Uncategorized

Every business, big or small, should have a cyber security policy in place for its employees. Employees need to know what’s acceptable and what isn’t when it comes to all things IT. The policy should set expectations, lay out rules and give employees the resources necessary to put the policy to work.

Your employees represent the front lines of your business’s cyber security defense. You may have all the antivirus software, malware protection and firewalls in the world, but if your employees aren’t educated about IT security or don’t understand even the basics, you’re putting your business at MAJOR risk.

What can you do to remedy that? You can put a cyber security policy in place. If you already have one, it’s time to update it. Then, once it’s ready, put it into action!

What does a cyber security policy look like? The specifics can look different from business to business, but a general policy should have all the fundamentals, such as password policy and equipment usage.

For instance, there should be rules for how employees use company equipment, such as PCs, printers and other devices connected to your network. They should know what is expected of them when they log into a company-owned device, from rules on what software they can install to what they can access when browsing the web. They should know how to safely access the work network and understand what data should be shared on that network. 

Breaking it down further, many cyber security policies include rules and expectations related to:

• E-mail use

• Social media access

• General web access

• Accessing internal applications remotely

• File sharing 

• Passwords

Policies should also break down IT roles within the organization. Who do employees call, text or e-mail if they need IT support? What is the hierarchy they are expected to follow? Do they have internal support? Do they contact your managed services provider (MSP) or IT services partner?

It’s important for employees to have resources in order to effectively execute policies. This can come in many forms. It may be a guidebook they can reference or a support phone number they can call. It might be ongoing training on cyber security topics. Or it might be all of the above (as it often is!).

Break down every rule further. Passwords are a great example of an area of policy every business needs to have in place. Password policy often gets overlooked or simply isn’t taken as seriously as it should be. Like many cyber security policies, the stronger the password policy is, the more effective it is. Here are a few examples of what a password policy can include: 

• Passwords must be changed every 60 to 90 days on all applications.

• Passwords must be different for each application.

• Passwords must be 15 characters or longer when applicable.

• Passwords must use uppercase and lowercase letters, at least one number, and at least one special character, such as @, #, % or &. 

• Passwords must not be recycled.

The good news is that many apps and websites automatically enforce these rules. The bad news is that not ALL apps and websites enforce these rules – meaning it’s up to you to define how employees set their passwords.

Putting a cyber security policy in place isn’t easy, but it’s necessary, especially these days. More people are working remotely than ever. At the same time, cyberthreats are more common than ever. The more you do to protect your business and your employees from these cyberthreats, the better off you’ll be when these threats are knocking at your door.

If you need help setting up or updating your cyber security policy, do not hesitate to call your MSP or IT services partner. They can help you put together exactly what you need for a safer, more secure workplace.

When it comes to IT solutions, most businesses rely on one of three options. They have a dedicated in-house IT employee or team, an outsourced managed services provider (MSP) or nothing at all. There is, however, a fourth option: co-managed IT.

This hybrid option gives you an on-site IT manager or a small team AND access to an off-site IT services firm. For any business that takes IT seriously, this can prove to be an efficient and reliable option. It’s not as costly as a full on-site team, but it can be more comprehensive than relying on an MSP alone.

Simply put, the co-managed IT solution gives your business more options when it comes to getting IT and network stability and security right. It keeps you nimble when it comes to on-site issues. For instance, having an on-site IT manager means you have someone who knows the quirks of your business and its very specific needs.

But depending on the scope of your business and the size of those needs, the job has the potential to get complicated fast. This is where having access to an off-site expert IT staff can be useful. An outsourced IT firm alleviates that pain point. Your IT manager has someone to call when they need to and suddenly you have a full IT staff.

These are experts in IT who understand a range of issues, from system management to industry regulations – and just about everything in between. They might not be familiar with the quirks or intricacies of your specific business or industry, but you already have that taken care of in the co-managed model.

Co-Managed It Brings Everything Together.
You can have someone on-site who you can count on day to day, but when they need assistance, they have someone they can reliably call. They have access to an incredible knowledge and experience base. But it gets better!

One of the benefits of this approach is employee retention. Co-managed IT can completely shift your company culture for the better. Here’s why: small or single-person IT teams can get overwhelmed and overworked fast. This is common in IT. As a result, small-business IT departments often seem like a revolving door for those employees. It creates a broken culture.

If your on-site team lacks access to the proper tools or resources, it won’t take long for them to become overwhelmed and, eventually, burned out. If there’s a crisis, like a ransomware attack or a storage failure, and your internal IT team isn’t given the support they need to succeed, it puts undue stress on them.

While they might succeed in the end, they’ll be unhappier for it and will likely start looking for a new job. With IT in such high demand, especially in 2021, it’s likely they’ll find another job, leaving you left to pick up the pieces.

Co-managed IT helps you avoid this. Plus, there are many other ways businesses can benefit from this hybrid model.

You Have Someone Who Can Address Issues Immediately. While you can generally rely on an MSP to deliver a quick response time, it might not always be as quick as you’d like or need. With this model, you have someone to get on the issue in seconds – and they can bring in the MSP as needed.

Having An It Manager On-Site Puts Much Of The Responsibility On Their Shoulders. While you can still be hands-on when it comes to your company’s IT, they do what needs to be done, including coordinated with your MSP. This frees you up for everything and anything else.

Regulatory Compliance Becomes A Breeze. Depending on your industry, you may have to deal with all kinds of compliance terms and regulations. Your coordinated IT team is versed in everything they need to know – and they stay on top of it as things change.

You Have To Hire Fewer People. While you may have at least one person on staff, or maybe a small team, it’s unlikely to grow any larger – and it doesn’t need to. Not when your on-site team has access to all the tools, resources and expertise they need to get any IT job done.

You Have A Healthier Company Culture. This is a big one that often gets overlooked. When your on-site IT team has access to those outside resources, they’re a lot happier. Happier employees are more likely to stick around for a longer period of time, adding to the overall stability of your business (plus, less frequent hiring is another way to keep costs down).

If you haven’t yet considered co-managed IT, give it a look. You may find the IT solutions you’ve been looking for. And in a time when cyber security is more important than ever before – with more teams working remotely and cybercriminals working overtime – every business can use all the help they can get.

There are seemingly countless IT service providers to choose from these days, and it can be challenging to tell one from another. However, not all IT service providers are created equal. Some offer independent services, while others are part of larger firms. Some are new to the field, while others have been around for years. There are also

companies that put out slick marketing to grab your attention but make it hard to tell if they really live up to the hype.

Well, we’re here to help you cut through the clutter. You want to hire someone who knows what they’re doing and is going to take care of your business the right way. To do that, there are a few questions you should ask every IT expert before you let them anywhere near your network to ensure you’ll be in good hands.

1. What’s your IT experience?

Education, certifications and hands-on experience are all important. You want to know your “expert” is actually an expert. It’s all too easy for someone to pass themselves off as an expert when they really have limited experience, so you should never hire an individual or a company without vetting them first. After all, this person (or team) will be handling EXTREMELY sensitive hardware and data essential to the operation of your business. This isn’t time to take risks or give someone the benefit of the doubt.

When you work with an IT services company or MSP, you can generally expect that the people you work with are educated and experienced, but you should always ask. It’s okay to dive in and ask them about their certifications,

how long they’ve been doing their job and how familiar they are with your industry. And if you aren’t sure what certain certifications are, feel free to ask follow-up questions. There’s a very good chance they’ll be more than happy to answer all of your questions, especially if they’re a true professional who knows what they’re doing!

2. What’s your IT approach?

There are different approaches to IT and network security. You have the old-fashioned break-fix approach, and you have the modern proactive approach. The break-fix approach used to be the staple of the IT industry – it was the business model of just about every IT support firm in the 1990s and into the early 2000s. This approach is pretty straightforward: Something breaks, so you hire someone to come in and fix it. If many things break or something complicated breaks, you could be looking at a pretty hefty bill – not to mention the costs associated with downtime.

Today, most MSPs take a proactive approach (and if they don’t, look elsewhere). They don’t wait for something to break – they’re already on it, monitoring your network 24/7, looking for outside threats or internal issues. They use advanced software that can identify trouble before it strikes. That way, they can go to work proactively protecting your business so you avoid those hefty bills and long downtimes. These are companies that are willing to collaborate with you and your business to make sure you’re protected, your IT needs are met and you’re getting your dollars’ worth.

3. What’s your GUARANTEED response time?

This question often gets overlooked, but it’s one that can make or break your business – and it can make or break your relationship with your IT service provider. You need to know that you won’t be left in the dark when something goes wrong within your network. If you’re experiencing a cyber-attack or a power surge has taken out part of your server, the cost to your business can be catastrophic if your IT service provider can’t get to you right away. The longer you have to wait, the worse it can get.

You need to work with someone who can give you a guaranteed response time in writing. It should be built into their business model, or better yet, the contract they want you to sign when you hire their services. They should be doing everything they can to instill confidence that they’ll be there for you when you need them. If you’re working with an IT company that doesn’t have your full confidence, you may need to rethink that relationship.

A record number of businesses said goodbye to the traditional in-office work model in 2020. They embraced the remote work model as they adapted to the new COVID-19 reality. It was a huge shift that came with many challenges, and some of those challenges are still felt today.

One of those challenges was – and is – cyber security. Businesses wanted to get their remote workforce up and running, but there were a lot of questions about how they would keep their newly remote employees secure.

So, how can you enable remote work while keeping your business and your employees secure? How do you keep cybercriminals out? The answer is multifaceted. There is no one-size-fits-all approach to cyber security — that would make things much easier! But there are several steps you can take to help your remote team stay productive while keeping the cybercriminals out. Here are three things you need to do:

1. Skip the public WiFi. This is Cyber Security 101. Never use unsecured, public WiFi, especially when working. For remote employees who have the option to work from anywhere, using public WiFi is tempting. It’s just so easy to access, but it comes with huge risks, including the potential to expose your device to intruders.

Thankfully, there are plenty of options to help keep employees connected without having to worry about snoops. The most popular is the VPN, or virtual private network. VPNs allow remote workers to securely access the Internet, even through public WiFi. VPNs are ideal for remote workers who need to routinely access your network.

Another option is the personal hotspot. This is a portable WiFi access point, usually paired with data service through a telecom like Verizon, AT&T or T-Mobile. It gives remote workers flexibility to work anywhere they can get high-speed data service. Because the remote worker is the only person on the hotspot (and should be the only person), there is less worry about hackers snooping for your data.

2. Have a strong device policy. When it comes to cost-cutting, it can be appealing to let employees use their own devices while working remotely. Avoid this, if possible. The bring-your-own-device (BYOD) approach has its benefits, including keeping costs down, but the security costs could be massive, especially if an employee gets hacked or misplaces crucial data. In short, BYOD can get complicated fast, especially for businesses unfamiliar with the BYOD approach.

That said, many businesses work with an IT services company or managed services provider to create a list of approved devices (PCs, laptops, tablets, smartphones, etc.) that employees can use. Then those devices are loaded up with malware protection, a VPN, and other security solutions. So, while employees may be using a variety of devices, they all have the same security and other necessary software in order to perform their duties.

The best device policy, however, is to provide employees with work devices. This ensures that everyone is using the same hardware and software, and this makes it much easier to keep everyone up-to-date and secure. It takes a little more effort logistically, and it has a higher up-front cost, but when it comes to keeping your business secure, it’s worth it.

3. Don’t forget about physical security. While a lot of businesses are focusing on digital security right now, they’re not putting a similar focus on physical security. They may have a team of people working remotely spread across different neighborhoods, towns, states or countries. This mobility comes with the risk of device theft or loss.

If employees will be carrying their work devices with them for any reason, those devices should be kept nearby at all times. That means never leaving work devices in vehicles or unattended at a café or airport (or any location). Never leave a device where it has the potential to be taken.

It’s also important to remind employees to not only keep their doors locked but also keep work devices out of sight. You wouldn’t want to set up a home office in a room facing the street outside while leaving the windows open and the door unlocked, because you never know who may walk or drive by. Just as cybercriminals are always looking for ways to break into your network, criminals are looking for opportunities to walk away with high-value items.

The way we work is changing, so we must be prepared for whatever happens next. Implementing these three steps will give you a starting point, but they aren’t the end point. Work with an experienced MSP to get the most out of your remote work approach. Many businesses will not be returning to the traditional in-office model, so the more steps we take to secure our businesses and our remote teams, the better off we’ll all be.

Did you know the average website is attacked 94 times every day? As cybercriminals become better equipped with more advanced technology, that number will increase. Small-business websites (and small businesses, in general) are the most at risk for attack. Small businesses are tempting targets because SMB websites are often a direct link to that SMB’s network, where all kinds of goodies are stored, including sensitive business and customer data.

This is data cybercriminals want.

Cybercriminals and hackers can be aggressive when it comes to attempting to access your network and data. They use malware, ransomware, phishing scams, bot attacks and even direct attacks to get to your data. If you don’t have protections in place against these kinds of incursions, you are putting your business in harm’s way.

There are many “barriers” you can put between your business and the bad guys, but there are four things you can do (and should do) right now to put yourself ahead of the curve. These will protect your business and protect your data.

1. Create A Culture Of Awareness.

Education is a powerful tool, and that is 100% true when it comes to cyber security. There are several steps you can take to create a culture of awareness. This includes employee cyber security training, along with ongoing education that keeps everyone in your organization informed about the latest threats and the latest ways to combat those threats.

Training helps your team identify threats and recognize when someone is trying to break into your network (such as through a phishing scam). Because cyber threats are constantly evolving, ongoing education will keep these threats top of mind, so as the threats change, your team is right there on the frontlines ready to take on whatever may be around the corner.

2. Monitor Threats 24/7.

This is where partnering with an experienced IT services firm really comes in handy. Coming back to point #1, an IT services company can help you create that culture of awareness, but more than that, they can keep two eyes on your network 24/7. This way, if something or someone attempts to force their way into your network, they can stop it before it becomes a problem.

Even better, threat monitoring helps protect your team from more common types of attacks, such as malware or ransomware attacks. Should an employee accidentally click a harmful link or download a malicious program, it can be isolated before it takes hold and spreads.

3. Make Sure Protections Are Up-To-Date.

Practically every piece of hardware and software you use needs to be updated at some point. When you don’t update, you put yourself at serious risk. Hackers are constantly looking for vulnerabilities in the apps and devices you use. CRM software is a good example. This software connects your business with customers, and it can be used to store all kinds of information, from very basic contact information to very sensitive customer-specific data.

Should a vulnerability be found, hackers won’t waste any time attempting to exploit it. In response, the makers of that CRM software should send out a security patch. If you do not make the update (or have the update automatically installed), your risk increases significantly.

Again, working with an IT services firm or a managed services provider can help you address this minor – but very important – step. They can ensure everything under your roof is up-to-date and that you have all the latest protections.

4. Have A Plan.

Every single person on your team should be on the same page. They should all change their passwords every 60–90 days. They should all be required to use secure passwords. They should know how to identify potential phishing scams. They should know who to call if the network or their devices go down for any reason. You should know exactly what to do if your on-site data becomes compromised in any way, whether it’s due to malware, a natural disaster (flooding, fire, etc.) or hardware failure.

In short, you should have an IT handbook – a plan that spells out every detail of your IT protocol and cyber security strategies. This goes hand in hand with the three points we’ve already discussed: awareness, threat monitoring and keeping hardware and software updated. When you have a plan, you know exactly what to do when threats come your way. You’re ready and aware.

Cyber threats are always going to be out there. There isn’t anything you can do about that. But there are things you can do for yourself and your business to prepare for those threats. Put these four points into action, work with an IT services provider and give yourself the advantage over those who want to take advantage.

When was the last time you updated your technology? Between your hardware and software, if you are still doing business on older technology, you could be putting yourself at risk, and it could end up costing you big. As we begin a new year, it’s time to take a close look at the tech you rely on every day.

While many small businesses tend to put off major technology purchases due to the upfront costs, by doing so, you may be opening yourself up to major costs down the road. These are hidden costs that businesses don’t always consider when they decide to “hold off” on investing in new equipment or the latest software.

Here are five ways outdated technology can take a toll on your business:

1.  It leads to a loss in productivity. Old technology has a habit of getting slow. This means your team has to waste time waiting for their PCs to turn on and their apps to load. Even well-maintained equipment is going to wear out over time. This problem is only compounded when your team has to use software that no longer works as it once did. Eventually, programs that once worked well together start to experience hiccups, and you risk losing data.

2. It leads to a loss of customers. Your customers want to know your data (which may also be their data) is secure. If you’re using outdated tech, there’s a good chance that data IS NOT secure. One Microsoft survey revealed that 91% of consumers would end their relationship with a business that was relying on outdated technology.

3. It leads to a loss of employees. If employees have to deal with slow hardware and poorly-integrated software every day, they’re going to get frustrated. They’re going to get even more frustrated if nothing is done about it. The end result is high employee turnover. This alone can be a huge cost for a small business to absorb.

4. It leads to a loss of support. Over time, developers stop supporting their older products so they can focus on their new products. This also means they’re devoting more attention to the customers who are using the newer versions. This can leave you in the dark if you run into a problem that you need help with. You may have to call in a third-party specialist to answer your question and fix your problem, and they will charge you accordingly.

5. It leads to a loss of security. A loss in support also means you aren’t going to see security patches for your aging hardware or software. This makes you highly vulnerable to all kinds of cyberthreats, including data breaches, malware infections, and all kinds of other cyber-attacks. Hackers want to break into your network, and if you’re using outdated tech, you make their job much easier.

When you factor in the costs associated with these losses, it can be staggering! It’s enough to put some companies out of business (and it has). After a year that has left many businesses more vulnerable than before, you should be taking steps to avoid these kinds of losses.

Here’s what you can do: as we head into a new year, take stock of your technology. It’s unlikely you have to replace everything, but look at where you are most vulnerable. What issues are your employees experiencing? What hardware or software is no longer supported? Where are the gaps in your IT security?

The great news is that you don’t have to answer these questions on your own. Even better, you don’t have to drop a pretty penny to make it happen! You can work with a managed service provider (MSP) or a dedicated IT services firm that can help bring your business back up to speed. They can even help you mitigate some of the cost that comes with upgrading your technology. In the end, you, your employees, and your customers GAIN complete confidence in your business as you head into 2021!

How do you handle network issues? If you’re like most small businesses, you wait until something breaks or goes wrong before getting an IT services company on the phone. At a glance, it makes sense. Why pay to fix something if it isn’t broken?

Sadly, this way of thinking can do more harm than good, and it has taken many businesses out of commission.

When you get right down to it, there are two primary ways to handle network security:

•         By being reactive

•         By being proactive

One of these costs significantly more than the other and can destroy a business. You can probably guess which one we’re talking about.

When you’re reactive with your IT services, which includes data security, it means something bad has already happened. There are many different things that can harm your data and your business, like an employee accidentally downloading malware onto their computer, you getting hit by a data breach or a power surge occurring late in the night after a thunderstorm hits.

However, being reactive basically opens the door to these threats. It’s the one mistake that can put you out of business for good.

Hackers, for example, are a HUGE threat to small businesses. These cybercriminals will stop at nothing to break into your network to steal whatever they can get their hands on or do whatever damage they can. These people don’t care if their actions put you out of business.

This is why you cannot rely on a reactive approach to your IT services. When you do, you’re a step behind hackers, malware and even natural disasters and equipment failures.

In the past, IT services were very reactive. They were built on the break-fix model, which is exactly as it sounds. A business would wait for something to break or go wrong before calling an IT services company for help to fix it. 

In the 1990s and even into the 2000s, the break-fix model had its place and it worked. But as technology improved and it became easier for even the smallest businesses to stay ahead of the curve, the break-fix model stopped making sense.

The number of external threats has increased dramatically over the last 10 years. There are countless malware programs floating around on the Internet, and hackers are working 24/7 to wreak havoc.

It’s time to get proactive.

Today, IT services companies can predict threats. They can stop attacks in their tracks and protect your business and your data. This is called managed services — and it could save your business.

When you work with a managed services provider, you can state exactly how you want to be proactive. Do you want your network monitored for threats 24/7? Do you want them to have remote access to your networked devices so they can provide instant support to you and your team? They can do all of that!

A good IT services company can help you make sure all your data is backed up and secure. They can make sure external threats are spotted before they become a problem. They can make sure phishing e-mails don’t expose you to harm. The list goes on!

If you’re already working with an IT services company and they’re only providing outdated break-fix support, it’s time to say, “Enough!” Demand that they get proactive to manage your network. Don’t wait until something breaks to make that phone call. Because, as many businesses have learned, waiting to make that call can be devastating!

We all make mistakes. It’s a fact of life. But as we all know, some mistakes can have serious and lasting consequences – especially when it comes to business, cyber security and the constant cyberthreats that are out there.

While some businesses have invested heavily in cyber security, many have not. When it comes to network and data security, one of the most vulnerable areas of the economy is small businesses.

More often than not, small businesses simply don’t go all-in when it comes to IT security. Some fear they don’t have the budget and worry that IT security is too expensive. Others don’t take it seriously – they have an “it will never happen to me” attitude. Then there are those who invest in some security, but it’s limited and still leaves them vulnerable in the long run.

But there is one area of IT security where every business is vulnerable. You can have the greatest malware protection in the world and still fall victim due to this one big mistake.

Your employees lack IT security training.

It’s as simple as that. When your team isn’t trained on IT or network security and they aren’t aware of today’s best practices, you open yourself to major risk. Here’s why: We make mistakes.

Scammers and cybercriminals have the most success when they are able to trick people or play on the emotions of their victims. One common emotion they use is fear.

No one likes to get a message telling them that their bank account has been compromised. This is how phishing e-mails work. The scammer sends an e-mail disguised as a message from a bank or financial institution. They may tell your employee that their account has been hacked or their password needs to be changed immediately. They use fear to trick them into clicking the link in the e-mail.

So, concerned about their bank account, your employee clicks the link. It takes them to a web page where they can enter their username, password and other credentials. Sometimes it even asks for their full Social Security number. (Scammers are bold, but people fall for it!)

As you guessed, the web page is fake. The link in the e-mail directs your employee to a page that allows the scammer to collect their data. Some thieves use it to access their bank account, but others sell the information for a quick buck. No matter the situation, the information has fallen into the hands of crooks.

The challenge is that phishing e-mails have gotten harder to spot. Scammers can spoof legitimate web addresses. They can make fake e-mails look like the real deal. But there are still plenty of minor details that indicate the e-mail is a fake.

This is one of the MANY reasons why comprehensive employee IT training is so important. Training helps employees identify red flags. But more than that, it helps them identify changing red flags. For instance, a phishing e-mail from 2010 looks nothing like a phishing e-mail from 2020. Scammers stay ahead of the curve. They know the trends, and they know how to adapt. Your employees also need to know the trends and need to be ready to adapt.

Good IT training covers much more than phishing e-mails. It helps your employees identify security red flags across the board.

These include:

•         Phishing e-mails and phone calls

•         Poor or outdated passwords

•         Malicious software hidden in links, attachments or online ads

•         Poorly configured security on employee devices (a big deal for remote employees!)

•         Lack of guidelines related to Internet or social media usage on employee devices

•         Outdated software or hardware

Good training is also continuous. Cyber security training isn’t a one-and-done deal. It’s something you do every quarter or twice a year. Just as you keep your business’s equipment maintained, you have to keep your employees’ cyber security knowledge maintained. After all, your employees are your first defense against outside cyberattackers. When they know what they’re dealing with, they’re better equipped to stop it in its tracks and protect your business.

The bottom line is that a lack of training is the biggest threat against your computer network and the health of your business. You need to have a strong training program in place to make sure your employees stay up to date. But you don’t have to do it yourself. We can help. Along with your team, let’s protect your business together.