Thing to do this week to start protecting your customer data

You have client or customer data in your possession. It is part of running your business in a digital marketplace. If that data is breached, it could permanently damage your reputation. We talked in an earlier blog about types of malware. There are many steps that you can take to protect your systems and data. Here are a few suggestions to protect your business from malware.

Consider a Managed Service Provider – Cybercriminals are very sophisticated and every day are releasing new, cutting-edge tools to attack businesses and individuals. Small- and medium-sized businesses do not have the resources to staff an IT department sufficiently to be aware of all the newest tools and technologies needed to protect a business. For example, a business owner cannot possibly keep up with the changes and details of tax laws. Doing it themselves, they would likely overlook important tax advantages or inadvertently break some IRS rule. As a result, tax preparation and accounting above the level of basic bookkeeping is outsourced to an outside accounting firm. You should consider looking at IT in the same way.

Updates – Always update your software. There will always be vulnerabilities in every bit of software that you use. Creators of software are constantly upgrading to close holes that could be exploited. Being attacked by malware because you are behind in upgrades is an avoidable error. That said, given the sheer volume of software applications accessing your network, you should consider outsourcing the administration and enforcement of this process.

Multi-factor authentication – Everyone is increasingly encountering MFA. This tool requires a second level of authentication in order to access an account or use a program. Generally, it involves entering a password then following up with a token you might be sent via text or email, or using a biometric measure, such as a fingerprint. An MSP can provide applications that can set up MFA to protect your data.
Access Control – You don’t give out keys to your house to everyone you know. Why allow all employees or vendors to access all of your databases or programs? Instead, follow the Principle of Least Privilege. That is, each individual only has the access to accounts, databases etc. that are absolutely necessary for them to do their assigned tasks.

Backups – Everyone knows they need to do backups, but handling these is more than just downloading data to a hard drive every evening. An MSP can provide you with the tools needed to handle backups appropriate to the needs of a business operation.

Employee education-This one cannot be emphasized enough. The individuals in your organization are your first and most critical line of defense against malware. As mentioned above, many types of malware need user action to get into your systems.

Here are some areas where training can help.

Phishing emails. These are mails that appear to come from legitimate sources, but are faked. Because the reader trusts the sender, they naively open a link that might be attacked which then downloads some forms of malware.

“Lost” USB. – Too often, individuals will find a USB drive left near a desk or dropped somewhere. The temptation to insert it into their computer to see what’s on it can be very hard to resist. ( This was part of what caused the Target data breach)

Password etiquette – Define standards within your organization about acceptable passwords. An MSP can help you set up programs that require employees to create passwords that meet your defined criteria. Also, consider fostering a culture that makes the sharing of passwords a performance issue that will be addressed by an individual’s supervisor.

Endpoint Detection and Response ( EDR): This is a solution an MSP can provide you with. At its basic level, EDR is a proactive approach to anti-malware software. EDR constantly looks at all of the endpoints in your network, tracks behaviors and identifies anything out of the ordinary. For an individual, anti-malware software may be sufficient. For a business that has multiple endpoints, this is not sufficient. ( Think dozens of employees connecting remotely via their own computer or smartphone). In a sophisticated business’s IT infrastructure, there are many endpoints which need to be evaluated.

In summary, there are many ways that an SMB can approach defending itself against malware. Some of these, such as employee training, can easily be done in-house. Others require a depth of experience that only your MSP can offer.

What exactly is Malware? A definition and some common types.

So what happens when you get software that has been mixed with a strong dose of malicious intent? You get malware, the term used to describe all manner of software invasion that has been designed to do bad things to your computers, networks and digital devices. It may have been created to steal something from you, such as data that can be monetized. It may try to directly steal money from you by draining bank accounts, or using credit card numbers. Sometimes, malware’s intention may be political: it may be about governmental intrigue or industrial espionage, Or it may just be about showing off or causing chaos for its own sake. Whatever the motivation, every organization needs to be constantly on guard to protect its data. Failure to protect the data of your clients and employees can result in serious damage to your reputation and brand as well as lead to fines from regulatory bodies. It can also open you up to liability from individuals or groups that have been harmed.

Malware isn’t new, of course. As long as there have been computers there has been malware. Long before computers were connected to the internet and other public networks, malware was placed onto floppy discs. Once inserted into a computer, they could wreak havoc. Now, it is through our connectivity that bad actors work to infect our computer systems.

Types of Malware

Malware is an umbrella term that covers an array of specific tools to cause trouble or steal data. These include…

Viruses
A virus is pretty much what you would think. Like the flu, it attaches itself to a host program where it then will try to change the code to steal your data, log your keystrokes, or corrupt your system/data. Generally, to be infected by a virus, some user action has to occur that allows the virus into your system. Example: The user opens a link found in an email that looks to be from a legitimate source, but isn’t.

Worms
Worms are similar to viruses in how they replicate and attempt to cause damage but they don’t require a user action. Worms find vulnerabilities or holes in code that allows them access.

Trojan Horse
Just like the Greek myth, trojans trick you into accepting something you want, but inside it has bad intentions. Basically, a trojan refers to the method the cybercriminal uses to get you to download a virus or other infected program.

Adware
Adware is a type of virus that can invade through various methods, such as a trojan or corrupted software. Adware generally besieges you with pop-up ads.

Keyloggers
This is malware that can track your keystrokes. This particular malware’s goal is to track your keystrokes and identify passwords or credit card information, for example, and then log into your accounts.

Ransomware
No malware seems to get as much media attention as ransomware. And for good reason. Unlike some other forms of malware, once this has invaded, there is very little you can do to eliminate the virus. Ransomware seizes your data and holds it for ransom. Unless you choose to pay the ransom fee, usually in some cryptocurrency, you are out of luck. In the specific case of ransomware, prevention is the key. Having clean backups of your data which are kept continuously up to date is about the only way to sidestep a ransomware attack on your data.

What can you do? Simply put, an off the shelf anti-virus software (now referred to as anti-malware) isn’t going to cut it in the business arena. Your systems are far too complex, with too many endpoints to rely on a solution better limited to home use. More importantly, you need protection systems, such as Endpoint Detection. An MSP is your best resource. As a small- to medium-sized business owner, you have limited time and resources to explore and design these protections on your own. An MSP can be your strategic partner in data and digital security.

Your business runs on data, but so do the cyber criminals who want to steal yours

One very painful truth about running a business is that you possess data that is attractive to criminals. There is no avoiding that reality. You have data. They want data. It is an ongoing challenge to maintain data security as cyber criminals’ efforts evolve and change on a daily basis. The wall that kept you safe last week may have holes in them today. Keeping up with the latest threats is a specialized field that in-house IT support likely doesn’t have. An MSP can provide the support you need in the face of ransomware threats and other malware. Also, an MSP can provide 24/7 monitoring.

Speaking of data security, brand damage isn’t the only issue with data security breaches. In many cases, there are data protection laws that regulate how you secure personal information. In specific industries there are federal, state, and even overseas regulations that set standards for data protection. How you choose to protect data may be out of your hands. MSPs have the experience and knowledge to address compliance management. For example, there are a number of data protection laws (HIPAA, FERPA, CA Privacy Act, GDPR, FTC Safeguards Rule) out there that not only provide penalties if a data breach occurs, but also mandate specific protocols to better ensure your data is protected. Avoiding a data breach isn’t enough. Some of these protocols can be quite demanding and some require periodic testing and are subject to audits. Samples of the types of requirements mandated by some of these laws may include.

• Designating one individual to oversee data protection and security
• Conducting a risk assessment – This means analyzing what data you possess , where it is stored, and in what ways it is vulnerable.
• Creating safeguards to address all potential areas of vulnerability
• Designing and documenting tools to secure your data and tracking access
• Tracing the location and security of all data whether it is at rest or in transit.

Not only do you have to set up protocols, you may have to prove they are operative and be subject to audits. All of this can be extremely distracting to a small business.

Another area related to data security is the issue of backup and recovery. So much can go wrong. There is nefarious activity: criminals actively trying to break into your data and steal it. There is human error: individuals taking actions that accidently delete or damage data. And of course, hardware can fail and software can have bugs. And, if not done correctly, backups may be infected and be of little value.

An MSP can design backups that are continual and are protected at an offsite location.

More importantly, it isn’t enough to know your data is safe if something happens. Your business is dependent on using that data. Losing a day of access can cripple your business. That means planning for recovery in case something happens. How will you transition to another mode of data access? Your customers expect 24/7 availability. An MSP can develop recovery plans that work to ensure your operations see minimal disruption in the event of a failure.

Strategic IT planning for your business

One thing that the best MSP can do is become a strategic partner. Your expertise is your industry, business, or profession. Trends and innovations in technology aren’t your focus. However, your business can benefit from some long-term strategic planning in terms of the technology you will deploy to remain competitive. New technology will offer new opportunities. An MSP who has experience in your industry can become a partner. After taking the time to learn your business, your goals, and the competitive field in which you operate, an MSP can take a seat at the table of your business planning. At the highest level, this is where a skilled MSP becomes a significant asset as your business grows and faces new market challenges.

Additionally, An MSP can help with other parts of your IT infrastructure to protect your data as well as facilitate more effective collaboration internally as well as with clients. Here are three examples.

Backup and recovery

Another area related to data security is the process of securing your data in the event of theft, a hardware or software issue, or even a natural disaster that cuts access to your data’s physical location. Backing up your data needs to involve a lot more than running nightly backup to an external drive. That may be ok for your home laptop, but it doesn’t cut it if you want to protect your business data. An MSP can support continual data backup to offsite locations. This means at any point there is a system failure or breach, all of your data remains secure at one or more distant locations. Backup also includes recovery. Having your data safely stored in the event of a disaster isn’t enough. Your business will need continuing access to that data. An MSP can develop recovery plans that work to ensure your operations see minimal disruption in the event of a failure. Also, clean backups are critical for avoiding the consequences of a ransomware attack. Poorly handled back procedures can leave your data vulnerable,

Cloud Services

The decision to use cloud services is closely related to data security and cybercrime. Locating all of your data and software applications physically in your own location may seem like the safest thing to do, but that may not be correct. If you utilize cloud storage, you can maintain access to that data from any location. If a natural disaster or other emergency limits access to your physical locations or disables it, your business and employees can access the data from anywhere. Also, the cloud offers economies of scale. To maintain sufficient capacity to meet peak times, maintain all of the necessary hardware and software, and monitor it 24/7 involves considerable in-house labor and capital expense. Migrating to the cloud means you share those fixed costs with others. An MSP can handle selecting and designing a cloud solution most appropriate to the needs of your specific industry and business.

Unified Communications

Unified communications is a service that pulls together the different channels your employees and clients use to collaborate, sell, communicate, etc. Unified communications systems have many moving parts. Encryption, data security, ease of use, cross platform support as well as other support services can create a communications system that works for everyone, no matter what channel they choose to be using.

Like it or not, you business relies on technology

Technology isn’t just something used by Silicon valley firms and large corporations. Even the smallest start-up is now reliant on technology and the virtual marketplace. A business cannot function without operating in the digital world. At the very least, it means having a website, a social media presence and an online database of customers and prospects. Most likely it means conducting business online, which means you’re responsible for the security of client data: names, credit cards, addresses, and probably more information. Much of that information may be personal Information that you have an obligation to keep secure. That duty brings along many challenges because cyber criminals and even benign human error could mean that data is compromised. Data breaches can bring litigation, possible regulatory sanctions, and very importantly, damage to your brand and reputation. Because so much rides on the stability and security of your digital infrastructure, serious attention has to be paid to data security protocols. The problem is, tech is a complex and specialized field that most small businesses owners have little time to focus on. And spending time trying to understand and maintain an IT infrastructure means siphoning off attention to the operation of your business. That is why a Managed Service provider can be a lifesaver for a small business.

A Managed Service provider is an IT consultant that can provide some or all of the support you need for your IT infrastructure. They can provide help with specific issues–migrating data to the cloud, setting up new software and hardware, designing data security protocol, etc,. They can also become a strategic partner. That means they team with you and learn your business goals and plans and help you understand how new and existing technology can help your business expand. They can use their expertise to guide you to new technologies and digital applications you might not be aware of.

Also, you can sign a service contract with an MSP. At the most basic level, a service contract will mean that if you need emergency tech support, you have priority. Otherwise, you will be at the bottom of the list if something goes wrong.

Finally, let’s consider strategic planning. Your business isn’t static, It will grow in volume, it will expand its product and service lines, and it will move into entirely new, unfamiliar markets. There may be new technologies and applications out there that you are unaware of. If you overlook them and your competitors don’t, you can begin to lag behind. You need long-term strategic planning in terms of the technology you will deploy to remain competitive. New technology will offer new opportunities. An MSP who has experience in your industry can become a partner. FInd an MSP who will partner with your business and learn your operations and your future plans. In that way they don’t just support the IT you have now, they become a key voice in strategic planning for future growth.

How Can an MSP Keep Your Business Safe?

Are you a small- or medium-sized business that is in need of a more complete, dependable IT solution to support your business than you presently have? When your main focus is running your business, everything else becomes an afterthought. Other support operations tend to take a backseat. However, your business depends upon a reliable, stable “always running” IT infrastructure and you probably find that isn’t always the case. Even if you have an in-house staff, it isn’t large enough to put out fires and handle strategic planning and provide 24/7 support when something goes wrong. That is why many businesses large and small rely fully or partially on the support of a Managed Service Provider (MSP).

So what are the typical services available from an MSP? There are many different types of support that can be provided to clients. In this e-guide we will break them down.

Managed IT Services

This is the overarching set of services that define the purpose of an MSP. Generally, a business will sign a service level contract with an MSP for a set of defined IT services for a period of time. One advantage typically derived from such an agreement is that the contract provides that you get 24/7 emergency support with priority. Typically, if you have a crisis and call a provider, the non-contract clients take a lower priority. This can mean longer down times and those mean revenue losses. Also, your contract with an MSP means that you can do a better job predicting your IT expenses into the future, and predictability is always a benefit for any enterprise.

Cyber Security Services

One specific area of expertise that everyone needs, no matter how small the business, is up-to-date, ongoing protection against data theft and cyber crimes. An MSP can bring a depth of knowledge that is difficult to create in-house. Ransomware and data theft are rampant. Cyber criminals attack businesses of any size ( in fact, small ones can be more vulnerable. And smaller businesses often don’t have the deep pockets to recover from the revenue losses of a cyber attack). This is a very specialized sector of IT management where businesses frequently choose to use the services of an MSP because of its complexity. Also, keeping up-to-date with the latest malware, and handling 24/7 monitoring can be very labor intensive if done in-house.

Compliance Management

• There are a number of data protection laws (HIPAA, FERPA, CA Privacy Act, GDPR, FTC Safeguards Rule) out there that not only provide penalties if a data breach occurs, many of them mandate specific protocols to better ensure your data is protected. Avoiding a data breach isn’t enough. Some of these protocols can be quite demanding and some require periodic testing and are subject to audits. Samples of the types of requirements mandated by some of these laws may include.
• Designating one individual to oversee data protection and security
• Conducting a risk assessment – This means analyzing what data you possess, where it is stored, and in what ways it is vulnerable.
• Creating safeguards to address all potential areas of vulnerability
• Designing and documenting tools to secure your data and tracking access
• Tracing the location and security of all data whether it is at rest or in transit.

An MSP can be a critical resource in designing these safety measures and ensuring your company is in compliance and remains so. Handling compliance issues and audits can be a big distraction when you are trying to run your business and drive revenues.

What is a privacy policy and why do you need one

Your business is privy to a lot of data. A lot of information flows in from clients, vendors and even your employees. This includes Personally Identifiable Information (PII)–data that can help identify an individual and perhaps even get in touch with them. A privacy policy tells others how your business will be using all the PII.

You may not realize it, but you are collecting PII everyday! Instances where your business is collecting PII is when you have a form on your website asking for details such as name, phone number, address or city, etc. that visitors have to fill out to schedule a demo or an appointment with you, to download a whitepaper, or a form that they need to fill online at the time of purchasing your product or service–even something as simple as making an online payment on your site entails sharing their PII with you. As a business, before you gather PII from anyone, as a business, it is your legal responsibility to have a privacy policy in place. The U.S., as such, doesn’t have a federal law that makes a privacy policy compulsory, but many states in the U.S. do, which pretty much makes it a must-have, no matter how big or small a business you are. Other than that, here are a few reasons why you need a privacy policy.

It can protect you in the court of law

A privacy policy is more than just a legal requirement. Not just a legal requirement, having a privacy policy can safeguard you from potential lawsuits. Having someone accept your privacy policy can protect you as long as the information and the way in which you used/shared/stored it was covered in the privacy policy and authorized by the party in question.

It enhances your brand image and helps build trust

By having a privacy policy in place, you will be perceived as someone who takes data and information security of your clients seriously. This naturally enhances your brand image and helps build trust.

In short, a privacy policy is indispensable if you run a business. If you are too busy to look into drafting one, get in touch with a MSP to help you with the nuances of creating a privacy policy.

• NOTE: This blog is for informational purposes only and designed solely to encourage awareness of this complex topic. To learn more, contact legal and technical professionals for advice.

3 ways Office 365 helps cut down your IT costs

Want to switch to Office 365, but are not sure if it is cost effective? In this blog, we discuss three ways in which Office 365 can help bring down your IT costs.

You don’t have to pay upfront

When you subscribe to Office 365, you can pay the licensing fee on a monthly basis. It is more of a pay-as-you-go format. In the traditional Office set-up, you had to pay for the number of licenses you bought and they were yours to keep–but, at the same time, they were tied to the device you bought them for, meaning legally, you could install them only on the device you bought them for.

You are paying only for what you use

In the traditional set-up, you are paying for installing and using the software program on individual devices. That means, if you cut down on staff or use seasonal staff, or staff working remotely from home or other locations, they won’t have access to the programs. With Office 365, you are paying per license, irrespective of the device you are using it in. That means anyone can access it, from anywhere, using their credentials. This flexible approach to Office also makes it easy when you scale up or down in terms of staff.

Great admin tools

Office 365 offers IT administrators tools that provide a lot of control and visibility over activities related to Office. Here’s what administrators can do with the new Office 365

• Create and delete users
• Manage users by creating user groups based on user roles and requirements and set different access and permission levels for each user group
• Manage the security of data in Office 365 by setting access restrictions, password expiry, etc.,

Using the admin control tools, administrators can generate reports that tell them usage patterns, draw attention to bugs, or program downtimes. The reports also provide usage patterns which can help you streamline subscription costs.

So, what are you waiting for? It’s time to make the switch to the more powerful, efficient and cost-effective version of Office. Talk to a Microsoft licensed MSP today!

Your guide to Office 365: Part-II

Last week, we provided a brief introduction of what Office 365 is, and touched on some of the benefits it offers. This week we look at a few more pros of Office 365.

More efficient

Office 365, being the recent version of Office, is one of the most efficient versions. It can boost your productivity better than traditional Office.

Offers a good number of support tools

Office 365 is more than Word, Excel and PowerPoint. It offers plenty of other support tools that make collaboration easier and can help boost the overall productivity of your team. Examples include-Sharepoint, Skype for business, OneNote, etc.,

Mobile compatibility and real-time synchronization

Office 365 is mobile compatible and has its own app that you can download on your phone and use to access and edit your Office files anytime from anywhere. Plus, since the files are in the cloud and can be shared with others, it also lets multiple people work on the files simultaneously.

Upgrades are much easier

Since Office 365 is online, you don’t have to do software updates or version upgrades the old-fashioned way, for each device. Updates and revisions can be both expensive and cumbersome, so businesses tend to stick with the older version, rather than paying for and installing a new one. This can create security issues. In Office 365, you get automated updates and version upgrades and these can be applied across all your accounts at once.

If you are already well versed with the traditional office, you don’t have to worry about Office 365 being any different. Microsoft has not made any significant changes in the cloud version of the Office that will cause confusion for users that are used to the desktop version. But, No matter how easy a software suite is to install and use, ensuring it is updated regularly so that the security patches are in place and the tool is in compliance with industry regulations and standards can be time-consuming–especially when you have a business to run and customers to attend to. Consider getting assistance from a Managed Services Provider (MSP) who is authorized by Microsoft to provide Office 365 services for you. Office 365 also has multiple versions of it–each suitable for different business sizes/uses. Your MSP will be able to guide you well as to which version suits your needs best based on your business and industry.

Your guide to Office 365: Part 1

Are you considering investing in Microsoft Office 365? Whether you already use the Microsoft Office Suite and are now thinking of switching, or considering whether to opt for this Microsoft product as your first Office tool, this blog will help you understand Microsoft Office 365 better. Learn what Office 365 is all about in our 2-part blog series.

What is Office 365?

Let’s start with what Office 365 is. Office 365 is a suite of Microsoft Office programs that includes email client, spreadsheet, presentation, document, calendar/reminder, collaboration and chat tools.

How is it different from the regular Office package?

Unlike the regular Office package, Office 365 is web-based. That means all your data is stored in the cloud and retrieved from there every time you need to access it. It is not necessary to store the software on your computer, though you have the option to install it if you wish.

What are the benefits of Office 365?

Web-based

The regular Office package stores your data locally, on a computer. When you store your data locally, there are chances of downtime and data loss if the hard disk becomes corrupted or fails. Also, you cannot access it unless you have access to the specific computer or hard disk it is stored on. Office 365, on the other hand, is web-based and can be accessed from anywhere, as the data is not stored on any particular hard disk.

Standard data security is taken care of

Office 365 uses encryption, so, in general, your data is safer than it would be on the desktop version of the Office. Plus, it is HIPPA and FERPA compliant, which makes it easier if you are operating in the healthcare or education sector. Plus, the security in cloud-based storage is generally stronger than what you get when storing at the local level.

More storage

Office 365 offers more storage space compared to the traditional version of Office. In the traditional version, when you use Outlook email client, the emails are stored on your hard drive, slowing down your system and eventually making you run out of space, forcing you to delete a lot of those older emails. Often we see that clients don’t want to lose old emails. Maybe they find them all too important to let go of, or they just don’t want to spend time browsing through hundreds of them deciding which ones to delete. In any case, Office 365 comes with 50GB of storage space for emails, so you don’t have to worry about this issue anymore.

Stay tuned for part two of our blog, Your Guide to Office 365-II.