by Felicien | Jun 6, 2019 | Education
Are you prepared for disaster to strike your business, whether natural or manmade? Many businesses aren’t. They either have no business disaster recovery plan, or the one they have is wholly insufficient.
Is this really a big deal for your local business? Yes, it is. Forbes reports FEMA statistics that over 40% of businesses affected by a disaster never reopen at all. Those that do reopen often deal with the aftermath of lost data, revenue, and stability for years (or until bankruptcy).
You can’t prevent all risk to your local business associated with disaster, but you can mitigate a lot of that risk. You need a comprehensive IT disaster recovery plan. We’ll get you started with x steps that should be part of your plan.
1. Know What Equipment You Need to Stay Operational
This step starts with creating an inventory of every piece of equipment that you can’t operate without. This isn’t a full inventory (though you should have one of those, too). This is a list of what’s mission critical.
2. Create a Timeline for Recovery
Now that you know what you need to remain operational, craft a timeline for recovery. This should be a realistic timeline, taking into account how long it will physically take to get the critical equipment as well as how long you can afford to be dark before your business’s existence is threatened.
Consider both how long it will take you to recover and what point in time you can recover to. The latter relates to your backups, which we’ll cover in step 4.
3. Communicate This Information Far and Wide
An inventory and timeline that only you know about will not be effective. Consider that you may be incapacitated in the disaster, or you may be unable to get to the disaster site. Do others know what to do if you’re not around? Communicate your mission-critical inventory and your recovery timeline to stakeholders throughout your organization.
4. Back Up Data (and Review Your Backup Providers)
Getting the equipment you need up and running is one aspect of recovery. The other is restoring the most recent data you have available. Backing up your data is an essential part of a disaster recovery plan.
If you’re already backing up your data, that’s good. Take time regularly to inventory your backups. Are they running on schedule? Are the backup files useable? Also, be aware that on-site backups have their purpose, but in the event of a disaster like flood or fire, your on-site backups are most likely destroyed. Consider adding cloud backups or off-site backups to your IT arsenal to better protect yourself against risk.
5. Procure a Generator
In the event of a natural disaster, power outages could be widespread. You may end up in a situation where your infrastructure is either undamaged or already rebuilt, but the city hasn’t restored power to you yet. Having a generator on site can allow you to resume critical functions sooner.
6. Evaluate Costs
Knowing where to procure replacement equipment is important, but so is having a plan for paying for that equipment. If that’s a daunting suggestion for your local business, you might consider looking into catastrophe insurance. Avoid the threat of a massive bill for replacing equipment by paying a lower and consistent amount for insurance.
7. Limit the Chance of Unnatural Disasters
You can’t control natural disasters, but you can limit the chance of an unnatural one. Take steps to lower your exposure to human threats like cyberattacks, data breaches, and equipment sabotage. One practical step is to audit who has access to what. Give employees and vendors access to only those files and systems they need to do their work. We also recommend regularly providing training on detecting scam emails and phishing schemes.
This step is a tough one to manage yourself. Consider partnering with a managed service provider (MSP) to help you step up your cybersecurity efforts and to train your staff accordingly.
8. Test Your Plan
Just like your backups, your plan as a whole can’t be good if it doesn’t actually work. Test your plan at regular intervals to make sure you’ve not left any gaps. If you discover problems you can’t solve, work with an MSP to find solutions.
9. Don’t Go It Alone
We’ll be blunt. All this is too much for most local businesses to handle alone. You need a quality MSP to help in the process. If you’re ready for help with your disaster recovery plan, contact us today.
by Felicien | Jun 6, 2019 | Education
If you’re a CEO — whether your company is big or small, new or old, successful or working on it— there’s no doubt certain problems do a great job of keeping you up at night.
These are the challenges you just can’t seem to master. They plague you day-to-day, quarter-to-quarter, year-to-year. Yet try as you might, there seems to be no getting around them.
The good news is, yours are likely the same problems that all CEOs face. In other words, you’re in good company.
Below, we take a look at a few of these common CEO challenges and offer up some useful tips for tackling them once and for all.
Top Challenges CEOs Face
#1 – “How do I hire the best talent (and keep them motivated)?”
Attracting the best employees is certainly a leading cause of concern among CEOs. As a CEO, your team is the engine that drives your business. You may be the “ideas man” or “ideas woman,” but you need great talent to bring your concepts to life.
The Solution: Top employees can definitely hard to find, but it’s important to take your time. Quality hiring is doable if you know where to look, what to look for, and how to entice the right people.
First, make sure you’re clear about your job descriptions. Don’t be wishy-washy with prospective candidates.
Next, know where to look. Job fairs, sites like LinkedIn, and open job searches are good places to start. Still, you should always thoroughly review applications and prescreen candidates with a tight checklist before narrowing your best options.
Be thorough about checking your candidates’ references, backgrounds (job and education history), and experience. After you’ve made a short list, hold in-person interviews to get a feel for each candidate’s interest level and how they behave.
Lastly, when you find the right candidate, make sure you have a stellar hiring package ready to show them. Make it one they won’t be able to say no to. Budget restraints are certainly a challenge here, so if your resources are tight, find ways to promise pay and benefit increases with improved performance and company success. This shows your investment in your company — and in your employees as members of the larger company family.
#2 – “How do I retain my talent?”
Keeping employees motivated is certainly essential for extending and prolonging the flow of unique, creative ideas and hard work. Still, if you’re not taking care of your employees in other basic ways, some of them will walk away. Of course, this won’t necessarily be because they want to … they simply might have to.
The Solution: To ensure a consistent, long-lasting team of the best talent in your industry, you have two jobs:
1. Find ways to keep your employees motivated to do well.
2. Reward them for their hard work.
Many CEOs have trouble grasping the fact that their best employees won’t necessarily hang around just for the love of the work. This is often because, as CEOs, they’ve turned over their own life over to their business.
But remember that your employees — no matter how similarly passionate they are about your company — have lives of their own. Many have mouths to feed at home, student loans to pay, and second mortgages on their homes. If you’re not providing for them (as you said you would when you hired them) and incentivizing them to continue doing amazing work … you can probably expect their two weeks’ notice sometime soon.
In order to motivate employees, you’ve got to have a great idea that’s worth working for. Of course, it helps if you’ve hired a team that’s passionate about the same things you are.
Team-building is another great way to keep employees motivated. Organized company events, fun incentive programs, a comfortable work space, and opportunities for self-development within your company are key.
# 3 – “How do I make my product (or service) stand out?”
Yes, your company solves “problem A” … but so do six other companies. What you have to decide upon and sell is how you solve your problem better than anyone else.
Easier said than done, right?
The Solution: For the most part, the key answer here is creativity. Unfortunately, whether you like it or not, there are a lot of creatives out there doing awesome work. You’re probably creative too. But you have to be more creative than your competitors.
The good news is you have some options.
If you know for sure that your company is just like another company, for example, look for ways to differentiate by:
Unique branding
Varied size, shape, or level-of-service options
Amazing discounts and sales
Bonuses for loyal customers
World-class customer service
Added, unique features
Exceptional marketing *
* This is key. By investing in your marketing strategies, you’re tinkering with the first thing potential customers and clients will see — and that’s the right place to begin.
It’s true, if you can get someone to your website to read about your unique product features or see your amazing discounts, you might be able to turn them on to your product or service. But if you can “have them at hello,” you’re going to see a much higher and more immediate rate of success. Smart marketing will also give you one of the highest returns on your investments.
Generally speaking, all CEOs will face the above challenges at one time or another. The key to overcoming them is two-fold: First, try to anticipate whatever key issues you’ll have before they become serious dilemmas. Second, using the advice above, don’t be afraid to face these issues head-on. When something doesn’t work, don’t give up — simply try a new tack.
by Felicien | Jun 5, 2019 | Education
Email is a great system when it works well, but it has some frustrating limitations. You have to know someone’s email address to be able to reach them via email, and there’s no central database for finding email addresses. You can often use the internet to find people’s mailing addresses via directory searches, but not such parallel exists for email. If you need to get in touch with someone but don’t have their email address, here are a few tips for finding someone’s email address.
Within Your Organization
If you’re looking for someone within your organization, you can use Outlook to find the person. Simply create a new email, then click the button next to the “To:” field. This will bring up an address book search. Try searching last name first.
You can also use a keyboard shortcut: click in the “To:” field, then start typing the person’s last name. Press ctrl + K, and Outlook will narrow your list. Click the right one, and you’re done.
Outside Your Organization
It gets a little tougher outside your organization. Here are a few tips.
Google It
You can always try a good old-fashioned internet search. Search for the person’s name and the word “email”. Maybe include the person’s job title as well. For all examples below we’ll be searching for Frank Johnson, accountant at Awesome Accounting, Inc.
Get creative with your Googling. Other search ideas include searching [“Frank Johnson” “contact me” “Awesome Accounting”] or [“Frank Johnson” “Accountant”]. If you’re looking for a personal account, you could also search for [“Frank Johnson” AND “@gmail.com”]. Keep trying other popular email services.
Mine Social Media
Many people have an email address associated with their Facebook or LinkedIn accounts, and sometimes they make this public. Be sure to search social media for the person you’re trying to contact. Even if you can’t find an email address, you will likely find a way to contact the person. If it’s a personal contact, a Facebook message might be most appropriate. If it’s a business connection, stick to LinkedIn.
Check for a Website
Does the person you’re looking for have a website? If so, there is likely a “contact me” page there. These often route directly to an email inbox. You don’t get to see the address unless the person replies, but it’s a place to start. Some people also include an email address directly on their websites. This is less common, but it’s worth checking.
Use a Search Tool Like Pipl
There is no universal directory for email addresses, but services like Pipl are doing what they can. Pipl maintains a database of known contact information for many people, and it’s free to use. If your other methods don’t yield results, check here.
by Felicien | Jun 5, 2019 | Education
Are You One Of Many Affected By The LabCorp Data Breach?
Financial & Personal Information of 7.7 Million Exposed
Just yesterday we wrote about the Quest Diagnostics’ breach affecting nearly 12 million. Today we’re writing to tell you about a LabCorp breach affecting 7.7 million people. Both of these breaches were caused by a third-party; the American Medical Collection Agency (AMCA). AMCA provides billing collection services to both LabCorp and Quest Diagnostics.
AMCA has informed LabCorp that it is in the process of sending notices to approximately 200,000 LabCorp consumers whose credit card or bank account information may have been accessed. AMCA has not yet provided LabCorp with a list of the affected LabCorp consumers or more specific information about them.
In a filing with the U.S. Securities and Exchange Commission, LabCorp said the breach happened between August 1, 2018, and March 30, 2019.
A section of the filing reads:
“AMCA’s affected system also included credit card or bank account information that was provided by the consumer to AMCA for those who sought to pay their balance. LabCorp provided no ordered test, laboratory results, or diagnostic information to AMCA. AMCA has advised LabCorp that Social Security Numbers and insurance identification information are not stored or maintained for LabCorp consumers.”
The information included in the breached system includes:
Bank account information,
Credit card information,
First and last name,
Date of birth,
Address and phone,
Date of service and provider, and
Balance information.
Forensic experts are investigating the breach. It’s possible that the AMCA breach could impact other companies and millions of more consumers.
What Should You Do?
Anyone who was affected by the data breach should freeze their credit report to prevent criminals from opening credit card accounts in their name. They should also be concerned that their Social Security numbers were exposed.
If you believe that your information has been leaked, you can contact LabCorp customer service on their contact page.
by Felicien | Jun 5, 2019 | Education
For today’s tech blog we’ll tackle a topic that’s become much more visible over the last couple years. What are tracking cookies? How do they get on your devices? Can they harm your devices? We’ll answer these three questions in this post.
What Are Cookies?
Tracking cookies are a specific type of cookie, so we first need to define cookies (the non-baked-good variety). In the digital world, the term cookie describes a text file saved onto your device that contains information specific to you, the user. Every time you log in to a site and click the “remember me” box, your browser creates a cookie. Just about anything a website “remembers” about you isn’t stored on the website. It’s stored in cookies on your device. The next time you visit the website, it sees the cookie on your device and picks up where it left off.
What Are Tracking Cookies?
Tracking cookies take this concept much further. A site that uses tracking cookies will store marketing data on you. They may keep track of things like which links or stories you clicked on and especially which advertisements you clicked on.
Why do they do this? For data and advertising. Advertisers pay by the click, so websites are motivated to get you clicking on their advertisements. Remembering what you clicked last time enables a site to serve a more relevant ad to you this time. For example, if you clicked on a car advertisement last time and ignored one for beer, you’re fairly likely to do the same this time. The site will then serve up a car ad rather than a beer one.
Some firms take tracking cookies even further. Google, for example, serves ads on millions of sites. It has the ability to track your browsing and even shopping history across a wide range of sites. Google and others use this kind of information to retarget ads to you all across the internet.
How Do They Get On Your Devices?
Tracking cookies get loaded on your devices through the natural process of browsing the web. There’s no real way to stop them from loading, either. In the past few years, an initiative called Do Not Track was supposed to limit tracking cookies, but it hasn’t worked. Apple is even removing support for the feature and looking for other options.
Can They Harm Your Devices?
The good news here is that tracking cookies won’t harm your devices. That said, if you dislike them, you can get rid of them. You can delete all cookies manually in your browser’s settings, though this deletes the helpful ones (like “remember me”) along with the nuisance ones. The NAI Consumer Opt-Out can also limit tracking cookies for your accounts.
by Felicien | Jun 5, 2019 | Education
On May 17, 2019, security firm Tenable announced that one of its researchers, David Wells, had discovered a Slack bug affecting Slack’s Windows desktop client. The bug affects version 3.3.7 of the Slack desktop app, which was just last week the most current version. Read on to learn more about this bug: how it was discovered, what it can do, and how to protect yourself.
Discovery and Reporting
Wells discovered the Slack vulnerability and reported it via HackerOne’s bug bounty program. This program allows white hat hackers to receive financial compensation for disclosing previously unknown vulnerabilities so that companies can address them before serious damage is done.
Under the terms of this program, the bug was not disclosed publicly until Slack had the opportunity to release a fix. Slack has since released that fix, but the segment of its 10 million active users that haven’t yet updated may remain vulnerable.
What the Bug Can Do
Wells discovered that slack’s protocol handler, “slack://”, can do quite a bit. It even has the ability to modify sensitive application settings. Attackers could abuse this protocol by creating a “slack://” link that reroutes the user’s download location. The powerful “slack://” protocol even allowed rerouting to an attacker-owned location.
The result of that action would be that files downloaded from Slack would actually be saved to the attacker’s server. The attacker would even be able to modify those files before the reviewer had a chance to open them.
The attack can also be hidden fairly well. Slack’s “Attachment” feature allows users to change the text that displays with a hyperlink, meaning the malicious link could be disguised as “Account Report 004.docx” or any number of realistic-looking files.
Lastly, an attacker with sufficient skill could inject malware into an Office file (like a Word document or Excel spreadsheet) using this exploit. This is a real danger, because Office files are tossed around as attachments all the time. Office warns users that downloaded files can be unsafe, but users will nearly always ignore this warning when they think they’ve downloaded a document from a trusted colleague.
The Danger Level
A bad actor gaining access to all downloaded documents isn’t good, of course, but how dangerous is this bug, actually? Tenable reports that it has scores 5.5 on the CVSSv2 scale, which is a medium score. We see two reasons the bug doesn’t score higher.
One, exploiting this vulnerability requires user involvement. If you don’t click the link, the attacker gets nothing.
Two, exploiting this vulnerability in a convincing way requires compromising the credentials of a Slack group member. It’s difficult if not impossible to send a message to just anyone using Slack. You have to first be a member of the same channel. This means that this exploit is more or less limited to disgruntled channel members and attackers who’ve hacked or stolen a channel member’s credentials.
How to Protect Yourself
The good news on this vulnerability is that Slack has already patched it. All you need to do to protect yourself and your organization is ensure that anyone using Slack for Windows has updated to version 3.4.0 or later. You can check yours by looking at the “About” window in the program. If you don’t have the access needed to update your application, contact IT right away.
IT Administrators looking to update a Microsoft Install deployment should check out these instructions provided by the Slack team.
More Good News: No Real-World Impact, Yet
There’s more good news about this bug and associated exploit. Because Tenable reported the bug to Slack through HackerOne, Slack was able to address the vulnerability before it became publicly known. According to the company’s reporting on its own research, they find no evidence that the vulnerability has been exploited in the real world yet.
Conclusion
Exploits like these are discovered every day. Are you protected? If you’re not sure, give us a call. We stay up to date and we keep our clients safe.
