by Felicien | Oct 24, 2017 | Education
A discussion of how to meet all of your objectives and stay within your budget at the exact same time when it comes to IT.
In many ways, information technology is the backbone of your business. When your infrastructure is functioning properly, it’s one of the most powerful enablers you have. It’s a productivity machine with an eye towards the future – allowing you to effortlessly combine technology with your long-term strategy to bring you the results you need exactly how you need them.
Because of this, companies need the absolute best in consultation, recommendation and implementation for their technology in order to be the best they can be. They need someone to take email, asset management, network design, business continuity and more and bring them together, creating less a series of disparate parts and more a living, breathing whole.
Can you really expect to find one person to meet all of these needs and more, all while staying on-time and within budget? The answer, in all likelihood, is “probably not.”
Information Technology: Breaking It Down
Think about all of the areas of concern that businesses have when it comes to IT and what one person could potentially be asked to do. One of the biggest concerns would undoubtedly fall on a line of business software applications support. Companies need more than just an email or database solution – they need systems that are built with their own end goals in mind.
Their email service can’t just be “functioning” – any free service in the world can meet that requirement. They need to be productivity and collaboration enablers, allowing organizations to weaponize communication and use it to do better work in an easier way.
Next, consider something as seemingly simple as asset management. This is about more than just keeping track of what equipment is in play across an infrastructure. It’s making sure that resources are being utilized in the way that they were intended. It’s about making sure that updates are installed and those small problems are being fixed. It’s a full-time job in and of itself, to say nothing of the other full-time jobs you could be asking a single person to do.
Training has long been considered one of the most important aspects of IT, both in terms of staying abreast of the latest technology and keeping up-to-date with important issues like cyber security. Training must be proactive in order to be successful – it’s not something you do once and forget about. How is one person supposed to find the time to do this properly?
All of these bleeds directly into larger topics like systems management and administration. Backups and data protection are the keys to making sure that an organization can resume normal operations in the event of a disaster. Onsite and offsite storage (and how they interact with one another) make sure that employees can work anywhere at any time, no exceptions. Even network design and concepts like wired networks, wireless networks and vLAN are less about getting computers onto the Internet and more about empowering employees with the ability to work in any way they need given the situation.
Then, you have to think about things like Help Desk support. When it comes to IT, something going wrong is not a question of “if” but “when.” How are you supposed to expect one person to suddenly stop everything else that they’re doing and address user concerns, potentially at a moment’s notice at the least opportune time? The answer is simple – you can’t.
Going back to the topic of security, this is essentially another huge job in and of itself. Remember that we’re living in an era where 55% of companies say that they’ve experienced some type of cyber attack in the past twelve months alone. 50% of those reported data breaches involved compromised customer or employee information. In the aftermath of these and similar types of incidents, companies spent an average of about $880,000 because of damage or theft of IT assets and an additional $955,000 because of the disruption of normal business operations?
How, in good faith, can you expect one person to shoulder this type of burden on top of everything else that they’re being asked to do? Not only are you setting up one person for a particularly nasty ulcer sooner rather than later, but you’re also setting your entire organization up for failure.
Instead of spending one person so thin at the expense of everything that they’re actually trying to do, you need several people with various skills who are all working in tandem. Business software applications support, network design, business continuity – these are all entirely different skillsets that require completely different ways of thinking. You can’t expect a single person to shift at a moment’s notice, let alone devote as much attention as they need to all of these aspects.
They say that a chain is only as strong as its weakest link. Rest assured that if you’re asking one person to do all of this and more, they will quickly become that weak link before your eyes. Forget accomplishing all of your objectives and staying within your budget – you’ll be lucky to still have a business in six month’s time.
These are just a few of the many reasons why you will most likely find that you need several part-time people with various skills, rather than one person. When you’re talking about something as mission-critical as your business’ IT infrastructure, you don’t want to leave anything to chance. When one person is spread too thin, you have something of a “Jack of all trades, master of none” situation on your hands. Since these resources are also what are supposed to give you a competitive advantage in an understandably crowded marketplace, that’s one situation you don’t want to find yourself in if you can help it.
If you’re in {city} and you’d like to find out more information about this or any other essential IT topic, don’t delay – contact {company} today by giving us a call at {phone} or by sending an email to {email}.
by Felicien | Oct 24, 2017 | Education
Working globally has never been easier, even for small and mid-size businesses. Find out how to make Microsoft 365’s Multi-Geo capabilities work for you.
Amazon doesn’t want you or your business to call a number, provide a code, and verify your identity, and if you receive an email claiming that they do, you’re the target of a phishing scam. A phishing scam occurs when someone uses what might seem like legitimate phone calls or emails to get you — or someone in your organisation — to respond with sensitive information. If the scammer can trick you out of usernames, passwords or identifying information, they can engage in hacking, identity theft, and other cyber crimes.
The Risks of the Amazon Phishing Scam
The recent Amazon phishing scam, which is reaching in-boxes in October 2017, is a prime example of a common fear tactic scammers user to target individuals and businesses. The email warns you that someone tried to reset your password and asks you to call a number and provide a code when speaking to the customer service rep. The number routes you to a non-Amazon call centre where operators attempt to get you to provide information regarding your Amazon log-in.
Many businesses and individuals keep their payment card information stored on Amazon’s servers — along with data such as names, addresses, and phone numbers. It’s convenient and makes it easy to order things quickly; SMBs might load a single payment card into the system and allow numerous people to purchase supplies via the account, for example. If your Amazon account is breached, that means all that data is breached too. It also means that hackers can use that information to potentially breach other accounts or your business network.
One of the dangers of the Amazon phishing email is that it looks quite authentic. It includes Amazon’s logo, and it’s well written and sounds authoritative. It even includes a short warning paragraph about phishing emails and tells you that Amazon won’t ever ask you to email your password to them. It’s so legitimate looking, many people have fallen for it already.
If your company uses cookies or password storage software, then consider including multiple forms of authentication on machine and network log-in screens
By engaging in proactive cyber security, you can reduce the risks your business faces from phishing scams.
Other Types of Phishing Schemes & How to Combat Them
The ability to pass as legitimate, even under some basic scrutiny, is making these types of phishing schemes more dangerous. These schemes have targeted people with emails or phone calls from agencies such as the IRS, numerous banks, various online retailers, and sites such as PayPal. One of the common threads that are seen through phishing emails and calls is that they play on anxieties, worries, and fears consumers and businesses already have. Today, many people are already worried that their accounts may be hacked. They’re already worried their money isn’t safe. Businesses have to deal with potential cyber attacks and threats every day. When you receive a seemingly legitimate email regarding a danger, your immediate reaction may be to jump into damage control. Before you do anything, though, take a few minutes to do some research and consider the communication.
Conduct a quick Google search. In just a few minutes, you can see if anyone else is receiving these communications and if a known scam has been reported.
Look at the email address source. Some elaborate spoofs look like they originate from the internal network of the company in question, but some fakes are easier to spot. For example, an email that looks like 2d8487!@paypalpal.com didn’t come from PayPal.
Hover over any links in the email without clicking on them to preview them. Do they go back to the agency in question, or a spoofed site? It’s best not to click on links in these emails at all; you can always navigate to the site via your browser bar.
Call the agency’s customer service number (the one from their web page, not the one in the email) to find out if the email is legitimate.
Protecting Your Business Against Phishing Scams
Procedure and training are two of the best ways to protect your business from damage associated with phishing scams. First, create a procedure for responding to any of these types of emails. Put someone, such as internal IT staff or an administrative assistant, in charge of receiving reports of these emails or phone calls and doing the research to determine what type of response is needed. That person will begin to recognise phishing scams and may even see the same ones repeatedly, and they can assure other staff that there is no real threat and no response required.
You should also train your entire staff on good password and security protocol. Requiring staff to change passwords every 60 to 90 days across all sites, platforms, and tools help reduce the chance that a successful phish endangers all of your accounts or networks. Some tips for strong password management include:
Don’t use the same password for multiple platforms, sites, and tools
Don’t use words or easy strings of text or numbers (such as ABC or 123) in passwords
Passwords should be at least 8 characters — longer passwords are better than shorter passwords
Passwords should incorporate letters, numbers, and symbols when possible
Workers should not share passwords or write them down
If your company uses cookies or password storage software, then consider including multiple forms of authentication on machine and network log-in screens
By engaging in proactive cybersecurity, you can reduce the risks your business faces from phishing scams.
by Felicien | Oct 24, 2017 | Education
Is your non-profit relying on the limited tech skills of a volunteer or employee who has other full-time duties in your organization? Discover the benefits of, and tips for, outsourcing your IT.
Tips for Outsourcing Tech for Your Non-Profit
There tends to be thinking that the operation of a non-profit organization is far different from that of a for-profit company. Most of those differences, however, are organizational and financial related. From a business-to-business standpoint, non-profits and profits can be very similar. This includes how each manages their IT needs.
Like for-profits, non-profits require tech service providers that understand their needs and can work within a budget. You should have tech support that is responsive and available. Unfortunately, many non-profits will instead rely on a volunteer or employee who may fancy themselves as a “techie”. These part-time, as needed helpers usually are well-intentioned but have limited areas of expertise. They may also cause more problems than they resolve.
It is far too easy for non-profits to ignore routine and preventative maintenance. Backing-up data, updating software or ensuring systems are properly secure from malware and outside attacks fall down the priority list. When problems do manifest themselves, they can become time-consuming, costly, and may result in calling in an outside consultant anyway.
Since computer reliability and stability has improved greatly over the past decade or so, many organizations, including non-profits, have eliminated or reduced staffing in IT. Many have turned to outsourcing their tech services. Outsourcing allows you to have access to services when you need them, without the expense of a full-time employee. It also allows you to choose resources that specialize in areas of your specific needs. When done correctly, outsourcing for tech provides you the expertise you need, when you need it, and get it more affordable.
Here are some tips for outsourcing tech services for your non-profit.
Perform Your Due Diligence
Selecting the proper resource for your tech needs will take some research into pricing, areas of expertise, and experience. It can be valuable if a resource has experience in the non-profit sector. Make sure they are familiar with the type of equipment and network you use. You may consider asking for referrals from other non-profit organizations of similar size and scope as yours. Don’t be afraid to ask for a provider’s non-profit references.
Ask About Insurance Coverage
Find out if your support company carries worker’s compensation insurance for their staff. Ask if you are covered for any inadvertent damage they may cause to your system or equipment.
Do They Have Access to Your Network by Remote Access?
Remote access can minimize potentially expensive on-site visits. Many tech-related problems can be resolved remotely so this is a valuable aspect of outsourcing tech support.
Is the Company Properly Staffed?
Many individuals with tech knowledge will go out on their own and present themselves as IT consultants. There can be a few issues with this, in that there is a limit to both knowledge and availability. When you have a computer or network issue, especially if it’s critical, you want an immediate response. You may not get that with a one-person company.
Does an Outsource, Outsource?
You’ll want to work directly with any tech company you outsource too. This means, avoiding using a company who uses subcontractors. If the company you outsource to, outsources, it adds potential communication problems and responsibility issues. Make sure your tech company performs all of their work in-house with their own staff. This holds them accountable for any work that is done.
Get Billing and Invoicing Details
Before choosing an outside resource for your tech needs, you’ll want a full understanding of precisely how you will be billed and invoiced. How do they track hours and travel time? What are the parameters for what they define as “emergency service”? Billing should detail services provided so any projects can be fully understood after the fact. Avoid prepaying for blocks of time for “anticipated” repairs in advance.
Range of Knowledge
You’ll be well served to discover what areas of expertise potential resources bring to the table. Do they have a full understanding of your network and software needs? Can they assist you with security issues? Are they experienced at making hardware recommendations? The wider the range of expertise they offer, the better they will be able to serve you. It also means you will need fewer outside resources.
Can You Relate to Each Other?
One of the weak links in outsourcing is the potential for poor communication. After all, you may be outsourcing because you don’t fully understand the jargon of technology. Ideally, you want a resource who can communicate with you in terminology you understand. Be cautious of companies who overuse technological terms to create some sort of “mystique” about their services. They should understand that you may not understand what they are saying and use less technical language to communicate.
Is There a Commitment?
Service contracts aren’t necessarily a bad thing. They can delineate responsibility and outline expectations. They demonstrate a mutual responsibility between a non-profit and a vendor. However, you do want to fully understand the terms of any such agreement before signing on. Be cautious of monthly minimums and contracts that may automatically renew for lengthy periods of time. Service agreements should benefit both parties.
Outsourcing tech for non-profits makes sense and is a solid business practice when the proper resource or resources are chosen. Relying on a volunteer or employee’s help in keeping your network functioning and protected is risky and may ultimately be more costly. Perform your due diligence and follow the above tips in selecting the right tech consultant for you and your organization. You can get high quality, knowledgeable tech support while staying within budget.
by Felicien | Oct 24, 2017 | Education
Discover the new enterprise approach used by cybercriminals and what you can do to defend your company against these attacks.
The New Approach by Sophisticated Cybercriminals
Battling the dark side of cybercriminals has been a challenge for over a decade. Their attacks have included everything from offering you a huge sum of money to clandestine drug companies offering miracle drugs. But, today cybercriminals are taking a whole new approach. It’s known as an “enterprise approach.” Just when you think we’ve got it all under control, sophisticated cybercriminals change the game. The enterprise approach is focused on a smaller number of targets with the end goal of getting more of a payload. According to the FBI, popular web services and employees are the targets of spearfishing by cybercriminals. This new approach is proving to roll in the cash for cybercriminals. It’s social engineering that has three main phases.
Phase 1: Infiltration of the Organization
Previously, cybercriminals targeted individuals like company executives and not employee attacks. While most execs are trained in cybersecurity and detect bold requests and strange addresses as phishing, many other company individuals don’t know how to sniff out suspicious emails. Generally, lower level employees lack security awareness and wouldn’t suspect something like Microsoft sending a message to reactivate an account. However, that is a red flag. The average employee wouldn’t hover over the link and spot a different website address. And that’s exactly the main reason why lower level individuals make easy targets for cybercriminals. Lower and mid-level employees just don’t receive the type of security training as high-level employees. If the employees take the bait, it’s likely their password and username will be stolen.
Phase 2: Reconnaissance
During the reconnaissance phase, cybercriminals will then monitor the stolen account and read the email traffic to learn more about the company. They may even change the rules on the specific account in order to not have to login again. Learning the traffic allows the cybercriminal to identify key decision makers and even reach confidential human resource data. Cybercriminals can also spy on the activities of the company’s vendors, clients, and partners. All of this information is then used to launch the third phase of the cyber attack.
Phase 3: Using the Extracted Data
Cybercriminals can use the extracted data to launch a specific phishing attack. Employees can be fooled into wiring money. Fake bank account info can be used for payments and additional sensitive data and credentials can be stolen. The email appears to be coming from a legitimate account, but it’s not. The reconnaissance phase gives cybercriminals the ability to fake a sender’s text style and signature.
How to Battle the New Enterprise Approach by Attackers
There are three factors that companies need to focus on in order to ward off this new approach: targeted user training and awareness, authentication and artificial intelligence (AI). All employees need to be regularly trained to increase their security awareness skills against cybercriminals. Training should not be limited just to the company’s executives. One of the best training activities for employees is to stage a simulated cyber attack. Multi-factor authentication is also critical. With multi-factor authentication training, cybercriminals cannot get access to accounts. Different methods include retina scans, key fobs, SMS codes, biometric thumbprints and mobile calls.
AI is another critical factor in warding off attacks. As a matter of fact, “Artificial Intelligence now offers some of the strongest hope of shutting down spear phishing. By learning and analyzing an organization’s unique communications patterns, an AI engine can sniff out inconsistencies and quarantine attacks in real-time. For example, AI would have been able to automatically classify the email in the first stage of the attack as spear phishing, and could even detect anomalous activity in the compromised account and prevent the second and third phases of the attack.”
Companies need to take immediate action in order to defend themselves against the new enterprise phishing methods by cybercriminals. Password phishing attacks are common. Up to 70 percent of email is spam and within that, there are phishing attacks. Everything looks good, but typically there is a rogue link requesting propriety information.
Just as cybercriminals have revamped their approach, companies need to re-think their approach in defending themselves against attackers. Companies must now strengthen their defenses to avoid becoming the next headline story in the news. In order to ramp up forces, it’s important that companies take advantage of automated technology. It can’t all be left up to employees. It’s almost like asking them to find planets that are hidden. There must be a combined effort of humans and automated machines. This combined approach would reduce the risk of malicious codes not being detected and enable company security teams to keep company data safe.
Hackers and attackers cloak themselves in crafty camouflage. As cybercriminals become more sophisticated, it’s getting increasingly tougher to find them hidden in the system, especially when they’re designed to be invisible. The new enterprise approach by cybercriminals is a blend of smart automation and hidden deception. It goes deep inside the company network. Without a doubt, it’s time for companies to turn to new and innovative methods to detect and isolate sophisticated threats.
by Felicien | Oct 23, 2017 | Education
:Using an App that Actually Helps You Read that Article Later
Saving articles to read later is something we do; we save. But reading the articles we save isn’t something we do as often. The reason: organization, or lack thereof. But with organization comes action. And the action is prompted by the right app.
There is a wealth of information on the web. Though the information is vast, the sources are not always the most reputable or responsible. When we find good articles to read, we want them, but we don’t always have the time to read them right there. Some of us just keep the tab open until there’s either too many open sites or your computer crashes. Some of us just bookmark it using the respective shortcuts offered by the various web browsers. Both these processes, the tabbers or the bookmarkers, so to speak, get what they want: saved articles to read later. But to what utility? Do you really go back and read them? How many of these articles did you actually save this way? Will you even find the article you want at the moment you want it, or will you have to scan and search endlessly because your list of to-read-later articles is way too long or seriously stress-inducing?
From an IT tech perspective, there’s no reason this should happen. You should be able to save your articles (or videos and/or podcasts) to read (or view and/or listen) at your convenience and on any of your gadgets (phone, iPad, tablet, Kindle, computer, or other), and you should be able to find the exact article you want without hassle. Technology is too advanced today not to offer this service. So why haven’t you already asked about such an app yet? Because, in fact, there are two apps that have been around for a few years, and with recent updates, they help you manage your read-it-later content so that you will indeed read them later.
Instapaper: It’s All About the Highlights
Instapaper has been around for a few years and is a popular content bookmarking tool for both iOS and Android devices. With Instapaper, you can “save anything,” “read anything,” and highlight and add notes, and much, much more. All you need to do is download the app Instapaper.
Create an account. It’s simple, just add your email and create a password and voila.
Download the extension specific to your browser: Safari, Google Chrome, Firefox. An Instapaper icon will appear in your reader toolbar. If you go back and forth between browsers on your different devices, you can log in and download the respective extensions. Instapaper also automatically syncs the articles to all your devices, whether it’s a Kindle, iPad, iPhone, Android, or another device.
Create folders. On the homepage of Instapaper, you will want to create folders in advance, if you already know a few subjects you want to be categorized for your article-saving pleasure.
Browse the web and identify an article you want to save. When you find an article, simply click on the button in the customized toolbar. The article is then saved to your Instapaper homepage.
Drag and drop saved articles to the appropriate file.
Instapaper has a sophisticated, completely clutter-free appearance. No ads, nothing to distract you. The best thing about Instapaper, however, isn’t its ease-of-use and management-friendly application, but it’s the extra intuitive tools.
Read offline. You can read anything offline. This is a fantastic tool for those who don’t want to overload their WiFi or who are travelers and are out of reach of
Highlight & Comment. To the innate researcher and forever-student, this tool is essential. You can add highlights and make comments directly on the article. One caveat, you only get to use this tool to a certain extent before you must pay for an upgrade. You can even tweet a highlighted section.
You can change the fonts in reader view to your preference.
Create Playlists. That’s right, you can create a playlist and have the article read out loud to you while driving, exercising, or sleeping. This, of course, is part of your upgrade.
Speed Reading. The text highlights the words as you read. It can provide “reading times,” too. But again, this is part of your upgrade.
Robust Search Engine. On the homepage, you can conduct a search and results are quite spectacular. You can make Instapaper your homepage and never need to leave it again. The search engine comes with the free version, this time there’s no need to upgrade.
Pocket: Because You Can Bring It Everywhere
Pocket is another app that’s been around for awhile, it was the original Read It Later app. Like Instapaper, Pocket offers a clutter-free reading and viewing experience as well as the capability to sync across all devices. But shared features almost end there. If you are saving more images, videos, or built-in media and are more socially inclined, then Pocket might be for you. To use Pocket, simply download the free app and begin. Some features offered or perfected by Pocket are not available through Instapaper:
Email articles to Pocket. Have you ever copied and pasted links to an email and sent them to yourself to save? But then they just get lost in the mix of your other emails? With Pocket, you can email the articles directly to add@getpocket.com.
Get social. With Pocket’s desktop app, you can save and share articles with others via email, Twitter, Facebook, Evernote, etc.
Get updates. You can have updates sent directly to Pocket.
These two apps are perfect for the person who wants to read and view it all but just can’t do it right then and there. Instapaper is better for the researcher-type who wants to devour what he or she reads and engage the text, while Pocket is better for the social-type who want to engage friends or followers. But for the person who is all these things, you might want to look at these two apps as complementary. Like all things today, we section off pieces of ourselves for different interests, there’s no reason our apps can’t be used in the same way.
