If you become aware that a cyber-attack has been taken against your company, it is imperative action be taken immediately to mitigate the risk of loss to data, money, and other company assets. Time is of the essence. Take the following actions immediately:
- If applicable (funds were transferred/compromised), contact your bank. In the case of a wire fraud, you can initiate a “SWIFT recall” on the wire transfer. Contact all banks that may have received your funds. Ask to speak to their fraud department.
- Notify your internal IT department or Managed Services Provider (MSP). Provide as much detail as possible. If a computer is involved in the incident, we will provide direction whether action is required to turn off or disconnect the device from the network.
- Report the incident to the Internet Crime Complaint Center (IC3) at http://www.ic3.gov.
- Report the incident to additional Federal Government agencies as described in “Cyber Incident Reporting – A Unified Message for Reporting to the Federal Government” for specific reporting requirements: https://www.dhs.gov/sites/default/files/publications/Cyber%20Incident%20Reporting%20United%20Message.pdf
- Notify local law enforcement of the incident
- Notify your cyber liability insurance provider. They can assist you with arranging public relations advisors to support proper customer notifications and legal counsel.
Expect notifications to take time as each involved party gathers the information they need. If possible, assign multiple people to initiate notifications in parallel.
Consider using a conferencing service like Microsoft Teams or Zoom that can be used by all parties throughout the notification process. Many conferencing services allow for “rooms” to be created to allow groups to break away for specific discussions and then rejoin the main group. This may also provide you the ability to record the conversations (notify participants) for later review. Practice this process before an actual incident so you are comfortable with the technology.
Keep and record the following information for possible investigation:
- Canceled checks, Wire receipts, Credit card receipts, Money order receipts
- Facsimiles, Certified or other mail receipts, envelopes (if you received items via FedEx, UPS or U.S. Mail), Pamphlets or brochures
- Emails, text messages, chatroom or newsgroup text, social media messages, web pages (screen shots), phone records
- Computer log files, if available, with date, time, and time zone
MFA (Multifactor Authentication)—Because Strong Passwords Are Not Enough
The scourge of recent high-level hacking has many businesses worried. Much of your most valuable data is now stored online. Hackers and their automated bots are roaming the Internet constantly searching for vulnerabilities to be exploited. These threats are real, constant, and have effected large companies and important infrastructure.
The good news is that it only takes a minimum level of security to eliminate most of the threats. Not using “Password123456” for sensitive accounts is a start, but more is needed. Multifactor authentication or “MFA” is a simple but highly effective layer of cyber security that is no longer optional.
“But My Information Isn’t Valuable”
Small business owners, in particular, often do not think that they have any information a hacker would be interested in. But this is based on a false assumption. Almost all attacks to small businesses—regardless of the industry—come from automated bots that scan the entire Internet searching for weak security. These bots can either carry out attacks completely on their own, or they can report vulnerabilities back to a hacker, who can then specifically target poorly secured data.
Something else to remember is that while your data may not be important to anyone else, it is invaluable to you and your business. Hackers know this, which is why they use ransomware attacks to lock you out of your network unless you pay an exorbitant fee.
What is Multifactor Authentication?
Multifactor authentication (MFA) or two-factor authentication (2FA) provides an additional level of security that can eliminate most automated threats. The majority of hacks come from automated bots that continually spam attacks anywhere they find a vulnerability.
With MFA, users are asked to verify their login attempt after putting in a username and password. This verification is typically a code you obtain through one of the following ways:
- Text message
- Phone call
- Authenticator app (like Google Authenticator or Duo)
- Authenticator device
Whichever method is used, you must either put in the correct code within a short period of time or verify your attempt to access your account some other way. This prevents malicious hackers from gaining access to your accounts without your knowledge. Bots that detect a network with MFA enabled will almost always avoid it altogether.
Setting Up Multifactor Authentication
Contact Simpleworks today if you would like to know more about cyber security generally, how to set up MFA on your network, or just to find out more about our managed IT services. The sooner you secure your network, the sooner you will eliminate a very real threat to your business.
What Makes a Great IT Company?
For most people, their first car was not great. It overheated in the summer, had tattered upholstery, leaked water from the windows. And even though you put up with it out of necessity, you realized with time that so much of the value of a car comes from its reliability and comfort.
Your current IT provider may be like that first car. It might get you where you need to be most of the time, but you have this nagging suspicion that it will leave you with your thumb up on the side of the highway any day now. And just like a car, it can be difficult for a uniformed person to know exactly what is going on “under the hood” of their business’ IT.
Signs Your IT Provider is a Lemon
Besides the obvious—untrained technicians, rude customer services reps, ultra-low pricing—it can be hard to identify a problematic IT relationship. Here is the smoke that could indicate that you are about to be stranded:
- False promises
- Lack of transparency
- Poor communication
- Overly complicated jargon in responses meant to confuse you
- Not meeting with you regularly
- Unexplained or unexpected downtime and interruptions
- A deal that’s too good to be true
- Not encouraging better security
A great IT company will never make you feel inferior, confused, frustrated, or angry. That’s because there is a lot more that goes into IT support than just knowing how to troubleshoot technical issues.
A Reliable Mode of IT Support
Well-built, dependable IT providers need to be smart about IT. But proficiency is not enough. They also need to be smart about business. The difference between a rusty Pontiac and a well-equipped Toyota is not its ability to get from point A to point B—it is the ability to perform safely and comfortably every single time. The same can only happen when an IT provider is proactive.
So how can you identify a proactive IT provider? Ask yourself these questions:
- Do they deliver on their promises?
- Does my IT provider have a clear process?
- Are their staff coordinated and communicative?
- Do I trust them to self-report their activities in a timely manner?
- Do they meet with us regularly to help my business prepare for the future?
- Is the leadership accountable when issues arise?
- Are they budget conscious?
- Do they encourage us to improve our security protocols?
If your IT provider cannot verify the work they have done for you immediately, if they do not seem to have a repeatable process for handling tickets, if they are always reacting to problems instead of preventing IT problems, then you and your employees may be on the verge of hitch-hiking. Your business is too important to be driven by a smoking engine with wobbly tires!
COVID-19 has permanently altered the business landscape. Companies unwilling to adapt to the new reality have suffered or closed while those who embraced the challenge have grown—or even thrived. From doctor’s offices to barbershops, delis to high-rise offices—the companies left standing a year later likely harnessed the power of modern IT solutions to communicate, develop new sales strategies, and deliver products and services efficiently.
Some of these changes will solidify into permanent features of the modern business landscape in the coming decades.
Get Comfortable in the Cloud
There were some growing pains and funny moments those first few months on Zoom or Microsoft Teams as people learned to navigate these platforms, many for the first time. We’ve all probably experimented with backgrounds, kept the camera off to hide our bedhead during that early morning meeting, or finished an eloquent sales pitch only to realize we were muted.
The fact is, though, as awkward as the transition was at times, videoconferencing, team chats like Slack and Teams, and cloud storage and document sharing solutions like Microsoft Sharepoint are likely here to stay. They allow a greater degree of flexibility and productivity for many businesses. In addition, office space can be reduced as more employees work remotely at least some of the time. The likelihood of lingering health risks and future pandemics will probably also require businesses to remain adaptable.
The businesses that fully utilize these tools and innovate their business around them will gain an edge over slow-to-adapt competitors.
The Diminishing Returns of Traditional Marketing
During the last year, sales and marketing teams had to adapt. Traditional face-to-face interactions, meet and greets, afternoon tee times with clients, and other forms of outreach became impossible. While Zoom and Teams can get the job done in some cases, marketers of the future need to innovate solutions now that allow them to connect with the right clients on the right platforms with the right solutions.
Where once personal relationships and face-to-face interaction were vital to attracting and retaining customers, the virtual landscape of the coming decades will demand better services, competitive pricing, and verifiable results. Marketers who fail to stay ahead of the trend may very well lose their most valuable client to a competitor offering more than just a familiar face.
A Smaller World
The Internet has been shrinking the world, and specifically marketplaces, for years. But COVID accelerated the speed of that trend. The talent pool has expanded from the local city to the world. Employees who used to be required to live near the office can, in some cases, branch out further or stay connected while traveling. Solutions like VoIP even allow remote workers to answer work calls from their own phones.
In addition, the speed of information coupled with the ease of communication and growth of big data are creating opportunities in every industry in the world. IT solutions unlock the potential for any business—large or small—to expand their reach into the global marketplace. Those that do will be rewarded with creative solutions to traditional problems and new revenue streams that only a year or two ago may have been inaccessible.
Does Your Business Have the “IT Factor”?
Many businesses are still adapting to these new realities. While there is a degree of urgency necessary, you are not alone if you are in that position. Simpleworks IT offers managed IT solutions for small-to-medium businesses making the transition into a digital marketplace. Contact us today to learn more about our services and the benefits of using a managed service provider.
Many organizations such as Google and Cisco have made the decision to have their employees work from home to keep them safe from spreading the novel Coronavirus known as SARS-CoV-2. Other businesses did not make this decision on their own but rather were “volun-told” to work from home because their entire country was quarantined. Either way, whether it is voluntary or mandatory, there are a few things you can do before you send your employees to work from home which will help your business operate successfully. We believe every business needs to consider their Coronavirus quarantine preparation plan and whether their IT has the suitable systems and safeguards in place. Here are 10 Questions IT Departments Need to Ask Before Responding to COVID-19:
1. Do all of the individuals in your organization have remote access to your core software and files?
If your employees are working from home, it is important that they can still access your primary line of business applications. There are often several options to achieve this.
Most modern software vendors have versions of their applications that are accessible through a web browser. You will want to see if your primary business applications have this option. In addition to using internet-based versions of applications, you may be able to set up a terminal server allowing you access to your important software without the need for a VPN.
SharePoint is another wonderful tool that is part of most Microsoft Office 365 subscriptions. This service places important documents inside your Office 365 portal so you can view, edit, and collaborate on them from anywhere in the world with an Internet connection.
Take a hard look at what your users need access to and ask yourself if they are going to be able to access them from a remote location.
2. Are you prepared to have staff meetings via conference call or video chat?
One way to reduce unnecessary contact even now is to have all of your staff meetings via conference call or video chat. Many organizations use Slack or Microsoft Teams for their inter-office communication with great success.
Teams is an excellent unified communication and collaboration platform that combines persistent workplace chat, video meetings, file storage, and application integration. It is also a part of some Microsoft Office 365 subscriptions and is integrated natively with Sharepoint. If you are hosting Video conferences with clients Zoom is also a fantastic option. The Zoom tutorial series is available on YouTube which makes it easy to learn how to use.
Whichever service you chose you will, of course, want to pick up web cameras for everyone so you can take full advantage of its features. Amazon has several low-cost web cameras that will do the job just fine. With the $17.49 (at the time of this writing) Logitech c270 web cameras, you can outfit an office of 20 for only $350.00. Start getting used to it now so it will be second nature when you are working from home.
3. Can your employees make and take customer calls at home?
Just because you are at home doesn’t mean the calls will stop coming in. You need to make sure your staff is fully equipped to make and receive calls from their homes. There are several ways to accomplish this and the first thing you should do is talk to your phone vendor about how they can make this functionality available to you. If you do not have a phone vendor you trust, there are many options you can consider.
Microsoft Teams does allow for phone calls if you add the necessary SIP service to your plan. You can also look at solutions like Option 9 from Data102. Option 9 includes a softphone that can be used from your computer or cell phone via the Snap Mobile phone app. You may want to pick up a few USB headsets should you choose to go this route, or stick with the web cameras as your microphone and plug in a pair of headphones into your computer. There are several inexpensive options from Logitech for around $20 and more expensive options, like the Jabra pro 930, for around $100.
4. Do all of your network devices have remote access and out-of-band management setup?
If you are at home and all of your servers and network equipment are at the office, how will you maintain it remotely if something goes wrong?
Make sure your IT staff has securely enabled the necessary access to maintain your infrastructure from a remote location. This means verifying that protocols and features such as SSH, RDP, WMI, Wake-on-LAN, and vPro are enabled and properly secured. Verifying that your out of band management for your servers is set up and that you are using the enterprise versions of IDRAC, ILO, and other IPMI implementations and not the less useful free versions that come with the device is important. UPS’s have network cards that can be ordered and installed to assist with monitoring and remote troubleshooting. Switches, routers, firewalls, and many other network devices include the SNMPv3 protocol that should be enabled and configured securely so you can monitor their performance and detect any problems early.
If you are not already using a remote desktop software application such as Connectwise Control, a Remote Monitoring and Remediation tool such as Connectwise Automate, or a network monitoring tool such Auvik, you may want to consider deploying them. Tools like these can be costly and take a lot of time to set up but return dividends over the long run. All of these vendors offer assistance during your deployment for a fee, which can make this go much quicker and smoother. There are also IT service providers that can do all of this for you if this is over your head.
5. Do you have a way to reboot your ISP equipment remotely?
Some devices may not have out-of-band management available and will require a hard reboot if they become unresponsive. The modem provided by your ISP is one such device. Do you have a plan if that device locks up and is preventing you from accessing your office remotely?
Remote power strips like the ones provided by WattBox have built-in scripting to automatically reboot a device if it is no longer accessible from the internet. This feature works from the inside out so you do not need additional out-of-band management for it to work. It also allows you to meter the power usage of plugged-in devices remotely, as well as perform hard resets without scripting (so long as the internet is available). It’s worth considering adding devices like these wherever you have devices you need to power cycle remotely from time to time.
6. Should some of your staff be issued laptops so they can work from home?
Do you have employees that need hardware? Does Bob or Marge in accounting even own a home computer? Are you concerned about their ability to perform their work on their personal machine due to the age of the machine, lack of corporate control, and questionable digital hygiene?
Maybe a few key individuals should be issued company laptops. Dell has several reasonable business-quality options available for around $700.00. These come with real warranties, which include 3 year on-site and next-day parts and repair clauses, as well as professional operating systems (not Windows Home Edition) and a build free of the bloatware that comes from junkers at Best Buy.
After the quarantine is over, you can buy them a dock and make the laptop their new desk machine. Maybe you can hand down their old one to another individual in the office if the machine is not too old, or put it on the shelf so you have a cold spare available.
7. Are there any parts of your infrastructure that are at risk of causing you an outage?
Now is the time to go ahead and plug in that other NIC on the server to the switch, or add those extra drives to the raid array for hot spares. Take inventory of the loose ends in your network and try to get them resolved.
Do you have any really old machines that you are afraid will fall over at any minute? Why not get new, affordable, business-grade replacements? How old are those UPS batteries? Maybe it’s time to get them tested or just outright replaced. Murphy’s law dictates that “if anything can go wrong it will go wrong” and probably at the worst possible time. Can you think of a worse time for the one-and-only power supply your server has to fail? Try to alleviate any of these ticking time-bombs if you can.
8. Have you reviewed your disaster recovery plan?
Do you have a disaster recovery plan? If so, good for you! But when is the last time you read it? Go ahead and dust that thing off and give it a read. Is it still relevant? Could it use an update or two? Does it take working remotely into account? Why not go over it with the team, since many of your employees may have been hired long after you wrote it? You want everyone fresh on how to handle a disaster.
9. How are you going to maintain the security of your network during this event?
What are the added security risks you are about to introduce to your business?
Allowing your employees to use their personal computers to access company information is risky business, but there are a few things you can do to mitigate those risks. Reduce the need for a VPN as much as possible by pushing the use of web apps (See #1). Get multi-factor authentication enabled where you can. Make sure your employees are using a legitimate copy of a 3rd party anti-virus such as Webroot, or at the minimum have Windows Defender enabled.
Also, make sure your authorized points of contact are up-to-date and that you have alternate points of contact assigned. You do not want the one-and-only person authorized to open ports on the firewall out sick without a backup.
This might be a good time to run that network vulnerability scan from Rapidfire Tools or Nessus you’ve been putting off, too.
10. Have you tested your plan?
Start testing your plan now. Send a few employees home for a day as soon as you can, and actively work with them to overcome the unexpected challenges this creates. It’s far easier to work with one or two employees at a time to get things working than it is to have your one and only IT guy try to get the whole company working remotely all on the same day.
We have helped hundreds of businesses over the years with their Information Technology and we hope our experience will help you keep your business running throughout this world impacting event. If you feel you need hands-on assistance managing your IT please keep us in mind, we are happy to help you proactively manage your IT environment and prepare you for success 719-476-0443.
Is your business one of the 20% NOT using Microsoft Office 365?
Are you using one of the cheaper or free alternatives like Google’s G-Suite set of apps because it “promises” a similar range of functionality? What might be “good enough” when your business is a 1-3 person startup, quickly becomes limiting as your business grows and your team needs to collaborate and share files with clients, vendors and partners.
Office 365 has cutting-edge collaboration features like Teams and real-time co-authoring. Your staff can use O365 on up to five devices, making them more productive and able to connect from anywhere at any time.
So whether your staff is 1 or 10+, here are the key features of Office 365 that will excite your workforce to be more productive.
REASON #1: Great For Small Business Owners
Microsoft provides business owners with a stable, consistent pricing structure for their suite of business tools. They’re able to provide their employees with the latest updated software without worrying about additional upgrade charges or excessive licensing fees.
The easy per-user pricing structure allows businesses to scale up or down whenever they have changes in their staffing levels. And say goodbye to investing in expensive servers thanks to Office 365’s cloud storage option.
REASON #2: Easy Collaboration From Anywhere
All users have access to a common platform when collaborating on projects. By enabling cloud synchronization, documents can be created on one device and shared with other contributors to allow for easy collaboration in a secure cloud environment.
Microsoft’s introduction of Teams in 2016 brought collaboration to a new level. Teams is a conversation thread for groups of people, similar to Slack, but where Slack lacks in an integrated experience, Teams provides easy access your business apps, such as PowerPoint, Word and Excel. With Teams, live collaboration seamlessly occurs with teammates across the room or in the next hemisphere.
REASON #3: Ideal For A Mobile Workforce
Office 365 can be used on- or offline. This is important because if the internet goes down and your team is using G-Suite, you are down. With Office 365, your team can stay productive by just using the apps offline and syncing when an internet connection becomes available.
The Office 365 license permits use of up to five devices per user. This allows your employees to use it on their mobile device, laptop or tablet. For businesses that have a workforce that is mobile or remote-based, the options of being able to work from anywhere at any time provides increased productivity.
REASON #4: More Extensive Features Than G-Suite
Office 365 and G-Suite can appear superficially similar at first glance. Let’s do a deeper dive into important differences between the two productivity suites.
1. More Plan Flexibility
G-Suite makes only three different plan options available: basic, business, or enterprise. You’re out of luck if none of them meet your current business needs. There’s no way to massage any of the plans into a more suitable format.
In contrast, Microsoft currently offers three plans for small businesses and four plans for enterprises. They also offer separate plans for educational institutions, government agencies in the U.S. and various non-profit organizations. If none of them meet your company needs, Microsoft allows you to pick and choose features to create your own custom plan.
2. Better Cloud Storage
All Office 365 business users gain access to 1TB of cloud storage. Compare that to basic business accounts with G-Suite which only receive 30GB of storage and must upgrade to a higher tier for additional storage space.
3. Meets Compliance Regulations for HIPAA, PCI and FERPA
Office 365 cloud storage can be used to back up user and workstation data. All data uploaded to Microsoft cloud servers is protected by encryption and meets HIPAA, PCI, and FERPA regulations. Additionally, Microsoft offers two-factor authentication to prevent Office 365 and Outlook email accounts from being accessed if a password is compromised and an unfamiliar device attempts to log into an account.
4. Better Positioned for Growth
G-Suite tools may work when with a startup workforce. But, as you grow, you need tools capable of handling that expansion. Office applications are used by 80% of business users, making it easy to collaborate with business partners and vendors without compatibility issues.
Let Simpleworks Aid Your Transition
Simpleworks has migrated thousands of users to Office 365. We create a simple and seamless experience for your business, so you have nothing to worry about. We can sync your Office 365 applications within 1-2 days depending on the size of your email database.
Trust your migration to an experienced and certified Microsoft partner. Contact Simpleworks if you are considering a move to Microsoft Office 365. Reach out to us online or by phone at 719-476-0444.
The success of the Windows Server 2008 operating system can’t be denied. It became a mainstay with small- and medium-sized businesses across a variety of industries. Around 85% of companies still run Windows Server 2008 due to the server’s proven reliability.
And that’s part of the problem.
What Companies Risk by Sticking with Windows Server 2008
On January 14, 2020, Microsoft will discontinue support for both Windows Server 2008 and Windows Server 2008 R2. The costs and time investment required for upgrades are why so many companies still cling to the program. With the 2020 stop date rapidly approaching, here are the risks of not upgrading:
- Extensive Security Vulnerabilities. Once Microsoft stops making regular updates, there will be no further security patches to Windows Server 2008. Continuing to use the operating system without these fixes exposes your important business and customer data to hackers looking to steal data. You could also end up infected with malware designed to take your systems hostage for ransom.
- Limited Cloud Compatibility. Not upgrading to a new version of Windows Server limits your options when it comes to expanding your technology platform via cloud technology. Windows Server 2008 isn’t fully capable of providing support for cloud or hybrid environments, which will limit your options on software that is only cloud-based.
- Performance Issues. Without regular updates, you’ll see your hardware performance slow down as Windows Server 2008 becomes more and more incompatible with your current hardware and software. Virtualization becomes harder since bugs and slowdowns would severely hamper your ability to provide a smooth multiuser experience.
Upgrading Benefits to Windows Server 2008
Upgrading to Windows Server 2016 provides companies with access to features allowing them to build an IT Infrastructure capable of meeting the demands of today’s digital business space. Imagine not having to hear the words, “Our system can’t handle it,” when a great idea is proposed involving technology that moves the company forward.
Here are some of the advantages gained once a company commits to installing an updated operating system to replace Windows Server 2008.
- More Extensive Security Protection. Windows Server 2016 provides companies with the ability to implement either single sign-on or multifactor authentication, allowing for better account protection. All of your virtualization instances receive more security from breach attempts from in and outside of your company.
- Expanded Cloud Capabilities. The operating system also adapts smoothly to running in a full or hybrid cloud environment. Windows Server 2016 provides an excellent on-ramp for customers looking to explore what they can do with cloud computing, including incorporating Office 365 into their workplace. The IT department can make cloud services available to individual virtual machines (VMs), which could be deployed with a lot less overhead.
- Built-in Backup Services. Windows Server 2016 provides administrators with an out-of-the-box backup system. Resilient Change Tracking (RCT) allows you to perform both full and incremental backups of your VMs.
Upgrading to Windows Server 2016 allows businesses the freedom to explore software as a service (SaaS) offerings like Adobe, QuickBooks and JIRA. Your employees will appreciate the responsiveness of the new server which enables them to increase their daily output.
Simplifying the IT Experience
Partnering with an experienced Microsoft partner to handle your Windows Server 2008 upgrade makes it a stress-free experience for your company. Simpleworks prevents your upgrade from getting bogged down in the details and handles the miscellaneous technical issues while keeping you on schedule.
Simpleworks believes in making IT simple and effective. Our team of professionals confirms that all your processes and hardware function as they should upon completion of the new server installation. When Simpleworks handles your Windows Server upgrade, here’s a few of the many processes we cover:
- Outlining what your final environment should look like
- Assessing your server and cataloging everything on your network
- Backing up your current server environment for possible rollback if you encounter issues during the transition
- Communicating system downtimes to all affected parties
- Installing the physical implementation of the upgrade
- Testing all systems, applications and hardware affected by the update
Don’t continue falling behind on your Windows Server 2008 upgrade. Contact Simpleworks at (719) 476-0444 or online to get your company on track for a brighter technology outlook.
CONTACT US
EMAIL | sales@simpleworksit.com
ADDRESS |
1040a Elkton Dr.
Colorado Springs, CO 80907