Friday, March 16, 2018

Humans cause so much trouble

Have you been focusing on software packages and anti-virus tools to protect your data from hacking? That may not be enough, because it overlooks one of the biggest causes of security breaches. All of the security software and expertise in the world is useless if you or your employees don't remain vigilant about their behavior as it relates to hacking scams and data security. Human error remains the biggest cause of security breaches and data loss at almost all companies, large or small.

We just can’t remind you enough that you need to develop a culture of security among all of your employees. Changing passwords frequently, not sharing passwords, and learning to recognize and avoid opening nefarious emails are the top three lessons you need to reinforce with your employees. And don’t make it a once-in-a-while memo, make it part of your office culture, with ongoing reminders, links to articles explaining phishing scams, and routine reminders to change passwords. Contact your MSP if you’d like to learn more techniques to educate your employees about their data security responsibilities.

Friday, March 9, 2018

The most boring topic Ever

Yes, today’s blog is about office phone systems. You have one. They are dull, necessary, and no one wants to deal with them. They need to be re-configured for new employees, they’re confusing, and the telco lines probably cost you more money than you'd like.

Like everything else, office phone systems began transitioning to fully online/digital well over a decade ago. The proper term is “ Voice over Internet Protocol” or "VoIP." In a practical sense, it means that your phone lines are no longer coming in over traditional, “plain old telephone” lines, or other standard protocols from the 1960s to the 2000s. Instead, voice signals are now being carried to your phone from the telco via the internet, such as your broadband connection.
Why do this? There are a few simple benefits.
  1. You cut the higher landline charges, especially for international calls
  2. Old fashioned systems are becoming obsolete, and parts aren't available
  3. You don't need 2 separate cabling systems anymore. One for telco, one for internet is no longer necessary.
  4. They rely less on hardware to do the job, so reconfiguring for a new employee or a major office shift is much, much easier. It is now a software change, not a hardware issue.
  5. Your employees are no longer tied to the phone at their desk. VoIP allows integration with mobile devices.
This is just a quick summary, but it gives you a starting point for understanding why most firms are moving to VoIP systems and abandoning the old traditional PBX and key systems of an earlier era.

Friday, March 2, 2018

The Cloud: what do you get?

The cloud refers to using off site computing resources and storage to supplement or even replace the use of on-site/in-house resources. Instead of buying hardware and software to support your business, you are basically outsourcing this set of tasks.

There are 4 benefits for the small firm and today we will look at the first 2.

Elasticity - With onsite computing, if you need additional capacity you have no choice but to purchase that capacity in discrete steps, which means bearing the costs of being over-capacity for a period of time until growth catches up. Onsite computing also means you must have the capacity to handle your own peak computing and storage demands, and resources may go underutilized much of the time. The cloud allows complete elasticity in the utilization of computing resources. You buy only what you need, as you need it. You can grow or downsize as the business demands.

Pay as you go - On-site hardware involves significant capital expenditures. The cloud allows you to pay for only what you use. The cloud also allows you to benefit from economies of scale that aren't available using the in-house model. Labor, equipment and maintenance expenses are shared across a vast pool of users.

In the next few weeks, we’ll return to this subject to look at other ways the cloud brings efficiencies to your technology infrastructure that you could never achieve on your own.

Friday, February 23, 2018

What the cloud means for you–Part II

Recently, we talked about ways the cloud brings value, business protection, and economies of scale to the smaller firm that they could never achieve by themselves. Today, we look at a final benefit of the cloud.

Protection against on-site disaster - If a disaster strikes your physical business location, on-site resources can be damaged, destroyed, or become inaccessible for a period of time. Even if it isn't a major disaster, if you have a failed server your business could be down for an extended period. When everything occurs in the cloud, you are vaccinated against this type of business calamity. You can still access and use computing resources from anywhere.

In summary, left entirely on its own a small firm just does not have the resources and capital to fully support its own technology infrastructure. The cloud turns that upside down, enabling firms to enjoy the benefits of a fully supported tech foundation without levels of expenditures that are just not feasible for smaller operations.

Friday, February 16, 2018

The Cloud means no more stormy weather

Many small firms are pretty busy handling their own business, and don’t give much thought to what they would do if a natural disaster from a bad snowstorm to much worse hit their physical location and cut power, or physical access to the building. What if the equipment storing all of your data and software needed to run day to day operations became inaccessible? What would happen to your ability to continue to serve your clients or customers?
Though we call it the cloud, with images of gray skies and rain, the cloud can be a ray of sunshine. It is an excellent and cost effective resource for smaller firms to make sure they maintain 24/7 access even in bad weather. Because everything is maintained off site, you can (1) bypass disruption or damage that may have occurred at your physical site, and (2) access what you need to keep your business functioning from any remote location.

Small firms need to realize they are most vulnerable to business disruptions, as they have less capital and fewer resources to carry them through a bad period. The cloud represents a simple and value driven resource to address business continuity issues that could turn a small firm's business upside down.

Friday, February 9, 2018

Your front door is talking

If you've been following the news, the Internet of Things is getting increasing attention. You’re probably also thinking this is some Silicon Valley fancy thing that will take years to reach the rest of us.
Not really. You probably already have some items of your own tied into the Internet of Things.
First of all, what is the I of T? Simply, it is any object that collects data about itself or its surroundings, and then transfers that data across a network to some other object, which can then make use of that data. For example, if you have a baby monitor that sends crib pictures from upstairs to your phone, you're tied into the I of T.
But what about business people? Where is it showing up in the workplace? You may have security cameras tied to a network where they can be monitored by a PC or phone. A front door lock that can be remotely opened via phone. A thermostat that can changed by the same phone. Internal lights that go on when you phone approach. All of these are part of the Internet of Things.

If you have questions about whether being tied into I of T presents a data security issue or hacking threat, you should contact a service consultant to discuss these issues. Headlines are now appearing about hacking into the I of T for nefarious purposes. It is a good idea to stay ahead of the curve because as a business, data security is a revenue-critical issue. Seriously, you don't want the front door telling someone your client’s private data.

Friday, February 2, 2018

NPO’s and volunteer security nightmare

Not-for-profits have an unusual issue regarding security. Firms that have trained, paid full-time employees have a strong level of control over the actions of their workers. NPOs, however, may rely heavily on volunteers whose time in the office may be minimal and sporadic. You may feel grateful for their dedication and be less likely to subject them to rigid security training. Also, a threat of punishment for those who make inadvertent errors that create security risks isn't going to be acceptable in the “volunteer” environment.
Though it may seem a waste of precious volunteer time, you need to consider implementing ongoing training and reminders to all volunteers about what they can do to protect your data and digital infrastructure. The 2 most common human errors are falling for phishing scams and bringing storage devices to your office and introducing them to laptops and other devices. Think of the volunteer who creates a brochure for you in their home office, then downloads it to your office PC. This is an excellent backdoor for a virus or malware to break into your infrastructure.
Remind your volunteers on a consistent basis that no outside storage devices are to be brought into the office for use on the NPO’s equipment. Secondly, provide training on how to recognize phishing scams and the risks of opening unfamiliar emails and links. Finally, for volunteers who work from home, consider using safe shared software platforms like Google Drive or Microsoft 365.

Friday, January 26, 2018

Security and your sub-contractors

So you feel relatively comfortable that you have created cyber security around your data and your employees are trained to avoid security errors in their day-to-day business ( a MAJOR source of security breaches, by the way.) However, you may be overlooking one area where you are exceptionally vulnerable. What protection do you have from those you do business with? If you are a manufacturer, for example, you may have several vendors who provide components and raw materials. How careful are they about data security? Smaller producers and service providers may perceive themselves as not being a likely hacker target, which is incorrect. Small firms are significant targets for data hacking because they have access to larger firms. They can provide a “digital backdoor” to the firms they sell to.
You need to work closely with all of your vendors to ensure that they are as serious about protecting their systems as you are. If you share digital information with your subcontractors, you open a very wide door for any of their vulnerabilities.
And this doesn't just apply to the manufacturing sector. Medical offices share data, for instance. Consider talking to a security expert to address your vulnerability to a security breach via the very vendors you rely upon. You need to expect as much focus on security from them as you do from yourself.

Friday, January 19, 2018

Cyber Crime and Security for SMBs

Did you know the illicit trading of personal data was worth $3.88 billion last year? Cybercrime is a growing industry known for its innovation. It goes far beyond the image many of us have of some hacker kid in his basement. Many who engage in this activity are professionals and work in large teams. Some may even be sponsored by governments. If you follow the news, you can find large corporations and even government agencies who have fallen prey to hackers and had massive amounts of data compromised. Unfortunately, this has led smaller firms to feel they fly below the radar. In fact, the opposite is true. Small businesses-especially those in regulated areas such as medical, financial, and legal services-need to be hyper vigilant about security. The cybercriminals' professional efforts will outdo your amateur efforts at security.
As a small business, you are vulnerable for two reasons. First, serious hackers see small business as entrances into larger entities. Small firms that have any interaction with larger firms, perhaps as a subcontractor, can be easy targets for professional criminals. Second, the clients or customers of small firms are shown to be less forgiving of data compromises that occur in small businesses.
Security now goes beyond buying an antivirus program online. You should seek professional advice setting up security policies and business continuity plans, or testing these policies on a routine basis. A professional can spot vulnerabilities and prevent breaches before they occur.

Friday, January 12, 2018

Government regulations

Any business that stores customer payment information must comply with a number of state and federal regulations. The legal, healthcare, and financial sectors have a number of laws tailored specifically for them (such as HIPAA or CISPA). If you run almost any kind of professional practice or agency you probably have very specific data security requirements. Running afoul of these regulations puts you at risk for legal action and probably means that you have bad security in place.
As a professional, your focus needs to be on your clients and running your firm. Regulatory requirements to ensure data security can be complex and include rigorous testing requirements. Ensuring compliance with the regulations can be a serious distraction for you and take you into territory where your experience is limited.
One of the best solutions is to work with a third party who has strong credentials in the area of regulatory compliance and data security. When you are working with a third party to set up security or data storage, make sure that they have experience working in your industry. Finding a service provider with experience in your profession can give you peace of mind knowing that you can focus on running your business without the distraction of ongoing technology concerns.

Friday, January 5, 2018

Higher goals get dragged down by Tech: The NPO story

If you are a smaller Not-for-Profit, it is likely that your organization has been driven from its inception by individuals strongly motivated with a passion for their cause or humanitarian goal. As a result, it is also possible that the leadership has little interest in developing the administrative technology infrastructure that is necessary for any organization to function in the internet age.
Failure to understand and focus on technology can damage an organization's growth and success. However, NPO leadership has to be laser focused on the day-to-day struggles of the organization such as seeking funding, keeping the doors open, and pursuing the mission. As a consequence, technology infrastructure may be cobbled together as an afterthought; resource limitations may lead to short term tech decisions that can be wasteful and more expensive in the long term.
An NPO, with its tight budget margins, is an excellent example of an organization that could benefit from outsourcing its fundamental tech needs to a MSP. A MSP can determine short and long term needs, assess possible solutions, and propose the most cost effective tech solutions to ensure a stable, long-term tech infrastructure. Without the time or stomach for administrative distractions, NPOs may continue to use the break/fix model, making less informed tech decisions that may ultimately waste precious resources. Good and careful planning with a professional can mean a better strategic use of organizational resources far into the future.