by Felicien | Sep 29, 2017 | Education
Maintaining your nonprofit’s strategic mission focus is critical and often requires next-generation technology to an executive on objectives. IT managed services providers offer exceptional support and value, with a cost structure that is sustainable for mid-size nonprofits.
Guiding your nonprofit organization to true sustainability while maintaining exceptional mission impact can be a challenging task and one that is littered with damaging assumptions. Navigating through the landmines requires a full understanding of business realities and concepts and how they relate to a nonprofit environment, which can be very different than for-profit strategies and financial leadership principles. For-profit organizations may look for ways to reduce long-term costs by paying additional funds upfront, while not-for-profit organizations may find it more fiscally responsible to spread payments over time. This is one of the many reasons that IT managed services are especially applicable for nonprofits — the ability to reduce upfront costs and still receive exceptional support for new technology initiatives.
Vital Improvements
Nonprofits are often running incredibly lean, with only a minimal staff to do the massive number of required tasks, often while meeting aggressive fundraising or mission-oriented goals. In this go-go-go mentality, technology can fall by the wayside — with the unfortunate side-effect of causing more frustration for donors and staff alike. Even simple items such as optimizing donation pages for mobile delivery can be out of reach for beleaguered nonprofit teams, even though this straightforward fix would likely net significant new dollars that could be put towards the mission of the organization. Data security is another overlooked area for nonprofits, which can be especially dangerous considering the high likelihood that fundraising organizations are storing personal information, causing increased liability concerns as well as negative publicity should a breach occur. Updating key systems and maintaining adequate security levels are vital improvements that nonprofits need on the technology side of the business.
Tech Adoption and Effectiveness
When technology isn’t effective, it’s unlikely that adoption levels will lag behind as well. Employees are quick to research workarounds when they perceive that a certain task is taking longer or being less efficient than expected, which can result in data and security lapses that can be difficult to overcome. It’s important for financial leaders of nonprofits to set aside adequate funds to maintain and improve business systems that will support the overall mission of the organization. Unfortunately, there are unique challenges associated with nonprofit organizations, such as sudden swings in funding levels and the inability to quickly budget additional funds should there be an emergency such as a serious software or hardware breakdown.
Lifecycle Planning
Technology teams are always planning for the next generation of hardware, software and business needs — which requires a thorough understanding of the technology landscape as well as the financial chops to advocate leadership for upgrades and essential new expenditures. This lifecycle planning is what keeps constituents able to complete transactions with the nonprofits, and provides employees with the tools needed to perform daily activities. When the unexpected happens, such as several computers that break down before their lifecycle is scheduled to end, a nonprofit can be forced to pull funds away from mission projects to keep technology running. This has a ripple effect on the organization that can cause an extended recovery period. With IT managed services, lifecycle planning becomes much more fluid as business leaders are able to lease expensive hardware instead of purchasing upfront to reduce the requirement for capital outlay.
Systematic Cash Flow
IT departments in for-profit, as well as not-for-profit organizations, have an ongoing struggle around budgeting, due to the variable nature of technology in general. It can be difficult to project twelve months to three years in advance what the costs are for technology projects to keep the organization moving forward, but that is exactly what IT directors are called upon to do on a regular basis in the nonprofit world. Costs are normalized as much as possible over a long period of time to reduce the risk of large, unexpected expenses that could derail other projects. The dependable, flat-rate IT support associated with managed services provides a proactive system of monitoring and maintenance to ensure that your organization’s data stays safe and that operations continue uninterrupted even in the event of a natural disaster or other calamities.
Enterprise-Level Performance and Reliability
Just because nonprofits may be smaller or have a reduced budget, doesn’t mean that the complexity level is lessened! Fortunately, IT managed services such as cloud hosting, business networking, telecom services and more provide enterprise-level functionality at a greatly reduced price. Healthcare organizations often struggle with security and compliance, and managed services providers (MSPs) are able to help support even these complicated needs at a rate that most nonprofits can afford due to the shared nature of these services. In addition, an MSP can function as an extended staff member and provide valuable knowledge about the industry or specific market segments that your internal IT team may not have time to research.
Learn more about how your nonprofit can benefit from IT managed services when you contact {company} today at {phone} or via email to {email}. Our security and services professionals will work with you to understand your key requirements and craft a solution that will work for your {city} organization.
by Felicien | Sep 28, 2017 | Education
High Sierra’s Password Theft Vulnerability
Learn how a macOS update named High Sierra can leave your passwords vulnerable to theft.
As this tech giant usually does before a new release, Apple generated massive excitement over High Sierra. This free upgrade for macOS includes an extra two gigs of memory and plenty of new or updated features. According to Apple, some of the highlights of High Sierra include better video streaming, new graphics editing features, and more efficient data storage. Apple also says that some of the changes will also help pave the way for future innovations. It’s easy to understand why this company’s customers wait eagerly for updates to their devices.
Still, shortly after the recent release, the apple may have turned a bit sour for some people. The Washington Post and other news outlets reported on a serious security vulnerability. Hackers can potentially craft apps that can steal stored passwords from the device. Some outside security experts expressed disappointment that Apple knew about the vulnerability before the release and did not rush out a patch.
How Can Hackers Steal Passwords With High Sierra?
To understand how hackers can steal passwords from High Sierra, it helps to understand a little bit about how the operating system stores them. If you already use devices with macOS, you may already understand that:
You have a master password for your device.
You also can have your device store various passwords for apps and websites in something that Apple calls the “keychain.”
This convenience keeps you from having to remember all of the passwords you might use, and you can find similar features on almost all sorts of devices and operating systems.
The problem is that if you use unsigned apps or those that aren’t approved for distribution within the Apple Store, those apps may be able to pull the passwords out of your keychain without knowing your master password. A security researcher named Patrick Wardle uncovered this exploit, made his discovery public, and even informed Apple about it in advance of the public release. Wardle says the vulnerability allows hackers to pull out passwords as text so anybody can read them.
Since the release, he has expressed disappointment that the company did not patch the problem but assumes that they will eventually. He also said that this vulnerability could affect older versions of macOS and even OS-X.
How Can You Protect Your Passwords With High Sierra?
If you try to install an unsigned app, the operating system will warn you. Apple’s response to Wardle and the public was that they have always advised their customers to only download signed apps from the Apple Store. A company spokesman said that they encourage their customers to refuse any app that triggers a warning that it has not been certified by Apple and that this measure can help keep devices from getting infected with malware.
Until Apple releases a patch and perhaps, even afterward, you might protect yourself by:
Only downloading trusted apps
Making certain that you only have trusted apps already downloaded on your devices
Running antivirus scans
Is Your Mac Safe When You Only Download Signed Apps?
Even if you take care to only download signed apps, you won’t have a guarantee that your device is completely safe. The problem is that it’s possible for a clever cybercriminal to inject the exploit into a digitally signed application with falsified or stolen credentials. In fact, a security company uncovered this very thing as recently as March of 2017. Obviously, this was several months before the release of High Sierra.
The security company, Sixgill, said that their researchers found an online discussion of a remote attack Trojan, appropriately called a RAT, on an underground forum that exists for buying and selling digital exploits. Some of the most damaging features of this malware include controlling cameras, keylogging, and executing remote commands. However, Sixgill said the most alarming thing about the app is that it appeared to have a legitimate digital signature and would not trip any sort of warning message when installed. Somehow, the author of the malware managed to bypass or defraud Apple’s normal filters.
Can You Keep Your Apple Devices Secure?
Anyway, these stories are not meant to alarm anybody or contend that one operating system has more vulnerabilities than another one. Apple and its competitors typically do a good job of staying on top of security vulnerabilities as they are uncovered. It’s just possible that nobody can really offer you any 100-percent-foolproof cybersecurity guarantees. Typically, your security will depend upon a combination of your prudence when downloading apps, applying released security patches, and using security software.
We are here to keep your valuable information as secure as informed people and modern technology will allow. Here at {company} in {city}, we’re waiting to help protect you, your data, and your devices. You can call us at {phone} or send an email to {email} to get in touch with us.
by Felicien | Sep 27, 2017 | Education
Is your business’ productivity suffering? It may be due to a poor workflow. Using Microsoft Flow can help.
Is the productivity of your business slipping? Do projects take longer to complete than they should? Perhaps this has nothing to do with inadequate staff training or lack of motivation, but your workflow.
The workflow consists of the steps you take from the start of the project to its completion. A poor workflow impedes productivity and decreases the quality of work. A good workflow offers many advantages and is worth the time to set up. How do you achieve this? I tell my clients to use Microsoft Flow.
What is Microsoft Flow?
Microsoft Flow makes simple, repetitive tasks easy to accomplish by handling them automatically—Different applications can “talk” with each other to collect and share data while keeping you aware of major changes. Flow works with many popular applications such as Outlook, Office 365, Dropbox, Facebook, Slack and more.
How Flows Work
With Flow, you can automate tasks (flows) without being a technology wizard. Flows can range in complexity, from simple tasks like saving an email to Dropbox, too much more complex ones like searching Twitter feeds for people who post about your company, following their account, and adding their names to an Excel file.
We advise our clients to automate tasks quickly using templates in Flow. There are hundreds of ready-to-go templates, plus thousands of user-created ones that are available online to download. There’s is a good chance that you’ll find the template that works for your needs right out-of-the-box or at least one that only requires a few tweaks.
Of course, every business is different, and all of them have unique needs. That’s why Microsoft made it so simple for you to create your own flows. Instead of bogging down employees by requiring the use of a scripting language to create flows, everything is created visually using triggers and actions from a series of menus.
How to Create a Flow
To give you an idea of how easy it is to use Flow, the following are the steps to create an automated process that sends a notification to your phone every time you receive an email from a particular address. This is a very useful flow, and it’s adaptable for a number of situations.
In order for this flow to work properly, you will need a Flow account, a subscription to Office 365, the push notification service, and the Flow mobile app for your phone.
Sign into your Flow account and select Create from blank from the My flows menu tab.
Click on the Office 365 Outlook icon and select When a new email arrives from the list of triggers.
Choose the folder you want to check for the email, and then click on Show advanced options. Fill in the email address you want to monitor in the From Select Hide advanced options.
Choose New step under the Add an option Find the Notifications – Send me a mobile notification under the action tab and select it.
Inside of the Textfield, write the message you want to receive on your phone. Close the Add an option
Select Create flow at the top of the page, and give the flow a name and save it.
Don’t worry if all this seems a little confusing. There are many tutorials to walk you through the process in greater detail.
How to Get Flow.
You can sign up for free online. There are three different versions of Flow: Flow Free, Flow Plan 1, and Flow Plan 2.
Flow Free is free to use, but it has significant limits on the number of applications it can use to create flows. In addition, the Flow Free plan only checks for the conditions to activate a flow every 15 minutes. That means if you have time-sensitive flows, the free option isn’t a good choice for you.
Flow Plan 1 is $5 per user per month. It checks the required conditions to activate flows every three minutes, which is much better than the free plan and is adequate for most business needs. Flow Plan 1 also provides access to premium services which can greatly expand the usefulness of Flow.
Flow Plan 2 is $15 a month per user and is the most robust option available. It checks for conditions to run a flow every minute. This makes this plan option a must-have for time-sensitive applications. Like Flow 1, Flow Plan 2 grants subscribers access to premium services, but also adds the ability for an administrator to create organization-wide policies and restrictions for using Flow.
There are so many ways to use Microsoft Flow in your business. In my opinion, it’s well worth the cost of Plan 1 or 2. While there are other similar products out there, I think, since Microsoft Flow is probably the best choice for most businesses.
We’d be happy to tell you more. Feel free to contact us at the information below.
{company}
{email}
{phone}
by Felicien | Sep 27, 2017 | Education
If you aren’t storing your business data in the cloud, you’re risking physical damage that may not be recoverable. Learn how to quickly overcome these vulnerabilities in the Cloud.
There was a time when backing up business data included checking the date stamp on a physical tape drive, making a copy, laboriously labeling it, and storing it in a drawer. Well, things have definitely changed for business data storage solutions – And for the better!
Today’s backup options still include on-premise storage but have expanded to provide cloud-based options as well as hybrid alternatives. They support the need for immediate and full backups with lighter connectivity requirements.
Here are some answers to questions we often receive. They should help you decide which storage option is right for your business.
Why Are There Risks with Traditional Backups?
There’s a strong likelihood that your current backup solution has been working well for years—So, you may ask, “Why switch?” Until now, you’ve probably been fortunate enough to avoid a physical or cyberattack—But continuing to use less-secure options like jump drives or tape backups simply isn’t sustainable for the long term.
Perfect examples are the recent hurricanes and wildfires ravaging through the country. If your office was in one of those areas, and you relied purely on physical media storage, you would have lost all your data.
The same goes for theft—Hacking of your systems, or someone breaking into your office and physically stealing your backups means your data is gone forever. While this is less likely, a disgruntled employee could do a great deal of damage by doing this.
While automated backup options such as Apple’s Time Machine or other scheduled backups are better, these alternatives are quickly showing their age. They are still vulnerable to physical attacks, and susceptible to cyber attacks as well. The configuration could be either external hard drives attached to each computer and server or an advanced local network setup that stores all backups in a central location.
How About DIY Data Storage?
Proponents can counter the argument that hard drive backups aren’t susceptible to fire, flood, and theft if you take them offsite to a secure location (such as a storage facility, your home or other business location). While this may mitigate some risk, it certainly doesn’t provide the same level of security as a managed security and backup solution. The sheer amount of physical data storage required could get expensive—And restore from a backup can be incredibly challenging, especially if you need data quickly.
What is Cloud-Based Document Storage?
There are different types of cloud-based storage: general document storage and dedicated cloud storage. General document storage includes options such as Dropbox, Box, Microsoft’s OneDrive, Google Drive and more. These services are excellent for providing collaboration capabilities and the ability to retrieve documents regardless of your physical location. However, when you’re dealing with vast quantities of data far beyond standard document and individual file storage, a more robust option is required. For instance, these general cloud storage alternatives work well even for large files such as photos and videos, but they’re not ideal for highly secure data such as personal information or anything covered by HIPAA regulations.
Are Managed Cloud Services Appropriate for My Business?
This is one of the most professional and reliable options available to businesses of any size. Managed cloud services provide you with peace of mind — Why? Because security professionals will continuously monitor your data for incursions and inconsistencies. This, plus the convenience of quick file restoration and secure physical storage, makes it a good choice. Dedicated cloud storage often includes a facility that’s staffed 24/7/365, and boasts the latest in state-of-the-art security systems—much more security than any business could afford.
My Business is Seasonal. What’s the Best Choice for Me?
When you outsource your data storage, you can quickly and easily scale up or down based on your needs. Instead of having to purchase, install and harden a new server to grow your storage capacity, cloud systems scale automatically, or with only a phone call from you. The same is true when usage drops as well and is easily handled by your storage provider. Since you only pay for the storage that you need, many businesses find that this is a cost-effective option that has all the benefits and few, if any, negatives.
What’s Active Monitoring?
If someone hacked into your network or released malware into your systems, how long would it take you to notice? Chances are you wouldn’t see it right away, which is another reason to work with a trusted managed cloud services provider who will actively monitor your network. Active monitoring of your account means proactive patching of any security vulnerabilities, plus quick action once the danger is identified.
Want to learn more about which backup and data-storage solutions are right for your business in {city}? Contact {company} at {phone} or {email} to speak with one of our IT security professionals. We’ll listen to, and understand your needs before suggesting any solutions.
by Felicien | Sep 27, 2017 | Education
WordPress may be one of the world’s most popular content management platforms, but its plugins open up a Backdoor Vulnerability.
WordPress is one of the most popular CMS (Customer Management Software) platforms of all time, and for good reason. The overall ease of use and administration appeals to individuals, bloggers and small businesses. Plus, it’s compatible with tens of thousands of plug-ins to help you perform tasks, transform data, aggregate analytics, grow customer lists, and effectively sell products and services.
With all that WordPress has going for it, the install base is in the millions — making it a prime target for hackers looking to take advantage of widespread vulnerabilities. Unfortunately, that’s exactly what happened when a backdoor into the WordPress administration was found in the Display Widgets plugin.
The Display Widgets plugin is currently installed on over 200,000 WordPress sites across the Internet. Worse, WordPress.org staff members may have known about this for a long time, and they didn’t take immediate action to stop selling it.
WordPress’s Staggering Growth
Did you know that a WordPress post is published every 19 seconds? – And that downloads of the platform were up over 500 percent in the last five years? WordPress now accounts for nearly 50 percent of websites on the Internet!
With hundreds of millions of posts, more than 36,000 WordCamp conference attendees, and installs in nearly 60 countries, WordPress is the “800-pound gorilla” of the Web CMS market.
Self-proclaimed as being the most flexible, customizable, and easy to update CMS on the market today, WordPress has moved beyond hosting blog pages to now powering websites for some of the largest and most exclusive brands in the world (like McAfee, Routers, CNN, NASA, Facebook and more).
Is WordPress Secure?
Sure, the platform is relatively easy to use, but is it secure? This is the question that millions of users are asking themselves after the news broke about the vulnerability in the Display Widgets plugin.
However, if you own a small business, you may not have the time to fully research these security concerns. You just want to know that your blog post is getting published as it should.
The intuitive and user-friendly interface is welcoming, but you must take the time research the vulnerabilities before you decide if WordPress is right for you. The same plugins that let you take advantage of new functionality in WordPress can also be your downfall.
WordPress Vulnerabilities
Security exploits are nothing new for WordPress users, and the WordPress.org team addresses these issues regularly with security releases and patches. However, if you aren’t keeping up with security patches, vulnerabilities can provide unauthorized access to your systems.
Here’s a short list of WordPress security issues and when they occurred:
2007/2008: WordPress servers were compromised leading major technology blogs to “cry wolf.” WordPress created a new and more intuitive update process for ongoing updates.
2009: After discovering a need for overall hardening of the platform, WordPress released a flurry of updates that began a new and more proactive focus on security.
2011 – 2014: Hackers discovered a vulnerability in the Tim Thumb image resizing utility that allowed them to load and execute a PHP code onto WordPress servers. Attacks continued until the code was pulled by the developer.
2013: A large-scale review of top sites through Alexa’s software revealed that nearly 75% of them were vulnerable because they ran older versions of the WordPress platform.
2015: While the world’s largest body of plugins was still vulnerable, security updates were quickly released. Unfortunately, releasing updates doesn’t mean that users will apply them, even with repeated notifications from WordPress. The XSS vulnerability was a major security outbreak, bug fixes were quickly released.
Can We Trust WordPress to Protect Us?
Although the plugin with the backdoor code vulnerabilities was removed from the WordPress store, a question remains: “Why was it added back to the store after the three previous removals for similar issues?”
This happened after the sale of the plugin from the author to a new distributor. It was revealed that the updated plugin was publishing false entries to WordPress sites— These were only visible to logged-out users and didn’t show up in the WordPress admin section. This was in concert with a user-tracking functionality that implicitly went against WordPress’s terms of service, and that sent personal information to a third-party server!
While WordPress continues to be an incredibly popular web CMS platform, it’s important to ensure that all plugins are up to date, and that the WordPress platform itself has been fully patched.
Want to learn more about maintaining a secure presence on the Web? Contact {company} at {phone} or {email}. Our security professionals will work with you to ensure your content, and site visitors are safe at all times.
by Felicien | Sep 27, 2017 | Education
Virtual Private Networks, or VPNs, provide you with an added layer of security for your business systems and sensitive data. Learn how to find the right VPN solution for your unique needs.
If you’re considering adding a VPN, or Virtual Private Network, service to your business infrastructure, you may be overwhelmed looking at the various choices available on the market today. VPN services provide you with the ability to protect your privacy, securely encrypt internet traffic and can also help protect your business from cyber criminals. Remote workers have been utilizing VPNs for years in order to connect to a corporate environment without compromising overall security of the organization. Demand continues to grow for this affordable technology, due in large part to increased travel demands and the practice of using contractors instead of full-time employees become more mainstream.
What is a VPN?
A Virtual Private Network provides an individual or an organization with additional levels of security, allowing files to be shared safely regardless of the physical location of any endpoints. Technically, a VPN is simply a Wide Area Network that is exceptionally secure, incorporating many of the features that you would expect to find in a traditional firewall. Few of these features are noticed by users, however, they all happen behind the scenes. What users will notice is that there are generally additional steps involved in accessing a corporate network via a VPN, such as requiring a generated key code or utilizing a dongle for added security. VPN services essentially create a secure data tunnel between the provider’s server and the user, allowing a connection that cannot easily be breached.
Why a VPN is Important.
Today’s workers are increasingly mobile and have a true business need to access information from a variety of locations that may or may not be secure. For instance, you wouldn’t necessarily want your users to access your corporate network when utilizing WiFi from a coffee shop, due to the dangers associated with this activity — catching the eye of a cyber criminal, for instance. However, with a VPN your employees can easily gain the ability to read or write to their files on your corporate server securely and with the risk associated with creating a port into your systems from a less-secure location or entry point. The ability to quickly and easily view data when they are away from the office allows employees to be more productive and efficient throughout their week.
VPN Considerations.
Today’s global business world requires creative solutions, and a local VPN allows you to access data from other countries as if you were physically in that country. The location of your VPN server is important for that reason, as it allows you to overcome geo-blocking restrictions — which can come in handy if you’re doing business internationally. There are a variety of other points to consider when you’re reviewing VPN solutions, such as:
Data Caps: How much data is included in your plan can be significantly different depending on your service provider. Limited data amounts may be paired with exceptionally high overage costs, making it important to review not only the included amount of data but what happens when you exceed your monthly or quarterly allotment.
Number of Servers: While you may think of it in terms of purchasing a single VPN server, what you’re actually getting, is access to a bank of VPN servers — making it critical that you ask your service provider the size of their server bank. A limited number of servers could mean a general slowdown for your business or an inability to meet increased needs in the future.
Included Devices: Most VPN providers cap the number of devices that can connect per organization, often with a limit of 3 devices per individual covered by the plan. Higher level tiered pricing may allow for up to 5 devices per user, but the price differential can be significant. Keeping in mind the device cap and the expected usage level by your employees will help ensure you can right-size your VPN plan and still leave room for future growth. Personal devices are not the only ones that need to be counted in your overall cost estimation, however. Keep in mind that each router, server, and other network storage devices will also need a unique access point.
Data Security and Privacy: While nearly all service providers do some type of data logging and user data capture, keep this aspect in mind when making your final decision. If your employees will be accessing critical financial or healthcare-related data, logging should be minimal and quickly released by the VPN service provider to ensure that it complies with all federal regulations.
Pricing: Subscription periods can greatly reduce the overall costs of a VPN. If you’re willing or able to sign a longer-term agreement, you are much more likely to receive favorable pricing within your contract. If you’re testing a monthly service before deciding to take the plunge, the short-term investment may be greater than you would expect. Prices can start as low as free or only $10 per month, depending on your requirements as far as the number of users, required servers and security levels.
In general, a Virtual Private Network is a simple way to maintain strict security standards throughout your business while providing your employees with the flexibility that they need to access business-critical information when, where and how they need to work. Fast, effective and affordable, this technology provides the added level of security that businesses need to stay mobile. Ready to get your business started with a VPN solution that you can trust? Contact {company} today at {phone} or via email to {email}. Our security professionals will work closely with you to scope your business needs and ensure that any solution we recommend will work well for your organization.
Contact {company} today at {phone} or via email to {email}. Our security professionals will work closely with you to scope your business needs and ensure that any solution we recommend will work well for your organization.
