Is Your Business Ready for an Internet Outage?

by

Cloud computing has given us greater mobility than ever before. We can sign in to video conferences on our phones, collaborate on presentations from a laptop, or edit a file on a tablet on the sidelines of a kids’ soccer match. Yet the one thing we need still is a reliable internet connection.

Think about the country of Canada. Earlier this year, business ground to a halt in an instant. A botched maintenance update by a large internet service provider (ISP) hobbled more than 10 million customers.

Yes, there are many advantages to cloud computing, including:

  • enhanced productivity;
  • scalability;
  • pay-as-you-go price structures;
  • greater flexibility
  • avoiding having to pay for and manage on-premises IT infrastructure.

Yet when you rely on a single internet provider, you could be left high and dry if something goes wrong.

Building a backup plan for lost internet

About one-quarter of Canada’s internet capacity was offline. The downtime lasted only 12 hours for some, days for others. The list of outage impacts is long. The problem halted some point-of-sale payments, some nonprofits lost the ability to serve vulnerable populations, Rogers mobile phone users couldn’t call for emergency assistance, and cellular-dependent traffic signals in Toronto were out of whack.

What can we learn from this? Businesses should prepare a backup.

Backing up your internet

Setting up a secondary internet connection can help your business remain online. You’ll be ready if there are system issues, intrusions, or power a failure. For this to work, you’ll need to partner with a different provider than you do for your primary internet. This cuts the odds that both your main and backup internet will go down at once.

If your primary internet connection is wired, consider a cellular backup. For example, a router with 4G backup would switch you to that network if the main connection failed.

The very nature of redundancy is that it repeats what you already have. That can make some businesses balk: Why pay twice? Yet internet redundancy can help you avoid lost business, productivity, and brand reputation, not to mention the stress of having to try to do business in this digital age without being able to get online.

Maybe you can’t reinforce your IT infrastructure with a second provider. At least reach out to your current ISP to learn their backup plans. Ensure they have failovers established to back up their systems.

The Canadian outage saw many businesses floundering. With the ubiquity of technology today, it’s not unlikely that more ISP outages will happen. Be ready for the worst with plans for redundancy and contingency plans. Our experts can help you cut the risks of inevitable communications failures. Contact us today at (515)422-1995.

Benefits of Monitoring the Dark Web

by

The Dark Web is a hub for criminal activity. Even if your business is legitimate, you can’t ignore the Dark Web entirely. This article will explain the Dark Web and the benefits of monitoring its thousands of pages.

The US government created the Dark Web in the mid-1990s for spies to exchange information. It is still visited today by journalists and law enforcement agencies. People in countries prohibiting open communication might also use the Dark Web.

Yet the Dark Web is also home to illegal activity. This is where users can find weapons, child pornography, and counterfeit money. Criminals can also access malware, leaked data, and stolen information (including access credentials).

Bad actors like the Dark Web because it isn’t something you can find on your typical browser. The Dark Web is hidden from standard search engines, and you need specific software, configurations, or authorization to access it. Users also hide their IP addresses and use encryption to mask their identities.

Why Monitor the Dark Web?

There’s a real threat of your business suffering cyber assault. This could result in brand damage, significant financial losses, and intellectual property theft. If your business isn’t monitoring the Dark Web, you won’t know what is on there that could harm your business.

Dark Web monitoring can help you find:

  • compromised usernames and passwords;
  • proprietary company information available online;
  • stolen customer lists;
  • evidence of employee identity theft.

With Dark Web monitoring, you can limit damage to your bottom line and brand reputation. Surveillance can also help you find weaknesses and plan to prevent future attacks.

How Does Dark Web Monitoring Work?

Dark Web monitoring checks chat rooms, blogs, forums, private networks, and other sites that criminals visit. Using human and artificial intelligence, scans search for stolen customer lists or data, staff login passwords, and business email domains and IP addresses. You’re notified if there are any issues. Awareness can reduce the time it takes to discover a breach and address weaknesses.

Protecting Your Business from the Dark Web

Monitoring is the only way to shore up your cybersecurity. Obviously, it’s better if the scans find nothing from your business. So, it’s a good idea to strengthen your cyber hygiene. You can do so by:

  • educating employees about secure passwords and how to spot a phishing scam;
  • investing in password managers and antivirus and anti-malware software;
  • keeping all hardware and software up to date.

Monitoring the Dark Web is not something every business can handle solo. Even though the Dark web is far smaller than the Web you’re on every day, there are thousands of pages to scan.

Our experts can boost your cybersecurity protections and set up Dark Web monitoring. Contact us today at (515)422-1995 to lower your risk profile.

What Is Microsoft Secure Score?

by

Security is a priority no matter the size of your business. Recognizing this, Microsoft has a Secure Score measurement in its 365 Defender dashboard. But what is Secure Score, and how does it help your business? This article explains the basics.

Secure Score measures your security posture. It reviews your activity and security settings against Microsoft’s best practices. The idea is to identify areas to enhance protection and provide suggestions.

In the dashboard, administrators can view the current state of their security score. It considers all Microsoft identities, apps, and devices. There is also a target score. The higher your target score, the more recommended actions you’ll get, although Microsoft cautions that you should balance increased security against user experience.

Secure Score Recommendations

Secure Score shows you possible improvements considering security best practices. Secure Store currently offers recommendations for:

  • Microsoft 365 (including Exchange Online);
  • Azure Active Directory;
  • Microsoft Defender for Endpoint, Identity, and Cloud Apps;
  • Microsoft Teams.

The score does not measure the likelihood of a system or data breach. Instead, it looks at system configurations, user behavior, and other security-related measurements. Then, it scores what you’ve done to offset security risk in real-time.

Microsoft not only lists security recommendations but also tracks your action plan. The implementation section shares prerequisites and provides step-by-step advice to complete improvement actions. You can report on status (e.g. planned, risk accepted, resolved through third party, and complete). Rankings also help you gauge implementation difficulty, user impact, and complexity.

Scoring Security with Microsoft

The more improvement action you take, the higher your score. For example, you’re given points for:

  • configuring recommended security features;
  • doing security-related tasks;
  • addressing suggested improvements with a third-party application or software, or alternate mitigation.

Microsoft Secure Score also compares your metrics with scores for similar organizations. The data is anonymous, but in the Metrics & Trends tab, you can view how your score compares to others over time.

Raising Your Secure Score

How can you have an immediate impact on your Secure Score? These three steps can boost your organization’s security:

  1. Enable multi-factor authentication on administrator accounts in case account credentials are compromised.
  2. Enforce password expiration policies to prevent the usage of leaked credentials.
  3. Set up Azure Active Directory to track, log, alert, and remediate and better protect sensitive data and information.

Our IT experts are here to help you understand Secure Score. We can help enact action plans to apply the recommendations. Contact us today at (515)422-1995.

What’s the Difference Between Archiving and Backing Up Your Data, and Do You Need Both?

by

It goes without saying that your data is vitally important to your business. Lose data, and you could be out of business for a while, or maybe for good.

But many business owners don’t completely understand how to protect their data. It’s not complicated, but you need to understand the two most basic data protection methods.

In this article, we’ll explain the differences between backing up and archiving data, and why each is important.

What Is a Data Backup?

A data backup protects the data you work with every day by keeping a copy in a secure location so you can restore it quickly if it’s lost or damaged.

You need to consider three key things when you design your backup strategy. First, the changes you’ve made to your data since your last backup are at risk because they aren’t yet backed up. So, you need to think about how much data you can afford to lose when you create your backup schedule. You might decide to back up daily, hourly, or even more frequently. It’s a tradeoff between your needs and the cost.

Second, you need to keep your backup in a secure location away from your data to protect it from theft, vandalism, fire, or water damage. Don’t keep it on the premises; that’s not going to help you if the building burns down.

Third, you need to be able to quickly restore your data from the backup. Time is money, especially when your systems are down, and the longer it takes to bring your systems back up, the more business you stand to lose.

What Is a Data Archive?

A data archive stores data that you don’t need every day but might need in the future. It’s like putting your old files in boxes and storing them in the attic while you keep your active files within reach. Some examples could be tax data, bank transactions, medical records, and any records required for regulatory compliance.

Archiving pulls this data out of your daily work data and stores it offline so it can’t be modified intentionally or accidentally. Just like a backup, it needs to be in a secure location away from your data.

Do You Need Both a Backup and an Archive?

Residential users might be able to get away without an archive because they usually have much less data than a business. That means you can keep your archived data and work data together in a backup.

But for a large business, it’s best to use both a backup and an archive. A backup is much faster and easier to restore than an archive because it uses high-speed storage devices such as fast hard disks or flash disks. This keeps your downtime after a data loss to a minimum.

On its own, an archive won’t do the job for either a business or an individual. An archive contains only the part of your work data that you need to keep long-term. Plus, it isn’t performed often enough, so too much of your work data is at risk of being lost. Finally, it’s too slow to restore, so your systems might be down too long.

Creating a Strong Data Backup and Archiving Strategy

A lot goes into a good backup and archive strategy, and it’s critical that you get it right. You don’t want to discover that you’re missing data after a data loss or when you need records for regulatory or legal compliance.

We can provide you with a tailored backup and archive solution for the best protection you can have against data loss. Give us a call today at (515)422-1995 to learn more.

What Does a Data Breach Look Like

by

Part of the problem with a data breach is that your business doesn’t know about it until it’s already happened – sometimes well after. Knowing the signs of a data breach can help you mitigate the damage.

Don’t get complacent about cybersecurity. There are many things competing for your attention. But cyber vulnerabilities can mean unexpected downtime, as well as loss of data or money, and more.

Of course, you’re already installing firewalls and securing all remote entry points. You’re updating your antivirus tools and software regularly. Plus, you’re keeping strong passwords and educating employees about social engineering.

Still, bad actors can attack. Be vigilant about looking for these common signs of a potential breach.

Computer slows down

If your computer appears to be taking longer than usual to do what you ask, pay attention. You may not be imagining it. This, or frequent crashes or screen freezes, could be a sign of malware. Unwanted viruses may be monitoring your activities, corrupting files, and consuming device resources.

A slow network is another indicator of compromise, as is losing control of your computer’s mouse or keyboard. Malware takes substantial network bandwidth and can slow computers and connected devices.

Passwords don’t work

You have set passwords or you’re working with passphrases. You know what you set as your access credential, but it’s no longer working. This could mean cybercriminals have taken control of your accounts and changed the passwords.

Emails back from contacts

If you’re getting emails from your vendors or customers responding to messages you didn’t send, that’s a bad sign. Either you’re overworked and forgetting what you sent, or hackers have taken over your inbox and are using your address to send messages. They might masquerade as you to send fake invoices or request access credentials.

Unknown files appear

It is not a good sign when files that you don’t recognize appear on your screen or in Task Manager. Installing malware often downloads extra files onto the target machine. So, new files you didn’t add could mean an attack has occurred.

Also, be wary if file names change or the desktop icons look different. Monitoring for changes can help you react before a large amount of data is compromised.

Ransomware request

This one’s obvious, but we can’t fail to mention it. If your accounts are locked or you face a screen you can’t get past, you may be a ransomware victim. When someone offers you an encryption key to access your accounts or files, it’s definite.

Help prevent a ransomware infection by keeping your operating system up to date. Also, avoid installing any software without knowing exactly what it is or what it does. Additionally, you’ll want to regularly back up your files. That way, if attacked, the damage may be less significant.

With 90% of small businesses impacted by cyberattacks, you can’t afford to ignore any of these symptoms. The best protection is to prevent any infiltration in the first place. Ensure you have the necessary protection in place. Contact us today at (515)422-1995!

Improve Your IT budget Forecasting

by

As the year comes to a close, you have to write the IT budget and spending benchmarks. You must understand the current IT infrastructure and forecast technology needs. This article shares three key areas to improve forecasting and maybe save budget too.

#1 Unexpected IT expenses

First, it helps to identify where you are blowing your IT budget. Often IT budget inaccuracies can be traced back to unexpected tech expenses. Repairs, replacements, and unanticipated upgrades can all throw your budget out of whack. Unfortunately, emergency repairs and last-minute technology improvements are the most costly.

But without a crystal ball, you can’t predict what’s going to happen, right? Still, you can make a plan that allows you to avoid wasting money on the break-fix model. Partnering with a managed service provider (MSP), you will typically pay a set monthly fee. Then, if something does go wrong, you have IT experts at the ready to address the issue.

Plus, a good MSP will work to determine the expected life cycles of your tech assets. That way, you can anticipate hardware or software upgrades and budget accordingly. Further, your MSP should work proactively to prevent unexpected downtime. They can help protect you from cyberattacks and keep software and hardware updated and patched.

#2 Bloated IT infrastructure

Overlapping and wasted resources are another big IT budget drain. You could be paying for many devices that do the same thing, or you may be continuing to license software that your team no longer uses. Or it may be software that everyone uses, and you could be getting a much better deal. You might also be paying for tech you haven’t upgraded, so you aren’t getting the full return on your investment.

An MSP can help identify these kinds of issues. Bringing in an IT expert provides an objective view of your infrastructure. They can suggest performance improvements and streamline processes. They may also suggest subscriptions or other packages that can help you save funds.

#3 IT and business misalignment

The plan is always to build a budget for an IT strategy that helps achieve business goals. Yep, doing so depends on your tech know-how and good communication.

Further, tech-business alignment has grown more difficult as infrastructure has changed, plus, the workforce is now more distributed. The business could have on-premises technology as well as cloud-based software. Employees could be bringing in their own devices and/or working remotely. As a result, business tech needs to be doing more. Plus, it needs to keep up with rapid evolutions and cybersecurity threats.

Yet investing in IT-business alignment improves budgets, and benefits workers and customers. Potential advantages include:

  • reduced digital friction;
  • improved user experience;
  • greater customer engagement;
  • cutting costs;
  • improving productivity;
  • gaining visibility of business processes;
  • faster delivery times and speed to market;
  • growing your competitive advantage;
  • driving innovation.

Work with an MSP to bridge business acumen and IT expertise. Then, you can better calculate the financial impacts (costs and ROIs) of your IT plan.

Need help understanding IT budget pitfalls and spending benchmarks? We can help plan for tech spending supporting your business objectives going forward. Contact us at (515)422-1995.

Top Tips for Your Year-End Tech Review

by

Many of us look forward to January 1 as a fresh start. But before we get to hit that refresh button, it’s a good idea to look back too. No, we’re not saying you need to go sit by a waterfall and meditate on your IT infrastructure, but there are benefits to doing a year-end tech review.

What is a tech review?

In a tech review, you can accomplish several key things. First, you can gain a clear picture of what the IT infrastructure looks like. After all, technology is always evolving. You can determine what assets you have and how employees are using them. You’ll also revisit your tech spending and whether it’s achieving business outcomes.

A tech review also gives IT staff a chance to clarify roles and responsibilities, as well as mission.

Doing this at year’s end is common because many businesses slow down around the holidays. This means your team can focus more on the tasks of a thorough and effective tech review.

You may have a budget you’re looking to use by the end of the fourth quarter. With a tech review in hand, you can make sure you spend money on technology that will make a real impact.

A tech review, done at any time of year, also offers you the ability to:

  • improve productivity;
  • mitigate risk;
  • streamline workflow;
  • update and upgrade;
  • enhance employee engagement.

Steps for your tech review

There are many steps to take in an effective annual review of your technology. Read the main ones here.

Perform an IT inventory

Make sure you know all your tech assets and where they are in their lifecycle. This is a good time to identify current hardware and software in need of upgrade or replacement. Then, you can plan ahead and avoid security risks or unplanned downtime.

Review your IT outcomes

You should be spending on IT to achieve certain business goals. Now’s the time to consider whether your technology is doing what you wanted it to do. A Harvard Business Review study found that 77% of respondents see an IT strategy–implementation gap. So, at least you’re not alone in needing to ensure your tech initiative aligns with business outcomes.

Update tech guidelines

You probably have policies in place governing how your IT is used. Revisit these annually to ensure you are keeping up with the way your tech is evolving. For example, if your people are remote more often, make sure your guidelines match those tech deployments.

Survey employees

Ask the people who are using your technology not only about what they are using but also how they are using it. This can help you identify areas to improve, upgrade, or automate. Or you might find out people are using software that IT didn’t vet first!

Good questions to ask include:

  • What applications do you use most often?
  • What applications do you resist using?
  • Which technology tools can’t you do without?
  • Which technology do you wish our company had, and why?
  • Do you do any manual, repetitive processes?

Explore cybersecurity

You can ask employees whether they have experienced a cybersecurity threat this year. But you’ll also want to review your data to see if there are any indications of cyberattacks. Also, examine and revise your firewall settings to make sure they are as current as can be.

It’s also useful to have a third-party IT professional perform a vulnerability scan. A penetration test is a more involved way to identify weaknesses you might consider.

Review your findings and prioritize new technology

Drawing on the input you’ve received and the data you’ve gathered, decide what actions to take. You might want to replace redundant software or some with poor user experience. Or you may need to invest in hardware such as computers or servers. You could also find opportunities to automate manual tasks to boost your productivity.

Even if you have the budget for it, avoid making all your changes at once; it can be too overwhelming. Don’t expect your team to automate a process while also transitioning to new hardware. Bring your decision-makers together to decide on priorities and plan purchases and rollouts.

We review for you

Don’t have the resources or know-how to do a year-end technology evaluation? Our experts can investigate your IT infrastructure for you. Contact us today at (515)422-1995.

Common Cybersecurity Myths Debunked

by

In many areas of our lives, there are myths that we accept as fact. Some of these are actually quite dangerous: believing that lightning never strikes in the same place twice could be fatal. Similarly, there are cybersecurity myths that demand debunking to keep your business safe.

#1 “I’m too small to be attacked.”

Any size of business, in any industry, can be the target of a cyberattack. In fact, hackers often hit smaller businesses because they lack the necessary protection. Also, a small business is more likely to pay a ransom, because it can’t recover otherwise.

Plus, small businesses can be the first stepping stone in a supply-chain attack. After getting into your systems, they might send a fake invoice from you to the larger target. The enterprise client, trusting your credibility, opens the attacker’s malware. Or hackers can use your vendor credentials to gain access to the enterprise network.

#2 “Antivirus software is all I need.”

If only it were that easy. You need antivirus software, but you can’t protect all your IT infrastructure with one tool. To detect and defend, you’ll need a comprehensive cybersecurity plan. Combine employee security awareness training with physical security measures, and put in place many layers of network and device defense, too.

Then, keep everything patched and updated. That makes sure you’re leveraging what experts know about the evolving threat environment.

#3 “Cybersecurity is IT’s job, not mine.”

You may have an internal IT department you count on to handle cybersecurity. Many businesses also contract with a managed service provider (MSP) to keep them safe. These IT teams will work to secure your infrastructure and protect your data. They will put systems in place to detect threats and identify vulnerabilities. They can ensure appropriate data backup and do disaster recovery planning.

Still, IT experts (whether internal or external) are only one player in the battle. Your employees remain a weak link. They are the ones that may inadvertently download malware, fall for social engineering scams, or use easily guessed access credentials.

Your business needs to educate all employees about online safety and cybersecurity threats. Then, it’s everyone’s job to be aware and work to reduce risks to your business.

#4 “Too much cybersecurity will hurt our productivity”

This won’t be true if you set up effective security policies and protocols. Add regular monitoring and authentication tools that provide security without adding friction for employees.

In fact, enhanced cybersecurity can actually help your productivity. It frees people up to work on other important business with less worry.

Avoid a false sense of security

Trusting any of these myths can leave your business vulnerable to attack. A data breach or IT downtime can be devastating. Don’t risk the worst. Instead, work with IT experts to handle your cybersecurity, backups, compliance, and more. Contact us today at (515)422-1995.

How Your Business Could Benefit from a vCIO

by

Businesses often hire a managed service provider (MSP) for tech support. But if that’s all you’re getting from your MSP, you could be missing out. You might gain by adding a Virtual CIO.

The typical MSP engagement involves coming in and surveying your IT infrastructure. You can expect the MSP to:

  • make sure your antivirus software is up to date (or that you have it in the first place);
  • install firewalls and other security protections;
  • patch or update any tech that needs it;
  • establish a data backup process.

Some MSPs will stop there. If that’s all they offer, you might consider expanding your view of what an IT provider can offer your business. Your tech support can also drive strategy to save money and ensure safe, smooth operations, and you may need a virtual CIO.

What is a vCIO?

Members of your C-suite are experts in their focus areas. A virtual chief information officer (vCIO) specializes in the latest technology and cybersecurity. More than “tech support,” the vCIO is a strategist invested in your business’s success, but they do this as a third party, virtually, instead of as an in-house employee.

A vCIO analyzes your IT infrastructure for weaknesses to suggest process or security reworks. They can formulate long-term technology goals based on your business objectives. Then, they’ll provide a road map for your technology strategy.

An MSP is more focused on service delivery, whereas the vCIO takes a forward-looking approach. Working with more decision-making authority, the VCIO can create an IT budget. They can also work to reduce your business expenses. One way they’ll do this is by building relationships with vendors to ensure the best rates and services. Note: you should already be saving money by working with a vCIO rather than hiring a traditional CIO.

What to look for in a vCIO?

The IT expert or experts taking on your vCIO role should bring a wide range of skills to the table. These include:

  • ability to align your IT strategy to your business goals;
  • robust knowledge of technology trends to understand what will best serve your organization;
  • project planning and management skills to ensure completion on time and within scope;
  • experience in cost optimization and measuring key performance indicator metrics;
  • ability and willingness to collaborate effectively with teams throughout the business;
  • communication skills to report to business stakeholders, and liaise with clients and vendors.

Our MSP your vCIO

Some MSPs steer clear of planning and assisting with decision-making. They hone in on today’s operational tasks and fix current problems, but our IT experts are here to add immense value to your business. Partner with us in the vCIO role. We’ll be supportive and provide a technology direction to help you grow your business.

Contact us today at (515)422-1995.

Avoid Getting Your Cyber Insurance Payout Declined

by

Cyber insurance policies have existed since the early 2000s. Businesses going online wanted safeguards against risks associated with evolving cybersecurity threats. Having a cyber insurance policy is just a starting point, though, and your business also needs to understand the insurer’s expectations of you. Otherwise, you might find your claim gets denied.

As with most professional liability policies, your cyber insurance may have exclusions, including:

  • rogue employees;
  • wild viruses;
  • regulatory claims;
  • fines and penalties;
  • property damage.

Cyber insurers also may not pay out if they find “a failure to maintain.” This might also be “failure to follow” certain standards of care. It’s the online version of negligence. But what does it really mean?

Standard of care expectations

Insurance companies want proof that your business takes proper precautions to prevent cyberattacks. If you can’t show you’ve implemented strong security measures, you run the risk of a denied claim.

Your insurance doesn’t want to pay out. So, they’re going to require you to put protection in place. This can be internal or via a third-service provider (such as a managed service provider (MSP)).

Your security approach must be comprehensive. It’s best to map out all your technology so that you can identify every endpoint that needs protection. Relying on antivirus software, for instance, is unlikely to satisfy your insurance provider. Add active threat detection and response tools to your arsenal, too.

You’ll also need to show that you’re securing your supply chain. A breach exposing 40 million debit and credit cards started at a retailer’s HVAC vendor. Target estimated the breach cost $202 million. This was in 2013, but attack type remains a real threat due to digital interconnectedness.

Insurers also want to see evidence of effective training for your employees, because humans are the weak link. Your staff may not mean to do wrong, but they are the ones with weak passwords, or misplaced devices, and who may be downloading malware.

Expect insurers to also want you to have:

  • encryption to secure data;
  • multi-factor authentication to make unauthorized access more difficult;
  • virtual private networks (VPNs) to secure connections between computers and the internet;
  • regular data backup;
  • company policies and processes to respond to cybersecurity incidents.

Cyber insurance evolves, too

As the cyber environment is always evolving, insurers are regularly adapting. They may have quoted coverage for a particular risk but then changed their policies to decline that risk a year later. It’s one more thing to keep abreast of while also working to secure systems against cybercrime.

Have questions about your cyber insurance policy? An MSP can review your security policy and ensure you’re doing everything to maintain coverage. Our experts can also run regular audits and provide proof of your efforts. Contact us today at (515)422-1995.

Click to see our BBB Report

FOLLOW US

VISIT US

Privacy Policy