Category Archives: SMB Technology

Computer repair, network compliance, wifi, small business IT, remote backup, anti-virus, cloud computing tips

Lessons from a Global Technology Outage

SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News,

As we saw two weeks ago, our entire world is dependent on technology. The global technology outage precipitated by a faulty software update rollout by Crowdstrike illustrates how a small problem can have enormous repercussions. The recovery will likely be difficult and expensive for many companies but especially for small to medium-size businesses. Read on to learn about how a technology advisor can help your company mitigate damage from and even prevent technical issues

 

The Outage and its Impact

 

On July 19, 2024, a global technology outage resulted from a faulty software update from technology firm CrowdStrike upended operations across multiple industries. Flights were canceled and delayed, medical care interrupted, and businesses large and small were unable to operate. Large businesses will have a difficult time recovering, but what about small to medium-size businesses with less technical support? Smaller businesses dealt with missed deadlines, possible loss of customers and the inability to pay workers. What lessons can companies learn from what happened? 

 

How a Technology Advisor Helps

 

Although some incidents are out of a company’s control, they still need to be prepared for the consequences of technology problems. A technology advisor is an expert in their field who advises, guides and supports businesses needing help with technology-related decisions. These decisions can include strategic ones, such as how to implement automation and develop a framework for cybersecurity. Or the advisor can assist in planning and navigating software updates to smooth the rollout process. Training and support of workers to give them the knowledge and skills to effectively and safely use technology tools.  

 

The software update responsible for the outage was believed to have not undergone rigorous testing–including for compatibility with common software systems. Technology advisors can help a company develop a framework for rigorous testing of updates to prevent problems that can spread to stakeholders; this includes cybersecurity issues. 

 

What Your Company Can Do

 

Of course, a technology advisor doesn’t do all the work. A collaborative approach in your company, where the IT department works with other business units, contributes to the knowledge of all. For example, while some departments may be enthusiastic about automation of processes, another can provide needed caution–no technology is infallible.  A  technology advisor can help  the company plan an automation strategy. Not to mention, the advisor can remind the company of the need for human oversight of automation.

 

July’s global technology outage has shown us all how digital transformation can introduce risks. Small to medium-size businesses may need a technology advisor to help them with a plan to mitigate these risks. For further assistance, contact your trusted technology advisor today.

Adopting a Risk Management Approach to Your Business

SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News,

Doing business in today’s world doesn’t come without risk. Anything can happen, from a brief power failure resulting in two hours of downtime, to a days-long global technology outage precipitated by a CrowdStrike software update. How will you know what risks your business is most subject to, and how to mitigate those risks? Read on to find out what types of risks can threaten your company, and how to protect yourself.

 

Multiple Risks to Your Business

 

According to an article from CompTIA, risks come in various forms. Some are within a company’s control, and others come from outside. But all pose some threat to productivity, security or reputation–or all of these. Types of risk include:

 

    • Strategic: These have to do with deviations from a company’s strategy or model. Using automation, for example, can benefit operations, even facilitating software updates. However, problems can occur if human oversight isn’t part of the process. 
    • Competitive: negative consequences of a competitor’s actions, which can cause a loss of business for your organization. Even a competitor’s offering of a better product or service can negatively impact your business. 
    • Compliance: This involves failure to comply with government data security regulations, and can consist of data storage and even data breaches. 
    • Reputational: Events that can damage your image, and public perception of your brand. Perhaps a too-quick rollout of a product or service, a data breach, or a compromised website, can affect trust from customers and other stakeholders. 
    • Financial: This type of risk is anything that might cause loss of revenue. Loss of customers due to compromise of your company’s reputation, or downtime costs from even a brief system outage, can cause loss of earnings.
    • Operational: Anything that affects the operation of your business or other businesses that work with you. A faulty software update can have global consequences, as was seen recently. 
    • Global: Can include global conflict, supply chain disruption, or nation-state cyber attacks. 

 

Any or all of these have a potential impact on cybersecurity, though some are more likely. An outage can result in downtime (operational and financial risk), or a data breach (financial, compliance and reputational). Certain risks intersect, like financial, operational and reputational in the case of a data breach. Depending on how your company handles risk, your brand can weaken, or become stronger than ever.

 

How You Can Prepare

Assess and Document Your Biggest Risks

 

Prioritize risks most likely to affect your company’s operations, revenue or reputation. Your business may be more likely to be subject to risks of regulatory compliance failure than to global conflict. Any source of risk can impact your company, however unlikely it seems. 

 

Assemble a Strong Team

 

By including people from each department, your company gets different perspectives on what can happen and how it might affect your business. For instance, sales and marketing can point out risks posed by competitors. Your leadership personnel can watch for strategic risks. Anyone can be on the alert for social engineering (“phishing”) emails.

 

Prepare an Incident Response Plan

 

All the documentation and planning will go into an incident response plan. This plan comprises the most likely risks,  action plan for each, and the person or persons responsible for specific tasks. Such a plan will help you respond quickly and efficiently to possible disasters, or even keep a minor problem from becoming a major disaster. 

 

Risk management is becoming a more common stance in companies all over the world. To learn about evaluating risks and developing a response plan, contact your trusted technology advisor today. 

Secure Access Service Edge (SASE) for Hybrid Work Environments

SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News, ,

In 2020, the way people worked changed, likely for good. Instead of being in the office most of the time, employees worked at home. Although some workers have come back to the office, hybrid work is here to stay. Secure Access Service Edge (SASE), pronounced “sassy”) is ideal for hybrid work, with its cloud-native architecture, centralized access policies and support of access based on device identity. Read on to learn more about this architecture and what it can bring to hybrid offices.

 

Benefits of SASE for Hybrid Work

 

The cloud-native architecture of Secure Address Service Edge can combine the flexibility and scalability of cloud with the connectivity of Software-Defined Wide Area Networks (SD-WAN). Add to this centralized access policies based on user device identity. Data does not need to travel from one source to the data center, and back again–lessening the chances of it being lost or intercepted in transit. Access is verified at specific endpoints when a user logs in, and data can travel along SD-WAN pathways to these endpoints, once verification occurs. SASE can address the needs of hybrid offices for security and connectivity. 

 

Key components of SASE include:

 

  • Secure Web Gateway: a cloud-based proxy that enforces standards for communication applications like Microsoft Teams, which are frequently used by hybrid offices. 

 

  • Firewall as a Service (FWaaS): Cloud-based firewall that provides a standard security experience and eliminates the need for an on-premises firewall.

 

  • Cloud-Access Security Broker: Extends rules and policies to software and infrastructure not owned by your company.

 

  • Zero-Trust Network Access (ZTNA): Anytime a user or device (such as a remote worker’s laptop) requests access to the network, it is evaluated to ensure that it has a right to access the network, and access is granted–or denied, if suspicious. 

 

Considerations for Adopting Secure Access Service Edge

 

While SASE is an effective architecture combining SD-WAN’s connectivity with various security controls, it is not a substitute for cybersecurity policies. Hybrid offices, with some endpoints beyond the office’s perimeter, are still subject to social engineering attacks like phishing. Employees still need to know how to spot and report a phishing email and prevent malware from entering the network. Companies still need to assess the offerings of SASE and how it aligns with business goals (including hybrid work). Other technologies, like endpoint detection and response (EDR) and/or Managed Detection and Response (MDR) may need to be deployed alongside SASE. 

 

Secure Access Service Edge (SASE) can help give your hybrid work environment the connectivity it needs, as well as support security policies. For more information on using the SASE architecture in your company, contact your trusted technology advisor today. 

Put Artificial Intelligence to Work for Your Business

SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News,

What will your company do with artificial intelligence, now that it’s a key technological trend? Artificial intelligence (AI, for short) holds the potential to revolutionize how your business meets its goals. Fueled by the natural language model of generative AI, automation of processes, data analysis, and streamlining tasks have all helped businesses work more efficiently. Read on to learn more about specific use cases for different aspects of your business.

 

Multiple Use Cases for Artificial Intelligence

 

With AI working behind the scenes to automate tasks, and the release of ChatGPT in the fall of 2022, new capabilities and use cases have opened up–content generation, development of artwork, and other creative applications are available. Microsoft also entered the picture by integrating Co Pilot with their popular office productivity suite in early 2023. Use cases are plentiful for C-level staff, operations, sales and marketing, human resources and more.

 

C-Level Executives: More business data is generated daily, and harnessing it can be overwhelming. Artificial intelligence can analyze data and distill insights from it in a way that mere human effort cannot match. Market trends, customer behavior, and financial metrics can all be derived from the vast amounts of data a business generates, as well as internet content. Moreover, they might get ideas for ways other departments can use AI.

 

Financial: Finance Departments can use AI for document search and synthesis, enabling them to understand contract information and regulatory filings. Artificial intelligence can also analyze and synthesize transactional data, identifying anomalies that might indicate possible fraud. Automated bots can perform mundane data entry and reconciliation tasks. Financial analysts realize productivity gains by using AI to set up complex spreadsheets for financial analysis.

 

Human Resources: AI can help streamline recruiting to help your company search out the ideal candidate, simplify documentation for on-boarding, and gather employee feedback to improve their experience. Big data from large language models (LLMs) can help your human resources department make informed decisions and also streamline benefits and compensation. AI is also ideal for creating job descriptions.

 

Operations: Drawing up meeting agendas and synthesizing insights from meeting notes; automatically inviting attendees, summing up information for attendees arriving later; preparing timelines for rollouts of new products.

 

Sales/Marketing: AI can be used to prepare for an upcoming meeting by summarizing emails and researching customer information from internal systems.  AI can also help with generating proposals, creating powerpoints and more.

 

Customer Service: AI can help customer service representatives quickly pull up customer data; summarize interactions, prompt for next best answers and empower live chat to enhance customer experience.

 

With all of these benefits, be sure to use AI responsibly and securely in your organization.  Ensure you have an acceptable use policy and train your employees properly. In addition, identify and tag sensitive information to avoid unnecessary data leaks.

 

For all departments, tools like CoPilot can help generate and augment content, allow the writer to try different styles and ask questions for more information. Artificial intelligence can be a game changer for your business; to learn more, contact your trusted technology advisor today. 

Consider Managed Detection and Response to Keep Your Business Secure

SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News,

With malware attacks escalating in number and severity, what can small and medium-sized businesses do to protect their networks without breaking the bank? Read on to learn more about using managed detection and response (MDR) to help detect and mitigate threats to your cybersecurity.

 

The Need for Managed Detection and Response

 

Leading global technology market analysts, Canalys, shared in a LinkedIn post, ransomware attacks are increasing each year. Between the first four months in 2023, and the same period in 2024, publicly disclosed attacks increased by 96%. Between 2022 and 2023, the attacks increased by 68%. These attacks are just the ones that are publicly disclosed ones. What about attacks on small to medium-sized businesses and not been reported? And what can smaller businesses do if they don’t have the time and resources to constantly be monitoring their networks? 

 

What is MDR and How Does it Work?

 

Enter Managed Detection and Response, or MDR. This option “relies on an external third-party to monitor a company’s IT systems and respond to threats in real time.” Unlike traditional cybersecurity deployments, it is fully managed and delivered by an external provider. MDR is also sometimes called “cybersecurity as a service.” Cybersecurity can be challenging for SMBs especially, as it can require time and effort on the part of the company and even then not all threats can be dealt with. But with the 24/7 monitoring provided by MDR, companies can focus on meeting business goals. 

 

Managed Detection and Response combines cybersecurity software, threat intelligence and human (or machine learning powered) intelligence to detect threats to the network, including unpatched software and operating systems, weak passwords, and susceptibility to social engineering (“phishing”) attacks, among others. Not only does MDR quickly analyze suspicious activity, assessing its severity and potential impact, but isolates and neutralizes any threat. Any intelligence gathered about threats will be accessible to machine learning to improve future detection.

 

Further Benefits of Managed Detection and Response

 

Beyond the detection and response capabilities, MDR can help in other ways. By using an external third party, you don’t need to have specialized staff on site. Therefore, you can focus on activities that bring revenue and advance business goals. What’s more, MDR services can work with your existing security solutions, enhancing their reach and effectiveness. For instance, you can combine MDR with an endpoint security solution like Secure Access Service Edge (SASE) for even stronger detection and response.

 

The cloud-based managed detection and response is a way to monitor your network and mitigate threats, preventing costly cyberattacks. For further assistance, contact your trusted technology advisor today. 

Disaster Preparedness for Business Recovery

SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News,

We are entering the seasons of storms (including hurricanes and tornadoes), wildfires and other possible disasters. Even a power outage of short duration can affect your business. What if you ship orders because of an interruption in your order processing service, for example? Or what about a bigger disaster, that takes your business out of operation for days or weeks? Read on to learn more about the importance of disaster preparedness for keeping your business running.

 

What a Disaster Recovery Plan is and Why You Need One 

 

Having a plan does seem obvious, doesn’t it? Yet many companies may not have one in place. A definition of a DRP is a structured document describing how your company can resolve data loss and get back to functionality during and after a disaster. Even a brief power outage that may seem like just an inconvenience can strongly impact your business. Downtime can be costly to your bottom line and to your reputation. 

 

Advantages of Having a Plan

 

A key benefit is knowing what to do when a disaster happens, and swinging into action immediately. What’s more, a plan will give you confidence, and give others like workers and customers confidence in you. Customers will know that you’re keeping their data safe from loss or compromise, because you’ve backed up that data. You’ll know how much to budget for recovery from disaster, and which systems need to be back up and running. 

 

Getting Started: Planning and Documentation

A conversation gets the ball rolling. Discussing what might happen in the event of a disaster, and what mission-critical systems need to resume first. What will happen first, and who will be responsible for making that happen? Who are your stakeholders, and what do they need from you? What data most needs to be protected, and how will it be safeguarded? What information will you provide, and what will be the messaging? The answers to these and other questions will give you the structure for your planning and documentation. 

 

Besides answering the above questions, your documented plan should include both recovery time objective (RTO) and recovery point objective (RPO) – two key metrics for preparedness. Recovery Time Objective refers to how much time can pass to get your systems back up and running, whereas the recovery point objective refers to the age of files to retrieve from backup storage. 

Working the Plan: Testing and Refining

 

Testing, done frequently and with practical exercises, will show how well your plan works, and also show “what you don’t know that you don’t know.” Going through scenarios and table-top exercises will point up unknown vulnerabilities, show what needs updating, and show whether key players know what to do. Information technology workers in particular will know about data protection strategy, and are vital to your efforts. Having tested your plan, you will know what changes are needed. Once the changes are made, testing can resume. 

 

Disaster recovery planning may seem overwhelming. Taken step by step, though, it is possible and your business can be on a sure footing. For more assistance, contact your trusted technology advisor today.

Password Best Practices Keep Your Business Secure

SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News, ,

According to an article in the HIPAA Journal, May 2nd was “National Password Day.” You didn’t know there was such a day? National Password Day was declared in 2013 to bring awareness of both the importance of passwords in keeping personal and company data safe, but also about  password risks and best practices to mitigate those risks. Read on to learn about the state of thinking about passwords, and how to better manage login credentials.

 

A Brief History of Passwords

 

Even with biometric methods of identification, and single sign-on technology, passwords are still relevant as the most common way to secure personal and business accounts. Passwords were first developed in the 1960s at the Massachusetts Institute of Technology (MIT) to guard accounts against unauthorized access. Incidentally, the first password breach occurred there, too.  More recently, a survey of 2400 respondents in the U.S. and other countries revealed some sobering statistics about password practices.

 

Common Password Practices

 

Using the same password for multiple accounts was a common practice, with 84% of respondents admitting to using the same password for multiple accounts. If a hacker can steal the password to just one account, they can easily gain access to others.

 

54% of respondents relied on memory for passwords, and because of this the passwords can be too short and weak.

 

36% incorporated personal information (family names or birthdays, for example) in passwords to make remembering easier. 

 

33% used only a password, rather than two- or multi-factor authentication, to access their accounts. 

 

Moreover, even when changing passwords, users didn’t change them sufficiently. Instead, they only changed a few characters, with the idea of keeping them easy to remember.  All of these practices can facilitate the theft of passwords by social engineering (email “phishing” or text-message “SMiShing”) attacks, or even brute force attacks. How can thinking on passwords be changed?

 

Best Practices for Password Management

 

First, the article suggests thinking not in terms of passwords but passphrases, multi-character combinations of upper- and lower-case letters, numbers and symbols, that are more difficult to guess. Also, the article suggests using password management systems where the list of passphrases is itself protected by a passphrase of at least fourteen characters. Companies can develop clear, enforceable policies for password management, which might then influence how workers handle passwords outside of work, too. 

 

Passwords are still necessary to secure business and personal accounts, and thus need to be unique and strong. For help developing your company’s password policy, contact your trusted technology advisor today.

Cybersecurity Challenges for Small to Medium-Sized Businesses

SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News,

Cybersecurity, ever a topic for businesses of all sizes, poses special challenges for small to medium-size businesses. Not only can they be special targets for bad actors, but they also deal with tight budgets and at times a lack of understanding of what cybersecurity means. Read on to learn how a small business can meet cybersecurity challenges and build strong defenses.

 

A number of cybersecurity issues are challenging for smaller businesses, according to a CompTIA article. First, just getting started with a cybersecurity plan can seem like a huge task. And what does cybersecurity mean for your business? What mission-critical data and applications need protection? Once your company has decided on your goals, how will you reach them? 

 

Another issue is spending. Often, a small organization’s cybersecurity budget is tight, and the business cannot spend very much on an IT team, or the training to upskill current workers. How much will a third-party solution cost? These and other costs can seem daunting. 

 

Knowledge and understanding of the threat landscape is another challenge. Small or medium-size businesses might think that, being small, they are “under the radar” of cybercriminals. However, they are likely to be the victims of a cyberattack. According to the FBI, small businesses comprised the majority of victims in 2021. Even if the bad actors don’t specifically target a small company, they may use the small company to target larger businesses. Often, the criminals are looking to steal data – credit card and bank account information, customer data, even proprietary business information–from anyone they can. 

 

One of the challenges is complacency; small companies may think they don’t need to learn new skills. On the contrary, they need to adapt to an ever-changing threat landscape. Cyber attacks are becoming more frequent and more sophisticated, with  attackers banding together. Previously, hackers may have worked on their own, trying to execute brute force attacks or use bots to take down a website with a distributed denial of service (DDoS) attack.   

 

Cybersecurity Help for Small Businesses

 

So, what’s the solution? The good news is, though cybercriminals are banding together, small to medium-sized companies can do the same. Technology service providers  can help small businesses access threat intelligence and learn from organizations that have been attacked and have recovered. And with help from the Cybersecurity Infrastructure Security Agency (CISA) and its various resources, businesses can get information and start acting on that information to develop their cybersecurity plan. What’s more, a company might seek out third-party partners that can help supply the IT talent to improve their cybersecurity posture.

 

Cybersecurity, especially for smaller businesses, can seem like a huge challenge. However, help is out there. To learn more about developing a security plan, contact your trusted technology advisor today. 

Implementing Your Artificial Intelligence Strategy

SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News,

The explosion in popularity of artificial intelligence (AI) is hard to ignore, as one of the biggest – if not the biggest–technology trends in 2024 and beyond. How will your business use this technology? Read on to learn about developing a strategy to harness AI’s power.

 

Growth in Popularity of AI 

 

The popularity in and market for artificial intelligence only continues to grow. According to a CompTIA article on AI statistics, the global market is expected to grow to $407 billion by 2027, with a compound annual growth rate of 36.2%. The U.S. market is expected to surpass that, increasing to $594 billion by 2032, growing 19% year over year from 2023 on. 

 

Businesses are at varying states of the adoption/implementation journey. According to the CompTIA report, 22% of firms are “aggressively” implementing artificial intelligence. Another third of firms are implementing AI in a more limited way, and the majority of firms (45%) are still exploring implementation. Even with its popularity, some hesitation exists because of challenges—including the cost of upgrading applications, building out infrastructure, along with the need to fully understand the data that goes into properly training artificial intelligence. 

 

Formulate a Strategy for AI Implementation

 

As with other popular technology, your business needs to consider its goals and how artificial intelligence can help you reach them. Examples of such goals include automation and refinement of routine tasks; enhancement of the customer experience via personalization; analysis of data; and content creation.

 

You’ll also need to consider how to mitigate risks associated with artificial intelligence. Start with security to ensure your staff is trained to follow policy and your proprietary and sensitive data is protected. How will your company deal with hesitation on the part of workers to embrace AI, because of fear of it automating their jobs? What about the quality of data used to train AI’s large language models, data which may include bias? Also to consider is protecting privacy and complying with regulations. The financial cost can include updating applications and building needed infrastructure. These are just a few questions to consider when developing your strategy.

 

Artificial intelligence has shown itself to bring potential benefits to businesses across many industries. For help in developing or refining your strategy, contact your trusted technology advisor today.

Using SD-WAN to Enhance Hybrid Work

SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News,

n the last several years, remote and hybrid work environments have become common. Many offices have at least a partially remote workforce, and this calls for communications applications that are always on and helping workers to collaborate effectively. To learn about leveraging software-defined wide area networks for seamless communication, read on.

 

What SD-WAN and Why it Matters

 

With remote and hybrid work more common, and teams using popular platforms, seamless Internet connectivity, stability and reliability are essential. Software-defined wide area networking, or SD-WAN, is a cloud-based approach to WAN management that brings together multiple providers to offer the connectivity needed. The infrastructure is in the cloud, eliminating the need for customers to manage and maintain their own. All they need is an internet connection and an appliance at each connection point (remote office). Additional appliances can be added as needed.  SD-WAN uses multiple transports including business-class broadband and networking as well as MPLS already used in WANs, to route traffic effectively for a hybrid workforce. 

 

Software-Defined Wide Area Network offers numerous benefits. First, it reduces capital expense by eliminating the need for companies to maintain on-premise infrastructure. Operational expense is decreased by reducing the need for IT professionals to make trips out to fix problems. Instead, monitoring and troubleshooting is centralized. Like the cloud in general. SD-WAN is scalable, with devices easily added to the network. And by using multiple providers, data is moved reliably to where it’s needed as a result of increased bandwidth.

 

Security Considerations in SD-WAN

 

Readers might be wondering about security.  How can so much data in transit be protected? At first thought, security might be a problem with data being routed to multiple locations. Only by ensuring that the security is fully integrated and traffic is transparent can SD-WAN enhance security, instead of being yet another attack vector.

 

Software-defined wide area networks use the cloud to enhance the communication and collaboration the hybrid office environment requires. For guidance in your company’s SD-WAN decisions, contact your trusted technology advisor today.