Watch the Little Things in Cybersecurity

by

Author Richard Carlson tells the world, “Don’t Sweat the Small Stuff” in his popular book. Yet he’s not in the cybersecurity realm. When it comes to protecting your business, you do want to watch the little things. Avoiding small matters could bring big risks.

You’re already keeping an eye on the big things such as ransomware or data breaches, and you’ll also be ensuring have a data backup and disaster recovery plan in place. But don’t overlook the small issues that come up – they can be just as vital to your cybersecurity.

For one thing, don’t undervalue physical security for your business technology. In America, there have been reports recently of attacks on power stations, but these aren’t sophisticated cyber hacks. Attackers with guns are breaching the physical premises and shooting transformers. It goes to show that you focus on preventing cyber threats at the expense of perimeter protection.

This also means reminding employees not to let unknown personnel into the building and telling them to take down those post-it notes on their PCs with their passwords on them.

Allowing your people to work on software that’s past its support date could also be a bigger deal than you think. The “if it ain’t broke, why fix it?” mentality could leave you open to attack. Hackers seek out vulnerabilities tied to outdated systems. They can leverage small openings to wreak havoc on your business.

Small steps can make a big difference

Similarly, don’t fall for the idea that cybersecurity effort needs to be complicated to do the job. There are small steps your business can take to protect itself.

Cyber hygiene is a good starting point. Ensure your people aren’t reusing weak passwords across accounts. Make keeping track of complex passwords easier by using online wallets such as LastPass.

Keep computers updated and software patched. Manufacturers keep up with threats and upgrade their code to address known vulnerabilities. All you need to do is allow the update when it’s offered. It can be an inconvenience, but agreeing to that update can save you a big problem down the road.

Educate employees about using public Wi-Fi networks. They may think they are being productive by logging in while in line at the coffee shop, but that public access point could be putting your systems at risk. One big problem is that an attacker could be set up on that hotspot to intercept sensitive data.

Encrypt data. This helps you protect data wherever it may be, not just on-site. A hacker intercepting that data would still need decryption capabilities to get access.

Multi-factor authentication also helps to protect your business. After all, a criminal could get access to an employee’s username and password from a phishing attack. If you don’t add a second layer (at least) of authentication, they can easily log into your network and do damage.

Need help with cybersecurity issues? We can help you with the big and the small. Contact us today at (515)422-1995.

Leave that USB Drive Where You Found It

by

You come across a thumb drive, or USB drive that you don’t recognize. Maybe you find it in the car park of your building or by the copier in the office. You’re curious or you want to plug it in to identify where to return it. Don’t do it. Risks abound.

Consider this jaw-dropping example. That’s how the Stuxnet malware virus that hit an Iranian nuclear facility got its start. It’s believed employees at the facility plugged in a USB drive they found in the car park.

From there the virus could reach the computers controlling the centrifuges, causing them to spin too fast and become damaged. The attackers couldn’t get in directly, as the computers were on a disconnected network.

Risk of thumb drive attack

Now, you might be thinking, “but I’m not an Iranian nuclear facility.” But that doesn’t prevent cybercriminals from wanting to access your network and systems. USB drives are one more way that bad actors can do so. In fact, one study found that 60 percent of people were likely to connect random thumb drives found near their building. If the business logo was on the drive, the number went up to 90 percent.

USB stands for Universal Serial Bus. Even with cloud computing, we still see these small, portable drives used universally. They are compact and convenient. That also makes them an attractive target for bad actors.

Hackers can pre-program USBs to act maliciously once connected to the network. They might:

  • steal a user’s data;
  • gain access to the user’s keyboard;
  • monitor the user’s screen;
  • encrypt user data in exchange for a ransom;
  • spread infection.

Most of these can happen without the user even knowing it, as the malware runs in the background.

Avoid USB drive attacks

How do you keep your business safe from infected USB drives? First, don’t insert unknown flash drives. Hackers will try to take advantage of human curiosity or their desire to help.

It’s also good to use different flash drives for personal and professional computers. This helps cut the chances that you’ll spread an infection from one to the other.

You might also enable security measures on USB drives, such as fingerprint authentication. This, and keeping computer software and hardware up to date, can cut vulnerabilities. Also, keep your malware and anti-virus protections current, and patch regularly.

Windows users can also disable the Autorun function. This prevents Windows from automatically opening removable media immediately upon insertion.

We’re here to help. Call us at (515)422-1995 to contact our experts if you suspect a security threat or want to update your security posture.

Stop Using Windows 8.1 and Windows 7 – Do It Now!

by

Few of us are big fans of change. It can be easier to keep on going down that same path or use that same computer software; it’s comfortable and familiar. As of January 10, 2023, however, Microsoft has stopped providing support for Windows 8.1, which means you need to make a change.

It’s time.

If you’re still on Windows 7, it’s really time. Microsoft stopped providing security updates and technical support for that in January 2020. Microsoft did launch an extended service update (ESU) period for Windows 7, but that’s over, and there’s no ESU program for Windows 8.1.

Microsoft recommends moving to a new device that can run Windows 11. They warn against “performance and reliability issues” with older, unsupported operating systems. Another option? Upgrade your current device and install a newer operating system on it.

Now, you might be suspicious, thinking, “they just want more of my money,” but the manufacturer has already been providing support for both of these tools for ten years. Plus, computing is changing enough that they need to keep up with new iterations of Windows. Then, they focus their attention on keeping the latest releases updated and secure.

Benefits of upgrading to Windows 11

According to Statcounter data in 2023, Windows 11 is only on 15.44 percent of Windows systems right now. Windows 10 has the majority (over 70 percent), but if you’re one of just under 10 percent of users still on Windows 7, make the change now.

Cybercriminals know that people will wait to make the change, and they find ways to exploit the weaknesses of unsupported software. You are particularly vulnerable when relying on Windows 7 or Windows 8.1.

Windows 11 is the latest Microsoft offering. They have worked to reduce risk from the latest cybersecurity threats. With Windows 11 you can better protect your files and cut the risk of today’s viruses and malware.

The new operating system is built to be more efficient. Microsoft has tweaked the Windows layout and navigation to help users find what they need and perform tasks more easily.

Not sure what version of Windows you’re using? In the bottom left of your screen, click on the Start Menu and press the Windows button on your keyboard. Then, type “system”. Click either the System or System Information icon. You’ll see your Windows version listed at the top of the window that opens up.

Upgrading to Windows 11 from 7 or 8 isn’t free. Only Windows 10 users can upgrade at no cost. Also, to upgrade to a Windows 11-compatible device, you’ll need to make sure you get a security chip called TPM 2.0. It’s unlikely you’ll find that chip on a computer more than four years old.

Need help with your Windows software? We can help. Contact us today at (515)422-1995.

IT Services Agreement or Block Hours Support: Which Is Best for a Small Business?

by

There are many types of IT support available for a business, and the two most common are “managed services” and “block hours support.” In this article, we’ll look at what these are, the advantages and disadvantages of each, and which one might be right for you.

What Is Block Hours Support?

With block hours support, you pre-pay a single provider for a certain amount and type of service. It’s usually a “block” or fixed number of hours, but it can also be a fixed dollar amount or an amount for a specific project.

What Are the Advantages of Block Hours Support?

Block hours support is usually cheaper than hiring your own staff. The provider has skilled staff with up-to-date training, so they can quickly and efficiently handle your needs. Your provider can also give you a bulk discount when you purchase more hours at a time.

And with a block hours agreement, you pay only for what you need. For example, you can save money by maintaining only the infrastructure and staff you need when you need it. That allows you to avoid a closet full of expensive hardware that you thought you were going to need or staff that don’t have enough to do.

What Are the Disadvantages of Block Hours Support?

Block hours support is what’s called a “break/fix” type of service. In other words, your provider isn’t usually involved until you have a problem. You wait until something goes wrong, and then call your provider to fix it.

That doesn’t give you the advantage of constant monitoring and management that can prevent problems before they start. That’s especially important for things such as cybersecurity, where it’s best to detect an attack and prevent damage instead of trying to fix it.

In addition, everyone’s IT operations are unique, so it helps to have someone who’s familiar with your setup when you need help. But a block hours support provider usually can’t guarantee that you’ll always get the same technician or even the best technician for your job. That means your service might be slower or less effective than a more comprehensive approach.

Reacting to a problem after it occurs also means you could experience more downtime. It could be hours before your provider can respond to your call and fix the problem. If you can’t afford to wait, you probably need a more proactive solution.

What Are the Advantages of a Managed Services Agreement?

With a managed services agreement, you typically have the option of more comprehensive services. For instance, instead of just reactive troubleshooting, your provider can continuously monitor and manage your processes such as cybersecurity.

They can also provide more “premium” services, such as more comprehensive management and even strategic planning.

What Are the Disadvantages of a Managed Services Agreement?

Compared to “block hours support,” the main disadvantage of a managed services agreement is cost. Your contract will usually be a fixed monthly fee, which you pay regardless of whether you use any services. Typically, larger organizations use more services, so this isn’t an issue for them, but for smaller businesses, it could be that contracting for managed services is overkill that could cost you money.

Which Solution is Right for You?

Block hours support works well if you don’t have a very large or complex operation, and you can afford the downtime you might experience when a problem arises.

Larger organizations can take advantage of premium services to help them save more on their operations.

Want help assessing your outsourced IT needs? Give us a call at (515)422-1995.

Making Smart IT Purchases with an MSP

by

There is no shortage of business technology out there to choose from. The sheer volume of options is overwhelming, and it can be challenging to identify the right solution for your business. This article provides ideas to help you make smart IT purchases.

You want to get the most out of your IT budget in 2023, but these common factors can derail smart IT purchases:

  • Many small and medium-sized business owners don’t have a lot of technical expertise.
  • Making buying decisions based only on a budget can lead to getting tech that won’t suit your needs.
  • People get drawn in by marketing appeals or salesperson charisma.
  • Buyers want to simplify their lives, so it seems to make sense to go with the same supplier or brand. But that’s not always the best answer.

All this means that even the best-intentioned buyers can choose the wrong technology. Maybe that new system isn’t compatible with existing software and hardware. You make things more difficult for your employees instead of improving productivity. Or you can end up wasting money on something you don’t need, or getting the perfect product but at an exorbitant price.

Strategies to Support Better Tech Purchases

When it’s time to buy technology, several strategies can improve your results.

Establish your requirements

This is more than thinking, “I want X to do this and that.” Map out your current technology to see what might already meet those requirements. Plus, learn what compatibilities will be essential to effectively use the new tech.

Talk to your employees

Ask about what they would change and what they like best about the tech you’re replacing. They’re the ones who are going to be using your tech purchases on a daily basis. Buying decisions made in isolation could saddle staff with IT that frustrates them.

Think long term

This can prevent you from getting caught up in glitzy marketing or salesperson enthusiasm. Yes, it’s human to want that cool, shiny gadget with all the bells and whistles, but it may not be what your business needs, either today or down the road.

In fact, if you’re oversold technology, you could face IT budget woes in the future. On the other hand, you don’t want to buy something that you’re going to have to replace soon. That’s setting yourself up to do this all over again. You want to make a choice that is the right fit for your current requirements but that can also scale with you.

The Solution to Tech Purchase Miscues

Of course, all this takes time – a long time if you lack IT expertise. That’s time away from running your business and revenue-generating activity. Partner with a managed service provider (MSP) to simplify the process. We can look at your existing setup and learn what you need. Then, we’ll use our experience and vendor connections to get you the best deals on smart tech purchases. Call us today at (515)422-1995.

4 Tech Trends to Know About for 2023

by

A new year is an opportunity to start afresh. This is also true for your technology initiatives. Your business can begin 2023 on the right foot by considering these important IT trends.

#1 Cloud migration

The pandemic pushed businesses to work remotely. Even those that said they’d never work from home saw benefits. Now, with cloud computing battle-tested, many offices are choosing to remain remote or at least hybrid, even though they could now go back.

So, expect the move to the cloud to continue for businesses looking to enjoy:

  • increased productivity and output;
  • ability to scale up and down as needed;
  • capital and space savings;
  • consistent user experience across devices;
  • easier upgrades and security patching, as IT teams can manage this all in the cloud.

Migrating to the cloud also brings sustainability benefits. Cloud data centers are more energy efficient than on-premises IT infrastructure.

#2 Automation

Any opportunity to streamline processes can support competitive advantage. That’s why many digitally savvy businesses are embracing automation.

Improve human capital use by automating workflows that take abundant employee time. You can free up employees to work on higher-value initiatives. Plus, you can reduce the risk of human data entry or data processing errors. You’ll also cut the security risk from human involvement with sensitive data.

Platforms such as Power Automate and IFTTT (IF This Then That) make it simple.

#3 Multi-factor authentication

The days of securing business technology in a single, contained setting are gone. With digital transformation, businesses are growing more diffuse. People want to access business systems from any device, whether in the office or off-site.

Yet the old approach of trusting that the user, device, or application is who or what it claims to be no longer works. Frequent data breaches prove the importance of avoiding repeating passwords across sites. Hackers can use leaked credentials to get access and take action in a business network.

Multi-factor authentication (MFA) makes that compromised access more difficult. The bad actor needs to have the username and password to a separate device for verification.

As MFA gains momentum, expect to see more use of password managers and authenticator apps. Managers keep and secure all the unique, strong passwords people need to make. Authenticators help verify users are who they say they are.

#4 Optimizing IT budget

This is not a new trend, of course. Still, with the uncertain global economic outlook for 2023, it is a higher priority. As inflation and rising costs hit businesses, optimize IT budgets to align with your goals. This can improve user and customer experience, and help you corral costs.

Many businesses reach out to managed service providers (MSPs) for help reducing spend. Our IT experts can also help you to migrate to the cloud, automate, and secure your systems. Contact us today at (515)422-1995.

Even the Vatican Is Vulnerable to Cyberattack – Are You?

by

You’ve heard it before: no one is immune from cyberattacks. Doubt that statement? The Vatican suffered an attack that prompted it to take its websites offline. Yes, even the Holy See can suffer a Denial of Service (DDoS attack).

The November 30, 2022 attack affected the official Vatican.va website. Several other Vatican sites were also inaccessible for hours.

The suspected hack came a day after Pope Francis condemned Russia’s invasion of Ukraine. In an interview, he singled out particular troops for their “cruelty” during the war.

You may think your business is not doing anything to provoke Russian cyber response, but that’s not the only way you become vulnerable to cyberattack.

Know your vulnerabilities online

A vulnerability is a point of weakness cyber bad guys exploit to access your systems. They can use these shortcomings to cause damage and undermine data privacy. Common vulnerabilities include:

  • firewall weakness
  • operating system flaws
  • network misconfigurations
  • unpatched software
  • weak access credentials
  • unencrypted information

Not every vulnerability is exploitable, as attackers may not have enough public information to leverage the weakness. Your existing security controls may be protecting the weakness, or the attacker may need authentication or local system access to target the vulnerability.

Still, vulnerabilities of any kind can put your business technology at risk.

Causes of vulnerabilities

There are many reasons for IT vulnerabilities. That’s one of the big challenges of cybersecurity. As your business enters 2023, take the time to look for symptoms such as:

  • complex systems which make misconfigurations and flaws more likely.
  • unsecured operating systems which risk viruses and malware.
  • poor password management with employees using weak passwords or reusing access credentials.
  • connectivity sprawl – each device and other connected endpoint expand your attack surface.
  • assuming user input is safe, which can lead to unintended consequences -instead, set up your systems to verify before access.

Identify vulnerabilities with network scans and by reviewing firewall logs. You should also map out your technology and all endpoints. You can’t protect it if you don’t know it needs security.

Also, update any software or hardware whenever possible. Plus, check the level of risk associated with any other vulnerabilities. Then, find countermeasures or patches to boost your security.

Protect against cyberattack

The Vatican had an $887 million budget in 2022, and you can expect they spent some of that on cybersecurity, but it proved insufficient. Still, the Holy See will rebound. The Catholic religion has endured many types of attacks over its nearly 2000 years. In fact, it also suffered a targeted attack by Chinese hackers in 2020.

Your business may not have the same resilience to cyberattack and unplanned downtime. Our IT experts can help you shore up your cybersecurity. Whatever your budget, there are steps we can take to ensure you’re ready to combat a cyberattack. Call us now at (5515)422-1995.

Is Your Business Ready for an Internet Outage?

by

Cloud computing has given us greater mobility than ever before. We can sign in to video conferences on our phones, collaborate on presentations from a laptop, or edit a file on a tablet on the sidelines of a kids’ soccer match. Yet the one thing we need still is a reliable internet connection.

Think about the country of Canada. Earlier this year, business ground to a halt in an instant. A botched maintenance update by a large internet service provider (ISP) hobbled more than 10 million customers.

Yes, there are many advantages to cloud computing, including:

  • enhanced productivity;
  • scalability;
  • pay-as-you-go price structures;
  • greater flexibility
  • avoiding having to pay for and manage on-premises IT infrastructure.

Yet when you rely on a single internet provider, you could be left high and dry if something goes wrong.

Building a backup plan for lost internet

About one-quarter of Canada’s internet capacity was offline. The downtime lasted only 12 hours for some, days for others. The list of outage impacts is long. The problem halted some point-of-sale payments, some nonprofits lost the ability to serve vulnerable populations, Rogers mobile phone users couldn’t call for emergency assistance, and cellular-dependent traffic signals in Toronto were out of whack.

What can we learn from this? Businesses should prepare a backup.

Backing up your internet

Setting up a secondary internet connection can help your business remain online. You’ll be ready if there are system issues, intrusions, or power a failure. For this to work, you’ll need to partner with a different provider than you do for your primary internet. This cuts the odds that both your main and backup internet will go down at once.

If your primary internet connection is wired, consider a cellular backup. For example, a router with 4G backup would switch you to that network if the main connection failed.

The very nature of redundancy is that it repeats what you already have. That can make some businesses balk: Why pay twice? Yet internet redundancy can help you avoid lost business, productivity, and brand reputation, not to mention the stress of having to try to do business in this digital age without being able to get online.

Maybe you can’t reinforce your IT infrastructure with a second provider. At least reach out to your current ISP to learn their backup plans. Ensure they have failovers established to back up their systems.

The Canadian outage saw many businesses floundering. With the ubiquity of technology today, it’s not unlikely that more ISP outages will happen. Be ready for the worst with plans for redundancy and contingency plans. Our experts can help you cut the risks of inevitable communications failures. Contact us today at (515)422-1995.

Benefits of Monitoring the Dark Web

by

The Dark Web is a hub for criminal activity. Even if your business is legitimate, you can’t ignore the Dark Web entirely. This article will explain the Dark Web and the benefits of monitoring its thousands of pages.

The US government created the Dark Web in the mid-1990s for spies to exchange information. It is still visited today by journalists and law enforcement agencies. People in countries prohibiting open communication might also use the Dark Web.

Yet the Dark Web is also home to illegal activity. This is where users can find weapons, child pornography, and counterfeit money. Criminals can also access malware, leaked data, and stolen information (including access credentials).

Bad actors like the Dark Web because it isn’t something you can find on your typical browser. The Dark Web is hidden from standard search engines, and you need specific software, configurations, or authorization to access it. Users also hide their IP addresses and use encryption to mask their identities.

Why Monitor the Dark Web?

There’s a real threat of your business suffering cyber assault. This could result in brand damage, significant financial losses, and intellectual property theft. If your business isn’t monitoring the Dark Web, you won’t know what is on there that could harm your business.

Dark Web monitoring can help you find:

  • compromised usernames and passwords;
  • proprietary company information available online;
  • stolen customer lists;
  • evidence of employee identity theft.

With Dark Web monitoring, you can limit damage to your bottom line and brand reputation. Surveillance can also help you find weaknesses and plan to prevent future attacks.

How Does Dark Web Monitoring Work?

Dark Web monitoring checks chat rooms, blogs, forums, private networks, and other sites that criminals visit. Using human and artificial intelligence, scans search for stolen customer lists or data, staff login passwords, and business email domains and IP addresses. You’re notified if there are any issues. Awareness can reduce the time it takes to discover a breach and address weaknesses.

Protecting Your Business from the Dark Web

Monitoring is the only way to shore up your cybersecurity. Obviously, it’s better if the scans find nothing from your business. So, it’s a good idea to strengthen your cyber hygiene. You can do so by:

  • educating employees about secure passwords and how to spot a phishing scam;
  • investing in password managers and antivirus and anti-malware software;
  • keeping all hardware and software up to date.

Monitoring the Dark Web is not something every business can handle solo. Even though the Dark web is far smaller than the Web you’re on every day, there are thousands of pages to scan.

Our experts can boost your cybersecurity protections and set up Dark Web monitoring. Contact us today at (515)422-1995 to lower your risk profile.

How Inflation Affects Business Tech

by

You might be reading about inflation fears in the news, but that doesn’t mean you know how inflation affects your business, let alone your business technology. This article explains both.

Inflation is when things are more expensive to buy. Diminished purchasing power means your business may sell less and see lower profits, all while paying higher costs for things your business needs. Of course, if your business is the low-cost option, inflation may not be so bad, but many do suffer when the cost of living and just about everything else increases.

So, how does that impact your business technology? Well, it’s one of the many costs you may see go up.

Inflation and business technology

Inflation often starts when it’s hard to get goods and services. Heard the phrase “supply-chain challenges” in the last few years? We’re guessing, yes. So, you know firsthand the difficulties of getting some items.

You may have already noticed price jumps in several business tech areas. IDC research found that server and storage prices are up by 10–15 percent and that costs for laptops and personal computers have risen even more, by between 18 and 20 percent. Even what you’re paying for software or cloud services may have increased. IDC found price jumps of 5–7 percent.

What to do about it

The best thing you can do is to look for business efficiencies and ways to reduce costs. A managed service provider (MSP) can help on this front. Among the many services your tech partner can offer, you can typically expect an MSP to:

  • learn about your business technology and look for cost savings;
  • identify any duplication of services or software licenses (you could be one of the third of businesses, on average, with wasted software spend);
  • install cybersecurity to help you avoid costly downtime and damage to your business reputation;
  • secure better rates by consolidating your resources with fewer vendors for volume discounts.

Hiring an MSP can also help you hold on to your existing employees. You can make more efficient use of any IT staff you have on-site. Plus, the MSP can find out how your people do their work and suggest streamlined processes. Retention is easier when people feel productive and supported by your tech offerings.

Most MSPs will recommend you migrate to cloud computing if you haven’t already done so. Yes, some cloud service prices have increased, but not at the level of the hardware you need for your own IT infrastructure. Plus, with cloud infrastructure you can benefit from:

  • enhanced flexibility;
  • scalability and speed;
  • pay-as-you-go pricing.

Partner with us

As your MSP, we’ll look for efficiencies and ways to reduce your costs. It’s what we do, regardless of which way the economy is going. Outsourcing your IT management is a cost-effective solution. Contact us today at (515)422-1995.

Click to see our BBB Report

FOLLOW US

VISIT US

Privacy Policy