What is a privacy policy and why do you need one

Your business is privy to a lot of data. A lot of information flows in from clients, vendors and even your employees. This includes Personally Identifiable Information (PII)–data that can help identify an individual and perhaps even get in touch with them. A privacy policy tells others how your business will be using all the PII.

You may not realize it, but you are collecting PII everyday! Instances where your business is collecting PII is when you have a form on your website asking for details such as name, phone number, address or city, etc. that visitors have to fill out to schedule a demo or an appointment with you, to download a whitepaper, or a form that they need to fill online at the time of purchasing your product or service–even something as simple as making an online payment on your site entails sharing their PII with you. As a business, before you gather PII from anyone, as a business, it is your legal responsibility to have a privacy policy in place. The U.S., as such, doesn’t have a federal law that makes a privacy policy compulsory, but many states in the U.S. do, which pretty much makes it a must-have, no matter how big or small a business you are. Other than that, here are a few reasons why you need a privacy policy.

It can protect you in the court of law

A privacy policy is more than just a legal requirement. Not just a legal requirement, having a privacy policy can safeguard you from potential lawsuits. Having someone accept your privacy policy can protect you as long as the information and the way in which you used/shared/stored it was covered in the privacy policy and authorized by the party in question.

It enhances your brand image and helps build trust

By having a privacy policy in place, you will be perceived as someone who takes data and information security of your clients seriously. This naturally enhances your brand image and helps build trust.

In short, a privacy policy is indispensable if you run a business. If you are too busy to look into drafting one, get in touch with a MSP to help you with the nuances of creating a privacy policy.

• NOTE: This blog is for informational purposes only and designed solely to encourage awareness of this complex topic. To learn more, contact legal and technical professionals for advice.

3 ways Office 365 helps cut down your IT costs

Want to switch to Office 365, but are not sure if it is cost effective? In this blog, we discuss three ways in which Office 365 can help bring down your IT costs.

You don’t have to pay upfront

When you subscribe to Office 365, you can pay the licensing fee on a monthly basis. It is more of a pay-as-you-go format. In the traditional Office set-up, you had to pay for the number of licenses you bought and they were yours to keep–but, at the same time, they were tied to the device you bought them for, meaning legally, you could install them only on the device you bought them for.

You are paying only for what you use

In the traditional set-up, you are paying for installing and using the software program on individual devices. That means, if you cut down on staff or use seasonal staff, or staff working remotely from home or other locations, they won’t have access to the programs. With Office 365, you are paying per license, irrespective of the device you are using it in. That means anyone can access it, from anywhere, using their credentials. This flexible approach to Office also makes it easy when you scale up or down in terms of staff.

Great admin tools

Office 365 offers IT administrators tools that provide a lot of control and visibility over activities related to Office. Here’s what administrators can do with the new Office 365

• Create and delete users
• Manage users by creating user groups based on user roles and requirements and set different access and permission levels for each user group
• Manage the security of data in Office 365 by setting access restrictions, password expiry, etc.,

Using the admin control tools, administrators can generate reports that tell them usage patterns, draw attention to bugs, or program downtimes. The reports also provide usage patterns which can help you streamline subscription costs.

So, what are you waiting for? It’s time to make the switch to the more powerful, efficient and cost-effective version of Office. Talk to a Microsoft licensed MSP today!

Your guide to Office 365: Part-II

Last week, we provided a brief introduction of what Office 365 is, and touched on some of the benefits it offers. This week we look at a few more pros of Office 365.

More efficient

Office 365, being the recent version of Office, is one of the most efficient versions. It can boost your productivity better than traditional Office.

Offers a good number of support tools

Office 365 is more than Word, Excel and PowerPoint. It offers plenty of other support tools that make collaboration easier and can help boost the overall productivity of your team. Examples include-Sharepoint, Skype for business, OneNote, etc.,

Mobile compatibility and real-time synchronization

Office 365 is mobile compatible and has its own app that you can download on your phone and use to access and edit your Office files anytime from anywhere. Plus, since the files are in the cloud and can be shared with others, it also lets multiple people work on the files simultaneously.

Upgrades are much easier

Since Office 365 is online, you don’t have to do software updates or version upgrades the old-fashioned way, for each device. Updates and revisions can be both expensive and cumbersome, so businesses tend to stick with the older version, rather than paying for and installing a new one. This can create security issues. In Office 365, you get automated updates and version upgrades and these can be applied across all your accounts at once.

If you are already well versed with the traditional office, you don’t have to worry about Office 365 being any different. Microsoft has not made any significant changes in the cloud version of the Office that will cause confusion for users that are used to the desktop version. But, No matter how easy a software suite is to install and use, ensuring it is updated regularly so that the security patches are in place and the tool is in compliance with industry regulations and standards can be time-consuming–especially when you have a business to run and customers to attend to. Consider getting assistance from a Managed Services Provider (MSP) who is authorized by Microsoft to provide Office 365 services for you. Office 365 also has multiple versions of it–each suitable for different business sizes/uses. Your MSP will be able to guide you well as to which version suits your needs best based on your business and industry.

Your guide to Office 365: Part 1

Are you considering investing in Microsoft Office 365? Whether you already use the Microsoft Office Suite and are now thinking of switching, or considering whether to opt for this Microsoft product as your first Office tool, this blog will help you understand Microsoft Office 365 better. Learn what Office 365 is all about in our 2-part blog series.

What is Office 365?

Let’s start with what Office 365 is. Office 365 is a suite of Microsoft Office programs that includes email client, spreadsheet, presentation, document, calendar/reminder, collaboration and chat tools.

How is it different from the regular Office package?

Unlike the regular Office package, Office 365 is web-based. That means all your data is stored in the cloud and retrieved from there every time you need to access it. It is not necessary to store the software on your computer, though you have the option to install it if you wish.

What are the benefits of Office 365?

Web-based

The regular Office package stores your data locally, on a computer. When you store your data locally, there are chances of downtime and data loss if the hard disk becomes corrupted or fails. Also, you cannot access it unless you have access to the specific computer or hard disk it is stored on. Office 365, on the other hand, is web-based and can be accessed from anywhere, as the data is not stored on any particular hard disk.

Standard data security is taken care of

Office 365 uses encryption, so, in general, your data is safer than it would be on the desktop version of the Office. Plus, it is HIPPA and FERPA compliant, which makes it easier if you are operating in the healthcare or education sector. Plus, the security in cloud-based storage is generally stronger than what you get when storing at the local level.

More storage

Office 365 offers more storage space compared to the traditional version of Office. In the traditional version, when you use Outlook email client, the emails are stored on your hard drive, slowing down your system and eventually making you run out of space, forcing you to delete a lot of those older emails. Often we see that clients don’t want to lose old emails. Maybe they find them all too important to let go of, or they just don’t want to spend time browsing through hundreds of them deciding which ones to delete. In any case, Office 365 comes with 50GB of storage space for emails, so you don’t have to worry about this issue anymore.

Stay tuned for part two of our blog, Your Guide to Office 365-II.

Internal threats: A new angle to email security

You know how important your email system is to your business. Not only is email your core communication tool, but also bears a lot of weight from the legal perspective and must be accessible at all times. You have a good email security system and also ensure your emails are always backed up, archived and stored safely. But what about keeping your email system safe from threats within your organization?

When it comes to email security, an oft-ignored, yet interesting angle to look into is–how to protect your email system from internal threats, like malicious intent of your own employees. There is the possibility that somebody who works for you could choose to corrupt your email system on purpose. You can avoid such instances from happening by constantly monitoring your employee’s IT behavior. You can do this by installing software programs that work to track employee access and activities related to access and sends alerts in case of unusual IT behavior. Examples of unusual IT behavior includes employees logging into work email at a time or day they are not expected to, sending attachments to email addresses that are outside of your organizational network, etc. Also invest in CCTV cameras and biometric access if you can. That will also serve as a deterrent to malicious employees.

Email is the most critical communication tool for your business, but it also has the potential to serve as an easy, backdoor entry for cybercriminals into your organization’s IT systems. When it comes to cybercrime, email is also one of the most commonly targeted elements. An email hack has the potential to translate into data leak, compromise sensitive vendor and client data leaving you vulnerable to lawsuits or install malware that can paralyze your business functions entirely.

If you don’t have the time to look into the security of your email system, consider seeking assistance from a MSP. They will be able to review your business requirement and suggest the right email security tool for you. They can also help you draft a sound IT policy if you don’t already have one and also conduct employee training and drills from the security perspective.

What to look for an email security solution

An important aspect to email security is, of course, deploying a good email security solution. But, with so many available in the market, what should you be looking for when opting for an email security tool? Here are some key features you would want in your email security solution.

• Encryption: Let’s start with the worst-case scenario. Your corporate email server is hacked. By opting for an email security solution that offers data encryption, you can ensure that the thieves are never able to read the data they stole. Data encryption is basically coding of data in a different format when it is sent and decoding it once it reaches the recipient. Without decryption keys, no one in the middle will be able to make sense of the data they access.
• Ditch the server-based email system: In server based email systems–the kind supported by most older versions of email software (Outlook, Thunderbird, etc), the emails are stored on servers and transmitted every time the email software establishes connection with them.The newer, web-based systems offer additional security.
• Strong filters: Make sure your email security tool has strong filtering capabilities to keep spam and malicious emails out of your inbox. Training employees to identify spam and fraudulent emails is good, but getting an email security software that keeps most of them away is even better!
• Intelligence: When looking for an email security software, consider its artificial intelligence. According to Biztech, a leading business technology news magazine, newer anti-malware rely less on signatures of known malicious content and instead uses threat intelligence, reputation services and other near-real-time sources to pinpoint the location of threats — domains and IP and email addresses, for example to alert IT teams. Cybercriminals are getting smarter by the day, and always innovating, looking for ways to get around the anti-malwares existing in the market. You need an email security solution that can keep up with them.

The critical role played by email in your business environment and its vulnerability make it imperative that you deploy strong security solutions for your email. Reach out to a credible MSP to learn more about how you can keep your email system clean and safe.

Email safety: Firewalls and antivirus are great, but what about your employees

The Verizon Data Breach Investigations report states that emails are the primary source of two-thirds of malware. Email is an easy target simply because there is more human touch involved in the case of emails. There’s always a stray chance that someone will end up clicking on a phishing link or downloading the wrong attachment or simply including sensitive, confidential information in an unencrypted email. The first step to securing your email systems is training your employees. Train your employees to identify harmful email messages and to be aware of your firm’s IT protocols and rules. There are 4 major ways in which your employees may end up compromising your email security. These are

• Falling for phishing scams: These emails will appear to have come from an authentic source and urge the reader to take an action. Usually the action involves clicking on a link and/or sharing sensitive information via an online form that looks authentic. The phishing links and the webpage clone the original site so well that it is easy to mistake them for their authentic counterparts. For example- an email that looks as if it is from the IRS, asking for sensitive financial data, or an email that seems to be from the bank asking you to log into your account, etc.
• Mistaking hacked emails to be authentic ones: These emails are actually from an authentic sender account, but their account may have been hacked. One of the ways to spot such email messages is if ‘something feels amiss’. For example, an email that’s ridden with typos, spelling and grammar errors, or if the writing style is different, or includes an unexplained instruction to download an attachment, fill a form or install a patch.
• Not following strict password hygiene: There are 2 angles to this. First is password sharing. Sharing passwords indiscriminately puts your email systems at risk. Often, people trust their coworkers and end up sharing system or email passwords without realizing the possible consequences. Sometimes, it is just so much easier to share the password than follow the protocol. For example, Bob from sales is too busy to prepare his commission report. So, he gives his password to Lisa from accounting so she can calculate his commission for the month and Lisa shares with her team so they can work on the reports. See…before you know it 3 other people apart from Bob have access to his system including his emails!

  The second issue in password hygiene pertains to ignoring password basics. For example, having passwords that are too simple or obvious such as dictionary words, names, etc. or not changing passwords as recommended or having the same password for multiple accounts.

• Exposing their own devices to safety threats and then using them for work purposes due to the BYOD environment: This is a threat brought into the picture due to the flexibility-oriented culture of the modern workplace. Businesses allow their employees to work from anywhere, using their own devices. For example, someone could be accessing and replying to an email from work, using their phone or iPad, connected to the open wifi at the mall’s food court. The risk such open networks bring to the table is unimaginable.

As discussed in the beginning of this blog, emails are a soft target because of the human element. You can organize classroom training sessions to educate your employees about your IT usage policies related to password management, use of personal devices, data sharing and internet access. You can also conduct IT drills and workshops to help your employees identify possible IT security threats and steer clear of those. If you don’t have the resources to do this, check with a MSP in your area. They might be able to help.

Passwords: boring but they matter

Passwords are something that you and every employee can use to protect your data and maintaining this important protective wall against criminals is relatively easy. Take the time to follow basic good practices, most of which are relatively easy to do. Here are four easy best practices for good password hygiene which don’t require hand sanitizer or staying six feet apart.

Watch out for re-use and multiple use.

Rotating passwords isn’t a good idea. You may notice some sites that you use may not even permit you to use the passwords you have used previously. On a similar note, avoid using the same password across multiple sites. If one site is hacked, the password from that site can be used across all of your other secure sites.

Avoid writing down passwords

This one can be a little outdated. It belies common sense that a burglar will break into your home to steal your written password collection. That said, leaving a list of passwords sitting around in your office, wallet or handbag isn’t an especially good idea.

Don’t share password

One of the biggest temptations for password sharing may be in a work setting for the sake of speed and convenience – you may allow a co-worker who needs quick access to use your password. Don’t. Even if your co-worker has approved access, ask them to use their own credentials to login. Also, password sharing is likely a work rule violation in your organization. If discovered, it could be grounds for disciplinary action.

Phishing tricks

Last but absolutely not least, be aware of scams to get your password by convincing you to hand it over. We’ve mentioned this is other e-guides but it bears repeating because it seems to work against even the most savvy digital users.

Phishing scams involve sending an email or text message that appears to be from a legitimate source, such as a bank or social media site. The message typically asks you to click on a link and enter your password, giving the hacker access to your account. Before you click on any link, it is essential to verify if the links are genuine. Here are a few things to look for when doing that:

• Spelling – Check for the misspellings in the URL. For example, if your bank’s web address is www.bankofamerica.com, a phishing link could misspell it as www.bankofamarica.com or www.bankofamerica-verification.com
• Disguised URLs – Sometimes, URLs can be disguised–meaning, while they look genuine, they ultimately redirect you to some fraudulent site. You can recognize the actual URL by using a mouseover, or by right clicking on the URL, and selecting the ‘copy hyperlink’ option and pasting the hyperlink on a notepad file. But, NEVER ever, paste the hyperlink directly into your web browser.
• URLs with ‘@’ signs – If you find a URL that has an ‘@’ sign, steer clear of it even if it seems genuine. Browsers ignore URL information that precedes @ sign. That means, the URL www.bankofamerica.com@mysite.net will take you to mysite.net and not to the actual Bank of America website.

In the end, the humble password is an excellent first line of defense against hackers and thieves. All it takes to keep this barrier strong is staying vigilant about password best practices. While it does take ongoing training on the part of management to ensure vigilance is maintained for the long haul, these best practices are simple to observe and take little time

Four easy ways to thwart cyber criminals

With all the talk about cybercrime and the recent spate of headlines about ransomware, concerns for your data security and the safety of your business keep growing. Avoiding a data breach is critical to your business, so it is vital that you focus resources and time on cybersecurity. Your MSP can be your best support for handling the variety of solutions to the problem of cybercrime. However, don’t forget what you can do on your own. Amidst all the sophisticated tools to protect your data, don’t forget the role of the lowly password. Passwords are there all the time, so we tend to take them for granted.

Here are four easy best practices for good password hygiene which don’t require hand sanitizer or staying six feet apart.

Strong Passwords

Many advisors suggest that a strong password includes letters, numbers and symbols. Basic vocabulary words, from any language, can often be hacked through brute force–just bombarding with a stream of words until you hit the correct one. Numbers and symbols can make that less successful.

Update Passwords

The longer a password is hanging around, the more likely it may be compromised. Frequently changing passwords, just like changing the batteries in your smoke detector, should be done on a regular basis. Try the first day of every third month.

Cancel Passwords when access is no longer needed

In a workplace setting, access should be eliminated immediately upon the termination or transfer of an employee. Not tomorrow, not later today–Immediately. This is particularly true in the case of an involuntary termination, when a now former employee may have a motivation to act nefariously. Also, when an employee’s job duties change, some access from their previous position may not be relevant with their new role.

Multi-factor Authentication

Multi-factor authentication (MFA) is the access process that requires a second step to access data. You probably come across it frequently. Many retail sites now use MFA for returning customers who want access to their account or order history. MFA asks for your password and then authenticates you by sending a one-time code to another platform. Most frequently, this means sending you a text. The intent is to diminish the possibility that the password is being used by someone not authorized to have it. Anytime you use an ATM machine, you are using a version of MFA (The debit card is step one, the PIN is step two)

Demystifying Ransomware: Understanding its Impact on Businesses

In today’s interconnected digital landscape, cyber threats continue to evolve and pose significant risks to businesses of all sizes. Ransomware, in particular, has emerged as one of the most notorious and destructive forms of cyberattacks. In this blog post, we will delve into the world of ransomware, exploring what it is, how it works, and the profound impact it can have on businesses.

What is Ransomware?

Ransomware is a malicious software designed to encrypt files on a victim’s computer or network, rendering them inaccessible until a ransom is paid. It infiltrates systems through various means, such as malicious email attachments, infected websites, or vulnerabilities in software. Once executed, ransomware quickly spreads throughout the network, encrypting files and displaying ransom notes that demand payment in exchange for the decryption key.

The Impact on Businesses:

1. Financial Losses: Ransomware attacks can inflict significant financial damage on businesses. The ransom demands can range from a few hundred to millions of dollars, and even if the ransom is paid, there is no guarantee that the attackers will honor their end of the deal. Moreover, businesses often face additional costs, including incident response, system restoration, legal fees, and potential regulatory fines.
2. Operational Disruption: Ransomware attacks can bring business operations to a grinding halt. When critical systems and data are encrypted, employees are unable to access vital information or perform their duties, leading to productivity losses and disruption of customer services. The downtime can have a cascading effect on revenue, customer satisfaction, and business reputation.
3. Data Loss and Breach: In some cases, ransomware attacks involve exfiltrating sensitive data before encrypting it. Attackers may threaten to publish or sell the stolen data if the ransom is not paid, exposing businesses to the risk of data breaches. Data breaches can result in severe legal and reputational consequences, including lawsuits, regulatory penalties, and loss of customer trust.
4. Reputational Damage: The impact of a ransomware attack extends beyond financial and operational consequences. News of a successful attack can tarnish a company’s reputation, erode customer confidence, and deter potential business partners. Rebuilding trust and restoring the company’s image can be a long and arduous process.
5. Legal and Regulatory Ramifications: Depending on the industry and geographical location, businesses affected by ransomware attacks may face legal and regulatory implications. Data protection laws, such as the EU’s General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), mandate organizations to protect personal data adequately. Failure to comply with these regulations can result in substantial fines and legal repercussions.

Mitigating the Impact:

While the threat of ransomware is persistent, businesses can take proactive steps to mitigate its impact:

1. Regular Data Backups: Maintain secure and up-to-date backups of critical data. Ensure backups are stored separately from the main network and regularly test restoration processes to verify their effectiveness.
2. Robust Cybersecurity Measures: Implement a multi-layered approach to cybersecurity, including firewalls, intrusion detection systems, antivirus software, and regular patch management. Utilize email filters, spam detection, and employee education to minimize the risk of infection.
3. Employee Awareness and Training: Educate employees about the dangers of phishing emails, suspicious attachments, and malicious links. Promote cybersecurity best practices, such as strong password hygiene, two-factor authentication, and reporting any potential security threats promptly.
4. Incident Response Planning: Develop an incident response plan that outlines the steps to be taken in the event of a ransomware attack. Define roles and responsibilities, establish communication channels, and conduct regular drills to ensure readiness.
5. Regular Security Audits: Conduct comprehensive security audits and penetration