Category Archives: SMB Technology

Computer repair, network compliance, wifi, small business IT, remote backup, anti-virus, cloud computing tips

Stay Safe from Phishing Attacks

Many threats to your network abound, and often ransomware, malware and viruses enter your network through social engineering, or “phishing” emails. Read on to learn the extent of the problem and how you can keep your business from being affected by these threats. 

 

Phishing a Growing Threat

 

Social engineering attacks, including phishing, are among the greatest threats to individual users as well as small to medium-sized businesses. Even though giants like Google and Facebook get the headlines, small to medium-sized businesses are not immune. Anyone and everyone can be a phishing target, and these attacks often come through email, something people use every day. A malicious actor sends an email (perhaps appearing to be from someone the recipient knows), trying to get confidential information like passwords or trying to insert malware in the network. According to a CompTIA State of Cybersecurity report, it can cost $1.85 million to remediate a ransomware attack.  Often these attacks come through spam emails and contain dangerous links that, when clicked on, can introduce malware to your system. Spam emails, in fact, account for most of the ransomware attacks. In spite of the prevalence of phishing, many users are not aware of the risk; as many as 13.6% of recipients click on the link. 

 

How to Prevent Phishing Emails from Becoming Attacks

 

In spite of such daunting statistics, there is good news–more awareness about the dangers of phishing scams. Many companies are consistently and systematically training their employees, and those with more than eleven campaigns per year (on average, one a month), have a low click-through rate, only 13%. This awareness, along with using email solutions that filter out the spam responsible for many phishing attacks, can block the majority of phishing attacks and keep your network safe. It’s still wise to be prepared in case something gets through, and have data backed up off site for easy retrieval. Finally, you can train your employees to recognize a possible phishing email. Clues include addresses that don’t look real, spelling errors, poorly written content, and appeals to emotions like fear. Once your workers are on guard, they know not to click on dangerous links. If the email looks like it’s from someone the person knows, it’s good to check that the message is indeed from them. If not, the email can be deleted.

 

Though phishing attacks are growing more common (not to mention more sophisticated), many intrusions can be prevented with technological tools and employee training. To learn more about keeping your network safe, contact us today.

Cybersecurity Awareness is the First Step

Cybersecurity Awareness month is here, and is a great time to remember the importance of protecting our networks. Cybersecurity is a puzzle with many pieces; training your workers in awareness and best practices for cybersecurity is a key part of protecting your network, applications and data.. Read on to learn how to make your workers cybersmart in an age of increasing attacks.

 

Awareness is the First Step

 

Learning to be cybersmart involves common sense, being aware of threats and learning to protect against them. Ransomware, malware, phishing and more are part of the current threat landscape. Do your workers know how to identify a possible social engineering scheme, and how to report a phishing email? Are remote workers’ computers equipped with the latest anti-virus definitions, and the most current software versions? Do they know not to click on suspicious links? Passwords are another part of staying secure, passwords that are unique and easy to remember, and that are changed on a regular basis. Consistent training and reinforcement in these practices is the best way to make them part of your and your workers’ toolkit.

 

Awareness and Tools Go Together

 

Passwords, while still relevant, have been augmented with other tools for cybersecurity. Multi-factor authentication, which can involve more than one way of logging in, adds extra layers of security and ensures that only those authorized can access the system. Multi Factor authentication can be a one-time code delivered to email or via text, or it can be a biometric like a fingerprint. Multi-factor authentication has become more common over the years, and is a proven security method that goes beyond the simple username and password login. Other safeguards include operating system patches along with updated antivirus and anti-malware definitions. A combination of technical and human safeguards will help you keep your network secure and also remind your workers that they also play a vital role.

 

Awareness, though just the first step, is an important one. Combined with best practices and technical tools, it can help keep your network from being compromised. For more assistance, contact us today. 

Empower your Communication and Collaboration with UCaaS

Unified Communication as a Service (UCaaS) powers video and voice collaboration and communications on platforms like Microsoft Teams and Zoom, among others. These two popular platforms offer video conferencing, file sharing, and even telephony, which can help with collaboration and which require a strong network. Read on to learn more about what these solutions have to offer, and how you can prepare your company’s network. 

 

Platforms for a Hybrid Workforce

 

Zoom and Microsoft Teams are both good platforms for a remote or hybrid workforce. They both allow workers and groups of workers to communicate and collaborate, with Teams allowing as many as 10,000 participants in one meeting. Each offers its own benefits, and both allow workers, customers and vendors to stay in touch all over the world. Whichever option is best for your organization depends on your company’s needs. Microsoft Team offers communication tools like videoconferencing, along with integration with MS 365. Zoom offers videoconferencing and chat, and can integrate with Microsoft Teams. In terms of security, Microsoft Teams offers end-to-end data encryption and multi-factor authentication as part of its package, and end-to-end encryption is also an option with Zoom. Both platforms can operate on a cloud-based UCaaS basis, integrating different modes of communication and making licensing simpler.

 

Preparing Your Network for UCaaS

 

Unified Communications as a Service can help your employees collaborate and get work done easily; however, it requires a strong network, with Internet connection points and sufficient bandwidth. A good first step is auditing your network, to determine its capability to handle traffic and stay connected to the cloud. Endpoints–devices like laptops and phones–need to be connected to the cloud service provider’s network, ensuring the ability to effectively communicate and collaborate. Along with connectivity, your company needs to have enough bandwidth to support high call volumes and videoconferencing with multiple participants. One way to ensure sufficient bandwidth is spending more on wide-area networking (WAN), purchasing more bandwidth. Or your company can connect directly to a cloud service provider’s network, with the UCaaS provider being a part of the network. Using Software-Defined Wide-Area Networking offers a broadband solution to transmit data (such as in file sharing) and provide uninterrupted voice and video connectivity.

 

Using UCaaS for communication and collaboration offers many benefits, and requires consideration of the strength of your network. For assistance in preparing your network or assessing its readiness, contact us today. 

Use Desktop as a Service to Secure Remote Work

More than ever, your employees are working outside the office; this trend is expected to continue. Therefore your company needs the flexibility, reliability and security of a virtual connection. Read on to learn about Desktop as a Service (DaaS) and how it can help you keep your business running smoothly.

 

Make Desktop as a Service (DaaS) Work for You

Desktop as a Service (DaaS), with its flexibility, reliability and security, is invaluable for businesses with remote workers. Workers can access systems, data and applications via the cloud, with just an Internet connection and a web browser. The service provider furnishes the infrastructure, network resources and storage in the cloud, and users’ computers are connected to the virtual desktop, and can access data and applications. Rapid deployment means that a new device can be connected to the virtual desktop, and later disconnected if needed; this will help businesses cope with fluctuating demand at different times of the day or year. If demand on one server is too great, all machines can be migrated to a different server.  Remote IT support can be given by the service provider, preventing downtime and keeping your systems running. 

 

Desktop as a Service is Affordable and Secure

Desktop as a Service can be affordable by managing consumption during peak business hours and the cloud subscription model allows companies to pay just for the resources they use. Service providers can help manage consumption by reducing available resources during off-peak hours. When it comes to security, IT service providers can quickly create a new desktop in case of a ransomware attack, so that data and applications are not accessed via the affected device. 

 

Considerations for Desktop as a Service

While Desktop as a Service is a secure model for remote work, considerations remain. First, workers need to know best practice security procedures–both cybersecurity and physical security. Maintaining strong passwords, awareness of social engineering, and even guarding their device from non-business use–all of these still apply. On a management level, companies need to ensure that their Cloud service provider meets industry standards for regulatory compliance as required.  

 

Desktop as a Service, a flexible and affordable cloud offering, can help keep your remote workers busy and your company secure. To learn more about DaaS, contact us today. 

Technologies That Support Remote Work

Many companies realized the benefit of remote employees working from home. With companies competing to be the employer of choice, ability to work remotely has become a benefit many job hunters are looking for. With remote work becoming even more popular, technologies like cloud, software-defined wide-area networking (SD-WAN) and more have helped to provide a fast, secure and connected work environment. Read on to learn more about how cloud-based technologies support the remote-work experience

 

Take Advantage of the Cloud

 

Since it’s unlikely for remote workers to have IT infrastructure at home, the cloud supports remote access to a company’s applications and data. With just an Internet connection and a web browser needed to access a virtual desktop, remote workers can easily communicate, collaborate and complete tasks. Data and applications reside within the cloud, accessible to workers in their home offices. Better yet, SD-WAN can help keep traffic moving and business running smoothly.

 

Keep Things Moving with SD-WAN

 

A software-defined wide-area network, or SD-WAN, keeps bandwidth moving in order to give workers and customers a seamless and enjoyable user experience. Based on criteria that are set up ahead of time, SD-WAN can direct traffic in the most efficient way; if one route is bottlenecked or down for some reason, traffic gets redirected efficiently and your employees remain productive. Unlike traditional wide area networking, SD-WAN provides users a direct route to cloud resources. Not only is SD-WAN fast, it is secure even with transmission of great amounts of data. With such robust technology, workers can communicate and collaborate even more effectively.

 

Collaborate Using Unified Communications

 

Another technology supporting efficient remote work is Unified Communications (UC). With Unified Communications numerous communication and collaboration applications–VoIP, chat, customer relationship management and videoconferencing–are streamlined and available via a single Internet interface. Little or no hardware is needed(reducing capital expense), and even vast amounts of data can be transmitted between workers and with customers. Costs are reduced, and resources are scalable according to fluctuations in demand. Workers and customers are treated to an enjoyable user experience.

 

Technology that facilitates productivity and enhances the user experience are invaluable to remote work. To learn how to harness the power of cloud computing to speed remote work and keep your business running, contact us today.

Protect Your System on Multiple Fronts with Layered Security

In the last year, changes forced by COVID have introduced even more vulnerability into computer systems due to the increase in remote work. With cyber attacks, it’s a matter of when, not if. Therefore, many companies are taking a more proactive stance toward protecting technology assets. Read on to learn more about layered security and how to protect your network on multiple fronts.

 

Multiple Layers of Protection

 

Layered security can be defined as using multiple strategies to protect a company’s network, instead of one single strategy. This approach takes into account technology, processes and people and how they interact with each other.  The National Institute of Standards and Technology (NIST) has established a framework including the following 5 elements; Identify, Protect, Detect, Respond and Recover.  These elements provide a structured representation of layered security that has global adoption.

 

For example, a remote worker seeking to access their company’s system may use a virtual private network to log into their company’s network using an encrypted password along with a secondary form of authentication to access resources based on role and function.  Network monitoring can be used to determine who is seeking authentication from which IP address and when to detect a malicious intrusion. Previous training in cybersecurity can keep a worker alert to social engineering (“phishing”) emails, and keep them from clicking on a suspicious link or know how to respond if they feel they have been compromised. In the case of a compromise, local or cloud backup could be used to rapidly recover.  In the case where data may be leaked or lost, having an incident response plan helps to inform stakeholders as needed.

 

Relying on multiple layers of security is your best defense against cyber attack.  In a layered security system people, technology and processes combine to keep your computer network safe from intrusion. For help with developing a layered approach to security, contact us today.

Keeping Your Data Safe with Privacy Measures

In our digital age, gathering information online is anything but difficult. It is imperative for both to keep  information from landing in the wrong hands. Read on to learn about the crucial need to keep data safe, the threats to data privacy, and what to do about it.

 

The Importance of Data Privacy

 

A basic definition of data privacy is keeping confidential data confidential online and on computer systems. Privacy of information applies to collected personal information including medical and financial records, customer payment data, and customer data obtained from websites. Medical and financial data especially are subject to stringent regulations on access and security, and many companies indicate on their website how they use customers’ data in the course of business (if they don’t, they should). Personally identifiable data can be kept safe through encryption, and multi-factor authentication–for example, a password and at least one security question. 

 

Awareness of Threats to Your Data

 

Ideally, basic measures to keep data private would be enough. But both existing and new threats continue to increase. For example, in recent years automated calls (“robocalls”) have proliferated, increasing more than tenfold in the last few years. Of the three to five billion robocalls each month, at least 40% are thought to be fraudulent. And phone calls are just one way bad actors attempt to steal your data. Phishing schemes via text or email can also be a way to get unsuspecting recipients to give up personal data that can be used for fraud or even penetrating company computer systems with malware. According to CompTIA, phishing scams account for more than 80% of security incidents, and users are often the “weak link” that allow the attacks to happen. 

 

How to Protect Your Data

 

Even with threats escalating, you can protect your company’s data, customers and reputation. The FCC has recently addressed robocalls with STIR/SHAKEN, a technology framework designed to reduce fraudulent robocalls including ones using “spoofing” to mimic a legitimate phone number. Fraudulent calls will be designated as “potential spam,” which helps keep recipients from being tricked into giving up personal information. Along with STIR/SHAKEN, making your staff aware of phishing emails and texts can keep them and your business from possibly giving fraudsters valuable information. Phishing emails can often appear as urgent requests for help or information, or threaten consequences if the recipient doesn’t act. These emails should be reported, and then deleted, to remove the danger of clicking a dangerous link and introducing malware into your computer system. 

 

While threats continue to grow, there are ways to protect your business. For help in protecting your confidential data, contact us today.

Getting the Best Results from Your Cloud Budget

 

While moving to the cloud can be a cash-saving step–in the sense of shifting capital expense for infrastructure to an operational expense–the issue of managing cloud spending remains. Read on to learn more about aligning your company’s cloud spending to overall business goals.

 

Align Cloud Spending to Business Goals

 

According to a CompTIA whitepaper, companies often first migrate an existing system to the cloud, and then learn about things like integration and data security in the process. But what if your business is considering or reconsidering how to better plan its technology spend, with the use of cloud taking center stage? Cloud computing, with its benefits, can  introduce complexity into management of Cloud use and resource consumption. 

 

Your organization might want to re-evaluate its strategy with cloud, looking at the bigger picture of your goals and strategies and how your cloud consumption fits within them. For example, an organization might not need to keep cloud workspace running around the clock when employees only work eight hour shifts. And what if your company is considering new technology initiatives, extra cloud spending might be necessary to support digital transformation. There are ways to monitor and manage your cloud consumption, so that you know you’re spending where it will do the most good.

 

Monitor Your Cloud Consumption to Spend Effectively

 

In other words, the issue may not be spending more for the cloud, but spending more effectively. One way to do this is monitor how much cloud resources your company is using–overall and for specific applications. According to Gartner, “cost in the cloud is tied directly to ongoing consumption, so managing utilization is inextricable from managing expenses.” Simply monitoring cloud usage can include detecting and evaluating unusual spending, projecting future costs based on previous trends, and redirecting spending toward mission-critical applications while removing apps you no longer use. Businesses may be in the position of defining their goals, since cost management may have not been a consideration upon migration to the cloud. Cloud service expense management (CSEM) tools are available to track your company’s cloud usage, with the goal of better cloud budgeting.

 

Effective use of cloud computing, aligned with overall cloud and business strategies, can help you direct cloud consumption most effectively. For help with your cloud strategy, contact us today.

Keep Your Business Operating with a Business Continuity Plan

As the last year has shown us, we don’t know exactly what the future holds. However, with manmade and natural disasters like cyber attacks and power failures from storms, it’s a matter of when, not if, your company is faced with a situation that could threaten its operations. Read on to learn more about protecting your business with a business continuity plan.

 

Building a Comprehensive Business Continuity Plan

 

In its broadest sense, a business continuity plan is a proactive strategy to keep your business up and running during and after a disaster. That disaster could be a storm causing a power outage, or a ransomware attack like the ones affecting major companies in recent years. These can cause costly downtime that can hurt your company’s revenue and reputation. While data protection is part of the business continuity framework, business continuity plans go beyond to consider the relationships between people, processes and technology. A solid plan will take into consideration individual departments and their operations as well as how these departments work with the others. Risk management means evaluating likely threats, and the impact they’ll have on your business. 

 

Important Questions to Ask Your Technology Advisor

 

Developing a business continuity plan starts with asking questions about each department. What are their functions, and who carries out which functions? What processes do they use to carry out these functions, and what data and applications do they use in these processes? What are the mission-critical functions, and what infrastructure is needed? Then, consider how the departments work together, including the IT and security teams. Consider looking at your plan through the lens of resiliency, recovery, and contingency. Will your company be nimble enough to handle different threats? What are objectives for recovery, and what are your contingency plans for unexpected situations? The more specific your company can be in planning, the  better. Appropriate testing, with evaluation of results and refining your plan, is also critical. 

 

More than ever, your business needs to be nimble in their response to any disaster. For help in developing a comprehensive plan for your company’s response, contact us today.

Choosing the Best Cloud Service Model for Your Business

No question about it, cloud computing is here to stay. Considering migrating to the cloud is just the beginning, however. Three models to consider–IaaS, PaaS and SaaS–offer varying levels of shared responsibility between provider and customer. Read on to learn more about the three models, and to get an idea which is the best for your business.

Cloud Service Models–Benefits and Responsibilities

Infrastructure as a Service, or IaaS, requires the cloud service provider to establish the network and its connections. With this model, a company can have their provider maintain and operate the infrastructure; the client will still need to keep their operating system current, configure their platform to meet requirements, and control how information is handled and stored. A company using IaaS will have more flexibility, but will need more technical and security expertise and assistance. Moreover, the company needs to take on administrative roles for system level security.

The Platform as a Service (PaaS) model provides hosting and tools on which applications can be developed, and the provider is responsible for furnishing a user interface. The client is responsible for controlling administrative access to certain portions of computing resources, and also oversight of applications built on the platform. Also, the client needs to keep the platform current with operating system patches, and implement a cloud security strategy to protect their applications.

If a company chooses Software as a Service (SaaS), they will have more responsibility for maintaining user security and may take on some administrative roles for the application. While the provider handles the infrastructure, keeps the software applications up to date and provides hardware and software tools over the Internet, many security considerations remain with the customer. Your company will need to train employees in awareness about keeping the network secure, implementing a strong password policy and possibly a zero-trust environment where each log-in to the network is verified.

Whichever model your company chooses will depend on your budget, level of staffing and ability to take on certain responsibilities for maintaining a strong, healthy network. For more guidance in choosing the most appropriate model, contact us today.