceTime is temporarily unavailable.” The company has stated that a fix is likely in a few days.

The company had first introduced Group FaceTime in late 2018 for both Macs and iPhones.

What Should I Do About FaceTime on My Device?

Users may want to disable FaceTime on their iPhones or Mac computers. It’s a simple process for either device type.

For iPhones

1. Go to Settings .

2. Scroll to FaceTime. This feature is in the fifth section of settings along with other built-in apps like Phone, Messages and Maps. If you’re having trouble finding it, go to the top of the Settings screen and type FaceTime in the search bar.

3. Click on the FaceTime bar.

4. At the very top of the FaceTime settings, there’s a label marked FaceTime with a slider. If the green light is lit, FaceTime is activated on your phone. Slide the slider to the left to turn FaceTime off.

Note: When Apple releases an iOS update, install the update, go back to the FaceTime settings and slide the slider to the right to reactivate the feature.

For Macs

1. Launch the FaceTime App.

2. Select the FaceTime menu bar from the top-of-the-screen navigation.

3. Select Turn FaceTime Off. Command-K also turns the feature off.

Note: Once Apple releases a fix, turn the feature back on by launching the app and clicking the Turn On feature.

How Did This Happen?

It’s unclear how this flaw was included in the Group FaceTime release. However, the New York Times reported that a 14-year-old Arizona boy discovered the glitch on January 19, 2019, 9 days before it became widespread on January 28.

On January 20, the boy’s mother sent a video of the flaw to Apple, warning of a “major security flaw.” She heard nothing from Apple Support and began using other channels to try to get the company’s attention. She emailed and faxed information to the Apple security team. She posted alerts to both Twitter and Facebook. Five days later, on January 25, Apple’s product security team suggested she create a developer account and submit a formal bug report.

It appears that the company didn’t react until three days later when a developer reported the flaw and a 9to5mac.com article went viral.

Apple faced criticism for its brief and limited response, which stated the company “identified a fix that will be released in a software update later this week.” In an ironic twist, the bug went viral on January 28, which is international Data Privacy Day.

A major FaceTime bug discovered recently has left Apple device users skittish about yet another privacy concern and forced the tech giant to scramble for a fix for the issue. For users of Macs or iPhones, understanding the FaceTime flaw and knowing how to disable the function are important steps until the issue is fully

4 Rock Solid Reasons Why Outsourcing Your IT Support Is A Smart Move

Outsourcing IT Support

As a business owner, one of your most pressing concerns should be improving the technology that drives your business.

There are so many reasons to care about your company’s IT. Here are just a few:

  • Your customers and clients will inevitably want better technology
  • Your employees need to do their jobs
  • Cyber hacking is a mounting threat
  • The advance of programming and storage services is getting hard to keep up with

Knowing this, you’re saddled with an important question: Will you hire an in-house IT department or will you outsource?

In this article, we’ll be making the case for the latter. Outsourcing IT is simply the way of the future. An increasing number of businesses and organizations are finding that it gives them more freedom, saves them money, and improves their technology by leaps and bounds. There are nearly no drawbacks.

If you still need more convincing, we get it. Below, we’ve listed the top reasons why outsourcing your IT is a wise move for any business. But first, let’s talk about what outsourcing really means and how to find the best IT service provider in your area.

What does outsourcing IT really mean?

As with any other type of outsourcing, outsourcing IT simply means hiring a separate company to handle your business’s IT services. They’ll be there when you need them, and watching your network and systems around-the-clock, ready to jump on any issue that arises.

Furthermore, the business you’ll hire only focuses their services on IT. All of their technicians will work full or part-time providing better IT for other businesses (like yours).

Some IT companies help specific industries. For example, one IT company may focus solely on assisting medical providers with the best quality IT services. They will know the ins and outs of cybersecurity measures for hospitals, doctors’ offices, and emergency care centers. Other IT companies have an even more specific subset of customers. For example, there might be an IT company who only handles the IT services for dentists.

This specific focus on a unique industry allows these companies to know everything there is to know about the industry. Of course, this benefits you, the business owner, most of all.

Generally speaking, outsourcing is a way for you to only use the IT services that you actually need from a professional IT company. Most of the time, IT service companies provide different tiers of service so that you can choose the amount of care you’ll need for your business. Companies that offer these services are particularly called MSPs or managed service providers. They do not work directly for your company in that they are not on your payroll, nor do they have offices within your business. But they completely manage your business IT services.

As your business grows, you may go up a service level tier. This will be up to you and the contract you form between you and your IT service company.

How do you locate an IT service provider?

If possible, you want to find an IT service provider who caters to your industry specifically. Again, not all IT companies provide services for a particular sub-industry, but this is common in many industries, such as the following:

  • Law (lawyers and legal practices)
  • Hospitals and medical practices
  • Dental practices
  • Schools, colleges, and universities
  • Manufacturers
  • Transport companies

When you find several IT support companies who fit the bill for your particular business, make sure to interview them. Ask them the important questions. Here’s a list to get you started:

  • How long have you been in business?
  • What types of businesses do you primarily serve?
  • How many businesses are hiring you right now?
  • Can I speak to any of these businesses? Or to past clients who were happy with your service?
  • What levels of service do you offer?
  • What do your contracts look like?
  • What type of service am I going to get if I have a troubleshooting problem and need help immediately?
  • Will someone specific be managing my account?
  • What types of service don’t you provide? (Often, it’s better to ask what services are not included.)

Top reasons why outsourcing IT services is a great idea

Hopefully, you’ve already been convinced as to why outsourcing IT is smart for virtually every type of business, but let’s break down the specific reasons below:

1. You’ll save money: You won’t be paying an in-house IT team to do nothing, waiting for you to need their assistance.

2. You’ll have access to the best talent: IT companies only do IT. They hire professionals who love technology and staying up-to-date with the latest advances in cybersecurity, software, and hardware.

3. Ideally, you’ll find a niche company who only serves your industry: Again, if you are in one of the larger industries that IT companies may focus on, you’ll have unique care for your business that you won’t find anywhere else. These companies know everything there is to know about the programs and software that you use internally and with your customers.

4. You’ll improve your security by leaps and bounds: In this day and age, hackers are coming up with all new ways to attack your online stored data, steal your information or hold it ransom, and take down your business. A professional IT service company knows how to combat these hackers and stop a breach of your security, ideally before it starts.

Looking for an IT company in your area?

As you start the search for IT companies and managed service providers in your area, be sure to talk to other businesses and organizations who outsource their IT. You can also search the web and start reading reviews of MSPs or IT service companies in your area. Often, these companies work from a central location in a city, but if you are in the suburbs or the outskirts of a larger city, most managed service providers will include you in their service area.

Doing your research is always wise when it comes to outsourcing. While hiring out your IT services is definitely the way to go, the outcome will also depend on how much effort you put into finding the best company for the job.

As a business owner, one of your most pressing concerns should be improving the technology that drives your business. There are so many reasons to care about your company’s IT. Here are just a few: Your customers and clients will inevitably want better technology Your employees need to do their jobs Cyber hacking is a

How To Restore Files With Microsoft OneDrive

 

Accidentally deleting a file or folder was once something that could ruin your entire day, week, or month even — maybe even your career. All that work put into it. Countless hours put into it. And then: gone. Fortunately for those of you using Microsoft OneDrive for professional, personal, or academic reasons, there may be a way to retrieve and restore files or folders that were deleted. The same is true if your files or folders were overwritten, corrupted, or infected by a virus or malware. Depending on your subscription, you may have two methods to recover files: (1) restore files from the Settings page; or (2) restore files from the Recycling bin.

Files or Folders Recovered Using Settings

From your OneDrive website, you will want to follow the next steps in order.

  1. Select Settings, which is the gear symbol in the upper right corner of the page — usually between the bell indicating notifications and the question mark for help.
  2. From the Settings sidebar, scroll down until you see Restore your OneDrive.
  3. The Restore your OneDrive page will open. Under Select a date, use the dropdown menu to select your option: (1) One week ago; (2) Three weeks ago; or (3) Custom date and time. If you choose Custom date and time, you will be provided with a chart. Simply slide the bar to indicate the days.
  4. Click the Restore button.
  5. All your files and documents from that time period will be restored.

If this option does not seem to work, there is another way to recover deleted files or folders.

Files or Folders Recovered Using the Recycling Bin

From your OneDrive website, follow these steps.

  1. In the navigation pane, select Recycle bin.
  2. The Recycle bin will generate a list of files and folders. If you use a work account, you have only one option for file recovery, but if you use a personal account for work, you have two options.
  3. For work and personal accounts, simply select the circle checkbox to the left of each entry you want to restore. When you select the circle check box, the header will change. Once all entries are selected, click on the Restore button in the new header.
  4. For personal accounts, you can also restore all items at once by clicking on the Restore all items button in the original header.

Things to Consider about Recovery of Files or Folders

Keep in mind that you can only recover files or folders in the Recycle bin so long as the files or folders have not been permanently deleted. Typically, files only live in the Recycle bin for 30 days for personal accounts or 93 days for business accounts — unless the administrator for business accounts changed the setting for a shorter or longer period. Once the time limit is reached, the files are automatically deleted. Files can also be automatically deleted within three days if the Recycle bin is full, at which time the oldest items are deleted first.

It is also important to note that if you want to restore a file to a specific version, File Restore cannot do so if version history was turned off. It is a good idea to always keep version history on while you work.

In summary, when using OneDrive, you have the potential to restore a file or folder that has been accidentally (or in some cases, intentionally) lost. The key is knowing the functions of your Microsoft subscription. Need more tech tips? Return to this blog. New tips for your OneDrive subscriptions and other tech needs are posted regularly.

  Accidentally deleting a file or folder was once something that could ruin your entire day, week, or month even — maybe even your career. All that work put into it. Countless hours put into it.

Windows 7: Under One Year Until Support Ends

Windows 7 End of Support

Use Windows 7? Do you love your Windows 7? Will your need or desire to continue to use Windows 7 surpass this year? If so, you should be aware that in just under one year — January 14, 2020, specifically — Windows 7 Extended Support ends for most users. As such, there are things you need to know and decisions you may have to make. This is your guide to understanding what the expiration of Windows 7 Support may mean for you in one year.

What is the Current Status of Windows 7?

Windows 7 is a reliable desktop OS for Microsoft users. When Windows 8 came out, the differences were so stark that most users preferred to stick to Windows 7.

Why would they stay with an outdated system?

Here’s what Windows 10 offers:

  • A straightforward interface that is well-designed and laid out;
  • A start menu that combines the old with the new;
  • A clutter-free and clean look that is familiar to you;
  • Thumbnail previews that allow you to automatically open an item;
  • Jump lists that allow you to quickly access files or documents you frequently use;
  • Performance that allows the system to boot up comparatively quickly;
  • A new calculator to convert units, figure out fuel economy, etc.;
  • A new WordPad that offers more formatting features; and — among many other features —
  • Upgraded and improved media player and center.

These are just a few of the reasons that so many PC users love their Windows 7 and do not want to particularly give it up, especially when they found Windows 8 a disappointment.

In fact, StatCounter suggests that 41.86% of PC users — who according to Statista makes up nearly 84% of the market share for desktop PCs — use Windows 7 still while another 42.78% use Windows 10 and a sad 8.72% use Windows 8. Those statistics say a lot about Windows 7 and suggest that a lot of people are going to need to figure out what they are going to do before January 2020, if they want their systems to be secure and updated.

Why is Microsoft ending support for Windows 7?

There is no specific reason why Microsoft is ending support for Windows 7 come January 14, 2020, except that this date is the date provided in Window 7’s lifecycle.

Windows 7 Lifecycle
October 22, 2009 Date of general availability for:

  • Windows 7 Professional
  • Home Basic
  • Home Premium
  • Ultimate
October 31, 2013 Retail software end of sales for:

  • Windows 7 Professional
  • Home Basic
  • Home Premium
  • Ultimate
October 31, 2014 End of sales for PCs with Windows preinstalled with:

  • Home Basic
  • Home Premium
  • Ultimate
October 31, 2016 End of sales for PCs with Windows 7 Professional preinstalled
January 13, 2015 End of mainstream support for Windows 7
January 14, 2020 End of extended support for Windows 7

As indicated in the above table, if you did not extend support for Windows 7, then the problem of extended support expiring on January 14, 2020, does not apply to you. If you had purchased that extended support, then you need to pay attention and determine what you want to do because a year will be over before you know it.

What will happen after extended support for Windows 7 expires on January 14, 2020?

Come January 14, 2020, if you are still using Windows 7, rest assured your desktop will still work; Windows 7 will continue to work beyond 2020. The issue here is your extended support.

Come January 14, 2020, extended support expires and with that expiration ends any updates to your PC. That means your system is vulnerable because the latest, most advanced security updates will not be available to you.

Who will be affected by Microsoft’s decision to end support for Windows 7?

It is important to be clear that not all Windows 7 users will be affected by the January 14, 2020 extended support expiration date. In fact, in September 2018, Microsoft announced that some business users can pay for an additional three years of security updates. Unfortunately, this does not extend to home versions.

In other words, if your windows license type is an original equipment manufacturer or a full package product, there will be no extended security updates for you, and this includes all home versions. However, if you purchased a volume license (i.e., Enterprise or Open Value) for Windows 7 Pro or Enterprise, then you can purchase the additional three years of security updates — so primarily only business users can receive the updates at a cost.

What are your options after Microsoft Windows 7 support expires?

If you absolutely must keep Microsoft Windows 7, then you have options, though they may not be optimal options. These options include:

  • Playing with the idea of purchasing an upgrade to Windows 10 and then downgrading your rights to Window 7;
  • Continuing to run Windows 7 without security updates, but this is not a good option because as computer desktops and software advance, so do the hackers capabilities (home users if careful, can consider it, but it is probably not an option for business users due to legal and liability risks);
  • Disconnecting any Windows 7 PC from the internet, but this means disconnecting you to the very thing that keeps you connected to the world, so it may not be your best option either.
  • Migrating from Windows 7 to another operating system, e.g. Windows 8 or preferably Windows 10.

What does Windows 10 offer you?

Some PC users are hesitant to switch to Windows 10 because it does have its drawbacks. Some specific Windows 10 drawbacks include:

  • The increased sense that Microsoft is invading our privacy with its default settings. Most of these setting can be changed but you must go in and manually make these changes.
  • The ability to control your updates is limited when compared to Windows 7. Plus, these updates are made without user knowledge — which only entrenches the sense that PC users are being spied on when something happens to their system without their knowledge, even if it is for their own security.
  • The interface is less customizable (e.g., can’t change colors) — and this is unfortunate in an age where we celebrate our differences, including how we set up our interface system.
  • Older programs do not run well on Windows 10, so if you have older programs, you may be in need of identifying additional and newer products or software.

That said, it is good to be reminded that even though you love your Windows 7 whether it’s because you simply love it or love it because it’s what you are familiar with, Windows 7 has its own drawbacks, too. Windows 7 drawbacks include:

  • Windows 7 was released in 2009. This was a time when iPad was a rumor and mobile phones were not as advanced. Today you want software that works across all your platforms. Windows 7 can’t do this most likely, but Windows 10 can.
  • If you ever needed to use a virtual desktop then you know this feature is not available in Windows 7 unless you use Desktops v2.0 software. Virtual desktops allow you to organize your space better and have become an essential tool for modern-day users. Windows 7 does not offer this capability easily but Windows 10 does.
  • We all know Apple’s Siri and Google Now. These are convenient built-in assistants to help us do anything from scheduling tasks or appointments, dictating notes, playing music, adding reminders, and much more. Windows 7 does not have a built-in assistant but Windows 10 does: Cortana.
  • Ever been in your Windows 7 and want to search the web from your desktop and then realize you can’t. To search the web, you have to navigate to the right tab and then look something up. Windows 7 does not offer a convenient search feature for the internet, but Windows 10 does: the search bar allows you to search anything from your folders, apps, files, Windows store, and the Internet.
  • Gaming is another thing so many of us like to do today aside from work. Windows 7 has always been a trusted gaming platform — so this is not a drawback except for the fact that Windows 10 has built on Windows 7 gaming capabilities to make it even better. So, if you like gaming, whether it’s DirectX 12, PC Game DVR, or Xbox one game streaming, among others that you like to use for gaming purposes, then Windows 10 offers the best performance for you.

How to determine what you should do about your Windows 7 come January 14, 2020?

If you are one of those PC users to be affected by the end of extended support for Windows 7 in January 2020, then you have to determine what you will do. The last section implicitly directs you in which way you may consider, but if you are not yet confident in Windows 10, ask yourself the below two sets of questions:

  1. Do you use your computer to access the internet? If so, do you keep private information online or conduct private matters online, i.e., financial information, tax information, banking, consumer purchasing via Amazon or other outlets, etc.?
  2. Do you like Microsoft’s operating system Windows? Do you want to stay with Windows (but not Windows 8)? If so, would you like something similar to Windows 7 but operates better?

If you answer yes to these questions, then it is safe to say you should consider Windows 10. A free upgrade to Windows 10 expired in 2016, but the price you pay today can save you in the long run.

So, now you have it. There’s a lot to consider if you use Windows 7 and like using it. If you are an owner of a volume license for business users, then you do have a viable and reasonable solution to the deadline: you can purchase another three years of security updates. This option provides you ample time to consider other options and train personnel on new desktop operating systems.

But if you are not a volume license holder, then you really need to consider what you intend to do. Security is highly important today in our virtual worlds and without it, you risk impacting your so-called “real” world. A hacker can destroy what you have built up over the years, from finances to projects to just about anything that is maintained or kept on your computer, in the cloud, or online. The issue of the January 14, 2020 expiration for Windows 7 extended support is indeed a serious one.

Use Windows 7? Do you love your Windows 7? Will your need or desire to continue to use Windows 7 surpass this year?

FBI Warns Businesses Of Cyber Attack From China

Chinese Hackers

Who Has Been Impacted by Chinese Cyber Attacks?

At the beginning of the year, the FBI warned businesses to protect themselves from cyber attacks by foreign entities, saying activity has spiked in the past 18 months.

Hewlett Packard and IBM are among the businesses most recently targeted. There’s a National Counter-Intelligence and Security Center that manages intelligence efforts for the U.S. government. It recently launched a campaign to address continuing threats. The center warns that many companies need to be more to protect against cyber theft.

Foreign governments accused of cyber attacks against the U.S. include Russia, China, Iran and North Korea, with China receiving the most scrutiny in recent reports.

How Do Hackers Breach Company and Government Security?

According to Entrepreneur magazine, hackers create fake social media accounts to get people to reveal work and personal information. One of the ways to guard against bad actors is to carefully scrutinize social media requests from people that aren’t personal connections and to research apps before using or downloading them, as well as keeping antivirus software up-to-date.

The FBI warning including a brochure entitled, “Know the Risk, Raise Your Shield” that targets federal employees. The recent warnings follow a string of cases against individuals and organizations accused of stealing proprietary information from U.S. government and businesses.

Nine cases filed since July 2018 include two hackers investigators say are linked to the main Chinese spy agency. Knicknamed APT 10, they allegedly stole corporate and government information via cyber attacks on employees.

Has There Been an Uptick in Recent Activity?

The breach of private businesses by Chinese hackers first hit news headlines in 2014, when Sony Pictures was hacked. This prompted an agreement in 2015 between Chinese President Xi Jinping and then President Barrack Obama that curbed cyber attack for a while.

At FireEye, a cybersecurity firm, analysts track hackers working on behalf of the Chinese government. The firm’s representative says attacks are on the uptick recently. These hacking groups are referred to as Red Leaves, cloudhopper, and APT10.

Managed Service providers are among the groups targeted. MSPs supply technology, telecommunications and other services to business clients. If they can break the security systems of such companies, Chinese hackers gain access to the sensitive data of the MSP’s clients.

APT10 has routed malware via an MSP network to its business targets. However, there are many steps businesses can take to protect their employees and data from prying eyes in cyberspace.

What Should Business Do to Raise Their Shields?

U.S. businesses should take proactive measures to safeguard against cyber attacks from Chinese hackers via email, social media and other points of entry.

This includes ensuring that advanced detection tools are utilized on network and email servers to safeguard access to company data. Regular threat assessments and employee training can help. This provides a diagnosis of the state of a firm’s cyber defenses regarding advanced persistent threats that attempt to find breaches in the company’s firewall. Precautions taken against the intrusion of foreign governments include:

  • Fortify access controls. Evaluate the plans, policies, and procedures that govern corporate technology to keep proprietary data safe. This could include that installation of multi-factor authentication (MFA), data encryption and solidifying a layered defense system on all possible points of cyber attacks.
  • Training. Make cybersecurity education and training a top priority. Everyone from the Board of Directors and C-Suite to individual employees needs to understand how to avoid cyber attacks by avoiding fake emails, malware and weak password strategies, among other efforts.
  • Incident response plan. Organization leadership and key technical personnel must develop a protocol for dealing with threats. This should include representatives from business administration, information technology and operations.
  • Crisis communications plan. Align the protection policy to risk management methodologies and the business needs of employees.
  • Adopt a monitoring, detection and response plan. Quickly detect intrusions and breaches via rapid-respond plans to effectively eradicate the malware or other methods of entry.

Who Has Been Impacted by Chinese Cyber Attacks? At the beginning of the year, the FBI warned businesses to protect themselves from cyber attacks by foreign entities, saying activity has spiked in the past 18 months. Hewlett Packard and IBM are among the businesses most recently targeted.

How To Open A Shared Mailbox Using Microsoft Outlook 2016

Shared Mailbox In Outlook

A shared mailbox in Microsoft Outlook will prove invaluable if your team is collaborating on a project, as they can exchange messages from a central platform. A communal email center is also an asset if your employees are responsible for responding to customer inquiries. Outlook Calendar allows members to create events or let others know when they’ll be out of the office. When you create a shared mailbox in Outlook, members can monitor messages via a public email alias, which usually appears as info@companyname.com. The sender appears under this alias, too, rather than by name.  Group members can now communicate without logging into the mailbox or conveying personal information. If you’re new to using shared mail in Outlook, here are some “how-to” tips to help you get started.

Creating a Shared Mailbox in Outlook

Before you use the mailbox, you will need to have an office 365 admin for your company or organization set it up and add you as a member. If you are the admin, follow these steps:

  1. Sign into Office 365 and select admin.
  2. Go to Groups and choose Shared Mailbox.
  3. Choose Add a mailbox and type in the name you want it to have. Many addresses begin with “support”, “info”, or “contact.” Then click Add.
  4. When the wizard continues to Next Steps, choose Add members. It may take a few minutes to reach this step after you add the mailbox.
  5. Add members by searching for them or selecting them from a list. When you’re finished, click Save, then Close.
  6. If you want to make changes or updates at any point, select the new mailbox and click on Edit next to the information you want to modify.

Using a Shared Outlook Mailbox: Getting Started

Once the admin has created the public mailbox, close Outlook and restart it. The mailbox should appear automatically in the Folder pane. Note that it may take a few minutes to display after the admin added it, so if you don’t see it, wait a bit, then close and restart Outlook again. If you still cannot locate the shared mailbox, you will have to add it manually.

  1. Once you’ve opened Outlook, select File.
  2. Select Account Settings and then choose the Email tab.
  3. Be sure that the correct account is highlighted, then select Change.
  4. Select More Settings. From there, choose Advanced, then click Add.
  5. Type the name of the shared email address, choose Ok and Next followed by Finish and Close.

Using the Shared Calendar

If you want to access the calendar right after the admin created the shared mailbox, you will need to close and restart Outlook to gain access to it. The shared calendar connected with the public mailbox is added to your Calendars list automatically. To use the shared calendar in Outlook, navigate to calendar view and choose the shared mailbox. From there, you can manage schedules and appointments. This feature allows all team members to be on the same page about schedules and appointments.

Using Shared Contact Lists in Outlook

When the mailbox has been created, the corresponding Contacts list is automatically added. To access it with Outlook:

  1. Select People.
  2. Look under My contacts to select the contacts folder for the shared contacts list.

Using a Shared Mailbox with a Mobile Device

If you or your team members need to take work on-the-go, you can access the shared mailbox from a smartphone or tablet, too. Unfortunately, the Outlook app on your mobile device won’t allow you to use the shared mailbox, but there is a workaround. Follow these steps to use your primary mailbox and the shared one simultaneously:

  1. Right-click on the name of your primary mailbox in the left-hand pane, then select Add shared folder.
  2. In the dialog box, type the email address or name of someone who has shared a mailbox with you, then click Add. Another option is to enter the name of the shared mailbox you are a member of.

In Outlook on the web, you should see the mailbox in your Folder list. Just as you can do with your primary folders, you can expand or collapse the shared mailbox folders. If you want to remove the shared mailbox from the Folders list, right-click Shared mailbox and choose Remove shared folder.

How to Use the Shared Calendar with Outlook on the Web

As a member of a shared mailbox, you also have access to the shared calendar. This feature allows you to create, edit and delete events (that you or someone else created) and make the information available to all members. To use the calendar from a mobile device:

  1. Sign in using Outlook on the web, then select Calendar.
  2. Right-click Other calendars, then select Open Calendar.
  3. Use the from directory option to search for the shared calendar you need to access and click Open. You should see the shared calendar on your Calendar folder list.

A Few Things to Know About Shared Mailboxes in Outlook

With a shared mailbox, you can send, receive and reply to messages just as you do with your primary mailbox. However, if you want to send automatic replies, only the admin is authorized to set this up. You cannot give anyone outside your organization access to your shared mailboxes. If you want to include people outside your business in your group correspondence, you can create a Group in Outlook instead.

Creating a shared mailbox is a helpful way to ensure that your team stays up-to-date on appointments, schedule changes and group messages. It’s also a critical tool for connecting with customers and vendors. Keeping members “in the know” improves communication, employee performance and morale.

A shared mailbox in Microsoft Outlook will prove invaluable if your team is collaborating on a project, as they can exchange messages from a central platform. A communal email center is also an asset if your employees are responsible for responding to customer inquiries. Outlook Calendar allows members to create events or let others know

How Does Outsourcing IT Help Fuel Business Growth?

Business Growth

You already know what IT stands for: information technology. What you might not know is that most companies have a pretty poor grasp of how best to put IT to work for them.

Why? For the simple reason, that too few businesses take the time to consider the best approach to managing IT needs. They assume it’s as simple as keeping the computers running and the network humming, but that’s not it at all. Not by a longshot.

Actually, the nature of your IT setup has a significant bearing on the efficiency, productivity and profits of your company. By outsourcing your IT needs to an expert, you can majorly fuel your business growth today.

Outsourcing Is a Time-Tested Model

The first obstacle to overcome in using outsourced IT as a means of cutting costs and increasing profits is fear. Many people, unfortunately, are intimidated by taking this critical step.

Outsourcing IT is nothing new though, explains Business.com. “What started as a novel practice of U.S. companies sending IT jobs to India in the 1990s has now become a $88.9 billion industry that connects businesses with IT experts worldwide, from Belarus to Argentina.”

It’s not just big businesses, either: “Companies of all sizes make use of this service to cut down on costs, bring innovation into the business and open up more time to focus on core operations.”

In other words, this is a well-established business model that companies the world over are using the pad out their bottom lines and streamline their workflows. With time-tested results across companies and industries, there’s no reason to fear it – and that’s just the beginning of the benefits.

You No Longer Rely on a Break/Fix Model

Most businesses have a small IT staff on hand. Depending on the size of the company, that might mean a dozen personnel members, a single employee, or Richie over in accounting who is “pretty good” at troubleshooting network problems.

Now, that’s not to say that you can’t have your own staff and get along fine. But in this “break/fix” model, you’re waiting for something to go wrong before you respond. That means you could potentially suffer a breakdown during a seriously important time (Black Friday or April 15th, for instance), which would dramatically affect your bottom line.

It also means you have relatively little ability to forestall those breakdowns. Without the in-depth knowledge that comes from being steeped in the IT profession, you can’t predict coming obstacles and work around them before they become an issue. As you might expect, however, companies that manage IT for you can do just that.

Outsourced IT Can Help You Grow Intelligently

An unfortunate side effect of rapid growth, many businesses find, is that they quickly bloat their existing infrastructure and aren’t sure where to go from there. For instance, the number of orders coming into the system exceeds your ability to manage those orders. Or the number of new products creates a need for a vastly more agile website, but you haven’t created it yet, resulting in backlogged orders and emails.

Those are just a few examples, but they highlight an important point: Without an IT expert in your midst, your information technology fails to grow with your business. Instead, it can only hurry to catch up later on – at which point you might have ticked off many of your formerly enthusiastic prospects.

You can avoid that when you worked with outsourced IT professionals. They know exactly how to plan for changes coming down the pipeline and adjust your systems to accommodate them upfront. Next time you roll out a new product, for instance, they can adjust the infrastructure to handle additional orders. Or they might help you speed up your system at a crucial time – again, Black Friday and Tax Day come to mind.

Whatever you need, they can help you see it coming and respond intelligently, rather than just waiting for the worst to happen.

You Can Focus on What You Do Best

If you’re reading this article, then money says you’re not an IT expert. You are an expert in your niche industry, which is why you started a business in the first place. Logically, your best bet for growing your business is to continue focusing on what makes it thrive. That might mean:

  • Rolling out new products and services to keep your existing customers happy and bring on new ones
  • Creating value-added extras to make your products more appealing
  • Educating yourself, your employees and your customers about the nature and benefits of your products and services
  • Appearing at trade shows, attending conventions or throwing events to increase the awareness of your business
  • Negotiating new partnerships with others in your industry

As you can see, “Stopping in the middle of your busy day to fix a finicky router and get the finance department back online” is not on that list. That’s because it does not add measurably to your business growth. At best, you can address the issue quickly so that it doesn’t dampen your workflow.

An IT company, on the other hand, can help you avoid that altogether. They can take care of the issue – or even better, stop it from happening in the first place – while you focus on what made your company great in the first place: interacting with VIPs, attracting clients and customers, innovating.

The takeaway? By turning your IT needs over to a true professional, you can stop worrying about whether you’re “doing it right” and start focusing on what you do best. Say goodbye to the days of confusion, anxiety and technical failure, and hello to a new era of productivity and growth now.

You already know what IT stands for: information technology. What you might not know is that most companies have a pretty poor grasp of how best to put IT to work for them. Why?

Will Cybercriminals Shutter Your Business In 2019?

Cybersecurity

If the frightening headlines about massive data breaches were not warning enough, upwards of 60 percent of all small and mid-sized businesses, reportedly shutter within six months of a systems hack.

The leading causes of nefarious systems incursions are reportedly caused by about 25 percent of valued employees repeating the same username and password across multiple platforms. But what remains even worse is that fact that as many as 95 percent of all small businesses lack adequate protocols to safeguard important company or customer information.

In the coming months and years, cyber threats are expected to continue to pose a grave danger to the health and well-being of small and mid-sized organizations. The question business leaders may want to ask themselves is . . . will you join the 60 percent of companies that did not recover from a data breach?

Strengthen Your Business Defenses

Many of the toppled 60 percent may wish they knew then what many know now. That is, the key to cybersecurity does not solely depend on having the best software protections. According to the National Cybersecurity and Communications Integration Center, and Department of Homeland Security, nefarious email remains a primary trap used by cybercriminals and DHS recommends the following safety procedures.

“Never click on links in emails. If you do think the email is legitimate, whether from a third party retailer or primary retailer, go to the site and log on directly. Whatever notification or service offering was referenced in the email, if valid, will be available via regular log on.”

“Never open the attachments. Typically, retailers will not send emails with attachments. If there is any doubt, contact the retailer directly and ask whether the email with the attachment was sent from them.”

“Do not give out personal information over the phone or in an email unless completely sure. Social engineering is a process of deceiving individuals into providing personal information to seemingly trusted agents who turn out to be malicious actors. If contacted over the phone by someone claiming to be a retailer or collection agency, do not give out your personal information. Ask them to provide you with their name and a call-back number. Just because they may have some of your information does not mean they are legitimate.”

As you can surmise, these cyber safety measures do not necessarily rely on the latest antivirus software or systems protections. Hackers continue to take advantage of human oversight and error to infiltrate organizations and pirate valuable personal data and intellectual property. Homeland Security also recommends that business leaders implement the following employee training and protocols to protect against data breaches via email.

  • Maintain Secure Passwords: Change passwords regularly and never share them or provide co-workers with access.
  • Verify Sources: Make certain that emails originate from people and companies within your network by contacting them directly for verification.
  • Nix Auto-Download: Never use automatic download options for email attachments.
  • Never Click On Links: Embedded links are a primary method used by hackers to trip up team members through ransomware and malicious viruses.

Strengthening a company’s defenses begins with employee training and awareness that data breaches are not reserved for significant organizations and Fortune 500 corporations. Hackers continue to troll for low hanging fruit and unsuspecting employees who make innocent mistakes.

Employee Cyber Security Training is Job One

Although ransomware attacks reportedly declined from 638 million in 2016 to 184 million in 2017, according to Statista, this method has been used to target a tremendous number of small and mid-sized outfits.

The common attitude among cybercriminals is that decision-makers will ultimately weigh the cost of paying the ransom against potential profit losses and do the math. Hackers understand that poorly defended organizations are likely to negotiate and pay up. That’s why valued employees must remain vigilant and be a sort of human firewall if you will.

Proactive industry leaders are tasked with training employees and also determining which team members could be considered at risk. An IT support team can utilize training videos, create a cybersecurity policy and implement it by working with groups and individuals. But once the hands-on work has been completed, it’s imperative that companies conduct ongoing cybersecurity evaluations. These are logical methods to consider.

  • Identify team members who could be best targeted by hackers.
  • Deploy unscheduled mock cyber attacks.
  • Create and release convincing but harmless mock ransomware links via email.
  • Require employees to complete cybersecurity training modules.
  • Require advanced training for those who are tripped up by mock cyber attack drills.

We may be living in a golden age of technology, but our everyday fallibility remains the threshold that cybercriminals use to break into our business systems and rob our valued customers and us of critical data. One of the primary ways to avoid joining the 60 percent who are out of business is to make team members aware of cyber dangers and provide them with the skills to combat cybercriminals.

If the frightening headlines about massive data breaches were not warning enough, upwards of 60 percent of all small and mid-sized businesses, reportedly shutter within six months of a systems hack. The leading causes of nefarious systems incursions are reportedly caused by about 25 percent of valued employees repeating the same username and password across

2019 Best Practices For Keeping Your Password Secure

Best Practices Password Security 2019

Every account you have is protected by a password or a PIN of some kind. A PIN is a personal identification number that is unique to the account it is attached to. In some cases, you are allowed to choose your own PIN. For other accounts, you must use the PIN or password that is provided by the creator of the account. Memorizing PINs and passwords is essential if you want to maintain your privacy and keep your accounts fully protected. It’s also vital that you use a few “best practices” when it comes to managing your passwords.

Avoid the Obvious

Avoid using the most obvious choices like your children’s names or notable dates. Choose passwords that would be difficult to trace back to someone or something that is important to you. Choose random numbers and words that can be easily remembered. Hackers who break into accounts will often look through your information to try and find patterns. Random words and phrases are less likely to be picked up within the pattern.

Two-Factor Authentication

Two-factor authentication can involve the use of a PIN and a password, or a PIN/password and a series of security questions. It can also include the use of a security key ( a card that is coded with personal information) and a PIN. The only way to access the account is to have both pieces of the puzzle to unlock the code. If one of the pieces is wrong, you may be locked out of your account until a system reset can be performed.

Separate Numbers and Symbols

Numbers and symbols that are used together may indicate a date or account number. Separate your numbers and symbols to remove any type of familiar sequencing. Alternate numbers, letters, and symbols so that it is difficult to identify any type of common pattern or series.

Use Your Fingerprint to Secure Mobile Devices

One of the best ways to protect your information is through the use of your fingerprint. iPhones can now identify your eye by scanning your cornea. Both of these methods use body parts that are unique to you. No one can duplicate them or alter them in any way. By using a fingerprint or eye-scan to protect your mobile devices, the information stored on that device is protected. You should still, however, change your passwords frequently.

Don’t Use the Same Password for Multiple Accounts

Avoid using the same password for multiple accounts. Choose a new and unique password for each account you have. While it may be difficult to remember multiple passwords, the alternative could mean devastating financial losses. Choose several password and PIN options that can be used effectively. In some cases, you may be able to rotate them. This must be done randomly and without a pattern to maintain the highest level of security possible.

There are ways to protect your passwords and PINs so that you can maintain your accounts and keep them secure. Using a password manager is just one way to secure your accounts. Determine which type of measures work best for you and use them effectively so that all of your information remains protected from outside predators and hackers.

Every account you have is protected by a password or a PIN of some kind. A PIN is a personal identification number that is unique to the account it is attached to. In some cases, you are allowed to choose your own PIN.

Top 8 Cybersecurity Concerns For Local Businesses

Top 8 Cybersecurity Concerns For Local Businesses

As businesses add more layers of cybersecurity to their arsenals, cybercriminals are finding new ways to attack system, networks and devices. There is a constant stream of emerging threats that can mean trouble for companies of any size.

Why Is Data Security a Major Challenge Going Forward?

Businesses today are realizing the vast opportunities that come from leveraging, monetizing and collaborating on their collected data. That means companies need to protect their data not only from privacy breaches but also from data misuse, data manipulation and loss of intellectual privacy.

Data validity, for example, is one particular area of cyberattack emerging. Data need not be stolen to hurt the business reputation. Instead, hackers could alter data such that it becomes invalid or inaccurate in such ways to delegitimize business outcomes and partnerships.

Industries need to identify and deploy new technologies that protect data while it’s at rest and in transit. Privacy risks related to data in use are hindering the full realization of data collaboration, limiting the opportunities available to companies.

Here are 8 other cybersecurity challenges that businesses need to combat now or shortly.

1.  Chatbots at Risk

Artificially intelligent chatbots have become commonplace, helping to answer questions and guide web visitors to required information and action. Hijacked chatbots, however, could mimic existing tools to drive victims to click on links, download malicious files or share private information.

Web application flaws could also be exploited to insert malicious chatbots into sites that don’t have one.

While these intrusions will likely be text-based bots for now, shortly, speech-enabled bots could lead to further victimization over the phone or other voice-enabled technologies.

2. Artificial Intelligence Mean Powerful Malware

The rise of AI, the Internet of Things and machine learning means more opportunities for business transformation. They also invite more smart attacks using intelligent malware. Cybersecurity providers need to develop new means of detecting these threats and training personnel to recognize and prevent them. Many of these preventative measures need to be automated to provide continuous detection and prevention.

Part of the challenge is the sophisticated tools hackers are using. Updated exploit kits, artificial intelligence and natural-language algorithms have allowed hackers to automate convincing emails. Simple processes allow for the generation of emails to millions of stolen addresses with compelling phishing attempts.

3. Data Exposure

AI-enabled applications rely on data pools to power advanced functionality, both for smaller companies and giants like Amazon and Facebook. The increasing use of data pools means more potential for developers to expose information, often customer data. These data aren’t necessarily subject to hack, but instead are vulnerable and accessible to anyone who can find the vulnerabilities.

4. Cyberwarfare

Bad actors are no longer content on ransomware and phishing attempts. Technology advancements provide new opportunities for targeted and individualized attacks.

These attacks may leverage artificial intelligence to target individuals or corporations. Data integrity attacks, for example, could force organizations to completely replace computer hardware. Physical assaults could use drones and other tools for physical assaults.

5. Infrastructure at Risk

Nation-states will continue to wage cyber attacks on enemies with state-sponsored attacks on infrastructure. Attacks on national security, emergency communications, public health and financial systems could cripple governments and create spiraling consequences for the private sector.

Smaller conflicts could also be used as testing grounds for nation-states to assess new tactics, procedures and technologies that could be used in more significant geopolitical conflicts.

6. Data and Privacy Regulation

In 2018, the launch of GDPR, covering privacy issues for European Union citizens, forced companies to reevaluate their privacy and disclosure procedures. Similar privacy laws were approved in Canada and California. These new regulatory mandates are likely the first wave of protections that will force companies to spend more on cybersecurity, data transparency and reporting. As control of data begins to shift from institutions to individuals, companies are going to need better ways to monitor and report on compliance from multiple jurisdictions.

7. Connected Devices in the Crosshairs

With connected refrigerators, stoves, thermostats, doorbells and washing machines becoming the mainstay in many homes, the possibility of exploits is grave. Hackers will begin to identify and exploit vulnerabilities in these smart devices. Manufacturers will need to build in additional safeguards and architecture to meet growing consumer demand while keeping bad actors away.

8. Industrial Control System Risks

While there are more automated systems to allow for greater control of buildings, utilities and factories, there are inherent risks of exposure. Many of the players providing the technology in this space are new, making high-value targets all the more enticing to hackers.

Each year brings with it new technical innovations sure to drive better business outcomes. At the same time, hackers will find more sophisticated means to create more effective intrusions.

As businesses add more layers of cybersecurity to their arsenals, cybercriminals are finding new ways to attack system, networks and devices. There is a constant stream of emerging threats that can mean trouble for companies of any size. Why Is Data Security a Major Challenge Going Forward?

SCAM ALERT: Google Play Gift Cards

If there’s a will there’s a way when it comes to scammers, especially with gift cards. Everyone loves gift cards. Consumers love how easy it is to purchase gift cards, use gift cards and even give gift cards. It’s as simple as buying a card at a brick and mortar store or clicking a few buttons and almost instantly having the funds needed to play. Scammers love gift cards too. Gift cards can immediately be activated and spent by these scammers even before the owner of the card knows what happened.

Google Play gift cards are targets right now. Scammers love how easy they are to steal so consumers need to stay one step ahead of these online crooks. Here’s one of the latest Google Play Gift Card Scam that is scouring the internet.

Google Play Gift Cards

Scam Alert: Currently there is an email scam occurring where thieves, posing as someone the recipient knows and are phishing for personal, financial, and other private information. This includes requests for Google Play Gift Cards. For example, the message will read, “I need you to pick up a couple of gift cards. Can you make this happen? The type of gift card I need is Google Play gift cards. I need 4 cards in $500 denominations…scratch the back of the card to reveal the card codes and email me the gift card codes.”

Take away: Never provide any personal information including gift card codes like Google Play in an email. What seems like the information is going to a trusted source, it could be a scam.

If there’s a will there’s a way when it comes to scammers, especially with gift cards. Everyone loves gift cards. Consumers love how easy it is to purchase gift cards, use gift cards and even give gift cards.

Should Your Business Upgrade It’s Website To WordPress 5.0.2

Should You Upgrade Your WordPress Site To 5.0.2

Only a few short weeks ago, we wrote about the introduction of WordPress 5.0 in early December and discussed whether or not your company should upgrade now, never or at a later date. Our recommendation was to wait until some of the bugs had been worked out of the system and until your business has a slow time of year to ramp up to the new way of posting with this new update. It seems that we were on the right track since WordPress has just made WordPress 5.0.2 available to the public, a maintenance release that addresses 73 known bugs associated with WordPress 5.0.

What is WordPress 5.0.2?

WordPress 5.0.2 seeks to address some of the problems that users have been having with the new WordPress 5.0 release. Most of these issues are associated with the block editor feature. Unlike previous WordPress releases, 5.0 is a WYSIWYG editor and requires no HTML or coding knowledge. According to WordPress, the new maintenance release increases the posting speed by 330 percent (for a post with 200 blocks). It also includes 45 block editor improvements, fixes 17 known block editor bugs and addresses some internationalization issues. You can view a complete list of the problems discussed with 5.0.2 on the WordPress website.

Should we upgrade to WordPress 5.0.2?

Our original opinion on whether to upgrade to WordPress 5.0 now or wait still stands. We still feel it’s prudent to expect since many businesses are otherwise occupied with end-of-the-year tasks in December and January and a radical revamping like 5.0 is likely to have a few growing pains. Also, 5.0 uses Gutenburg, which is not compatible with many WordPress plug-ins. As with any upgrade, we also recommend backing up all of your WordPress files before you download WordPress 5.0.

However, if you have already upgraded to WordPress 5.0, it is a good idea to go ahead and download the 5.0.2 maintenance release. This is likely to make your WordPress experience less troublesome and less time-consuming. To upgrade to WordPress 5.0.2, download WordPress 5.0.2 or go to your WordPress dashboard, go to Updates and click Update Now. In fact, you may already have the new maintenance release. Websites that support automatic background updates have already started to update automatically.

To learn more about using WordPress, deciding whether WordPress 5.0.2 is the right choice for you and your company, and to learn ways to make your website more efficient for both you and your readers, contact Ulistic.com or call us at (enter contact info). We can also help you with backing up your data before your upgrade.

Only a few short weeks ago, we wrote about the introduction of WordPress 5.0 in early December and discussed whether or not your company should upgrade now, never or at a later date. Our recommendation was to wait until some of the bugs had been worked out of the system and until your business has

Have You Made Up Your Mind Regarding Your 2019 Technology Plan?

December 31st is Make Up Your Mind Day

As New Year’s Eve approaches, it’s time to remember its other name: Make Up Your Mind Day. As the last day of the business year for most companies, it’s also a vital point for putting your plans for the next year into action. Unfortunately, creating a business technology strategy can be a complicated process for many IT professionals. Which way will your company go in the new year?

Make Up Your Mind Day

December 31 is Make Up Your Mind Day.  So have you made up your mind regarding your 2019 technology plan?

Here are a few ideas to keep in mind as you work on developing your business technology plan for 2019:

Have You Made Up Your Mind Regarding Your 2019 Technology Plan?

  • Look at digitizing: The process of turning your organization from a traditional one to a digital enterprise is a complex process and requires a great deal of thought and investment to pull off well. Companies that lack a solid understanding of the challenges and opportunities are among the reason why 84% of attempts at digitization end in failure. Make sure you prioritize this vital part of your company’s growth for the upcoming year.
  • Consider legacy assets: Will that old server holds out a few more years or is it time to upgrade the aging sales software instead? Though legacy assets can be challenging to incorporate into your existing scheme, it’s much easier than it was just a few years ago given the prevalence of solution-based software. However, there’s a particular point where it’s just more straightforward to say goodbye to these old classics. Fortunately, there are a few easy signs to help you recognize whether that time has come.
  • Contemplate what tech employees use: Should you dictate to employees the technology they should use when at work? Considering the prevalence of mobile devices and the focus on specific brands, the iOS versus Android battle may appear front and center at your workplace very soon. With 38% of employees resenting management dictating what tech they can use on the job, it’s important to consider more comprehensive solutions that allow employees to work more productively.
  • Take a look at the long-term goals: Trying to bring your business into the fourth industrial revolution without long-term goals to guide you would be like Columbus taking off across the Atlantic without an astrolabe. You know you’re following something, but you waste a lot of time and effort trying to get there. Our friends at Hacker Noon have a great article on how to break down large, seemingly impossible goals into shorter goals, allowing you to navigate from one point to another without being lost in an ocean of planning.
  • Consider upgrades: What condition are those old workstations in? What about that series of laptops that you’re continually making repairs to or sending out for warranty work? When you have the budget available, upgrade or replace poor-performing assets in your system to improve your overall uptime and reduce the amount of work that needs to happen to keep things rolling. This gives you more free time for strategizing to get your business ahead.
  • Make it mobile: If you’re not mobile by this point, you’re missing out. There are so many tools available to help you improve productivity, whether it’s connecting social media accounts, communicating with teams, taking remote payments or having music while you’re wrapping up quarterly reports. Adding mobile capability means your entire team can be more productive on the go, whether waiting for the VP for the meeting or dealing with an emergency from around the globe.
  • Contemplate automation: What does your workflow look like? If you still have manual processes that can be automated, you’re wasting money. Whether it’s marketing tasks that can be more easily handled by a bot on Facebook, a tracking system for your warehouse to make your pickers more efficient or any number of other tasks, automation keeps your business rolling smoothly and efficiently while making your operation more flexible.

With digitization breathing hot down the necks of most IT professionals, having a solid technology strategy in place can make the difference between success and failure of the business as a whole. As IT shifts from an ancillary department to the central core of a company, it’s important to make sure that the leadership is in place to strategize this shift and ensure that it can be made successfully without costing the business more than necessary to provide an excellent outcome.

December 31st is Make Up Your Mind Day As New Year’s Eve approaches, it’s time to remember its other name: Make Up Your Mind Day. As the last day of the business year for most companies, it’s also a vital point for putting your plans for the next year into action. Unfortunately, creating a business

5 Tips To Boost The Performance Of Your Business WiFi Network

Boost The Performance Of Your Business WiFi

It’s difficult to imagine a modern business that doesn’t have Wi-Fi. The internet is one of the most powerful tools in the world right now, and every level of every business typically needs it on demand. For most business locations, that access is determined by the integrity of the Wi-Fi network. There are a lot of components to even the simplest networks, and some things can make performance great or drag it into the ground. If you follow just five simple tips, you can solve the most common problems and have a faster, more reliable Wi-Fi experience.

Find the Right Spot

Wi-Fi coverage starts with placing the central router. Two things determine the right spot for your router: range and interference. The first thing you want to do is find a central room that will allow the router to reach the whole building. If you have multiple floors, the router needs to be in the middle. Standard business equipment will have a range between 100 and 200 feet. That’s a good rule of thumb to help you find the best place to keep it.

Interference is often a bigger problem than simple range. Thick walls or ceilings can eat a lot of the radio signal that Wi-Fi uses. The adobe and stucco styles that are popular in the Southwest and California are particularly rough on signal strength. Basically, any wall that isn’t hollow is going to be trouble. By that same philosophy, you want to avoid putting the router in cabinets or other obstructions that add to the effective thickness of material the signal needs to penetrate.

Even worse than thick obstacles are metals and electronics. Any sufficiently large metal container or siding can act as a Faraday cage and ultimately kill the signal. Large electronic devices and heavy-current wires can also create large sources of interference.

When you put it all together, you want a location for your router that is as central as possible and clear of obstruction. Empty space should surround the device for the best signal strength.

Boost Your Range

Even when you manage to find the perfect spot, you still might not have the coverage you want or need. Many buildings are just too big for a single router. Additionally, floor plans aren’t made with Wi-Fi in mind, so there might be a frustrating nook or corner that isn’t getting signal. This is more easily overcome than it might seem. A repeater or range extender will usually solve the problem. They attach to the signal of the central router and act as an extension hub to give your Wi-Fi a more extensive range.

When you place a repeater, follow the same rules you did for your router. The repeater can fall victim to the same interference as any Wi-Fi device.

Save Bandwidth

In the end, you only have access to so much data per second. Sometimes finding a provider with a more significant data stream is necessary, but there are things to check before going that route. In general, there are two sources of bandwidth hogs that you can manage: users and apps.

Managing users starts with security. Your Wi-Fi needs a strong password and encryption to ensure that unauthorized users are off the network. Piggybacking is often the source of internet slowdowns for businesses everywhere. It doesn’t take effective security measures to plug that leak.

If your business offers Wi-Fi access to customers, the issue is a little trickier. Usually, the best practice is to have at least two completely separate networks. Guest access can be segregated from business-critical functions. That way having too many guests at once won’t impact your ability to function as a business.

Managing apps is also pretty easy. The biggest bandwidth hogs are applications that involve video. Higher definition video adds to demand, so your best bet is to try and schedule use of these apps around moments when Wi-Fi is in less demand. If necessary, you can use administrative software that will automatically throttle apps that use too much bandwidth, but keep in mind that this can impact the performance of those apps.

Try Different Channels

There’s a good chance that your business is surrounded by other buildings. There’s another good chance that those buildings also have their own Wi-Fi networks. Those adjacent networks can interfere with each other, and it is usually inconsistent and frustrating when it happens. There’s an easy fix.

Cycle through different channels on your Wi-Fi router and network. Considering the standard range of routers, you should be able to find an unused channel. That will eliminate the interference problem and help your overall performance.

Check Your Service

After all is said and done, most businesses don’t provide their own internet access. Best practices can do wonders for your Wi-Fi, but you’re still at the mercy of your internet plan. If it doesn’t pack enough power, optimizing your other resources won’t solve the problem. Make sure that your data pipeline is sufficient for your business needs. It may be that spending a little more on internet access is an investment that can generate positive returns.

Sometimes the simple stuff won’t cut it. It’s worth remembering that IT experts exist, and many can offer a competitive means to solve your internet issues. If the DIY approach isn’t enough, look for an IT services company that can get you what you need for a price you like.

It’s difficult to imagine a modern business that doesn’t have Wi-Fi. The internet is one of the most powerful tools in the world right now, and every level of every business typically needs it on demand. For most business locations, that access is determined by the integrity of the Wi-Fi network.

What Is the Difference Between Managed Services and Break/Fix IT Services?

Break Fix Computer Services

Computer systems have a way of breaking at the worst possible time: in the middle of your business’s rush season, right before a long weekend or when your regular IT technicians are on vacation. When this happens, many organizations call a repair service, looking for an estimate on getting back to work as quickly as possible. While this can be an acceptable solution in the short-term, it can become quite expensive regarding lost productivity and direct costs over a more extended period. When you’re not able to plan ahead for the costs associated with a problem, you may find that your IT budgets are short when you get ready to implement the “next big thing” for your business users. Reduce the overall risk to your business and protect your ongoing profitability by implementing a managed IT services model.

What Are Break/Fix IT Services?

At their most basic, break/fit IT services are precisely that — when something breaks, you call someone to fix the problem. While this is a highly simplistic explanation, it represents a more reactive approach to technical problem resolution. Instead of actively looking for ways to partner with organizations to enhance their security, shore up problems and enhance usability, companies who specialize in break/fix solutions are waiting to hear about a problem before they jump into action. When that happens, technicians work with your business remotely or come onsite to diagnose the problem, ultimately charging your business an expansive hourly rate for the resolution. You pay only for services that you’re using when you need to use them. While there are no monthly or ongoing fees, it can be complicated to predict when you’re going to have a problem or the extent of the costs required to fix the issues.

If the technician you work with doesn’t have experience with your particular platforms, they may spend a fair bit of time getting up to speed and researching the issue and resolution. If the problem isn’t fixed the first time, you’ll be charged each time technicians spend time working with your business. It’s difficult if not impossible to predict long-term support costs with this model and since technicians are paid by the hour, there isn’t a compelling case for them to quickly come to a resolution that gets your teams back online.

How Are IT Managed Services Different from Break/Fix?

With an IT managed services model, you’re paying a consistent monthly rate to ensure that your business infrastructure remains secure, scalable and accessible. An IT managed services contract often includes guaranteed uptime and specific expectations around how quickly questions are answered or solutions provided. This means that your IT department is able to accurately project costs over time while still maintaining a high-performance, complex environment. This type of model allows your technology team to offload many of the day-to-day tasks associated with infrastructure management, such as:

  • Password resets
  • File and folder recovery
  • Application of software and security patches
  • Virus and malware protection
  • Server scaling
  • Software license management
  • Business continuity and disaster recovery solutions
  • Mobile device management
  • Security and compliance support

Each of these services provides a unique value to your business while allowing IT professionals with the capacity to push internal business and technology initiatives forward.

Enhanced Security Solutions

A key concern for businesses today is the security of systems and data — both information that is in transit as well as at rest. With a managed services IT provider, you have the assurance of a team of security experts actively reviewing your business’s security and performance metrics. Proactive monitoring of a wide range of systems from a central interface allows your managed services partner to offer proactive recommendations to enhance your security as well as spot problems and begin immediate remediation. A data breach can cost your business thousands if not tens of thousands of dollars, but a quick catch of a vulnerability can often be patched before cybercriminals have an opportunity to slip through your security procedures. This augmented security posture is particularly important for organizations storing personal, health or financial information for their customers.

Whether you are currently looking for an IT services partner or just exploring the idea of moving in this direction, the benefits are clear. More predictable cost structures over time, a deeper well of expertise on which to draw and the ability to quickly return to productivity are all compelling arguments for this proactive approach to your information technology infrastructure.

Computer systems have a way of breaking at the worst possible time: in the middle of your business’s rush season, right before a long weekend or when your regular IT technicians are on vacation. When this happens, many organizations call a repair service, looking for an estimate on getting back to work as quickly as

10 Tips To Guard Against SamSam Ransomware

In July 2018, an article published by Naked Security stated that SamSam, one of the latest ransomware threats, has been one of the most costly and dangerous attacks in history. SamSam leeched at least $6 million from unwitting victims, some of which were well-known businesses and government operations.

SamSam Ransomware

SamSam ended up costing the Colorado Department of Transportation upwards of $1.5 million as of April 2018, according to the Denver Post. The FBI and Department of Homeland Security (DHS) agencies have stepped in with recommendations to help business owners keep themselves and their data protected from not just SamSam, but other malware as well.

1. Make changes to systems that rely on RDP remote communication.

If you don’t use the RDP service, disable it. If you do rely on remote communication, work with an IT consulting agency to implement upgraded patches that conform to current system operations.

2. Use firewalls to protect open RDP ports.

If your system utilizes open RDP ports and public IP addresses, make sure these are rightly protected with a firewall. Virtual private networks should be used to access these ports, so make sure all users understand how to access the systems even once they are protected.

3. Beef up system passwords and lockouts.

One of the easiest ways to defend against brute-force attacks is to beef up your passwords and lockouts that are in use. USA Today says passwords should be a random collection of characters (upper and lower case), at least eight characters long, and that you should use a different password for each application. Use strong passwords among shared devices just the same as you would on the internet.

4. Utilize two-factor authentication processes.

Two-factor authentication processes offer an extra layer of security for applications that have it available. Many business owners skip doing two-factor authentication because it saves time, but this is an easy way to make systems more secure.

5. Pay attention to system updates as they become available.

System and software updates are hugely important, whether they are manually implemented or automatically added. These updates are frequently released as new threats emerge to the surface that would otherwise compromise an existing system. Never turn off automatic system updates and have a business security expert check your system for updates on occasion.

6. Implement a reliable backup strategy.

If something happens and your system is compromised by a SamSam ransomware attack, you need to have a backup plan already in place. Therefore, it is critical to implement a reliable backup access strategy so your system and your data can remain accessible.

7. Enable system logs and keep them for at least 90 days.

System logs will record every login attempt through RDP ports and other applications. In the event of an attack, IT analysts will be able to pinpoint the exact time that the system was infiltrated, which can be really helpful to solve the problem.

8. Follow guidelines for accessing cloud-hosted services.

If you do have cloud-hosted data that you frequently access, follow that provider’s rules for accessing your data and do not ignore their guidelines. These rules are specifically in place to keep your information protected. If you are using third-party services that require RDP access ports, make sure the service is following the latest safety practices.

9. Keep network exposure at a minimum for critical hardware.

In other words, if you have a hardware system that can function without being interconnected to all other devices on the network, then operate it as a standalone component. Just because you can connect everything in the modern technology setting, it does not always mean that you should. If SamSam or another ransomware attacks, hardware that is not connected can be safe. Likewise, it is good if you turn off sharing between printers and other devices unless it is absolutely necessary.

10. Restrict users from running software and opening emails.

There should only be trusted people within your business who are allowed the privilege of running software on any system. Therefore, make sure all users have a clear set of outlined access permissions and restrictions. It is also essential that email attachments are carefully handled, which means not every user should be allowed to open, access, or view email attachments.

Even though protecting your business from SamSam ransomware and other business cybersecurity threats can be time-consuming, it is these lines of protection that will save you from an expensive attack. Reach out to a cybersecurity expert for more information about adequately protecting your business network.

In July 2018, an article published by Naked Security stated that SamSam, one of the latest ransomware threats, has been one of the most costly and dangerous attacks in history. SamSam leeched at least $6 million from unwitting victims, some of which were well-known businesses and government operations. SamSam ended up costing the Colorado Department of Transportation upwards of

Critical Questions CEO’s Need To Ask When Evaluating Cyber Security Risks

The number of cyber attacks has continued to increase exponentially. In fact, the FBI reported that since January 1, 2016, the number of cyber attacks using ransomware has risen to more than 4,000 daily attacks. Evolving technology and an increasing dependence on digital communications have created higher risk factors for businesses of all sizes. To effectively evaluate their cybersecurity risks, CEOs need to ask a few critical questions.

CEOs & Cybersecurity

Understanding The Cyber Security Landscape

Much like addressing any boardroom problem, CEOs need to ask the right types of questions if they are to effectively map out their cybersecurity defense system. A failure to effectively implement cybersecurity best practices can not only lead to stolen business files, but it can cost the company millions of dollars. In fact, in 2018 the average cost of a data breach increased by 6.4 percent from 2017 to reach $3.86 million. To avoid this hefty cost, CEOs should ask their IT teams the following questions.

  1. What critical information could be stolen during a cybersecurity attack?
  2. Who is authorized to access mission-critical information?
  3. Is our business involved in any type of information sharing? For example, are other companies or outside consultants allowed to remotely access the networks where critical information is stored?
  4. What security measures are already in place to avoid ransomware attacks? For example, have employees been trained on cybersecurity best practices and is two-step authentication used for all digital communications?
  5. How many threats does the business receive on a daily basis? Secondly, what are the identified areas of strength and weaknesses, and how can cybersecurity policies be enhanced?

The next series of questions will help CEOs to better understand specific risk levels.

  • What is the identified current level of cybersecurity risk?
  • What is the protocol when a cybersecurity risk is a) identified, b) escalated, and c) resolved?
    • Are lessons learned implemented so that the specific type of cybersecurity risk can be mitigated in the future?
  • How is the cybersecurity plan designed to mitigate insider threats (e.g., when an employee accidentally opens a corrupted file containing ransomware)?
  • Does the business continuity and disaster recovery plan include the potential for cybersecurity incidents?
  • Are best practices being implemented and is the cybersecurity plan up to industry standards?
    • Is the business prepared to effectively work with local, state, and federal government cyber incident responders/investigators in the event of a cybersecurity breach?

The goal of these questions is to help CEOs effectively evaluate and manage their company’s specific cybersecurity risks. For example, by identifying which critical assets would be most impacted by a cybersecurity attack, CEOs can best prioritize how to protect these particular entities by allocating resources and developing the policies and strategies needed to manage the heightened cybersecurity risk areas. In short, the goal of asking and answering these questions is to establish a “what if” environment rather than an “it won’t happen here” mentality, which can not only create a sense of false security but can also cause costly data security lapses.

How CEOs Can Implement Cyber Security Best Practices

As they answer the above questions, CEOs should also look to create a cybersecurity environment that leverages best practice approaches. In fact, by answering the above series of questions CEOs will be taking the first step needed to develop a robust cybersecurity plan. By elevating cybersecurity risk management discussions with not only the IT department but also with leaders from each department, CEOs can ensure that best practices are implemented across the company. After all, when it comes to cybersecurity, a company is only as strong as its weakest link, which in many cases is an employee who doesn’t follow the security guidelines.

The next step that CEOs should take is to ensure that the new cybersecurity plan adheres to industry standards. Instead of merely relying on compliance certifications and standards (which often represent the “bare minimum cybersecurity protocols” that a company should implement), CEOs should instead turn to industry best practices. For example, CEOs should ensure that they meet the guidelines outlined in the Federal Information Security Modernization Act, that they follow the insights provided by top organizations, and that create a proactive environment focused on consistency.

Finally, CEOs should ensure that any and all cybersecurity risk metrics are a) useful, b) measurable, and c) meaningful. In this vein, a useful metric would be to measure how long it takes for the IT department to patch an identified vulnerability. If the number of days it takes to create the patch reduces, then it shows that the cybersecurity risk is being lowered. However, if the number of days it takes to create the patch increases, then the company is being placed at a higher risk. If the threat continues to increase, then weakness in the company’s cybersecurity has been identified and should subsequently be addressed.

It is equally critical that companies test their entire incident response plan. As seen through the previous example, the trickle-down impact of a cybersecurity weakness can lead to costly results. By examining the incident response plan across the entire company, CEOs can ensure that both minor and large-scale cybersecurity incidents will be effectively resolved using industry best practices. In this vein, CEOs should evaluate in a mock cybersecurity incident how the department leaders, employees, and IT respond. After all the best incident response plans and cyber security tools are only as good as a) the people using them and b) the people reviewing them. If the entire company is not dedicated to implementing cybersecurity best practices, then the organization will remain at a higher risk level.

The Bottom Line: CEOs Need To Remain Prepared Against Existing And Emerging Cyber Security Threats

It’s no secret that new cybersecurity threats appear every day; however when CEOs fail to create a “what if” approach to cybersecurity, then they are leaving the doors open for an unwanted digital invasion. Through employee education, asking the right questions, and implementing the best practices approach, CEOs can shore-up their cyber security and keep critical data assets safe from threats. In conclusion, CEOs need to remain proactive in their approach to cybersecurity by leveraging the skills of industry experts and becoming a part of the more significant security conversation to ensure that their business and those that they exchange information with remain secure in the coming year.

The number of cyber attacks has continued to increase exponentially. In fact, the FBI reported that since January 1, 2016, the number of cyber attacks using ransomware has risen to more than 4,000 daily attacks. Evolving technology and an increasing dependence on digital communications have created higher risk factors for businesses of all sizes.

Happy Wright Brothers Day – December 17

On December 17, 1903, Orville and Wilbur Wright made the first successful flight in a mechanically propelled airplane. To celebrate the accomplishment and commemorate the achievements of the brave brothers, December 17 became Wright Brothers Day by a 1959 Presidential Proclamation. Wright Brothers Day is now honored every year in the United States with festivities and activities.

Wright Brothers Day

A Land of Innovation and Invention

In the nation’s beginnings, the founding fathers had to cross an unfriendly ocean to live in uncharted land. Early settlers made their way across the vast landscape, using their strength and ingenuity to adapt to often harsh conditions.

Over the history of the US, Americans laid track to build railroads to span the nation, while other Americans built the cars that would change the way people live. The Wright Brothers succeeded in their revolutionary flight soon after.

What Was Once Thought Impossible

Before the Wright Brothers launched their flight, most people could not imagine that flight by humans was possible. Earlier efforts to leave the ground were limited, because there was no way to sustain flight or control a contraption in the air. The Wright Brothers knew that they would need to be able to control the wings and nose so that a pilot could navigate while in the air.

While it seems obvious now, their ideas changed the way humans view the world. People felt attached to the earth, trapped in two dimensions. Once people were able to fly, they could see the world from an entirely new perspective. Distances become relative, and the world seems both grander and more interconnected. The boundaries that used to limit people’s activities no longer hold that control over our lives.

Humble but Loving Beginnings

Milton and Susan Wright were the parents of Orville and Wilbur, and they encouraged their sons to learn about whatever they could and to travel to other parts of the world. Mr. Wright was a bishop in the United Brethren Church, and his position caused him to travel a lot for church business. While he was away, he sent many letters and gifts home to his family, exposing them the many fascinating wonders the world has to offer.

Wilbur and Orville started in the printing business and even had their own newspaper for a while. They started their own bicycle business in 1894, making and selling bikes to turn a profit. But their dreams were always bigger.

When Wilbur and Orville started seeing other inventors’ attempts at building flying machines, the brothers figured out where they were going wrong. Their first gliders did not succeed, but the Wright Brothers kept trying until they achieved their dream. The Wright Brothers decided what they wanted to do, and then they realized what other people couldn’t with their own abilities.

On December 17, 1903, Orville and Wilbur Wright made the first successful flight in a mechanically propelled airplane. To celebrate the accomplishment and commemorate the achievements of the brave brothers, December 17 became Wright Brothers Day by a 1959 Presidential Proclamation. Wright Brothers Day is now honored every year in the United States with festivities

6.8M Facebook Users Hit By New Photo Bug

Facebook has just announced that a Photo API bug gave app developers access to user photos outside of the scope intended for 5.6 million users. This includes granting apps access to Facebook Stories, Marketplace photos, and photos that were uploaded but not shared. The bug was in effect from September 13th to September 25th.

Facebook Bug

As of now, Facebook is working on releasing tools to allow app developers to determine if they were impacted by this bug, and will work with them to delete unauthorized photos. Facebook will also be notifying any users they suspect may have been affected.

Learn More

If you have any questions or concerns about this latest Facebook bug, please don’t hesitate to contact me directly at 905.763.7896 Ext. 214 or sales@pacetechnical.com.

Facebook has just announced that a Photo API bug gave app developers access to user photos outside of the scope intended for 5.6 million users. This includes granting apps access to Facebook Stories, Marketplace photos, and photos that were uploaded but not shared.

Top 5 Cybersecurity Predictions For 2019

Cyber threats are a genuine danger for businesses, no matter their size or industry. Companies that face data breaches are likely to fail within months after the attack, according to the National Cyber Security Alliance. Security issues can ruin your reputation and cause expensive damage to your company.

2019 Cyber Security Predictions

In 2019, we are already predicting increased cyber crimes to steal more data and resources. The FBI reported that over $1.4 billion in losses were experienced by companies and individuals in 2017. These expenses come from increasing security, losing information, losing physical resources, ransomware payouts, scams and more. The most significant sources of cybercrime included:

  • Email compromise
  • Confidence fraud
  • Non-payment or non-delivery scams
  • Corporate data breach
  • Investment scams
  • Identity theft
  • Advance fee scams
  • Personal data breach
  • Real estate/rental fraud
  • Credit card fraud

Looking forward into 2019, we are preparing to face some of the biggest and hardest attacks yet. Hackers are working to build faster and smarter tools that get around the security systems and regulations that organizations and companies have in place. Companies have to be prepared for cybercrimes that could wreak havoc on their customers or business. Most industries have strict compliance and regulations to keep data safe and can face fines or even jail time if they are not diligent in their cybersecurity efforts. Here are the five major cybersecurity trends we expect to see in 2019:

Multi-Factor Passwords

The password alone is becoming increasingly easy for hacker entry. Fingerprints, ear scans and even social security numbers are all increased measures of security to help battle cybercrime. Using multi-factor passwords is going to be a crucial part of security for 2019 for both personal data and organizational strategies. A large amount of data breach occurs due to human error or negligence so multi-factor passwords can help decrease some of those occurrences.

Data Privacy and GDPR

The EU pushed businesses everywhere when they required the adaptation of the General Data Protection Regulation (GDPR). Many companies and organizations that didn’t have dealings in the EU started making changes to prepare for the level of modifications expected so they wouldn’t be scrambling to catch up later. The regulations that went into effect this past May are still going to have a significant impact on 2019.

The Rise of Cryptojacking

Last year, ransomware cost over $1billion in damage, but we see a shift towards crypto jacking as the more popular attack. Ransomware takes a lot of research, social engineering and development. In many cases, the payments have gotten smaller because companies, educational institutions and organizations are refusing to pay the ransom at all. Cryptojacking is stealing cryptocurrencies by leveraging the computers of an unsuspected user without their knowledge or permission.

When a cyber criminal puts the crypto mining program into effect (often in a JavaScript), the system will slow it’s processing power as it also operates the mining efforts. This can cause whole systems to falter, leading to sluggishness or downtime for businesses. Best case means lost productivity, but a worst case might bean major blackouts if the attack occurs on electrical utility computers or huge issues for patients if the attack is happening to a hospital. This method of cybercrime is less time consuming to set up, more accessible for the hacker to implement, provides a higher payout and often is harder to track.

AI Attacks

We are seeing a heightened increase in artificial intelligence (AI) and machine learning (ML) that cybercriminals are using to focus their attacks. Hackers are using these systems to train and fine-tune their own programs with malicious intent while maintaining a strategic distance.

IoT Regulation

The Internet of Things (IoT) is a grouping of intelligently connected systems that might include vehicles, devices, appliances, electronics, software, connectivity and actuators. These primarily are unregulated and we expect 2019 to be the year when the security issues here may finally be addressed. This may require certifications or a governmental agency to step in and formulate laws. With increased connectivity, the threat of IoT security breaches are genuine public safety concerns and shouldn’t be taken so lightly. Companies that produce these connective devices and software should already be carefully considering these concerns and how to best keep the users protected.

We know tech threats are a genuine issue for your business. Outsourcing tech support or tech help is one way to ensure you have all of your bases covered. If you need help implementing security, contact us today. We offer the strategies, technology and expertise to keep you protected!

Cyber threats are a genuine danger for businesses, no matter their size or industry. Companies that face data breaches are likely to fail within months after the attack, according to the National Cyber Security Alliance. Security issues can ruin your reputation and cause expensive damage to your company.

Sextortion Scam Pretending To Come From Your Hacked Email Account

A recent sextortion scheme highlights the vulnerability users face when their data is stolen and used against them.

The widespread threat made it seem as though a hacker had compromising video of a victim taken while visiting adult pornographic websites. The scammers threatened to release the video unless they were paid in bitcoins.

Sextortion Scam

Here’s a closer look at the threat and how to prevent such ruses in the future.

What Happened in the Sextortion Case?

The latest fraud was different from earlier sextortion cases in one significant aspect. Victims were targeted with an email that appeared to come from their very own email account.

In the past, similar hacks used passwords to an adult website that had been stolen in a data breach. The scammer would threaten to release information about the victim’s activity in exchange for cryptocurrency.

Are These Schemes Successful?

The risk of public embarrassment is a powerful motivator for many victims who would rather pay than be exposed for visiting questionable websites. The recent scheme was first noted in the Netherlands, where it reportedly netted €40,000 in short order. That kind of quick cash is highly motivating to hackers looking to make a large amount of money fast.

What Did the Sextortion Email Say?

The English version of the scam had a subject line that included the victim’s email address and “48 hours to pay,” e.g. “username@example.com 48 hours to pay,”

In broken English, the scammer claimed to be part of an international hacker group that now had access to all accounts and gave an example of a stolen password.

Throughout several months, the email alleged, the victim’s devices were infected with a virus from visiting adult websites. Now, the hackers had access to a victim’s social media and messages.

“We are aware of your little and big secrets … yeah, you do have them,” the email continued. “We saw and recorded your doings on porn websites. Your tastes are so weird, you know.”

The email further claimed to have recordings of the victim viewing these websites and threatened to release them to friends and relatives. It demanded payment of $800 in bitcoin within 48 hours of reading the message. If the funds were received, the data would be erased. If not, videos would be sent to every contact found on the victim’s device.

For unsuspecting victims, receiving such an email could be terrifying. That’s why so many people succumb to such demands and pay up.

What Can Users Do?

While it’s easy to be scared into sending payment, the reality is that these emails can be ignored and deleted. It’s a good idea after doing so to run an anti-virus scan on all your devices to be sure that there is no malware installed.

Many of these scams occur because a domain has been hacked. However, these vulnerabilities can be eliminated by using some basic protections. Using domain name system (DNS) records designed for email validation and authentication are an essential first step. Here are three of the most common:

  • SPF. A sender policy framework (SPF) verifies that an email that claims to come from a domain is associated with an authorized IP address. An SPF can detect faked sender email addresses in spam filters. Hackers are less likely to target such domains for phishing attacks.
  • DKIM. DomainKeys Identified Email (DKIM) lets an email receiver verify that an email coming from a domain was authorized by that domain. Senders need to attach a digital signature to each outgoing message that’s linked to a domain name. The recipient’s system can compare that signature to a published key.
  • DMARC. Layered on top of SPF and DKIM is domain-based message authentication, reporting and conformance protocol (DMARC). Established in 2011, DMARC allows email senders to publish policies about unauthorized email. Also, email receivers can provide reporting to those senders. Both are designed to build a domain reputation and credibility about Domain-issued emails.

Your users and domains are vulnerable to hackers looking to exploit technology to shame people into paying. With the right technology assessments, security protocols and safeguards in place, your systems will be protected and dissuade hackers from attacking your sites in the future.

A recent sextortion scheme highlights the vulnerability users face when their data is stolen and used against them. The widespread threat made it seem as though a hacker had compromising video of a victim taken while visiting adult pornographic websites. The scammers threatened to release the video unless they were paid in bitcoins.

What’s The Difference Between Computer Repair and Network Computer Services?

The fundamental difference between computer repair and network computer services is that computer repair is a very reactive concept. Something breaks, you call your trusted technician and they make the fix — and bill you for time and materials while your staff members wait for their technical problems to be resolved. With network computer services, the model is entirely different. You enter into a longer-term partnership with an organization which works closely with you to create a proactive support infrastructure which often allows your staff to continue working even while a problem is being solved. Businesses that are looking for a way to normalize their annual IT costs and provide predictable service levels should investigate network computer services.

Computer Network Services

Why Are Technology Fixes So Expensive?

When you think about it, it makes sense why it’s so expensive to have a consultant or team come into your business and resolve a problem. Not only are they taking on a fair amount of liability for a short-term relationship, but they also have a substantial ramping up time and effort each time you need to have a problem resolved. This methodology is called “break-fix” for a reason: something breaks, and you invite someone to come fix it. This is especially problematic when you consider the costs of a break-fix solution include internal IT or management time, additional contracts or scoping of a work project, lost productivity for business staff . . . Plus the additional upcharge for the services that are rendered by your consultants. All of these items can quickly add up to make a small issue become a much larger cost than initially expected. What’s worse is that it’s nearly impossible to budget for specifically when something is going to break.

How Can I Accurately Project IT Costs?

Holding a pattern in your technology costs can be a challenge. Business units are always looking for additional functionality for their budget dollars, and it can be difficult to justify why that project didn’t get completed due to lack of funds. When you have to divert dollars from an upcoming project to pay for an unexpected problem resolution, it can raise eyebrows and cause questions from leadership. One of the most effective ways to ensure that you’re able to accurately predict the costs to maintain your business infrastructure is to work with a network computer services partner. This type of relationship comes with a variety of benefits, such as the assurance that patches are resolved and applied quickly and accurately to your software and hardware.

Can Network Computer Services Improve My Security?

Internal technology leaders or teams are nearly always overworked, with more projects than they can possibly accomplish in a year. Unfortunately, this can mean that there are difficult decisions to be made: do you schedule a security review and patch your software or do you get started scoping that new website that marketing desperately wants? Both activities require time from the technology team, but there are risks down either path. If you decide to put off a new projects for a security review, you take the chance that teams will begin doing their own development and open up security risks. If you take on the new project, you’re risking a cybercriminal finding a way to infiltrate your network security. This is the type of challenge that is tailor-made for a network computer services team, as they can help resolve your infrastructure security challenges and provide internal teams with an opportunity to support new business requirements. Ongoing, scheduled maintenance and robust security procedures help protect your organization and your sensitive customer data. These updates and proactive monitoring are crucial to ensuring that your organization does not fall subject to the latest malware or phishing tactics.

Working with a managed services provider has a range of benefits: more predictable technology costs over time, improved network security and technology maintenance and better overall experience for your business users. Working with a network computer services organization provides your team with the in-depth knowledge and additional skill sets to supplement their own expertise. Your trusted services provider is able to leverage best practices from across various industries to offer you superior remote service and ongoing support, depending on your particular contract levels.

The fundamental difference between computer repair and network computer services is that computer repair is a very reactive concept. Something breaks, you call your trusted technician and they make the fix — and bill you for time and materials while your staff members wait for their technical problems to be resolved. With network computer services,

Are Your Employees Your Largest Cybersecurity Risk?

Regardless of the money businesses invest in cybersecurity, technology is only part of the cybersecurity puzzle. Regardless of new hardware, updated software and the best IT support team, cybersecurity is an ongoing commitment. Cybersecurity must be on the minds of every employee every hour of every day.

Employee Cybersecurity

A Chain Is Only As Strong As Its Weakest Link.

This idiom is attributed to Thomas Reid who wrote “Essays on the Intellectual Powers of Man” in 1786. It first appeared in print in 1868 in the Cornhill Magazine. Simply put, it means that a group of people can only be as strong or successful as the weakest or least successful member.

Email is a favored method of cybercriminals – email is used to transmit ransomware, viruses and other harmful software.

Each email that each employee opens represents a cybersecurity threat. Only with a continuous and ongoing employee awareness program can you have an effective cybersecurity solution. It only takes one employee opening one email to expose your business to a cyber-attack.

Employees come and go – make sure that critical passwords are changed when an employee leaves. Be sure that new hires understand your cybersecurity policies and know to whom they should report potential risks.

What Can Businesses Do to Ensure Employees Don’t Pose a Security Risk?

First, ensure that you have a firewall, up-to-date anti-virus software and a spam filter. Always make sure that every new computer, laptop or tablet is up-to-date on these items before it is given to an employee.

Email 101. Teach email safety. These simple questions will help employees evaluate emails that originate from unknown senders.

  • Who is this email from? Virtually every email should be originating from a fellow employee, a supplier or a customer.
  • Why am I getting this email? Emails should relate to an employee’s job description.
  • Are attachments safe to open? Have you taught your employees how to decide what types of files are safe to open?
  • Does an email threaten to cancel a credit card or close an account if you don’t pay money? Employees need to understand this might be ransomware.
  • Is an email really from someone known? Teach employees how to spot suspicious “look-alike” email addresses.
  • Does anything just not seem right about an email? Neither the IRS nor the FBI sends emails to employees.

Continuing Education for your Employees. People are people, and they forget. Employees need ongoing training about email safety. Keep the training short and exciting to keep their attention.

  • Weekly mini sessions – perhaps by the department.
  • Utilize a speaker from your IT provider.
  • Weekly email “Cybersecurity Tip of the Week.”
  • Share actual case studies (specific to your industry is ideal).
  • Monthly E-newsletter – could be part of your IT partner’s service.
  • Simulated phishing attack conducted by your IT partner.

The Power of Human Error

In spite of educating your employees, human error accounts for almost 50 percent of data breaches. The accidental loss of a device or a misplaced document may be the cause of a severe security breach. Shred-It vice president Monu Kalsi observes that the smallest bad habits may result in substantial security risks. Examples include:

  • Leaving a work computer unsecured while on break or in a meeting.
  • Leaving sensitive documents out on a desk overnight.
  • Accidentally leaving sensitive documents on an airplane (the Homeland Security Super Bowl debacle).
  • Leaving sensitive documents within view of others in a public space.
  • Using public Wi-Fi.
  • Sharing company-issued computer with family or friends.

Draft a written policy to provide each employee who works remotely from home or when traveling.

Another potential source of human error may come from sub-contractors or vendors who have access to your facilities and/or employees. The Shred-It study showed that 20-25 percent of security breaches were caused by vendors. Ensure that when a vendor relationship ends that all ties are severed – change codes for keyed entrances when there is a vendor change.

Attention to small details may save your company lots of money.

The Bottom Line …

Employees are human. They make mistakes or commit errors in judgment. They also forget. Invest in updates for firewalls, security software and well-trained IT personnel. Regular cybersecurity training for your employees protects your business from damaging cyber-attacks.

  • Update policies. Incorporate a clean desk policy to prevent unauthorized copying or theft of critical document. Develop and institute a vendor policy and a remote employee policy.
  • Go paperless whenever possible. Invest in technology that scans essential documents into PDFs that are emailed to the owner of the document. Shred the document immediately after scanning.
  • Hard drive disposal. Destroy obsolete hard drives. Never throw them away because even deleted information can be retrieved by smart cybercriminals.
  • Lost device policy. Designate someone that employees can tell immediately if the equipment is lost or stolen.

Regardless of the money businesses invest in cybersecurity, technology is only part of the cybersecurity puzzle. Regardless of new hardware, updated software and the best IT support team, cybersecurity is an ongoing commitment. Cybersecurity must be on the minds of every employee every hour of every day.

Cape Cod Community College Hit With $800,000 Phishing Attack

Hackers Know How to Steal Money Anonymously

In West Barnstable, Massachusetts, Cape Cod Community College recently fell victim to a phishing scam that resulted in the school losing more than $800,000. The money was taken out of the school’s bank accounts. While this kind of scam is common these days, there are measures a business can take to prevent it. In the case of Cape Cod Community College, experts believe endpoint security solutions using next-generation technology would have prevented the monetary loss for the school.

Cape Cod Ransomware Attack

The hackers of today are quite sophisticated, and if a business falls victim to one of their scams, there is often very little they can do about it. Hackers know how to remain anonymous, and leave few if any, digital footprints to follow. This means the likelihood of recovering one’s money is little to none. That is why it is so vital to prevent these things before they happen by using proper technology.

The president of Cape Cod Community College, John Cox, revealed the financial loss via a digital theft to the staff and faculty of the school in an email on December 7. By working with the bank at which the school’s accounts were held, the school has been able to recover about $300,000 of what was stolen, which is more than most smaller businesses would be able to do. It is unlikely they will be able to recover the entire $800,000, but they might be able to get some more of the money back by working closely with the bank, as they are doing.

Details of the Digital Theft

Cox gave an interview with a local newspaper after informing the workers at the college of the theft. In the interview, he revealed many interesting details about the theft, including:

  • The email that allowed hackers access to the school’s bank account information appeared to come from another college, so it seemed safe to open the attachment that came with it.
  • After opening the attachment, the person who initially opened the email believed the attachment was suspicious and alerted the school’s IT department. Alerting the IT department is standard protocol at the school when it comes to suspicious emails and attachments.
  • When the IT department did a diagnostic on the attachment, they found a polymorphic computer virus embedded in it. They quarantined the virus, but it had already gotten into the school’s computer network.
  • The scammers had a fake URL that seemed to go to TD Bank, where the college has its accounts. By placing phony calls to school employees to validate transactions, the scammers were able to make nine transfers out of the college’s bank accounts, totaling $807,103.
  • The scammers attempted 12 transfers, but workers at TD Bank recognized three of them as suspicious and did not allow them to go through.
  • Cape Cod Community College has recently installed next-generation endpoint protection software, but only on some of their computer networks. If it had been installed on all of them, the hackers likely would not have been able to gain access to the school’s bank account information and use it to transfer out the money.

Other Schools Have Had This Issue, As Well

Cape Cod Community College is not the only school to have this kind of issue in recent times. In June of 2018, hackers stole around $1.4 million from 21 account holders in the Connecticut Higher Education Trust.

Hackers are not just after money, either. They are out to cripple the schools they target. Sometimes, they don’t steal any money at all, but instead, generate outages of the computers at a particular school. This happened to a college in Wisconsin in June of 2018, and it resulted in classes having to be canceled for three days because the computer infrastructure to support the classes, students, and employees wasn’t there.

It hasn’t just been colleges being targeted, either. K-12 schools are also targets. A public K-12 school in New Jersey lost $200,000 in September of 2018 in a phishing incident similar to the one experienced at Cape Cod Community College.

Technology Companies are Stepping Up to Help Prevent This

Technology companies are stepping up in light of such incidents, creating phishing simulators to help schools teach their employees to avoid allowing their workplaces to become the next phishing victims. They are also reaching out to schools to increase awareness of the need for next-generation endpoint protection software, and to help schools install and use it.

Hackers Know How to Steal Money Anonymously In West Barnstable, Massachusetts, Cape Cod Community College recently fell victim to a phishing scam that resulted in the school losing more than $800,000. The money was taken out of the school’s bank accounts. While this kind of scam is common these days, there are measures a business

Happy National App Day: December 11th

Even though the word App is relatively new, it has become popular in everyday terminology as its uses have changed lives in the modern world. Almost all mobile phones are now smartphones, so even those individuals who were apprehensive about using new technology now use apps on a daily basis. That is why we now celebrate National App Day every year on December 11.

National App Day

What is an App?

The word “App” was listed as the word of the year by the American Dialect Society in just 2010, showing just how quickly apps have become a regular part of society. But people already use the word so much they don’t really think of where it comes from. While the term “app” is short for “application,” common usage has changed the meaning.

An app is actually a kind of computer software or a program, and now usually refers to a very small one used on mobile devices like smartphones and tablets. Initially, the term could have meant any mobile or desktop application, but the term has quickly evolved to conform to the way people use it. Now there are thousands of apps, and some individuals and businesses design and run their own apps to make specific tasks easier.

Kinds of Apps and Main Uses

There are three basic kinds of apps, but Web Application Apps are used through a browser and Hybrid Apps have characteristics of both Web Application Apps and Native Apps. Native Apps are the ones used on mobile devices, and they only work on certain devices and have a special source code.

Of course, once someone understands how apps work they can create a new one to perform specific functions. Apps are available on Google Play for Android users, Apple’s App Store, the Windows Phone Store and BlackBerry App World. There are currently millions of apps, and prices range as widely as uses. Some apps are entirely free, while others have a recurring rate.

  • Apps can be used for communication, including encrypted phone calls or video phone.
  • Apps can be used for entertainment, providing movies, books and music.
  • Travel apps provide needed information and tools, helping with everything from transportation to finding the closest restaurant.
  • Many people use apps for games, playing simple games like solitaire or complicated games with players around the world.
  • Many apps provide important tools, helping people organize their homes or perform essential functions at work.

There is no reason to think the proliferation of apps will slow down any time soon, if ever. It only remains to be seen how many people will adopt these handy tools to perform more and more specific jobs. Hopefully, people will be thinking of the endless possibilities as they celebrate National App Day on December 11.

Even though the word App is relatively new, it has become popular in everyday terminology as its uses have changed lives in the modern world. Almost all mobile phones are now smartphones, so even those individuals who were apprehensive about using new technology now use apps on a daily basis. That is why we now

Is Your Current IT Company Living Up To Their Social Responsibility?

As a business owner, it’s up to you to make sure that the information and data collected by your company are secure and protected against the many different types of cyber threats lurking within the dark web. Many people believe it is the responsibility of their IT company to handle this type of situation. While that may be true to an extent, they can only do so much. It is up to the company’s management team to understand what threats are out there and take proactive measures to prevent their clients’ information from falling into the wrong hands.

Corporate Responsibility

Social Responsibility Starts With You!

As a company, you are responsible for your client’s information. If they provide it to you, it’s up to you to make sure it remains secure. Enlisting an IT company to create a strong, security network is ideal. If you don’t take matters into your own hands and include a few measures of your own, however, your system will still have gaps. Multi-factor authentication, firewalls, and intrusion detection systems are just the beginning. Your clients depend on you to give them quality products and services, not internet liability risks. It’s up to you to be socially responsible when it comes to maintaining security protocols and protecting the sensitive information that you use during your business.

Owning Your Risk

Hardening your own environment by implementing cybersecurity protocols over and above what your IT management offers is essential if you want to truly protect your client base. Owning your risk is more than just taking control of your internet security. It involves working with your IT company to create a multi-level security network. You can start by working within the NIST (National Institute of Standards and Technology) framework which includes features that:

  • Identify potential risks and issues
  • Protect against cyber attacks
  • Detect possible intruders
  • Respond to possible breach or risks
  • Recover after an attack

By using this framework and adding your own security measures, it will be more difficult outsiders to access your system and steal your client’s or company’s confidential information. The key is using the tools and resources provided by your IT company and then expanding your efforts to achieve a level of automated security that doesn’t rely solely on human interaction.

Competitive Advantage

Companies that take the initiative and work to harden their cybersecurity often gain a competitive advantage over those who are lax and at a higher risk of cyber attack. Small to mid-size businesses can’t afford the danger of being breached. The fact is that once a small business experiences a breach, the majority of them end up going out of business after just a few months. As a business owner, if you want to maintain that competitive edge, you need to be proactive regarding cybersecurity. It means working hand in hand with your IT company on a regular basis to ensure you are doing everything possible to protect all of the data your company uses.

Perform cybersecurity audits. Beef up your firewalls. When it comes to internal data and information like financial reports and a client’s confidential information, use multi-factor authentication. This limits who has access to the data within the company, preventing those who don’t need the information from accidentally (or intentionally) tapping into it. Your IT company can help you find the right protection features so that there is little risk of any type of breach.

Regarding social responsibility, it’s up to you to ensure your company’s information is protected. If you aren’t socially responsible, then you’re overall liability dramatically increases and your business can find itself in jeopardy if a breach occurs. As a business owner or member of a management team, It is your responsibility to hire the right IT company and to also ensure that you are doing your part. It’s your responsibility to maintain accountability for your company’s assets. Separately, risks can tear your business apart. When you work with your IT company, you are better able to manage your company’s information and dramatically reduce your risk of a cyber attack.

As a business owner, it’s up to you to make sure that the information and data collected by your company are secure and protected against the many different types of cyber threats lurking within the dark web. Many people believe it is the responsibility of their IT company to handle this type of situation. While

Important FBI/DHS Warning: Update On FBI and DHS Warning: SamSam Ransomware

The Department of Homeland Security and the Federal Bureau of Investigation issued a critical alert Dec. 3, warning users about SamSam ransomware and providing details on what system vulnerabilities permit the pernicious product to be deployed.

SamSam Ransomware

According to the alert, which came from the DHS’s National Cybersecurity and Communications Integration Center (NCCIC) along with the FBI, the SamSam actors targeted multiple industries—some within critical infrastructure—with the ransomware, which also is known as MSIL/Samas. The attacks mostly affected victims within the United States, but there was also an international impact.

As pointed out in the alert, organizations are more at risk to be attacked by network-wide infections than individuals because they are typically in a position where they have no option but making ransom payments.

“Organizations that provide essential functions have a critical need to resume operations quickly and are more likely to pay larger ransoms,” the alert states.

That does not mean individual systems cannot or are not attacked, but they are targeted significantly less by this particular type of malware.

How do SamSam actors operate?

Through FBI analysis of victims’ access logs and victim-reporting over the past couple of years, the agencies have discovered that the SamSam actors exploit Windows servers and vulnerable JBoss applications. Hackers use Remote Desktop Protocol (RDP) to gain access to their victims’ networks through an approved access point and infect reachable hosts. From there, the cyber actors “escalate privileges for administrator rights, drop malware onto the server, and run an executable file, all without victims’ action or authorization,” the report states.

RDP ransomware campaigns are typically accomplished through stolen login credentials—sometimes purchased from darknet marketplaces—or brute force attacks. Since they do not rely on victims completing a specific action, detecting RDP intrusions is challenging, according to the alert.

Ransom notes instructing victims to establish contact through a Tor hidden service are left on encrypted computers by the SamSam attackers. Victims are assured that once they pay the ransom in Bitcoin, they will receive links to download cryptographic keys and tools for decrypting their network.

Where did SamSam originate?

The Department of Justice recently indicted two Iranian men who allegedly were behind the creation of SamSam and deployed the ransomware, causing approximately $30 million of damage and collecting about $6 million in ransom payments from victims. The crippling ransomware affected about 200 municipalities, hospital, universities and other targets during the past three years, according to an article from Wired.

Keith Jarvis, a senior security researcher at SecureWorks, reiterated the sophistication of the SamSam ransomware and how it gains access to systems through weak authentication or vulnerabilities in web applications, methods that don’t require the victim to engage in a particular action. Hackers also go out of their way to target specific victims whose critical operations rely on getting systems up and running as quickly as possible, making them more likely to simply pay up.

What technical details about SamSam are important?

In the joint DHS and FBI report, the federal agencies provided a list, though not exhaustive, of SamSam Malware Analysis Reports that outline four variants of the ransomware. Organizations or their IT services administrators can review the following reports:

MAR-10219351.r1.v2 – SamSam1

MAR-10166283.r1.v1 – SamSam2

MAR-10158513.r1.v1 – SamSam3

MAR-10164494.r1.v1 – SamSam4

What mitigation and prevents practices are best?

In general, organizations are encouraged to not pay ransoms, since there is no guarantee they will receive decryption keys from the criminals. However, relying on a contingency plan or waiting out an attack, as advised by the FBI, is difficult when an entire operation has been compromised.

The best course of action is for organizations to strengthen their security posture in a way that prevents or at least mitigates the worst impacts of ransomware attacks. The FBI and DHS provided several best practices for system owners, users and administrators to consider to protect their systems.

For instance, network administrators are encouraged to review their systems to detect those that use RDP remote communication and place any system with an open RDP port behind a firewall. Users can be required to use a virtual private network (VPN) to access the system. Other best practices, according to the report, include:

  • Applying two-factor authentication
  • Disabling file and printer sharing services when possible, or using Active Directory authentication or strong passwords for required services
  • Regularly applying software and system updates
  • Reviewing logs regularly to detect intrusion attempts.
  • Ensuring third parties follow internal policies on remote access
  • Disabling RDP on critical devices where possible
  • Regulating and limiting external-to-internal RDP connections
  • Restricting the ability of users to install and run the unwanted software application

This just scratches the surface of actions that administrators and users can take to protect their networks against SamSam or other cyber-attacks. The National Institute of Standards and Technology (NIST) provides more thorough recommendations in its Guide to Malware Incident Prevention and Handling for Desktops and Laptops, or Special Publication 800-83.

Information technology specialists can also provide insight and advice for how organizations can detect gaps or vulnerabilities in their cyber-security that leave them susceptible to SamSam or other malware infections.

The Department of Homeland Security and the Federal Bureau of Investigation issued a critical alert Dec. 3, warning users about SamSam ransomware and providing details on what system vulnerabilities permit the pernicious product to be deployed. According to the alert, which came from the DHS’s National Cybersecurity and Communications Integration Center (NCCIC) along with the FBI,

How Can You Stay Safe From Phishing Attempts? Try These 7 Tips

In this article, we’ll be going over the top seven ways to protect yourself and your business from email phishing attempts. But first, what is phishing?

phishing

Phishing Defined

Although it may sound like a recreational sport, phishing is not a virtuous practice. It is, instead, the deceitful and illegal practice of trying to obtain personal information by way of fraudulent emails.

Most of the time, phishing emails purporting to be from a legitimate business, like a store, bank, or online service. Frequently, these are establishments where you actually hold an account, so receiving them, at first, may seem reasonable. It’s when you look at the details of such emails that things become troublesome.

The goal of phishing emails is to appear legitimate while luring personal information, like the following, out of you:

  • Login information (usernames and/or passwords)
  • Social security number
  • Credit card or financial information
  • Date of birth
  • And other (usually financially related) information

If you end up giving the fraudsters this data, their ultimate goal is to use it to hack into your life in some way — often by getting access to your bank accounts, credit cards, and