by Felicien | Jun 19, 2019 | Education
Cost-cutting measures are not unusual for organizations as they traverse the standard lifecycle of products and services. What you decide to cut during the lean times can have just as much impact as to where investments go when your business is flush with cash. Some organizations start their cuts in advertising and marketing but eventually make their way to technology projects. Managing expenses and balancing them with the associated risks is a critical task in organizations, but there are two places where the risk simply isn’t worth the savings in expense reductions: cybersecurity and proactive support for your business technology. Reducing your funds in these two vital areas could cause a negative impact on the organization that has a ripple effect felt for years to come. Here’s why these are the two places that you should never cut corners in your business.
Protecting Your Organization’s Business Systems and Data
Cybersecurity is a broad term that refers to a range of activities including hardware protection, software patches, password requirements, staff training, server maintenance, cloud-based controls and more. There is no simple definition of what can be included in cybersecurity and business requirements change on a fairly regular basis. This alone makes it difficult to set a budget and stick with it — or reduce it over time. The ever-changing nature of threats that can effectively cripple an organization in a very short period of time means that your business will need to continually invest in learning and growth opportunities to reduce the risk to your organization.
Data protection is another facet of cybersecurity that demands consideration. From the 2018 GDPR (General Data Protection Regulation) to more recent requirements in various states, data privacy and compliance has come to the forefront of the security conversation. Businesses must first wrangle and then protect sensitive personal, health and financial data — not to mention securing their business systems from infiltration by hackers. Skimping on these critical tasks or attempting to do them in-house with limited resources can open your organization to significant fines if you’re found to be non-compliant with global or state-supported regulations.
Smoothing the Cost of Technology
It’s always tempting to cut out what could essentially be considered insurance: the ongoing maintenance and support of your technology hardware and software. When your business reverts to paying only for systems that are broken and unable to be used, you’re left with a hodgepodge of user complaints due to slowdowns that aren’t “bad enough” to be sent out for repair. Plus, you’re looking at a hefty fee for getting any break-fix work done quickly — and forget about being able to budget effectively by guessing what could potentially require repair or replacement during the year.
Proactive maintenance of your business systems allows business users to maintain a high level of productivity while also factoring your technology costs at a reasonable level throughout the year. It can be extremely challenging when you’ve exhausted your budget for break-fix support for the year, only to find that it’s only the beginning of the third quarter. In that case, you’re either siphoning funds from other crucial projects or trying to limp through the remainder of the year until you can reset your budget and resolve outstanding problems. Investing in proactive maintenance means you don’t have to question whether a fix is “important enough” to be resolved as long as the issue is within your service threshold.
Protecting your business from unnecessary risk can feel like a full-time job for busy technology leaders. Fortunately, IT managed services providers are able to help with both proactive maintenance and providing the high level of cybersecurity expertise that is needed to help protect your business from both current and emerging threats.
by Felicien | Jun 18, 2019 | Education
In early 2019, white-hat security expert Troy Hunt and other researchers shared a massive database of breached passwords and usernames. The stolen data constitutes 25 billion records and 845 gigabytes of stolen data.
While many of the collected records are from previously reported thefts, there are new records there, too. It’s a clear indication of regularity, scope and potential damage caused by poor password management.
That news coincided with Google’s announcement of its new Password Checkup extension for Chrome browsers. The extension is designed to alert and protect users who may have compromised credentials.
What is the Password Checkup Extension?
Password Checkup allows users to check if their Google account, and any other account you check into while using Chrome, has been potentially compromised during a previous data breach. Developed in partnership with Stanford University cryptographers, the extension is designed to give you critical information while safeguarding your data.
How Does Password Checkup Work?
After installing the extension, Google will alert users if they find potentially compromised passwords. The passwords are checked against a database of 4 billion known compromised credentials. Warnings are issued automatically, along with a recommendation to change the potentially compromised credential.
It’s important to note that the extension will not alert you to any outdated passwords or weak passwords. While those other factors can also lead to your account information being hacked, the Password Checkup only identifies known hacked passwords contained in databases.
What Does It Look Like When Password Checkup Is Activated?
The Password Checkup icon appears in your browser bar as a green security shield. The extension app will monitor your account whenever you use Chrome to log into a website or a service.
If it detects that the password is potentially compromised, a bright red warning box pops onto your screen. It features a warning sign and urges you to change your password. The box allows you to ignore the alert for the designated site. There’s also a link to learn more information via a page with more details about Password Checkup and how to change a potentially compromised password.
If for some reason you miss the red pop-up box, the browser extension icon turns from green to red.
Can Google See My Passwords if I use Password Checkup?
No. None of the passwords that the app uses are stored and personal information is not collected. The checked passwords are anonymized using hashes and encryption. Password Checkup was designed to prevent hackers from attacking it.
What Are the Risks of Compromised Passwords?
News stories are constantly reporting on the latest corporate data breach, revealing the thousands of records that were exposed and how that company is responding. The story behind the story is what happens to those stolen credentials.
In some cases, hackers sell information on the dark web. For users that do not know about the hack or aware but choose to do nothing, the consequences can be dire. Bad actors now can access accounts, make purchases, steal money or gain other personal information that can help to steal one’s identity.
People affected by stolen credentials can spend months or years resolving the issues related to compromised accounts. This work is time-consuming, costly and stressful.
Are There Other Tools to Check Compromised Credentials?
There are many other services that help monitor and detect stolen passwords, including websites such as Have I Been Pwned? and Watchtower and password managers like Dashlane and Keeper.
How Prevalent Are Data Breaches?
According to the 2019 Verizon Data Breach Investigations Report, stolen credentials are also an increasingly popular approach for hackers looking to gain access to cloud-based email servers. Stolen credentials are a particular issue for businesses in the accommodations and food services, financial and insurance, educational services, manufacturing and professional services industries.
What Can Be Done to Prevent Compromised Credentials?
For businesses, there are several steps that can mitigate the risks of data breaches that result in compromised credentials:
Develop and enforce rigorous password policies, including password complexity, reuse and expiration dates
Implement two-factor or multi-factor authentication that uses both known information, such as a stored password, and new information, such as a texted or emailed credential, (e.g. a one-time access code)
Centralized identity access management
Centrally managed single sign-on protocols
Google’s new extension is an excellent way to provide individual Chrome users with information that will protect themselves and their personal information. When combined with broader business rules, the extension should reduce the rate and severity of compromised credentials.
by Felicien | Jun 18, 2019 | Education
When you’re working hard to grow your business, you can get caught up in things that take your attention away from your technology. Before you know it, your IT system isn’t up to speed because you failed to update an operating system. We don’t want this to happen. This is why we’ve provided a checklist about Windows 7, its approaching End of Life (EOL), and what you should do.
It’s Time To Upgrade From Windows 7
Extended support for Windows 7 will end on January 14, 2020. This means that Microsoft won’t provide security updates for PCs running Windows 7. This could put your IT system at risk for security and reliability issues.
We recommend that you plan your upgrade now. And, if you run a business, we advise that you skip Windows 8 and upgrade to Windows 10 Pro.
Skip Windows 8 and Migrate To Windows 10 Pro
Windows 8 product enhancements (mainstream support) ended back on January 9, 2018. And reliability and security patches will end on January 10, 2023 (the end of extended support). This may seem like a long time from now, but if you’re upgrading anyway, shouldn’t you use the most current Windows program? Windows 10 Pro offers the very latest technology, and it’s built for business use.
Windows 10 Pro Will Benefit Your Business
Increased Security is incorporated with ongoing protections like Windows Defender Antivirus, BitLocker, a Firewall and more (at no extra cost to you).
Windows Remote Desktop ensures that you can access your files from any PC or tablet with an internet connection.
Automatic Cloud Storage will store and protect your Word, PowerPoint and Excel files from system crashes.
Sign In 3 Times Faster by using Windows Hello with Facial and Fingerprint Recognition.
Take Advantage of New Features In Windows 10 Pro
Windows Ink with Touch Screen & Digital Pen Capabilities
Windows 10 Pro pairs with Office Documents and Other Apps
Microsoft Edge with faster and safer web browsing, automatic form filling, type or write on webpage capabilities, and much more
Cortana voice-activated digital assistant integrates with your calendar and other Windows apps.
You Have Two Choices For Upgrading
1. Migrate your existing machines to Windows 10 Pro.
2. Replace your old computers with new Windows 10 devices.
Consider This Before You Migrate To Windows 10 Pro
Are your current apps compatible with Windows 10? (Check Microsoft’s App Directory to be sure.)
Do your existing computers meet these system requirements?
1GHz processor or faster
1GB RAM for 32-bit; 2GB for 64-bit
Up to 20GB available hard disk space
800 x 600 screen resolution or higher
DirectX 9 graphics processor with WDDM driver
There are 2 Migration Tool Options
1. Windows Easy Transfer
For a small number of computers or a single customized deployment.
Transfer files and settings via a network share, USB flash drive, or Easy Transfer cable.
Can’t use a regular USB cable to transfer files and settings
2. User State Migration Tool (USMT) 10.0
Best for large-scale automated deployments.
Uses .xml files to control which user.
Accounts, files, and settings are migrated.
Use for side-by-side migrations for hardware replacements, and wipe-and-load migrations.
Test The Quality & Performance of Your New System
Use the Windows Assessment and Deployment Kit (ABK) to test the quality and performance of your system, and to customize Windows images for large-scale deployments.
Need Help Upgrading To Windows 10 Pro?
We’re always here to help and answer your questions
by Felicien | Jun 18, 2019 | Education
In its look at the top 10 strategic technology trends for 2019, Gartner notes that businesses need to address an astounding number of technologies that will change the way companies run, their business models and their internal processes.
From the rise of artificial intelligence and autonomous objects to augmented analytics programs and immersive technologies, companies must consider what technologies they, their customers and their competitors expect and adopt.
Today, that means that c-suite leaders need to reconsider the roles of and the relationships between the CEO and CIO.
What Are the Traditional Relationships Between CEOs and CIOs?
Consider the paths to leadership for both roles. CEOs today, especially in non-tech companies, typically rise due to their acumen on the business side of a company. They demonstrate leadership and mastery of product or service areas, delivering consistently impactful results (particularly in revenue). The CEO has a public-facing role and commands authority, shaping the marketing messages, interpreting financial results and assessing sales past and future.
The CIO has likely grown up on the technology side. At many businesses, the CIO’s role traditionally has been to “keep the lights on,” focusing on keeping networks operational, overseeing system installations, upgrades and maintenance, and keeping users, endpoints, websites and networks protected.
In many companies, the CIO has not even been a direct report to the CEO and their relationship has been relatively distant.
The different backgrounds and, in some cases, language used in the two roles has made it difficult for the two leaders to have productive relationships.
Today, that paradigm no longer makes sense.
What Is Different Today Regarding the CEO/CIO Relationship?
Digital transformation is at the heart of growth and progress. There are few if any industries that not being shaped, influenced and changed by the increasing reliance on digital technologies. That makes the role the CIO plays very different than it was just a few years ago.
The prevalence of technology as a key driver of business strategy, structure and outcomes means that IT can no longer be considered a cost center. It needs to be at the table when key decisions are made about a company’s future direction, investments, hiring, and prioritization.
“As CEOs increasingly turn their attention to digital innovation as a top priority, they are counting on CIOs to drive it,” noted a recent article. “The IT leaders they used to frown at in budget meetings are now considered strategic business partners.”
This shift can be unsettling, especially among other executives who have not stayed abreast of their technical skills and knowledge.
What Needs to Change in the CEO/CIO Relationship?
Communication is one of the most essential skills to develop in a new relationship. The CEO needs to understand the technologies, the scope, the potential impact and the risk of not moving forward with opportunities. CIOs also need to be fully conversant with the business’ priorities, goals, objectives and present state of technology adoption and use.
One important aspect of the changing relationship is inviting the CIO to the table. Recent versions of the annual Harvey Nash/KPMG survey show the evolution of role and influence has begun but is still not where it needs to be.
The 2017 survey notes that “the CIO has progressively become more influential.” The number of CIOs at the table has grown, from 38 percent reporting being a part of an executive committee in 2005 to 62 percent in 2017. Three-quarters reported attending board meetings in the past year to discuss IT strategy, digital transformation, technology investments and cybersecurity.
The 2018 edition notes that CIOs among companies considered digital leaders are likely to have more of a strategic role. The most effective are able to frame for the CEO the advantages of digital transformation around revenue growth.
“They work with the executive team to influence and guide the enterprise on the effective use of digital technologies,” the article notes. “They help create a vision on how to use digital to transform the enterprise and grow.”
The changes represent a shift in how the CEO and CIO relationships are changing. Access to board members, involvement in critical decisions and influence in the c-suite are all reflections of how CEOs perceive and value the CIO role.
However, there is still room for improvement. Even the CIOs among the top 25 percent of companies demonstrating digital leadership only rate 59 percent on a scale of strategic influence.
There are shared responsibilities in order to change to a high-impact CEO/CIO relationship. The CEO needs to lead by example, signaling the importance of digital transformation and the CIO’s lead role in achieving it. CIOs need to bring ideas to the table that relate to the business outcomes and opportunities available, not just “shiny new gadgets.”
What If My Business Is Too Small to Have a CIO?
Digital transformation is not just for enterprises. Small- and medium-sized businesses also need to leverage the technical opportunities to differentiate and grow. For many SMBs, that means turning to a “virtual CIO” relationship with a managed IT service provider that can deliver IT consulting, assessments, strategy, solutions and budgeting. Working closely with a CEO and other business leaders, the virtual CIO can provide the insights and vision necessary to leverage the changing digital landscape.
A powerful relationship between the CEO and the CIO, whether internal or through a managed services provider, is essential for transformation to be successful.
by Felicien | Jun 18, 2019 | Education
As a CEO, you have tremendous influence over your company’s brand, messaging, values and strategies. You also have a personal brand that increasingly today needs its own shaping, nurturing and feeding.
One powerful way to improve your personal brand and your company’s messaging is to have your own blog. Your voice, insights, opinions and news needs a vehicle that can project your thoughts across multiple channels.
Knowing why a blog makes sense and best practices is an ideal way to get started.
Why Should I Create a CEO Blog?
First, consider the multiple audiences to which your voice matters. There are stakeholders and in some cases shareholders that value your communication.
Internal blogs allow you to communicate to employees in a very different way. The benefits include:
Providing an up close and personal insider perspective on work, values and messages you want to convey
Promoting your internal persona
Promoting and reinforcing key messages
Building and celebrating a positive company culture
Fostering two-way communication between the c-suite and other employees
What Is the Difference Between Internal and External CEO Blogs?
External blogging has its own advantages. The tone and content of internal and external blogging likely will be different but the tone, themes and messaging should remain consistent. The advantages of external blogs are:
Thought leadership. Insights on industry trends, needs, challenges and transformation help establish you as a leader in your field.
Valued added. Customers and potential customers are more likely to choose your business if you can provide them with valuable, needed information that helps them do their business better.
Authenticity. Build authenticity with external stakeholders with consistent valued content, especially in challenging times or crises. That’s when your voice should be loud, not silent.
A face with a brand. Too often companies, especially as they grow larger, become faceless. A blog helps put a human face on your business and brand. Your blog helps keep your business front of mind, especially when they see your information popping up regularly in email inboxes and on social media.
Brand loyalty. Customers are going to come back when the products and services they receive are of high value. A blog can help in reinforcing your commitments to quality, customer service and continuous improvement.
Spreading your message. When your content is compelling, readers will like, share and forward it to others. This viral marketing, at no additional cost to you, spreads your brand and your thought leadership.
Beating the competition. It’s likely some of your competitors are blogging. Get ahead of them with better, regular and more valuable information.
In a 2016 New York Times article, Microsoft founder Bill Gates, who focuses much of his energy now on his philanthropic foundation, spoke about why he blogs. “It … helps to have a platform for talking about the work I’m doing, both through the foundation and separate from it, because I find people are curious about it,” Gates said.
What Makes for a Successful CEO Blog?
The best CEO blogs are authentic. They don’t just regurgitate press releases or quarterly results. They inject humanity and persona into the work that your company does and gives you a visible, recognizable brand. Here are some other elements of a successful CEO blog:
Personalization to a point. This is not the place to talk about your son’s high school graduation. However, personalization is important. Instead, offer glimpses behind the curtain about why and how decisions were made or what you see as key issues or opportunities in the industry.
Design matters. You want your blog to be easily readable, especially on mobile devices.
Onmichannel. Content is valuable … and you and your marketing team should strategize about how to get the most out of what you provide. Longer blog posts can be followed up by other content — written by you or others — that points back to your hub information. Posts should be teased or delivered via multiple social media platforms. Depending on your business, that may include LinkedIn, YouTube, Facebook, Instagram or Twitter.
No jargon. Inside baseball is cool, but not when no one can understand what you’re writing. If you’re going to use jargon, be sure that it commonly used within your industry. Otherwise, you could alienate existing and potential customers.
Focus on customers. All of your blog content should have a singular focus: What do our customers need? Whether it’s product information, industry news or company information, be sure that it is written to help customers solve problems. Ideally, those problems are those your company is uniquely qualified to address.
Use humor … if it’s funny. Humor is a lot harder to write than you would think. Written words cannot easily express tone, pace and intent. Humor adds a personal element to your writing, but it has to be done with care and strategically.
Where Can I Find Good Examples of CEO Blogs?
Looking for inspiration for your own blog? There are plenty of sources of great CEO blogs and leadership blogs from which to take inspiration. Here are a few examples to review:
CEO blogging can have a deep impact on internal and external messaging. With a clear understanding of goals and tips, your blog will be ready to be published.
by Felicien | Jun 17, 2019 | Education
Hackers Now Using HTTPS To Trick Victims Via Phishing Scams
Everything you’ve heard about the safety of https sites is now in question. According to a recent FBI public service announcement, hackers are incorporating website certificates (third-party verification that a site is secure) when sending potential victims phishing emails that imitate trustworthy companies or email contacts.
These phishing schemes are used to acquire sensitive logins or other information by luring people to a malicious website that looks secure.
Can You Still Count On HTTPS?
The “s” in the https along with a lock icon is supposed to give us an indication that a website is secure. And your employees may have heard this in their Security Awareness Training. All training will now need to be updated to include this latest criminal tactic.
What Should You Do?
Be Suspicious of Email Names and Content
The FBI recommends that users not only be wary of the name on an email but be suspicious of https links in emails. They could be fake and lead you to a virus-laden website. Users should always question email content to ensure authenticity.
Look for misspellings or the wrong domain, such as an address that ends in “com” when it should be “org.” And, unfortunately, you can no longer simply trust that a website with “https” and a lock icon is secure.
If you receive a suspicious email that contains a link from a known contact, call the sender or reply to the email to ensure that the content is legitimate.
If you don’t know the sender of the email, the FBI warns that you shouldn’t respond to it.
Don’t click links in any emails from unknown senders.
If You Run A Business Ask Your IT Service Company About New-School Security Awareness Training For Your Employees
This will give your staff the latest information about cyber threats and exploits. They’ll learn what they need to know to avoid being victimized by phishing and other scams.
Why Use New-School Security Awareness Training?
Your employees are the weakest link when it comes to cybersecurity. You need current and frequent cybersecurity training, along with random Phishing Security Tests that provide a number of remedial options if an employee falls for a simulated phishing attack.
New-School Security Awareness Training provides both pre-and post-training phishing security tests that show who is or isn’t completing prescribed training. And you’ll know the percentage of employees who are phish-prone.
New-School Security Awareness Training…
Sends Phishing Security Tests to your employees to take on a regular basis.
Trains your users with the world’s largest library of security awareness training content, including interactive modules, videos, games, posters and newsletters, and automated training campaigns with scheduled reminder emails.
Phishes your users with best-in-class, fully automated simulated phishing attacks, and thousands of templates with unlimited usage, and community phishing templates.
Offers Training Access Levels: I, II, and III with an “always-fresh” content library. You’ll get web-based, on-demand, engaging training that addresses the needs of your organization whether you have 50, 500 or 5,000 users.
Provides automated follow-up emails to get them to complete their training. If they fail, they’re automatically enrolled in follow-up training.
Uses Advanced Reporting to monitor your users’ training progress, and provide your phish-prone percentage so you can see it reduce as your employees learn what they need to know. It shows stats and graphs for both training and phishing, ready for your management to review.
Your employees will get new learning experiences that are engaging, fun and effective. It includes “gamification” training, so they can compete against their peers while learning how to keep your organization safe from cyber attacks.
Add New-School Security Awareness Training To Your Current Employee Training
The use of https is just the latest trick that hackers are using to fool victims into falling for malicious emails. Hackers have many more “up their sleeves.” This is why regular, up-to-date New School Security Awareness Training is so important for any organization.
