Why Your Tampa Area Business Needs An IT Support Partner
Many small businesses need reliable IT support in order to succeed in the digital age, but hiring a full-time IT staff may not be in the budget. If this is the case, outsourcing your IT support can be an affordable solution. Below, we’ll take a look at some of the most valuable and cost-saving services an IT Support or Managed Services Provider can provide your Tampa area business. Help Desk Support When your employees are needing assistance with computers in your office or in an employee’s home office, an IT support company can remote connect to troubleshoot and resolve the issues. This means that an IT support partner is often able to solve IT problems remotely, saving your company time and money while ensuring that quick and effective IT solutions are always just a phone call away. On-Site IT Support In cases where remote support is unable to address all of the issues you might experience, on-site IT support is always an option. For example, with on-site IT support, your IT support partner can perform tasks such as deploying new computers, setting up printers, addressing hardware issues, troubleshooting network connectivity problems, and more. Data Backup and Recovery Should you have an incident that affects your data, such as a ransomware attack, it is imperative you have a backup that can be restored to get you back to normal. By partnering with an IT support partner that offers data backup and recovery, you can ensure that your data is always backed up and able to be restored in the event that the original data is lost or otherwise inaccessible. Email Services If your business’s email services go down, your ability to communicate with customers, accept orders, communicate with remote employees, and more may be compromised, bringing your entire business to a halt. With an IT support partner, though, you can rest assured knowing they are just a phone call away and can immediately start troubleshooting any issues you might have with your email services. Network Setup and Administration When looking for an IT support partner, be sure you choose one that offers managed services. Managed Services Providers can monitor, troubleshoot, and address your network issues before you even know there’s a problem, giving you peace of mind that your network is always under the careful watch of expert eyes. Print Support If your business is heavily reliant on copiers and printers for its day to day operations, you know how crippling it can be if you can’t print. Your IT support partner should be available to quickly address any machine issues and, if needed, provide you with a loaner until your machines can be repaired. Conclusion For businesses that cannot justify hiring an in-house IT team, working with an IT support partner offers a number of considerable benefits. At Boring Business Systems, we are proud to be the go-to company for managed services and IT support in the Tampa area. If you own a business in Tampa Bay and would like to learn more about the many benefits that working with an IT support partner can provide, feel free to contact us today!
Five Things Your Company Needs To Do Now To Prepare For A Hurricane
June 1 marks the official beginning of the Atlantic hurricane season. Most people do some prepping on a personal level but is your business ready? Here is a list of five things your company needs to do in June before the first storm heads our way. Establish a plan. If you have not already created a disaster plan, now is the time to get it done. This plan needs to include the various scenarios you might encounter should you be at ground zero. Some of the items you need on this plan include: Will you need to close and evacuate? How do you notify your staff and customers? Do you have an alternate location to operate your business should your building be without utilities or be inhabitable? How will you access company data such as customer or patient records? Check your backups. It is so easy to get complacent with backups. Whether you are backing up to media or backing up to the cloud, now is the time to evaluate it. Not only do you need to ensure you are getting proper backups, you also need to ensure you are backing up everything critical. More than once, we have helped a company recover a backup only to learn a critical directory or database was left out. If you are still backing up to media, you need to do a test restore to be sure the backup is valid. Develop a communications plan. If there are power outages, landline phones, and cell phones may not work. If your business is mission-critical, you need to ensure you have an alternative means of communication such as satellite phones. Texting is also a great means of communication after storms. When bandwidth is scarce, you might not be able to make a phone call, but you will likely be able to send texts. Create an emergency response team (ERT). It is good to define a skeleton crew that can carry out your disaster plan. You must develop clear roles and responsibilities for each team member. You must also ensure the team has contact information and instructions on how to proceed should they be unable to reach someone on the ERT. Once the storm passes, you should have the ERT contact your entire staff to ensure they are safe and do not have any immediate needs. Be sure to not only train this team but consider doing some role-play exercises to be sure everyone is on the same page. Secure your building(s). Before leaving for the storm, it is smart to walk through your building and unplug any mechanical or computer equipment to protect it from surges. You may also want to consider covering key equipment with plastic tarps or bags in case of moisture intrusion. Also, if you have confidential paper files or portable media, be sure these are stored in a locked cabinet or safe. Should your building become insecure, you want to know your data is safe. Depending on your location, you may also want to install hurricane shutters. If you have a generator, be sure you test that early in the season and insure you have fuel ready. This is by no means an exhaustive list but should give most small businesses a good start. If you would like help developing a comprehensive list, we’d love to help. Contact us for a free consultation.
What is Business Continuity & Disaster Recovery?
What Is Business Continuity? Business continuity is the process, policies, and procedures related to preparing for recovery or continuation of business infrastructure critical to an organization after a natural or human-induced disaster. Whether the business is small or a global enterprise you need to know how you can keep going under any circumstances. Business Continuity Vs Disaster Recovery Disaster recovery is a subset of business continuity. While business continuity involves planning for keeping all aspects of a business functioning in the midst of disruptive events, disaster recovery focuses on the IT or technology systems that support business functions. A Complete Disaster Recovery Solution A proper business continuity solution should proactively protect clients’ systems and data against disasters of all type. An MSP should offer a business continuity solution that can rescue businesses and get them back online within minutes of any of these disasters: Hardware and software failures Natural disasters Unintentional human error or malicious actions Ransomware and other cybersecurity threats What to Look for in a Business Continuity a Solution? Here are some more key things to consider when looking for a solution: Hybrid cloud backup: A hybrid approach fixes the vulnerabilities that a cloud-only or local-only possess. Superior RTO and RPO: Think in terms of business continuity rather than simply backup, and calculate how much downtime your business can endure and still survive (RTO) as well as how much data you can afford to lose (RPO). Image-based backup: Make sure that the backup solution takes images of all data and systems rather than simply copying the files. Interested in learning more about our Business Continuity & Disaster Recovery Solutions? Give us a call or shoot us a message here: https://boring.com/contact-us/ Source: Datto Blog
The Upkeep: Maintaining Your Digital Documents
In this episode of our blog, we are going to go over how to keep those digital documents digital. Most companies that you talk to have already done or are in the process of digitizing all their files. Some may have them saved in their local files, some in a form of cloud-based storage, and others have moved those files to their CRM. Let’s go over some of the departments that may not be keeping those day forward files digital and may still be creating paper-based docs that tend to get lost or misfiled. Accounting – Accounting can be either AP or AR, so this will go over several documents that they have that may still be paper based. Invoices – Companies still rely on printed invoices to send to their clients. Because of the reliance on the Postal Service, it takes longer now to get to the client meaning it takes longer for your company to get paid. This is the same on your end as it now takes longer to pay those invoices and does not allow you to take advantage of early pay discounts. It also means that those invoices could be lost or mis-filed leading to late charges and possibly affecting those relationships with clients or vendors. Expenses – Using paper receipts to capture expenses for the company. This leads to missed charges, late repayment of those expenses, or no reimbursement at all if you cannot recreate the receipt. Delivery Forms – Because there are so many ways to get goods to clients, relying on paper delivery forms can create issues. You cannot charge a client for your goods without proof of delivery, and you would not want to be charged for something delivered if it cannot be proven it was delivered and signed for. HR – HR still heavily relies on paper forms to capture information that they need for the employee profile and file. Repetitive filling out of forms, missing information, and requesting forms for equipment that is needed for the position. Sales – Sales has multiple documents that are important to the company, yet still rely on paper-based processes to move through companies. Sales Packets – These are the lifeblood for any organization with sales teams. Most of the documents are still paper based. Even though companies may be using digital signature capture to get docs signed, they are still internally processing it using paper-based workflows. Customer Documents – These are previous deals, correspondence, proposals, and more. Typically, these documents are kept either paper-based or digital. The real challenge is whether paper-based or digital, trying to find the right document can be a challenge. With CRM’s, you cannot use keyword searching to locate documents. This can be a challenge if you are looking for specific documents that you may not have all the information on, or if it was mistakenly put in the wrong place. In keeping with the theme of keeping docs digital, next blog will go over some ideas and best practices in order to digitize current workflows within your organization. Contact us today to learn more about document digitization! Author: Tom Hubler, Technical Solutions Consultant at Boring
How to Digitize Your Documents and Best Practices
Document digitization is the future of document storage for companies that want to be ahead of the curve. Work from home and hybrid work environments do not allow for traditional file storage as most companies now know it. Rising rents and flexible work schedules are also accelerating this move to digitization with many companies. In this episode of the Boring Blog, we are going to go over the rules and best practices for document digitization. Rule 1 – Decide what would need to be digitized first: Many companies start by scanning / storing all their documents. Depending on how your retention policy is set up, you may just want to start with day forward and then look at what needs to be kept. Once you decide this, you’ll need to see if you have a scanner that can handle the volume of documents needing to be digitized. Typically, you can use a desktop scanner or copier / MFP. If the volume is too large for either of these devices, you may need to look at a dedicated high-speed scanner. You may even need to look at a 3rd party that specializes in this type of work if you do not have the manpower for the project available in-office. Rule 2 – Decide how you would like the documents indexed: Once you set up how these documents are going to be named, stick to it. If you take all the time to digitize your files, index fields make sure that you can find and identify those documents in your system. If you decide to outsource, they will ask you for these fields in advance to make sure the documents are indexed correctly. Rule 3 – Decide who needs to have access to the documents: If these documents need to be accessed by large numbers of people, you may want to look at a cloud-based software to store your documents rather than local storage. You may also want to look at this if you are worried about disaster recovery or if the documents in question are mission critical. Cloud-based document management systems are highly secure and easily accessible from a web browser or even a mobile device. They also save multiple copies of your documents in different data centers in case of disaster or accidental deletion. You can also set up rules regarding who can access documents and what they can do with them. Rule 4 – How to handle the old documents: Depending on your industry, a digital copy of a document is just as compliant as a paper one. If your industry requires paper, you then need to look at the retention schedule. With this in mind, you can then look at the retention schedule of your industry and decide if you need to keep or shred them after digitization. Once you have this answer to this question, you can set up the retention policy or just securely shred the documents. In the next Boring Blog, we are going to go over how you can keep digital documents digital and make them actionable with a cloud-based Document Management System. Contact us to learn more about our Document Management Solutions! Author: Tom Hubler, Technical Solutions Consultant at Boring
The Benefits of Document Digitization
Document digitization is the future of document storage for companies now and in the future. Work from home and hybrid work environments do not allow for traditional file storage as most companies now know it. Rising rents and flexible work schedules are also accelerating this move to digitization with many companies. Right now, companies are paying $25,000 to file a file cabinet and $2,000 a year to maintain that same cabinet. The average commercial office is using 50 to 70% of the floorspace just to store those documents. This doesn’t even begin to address the companies and government agencies that use off premises storage for their documents If you need to know what it is costing your company, you can use this chart to calculate: Paper Costs = Monthly Paper Costs x 12 months File Storage Costs = Number of Filing Cabinets x 16 sq. ft. x Cost per sq. ft. of Office Space Third-Party Storage Costs = Monthly Rent x 12 months Printing Costs = Printer Rental Price + Annual Printer Maintenance Fees + Monthly Ink Cost x 12 months Printer Costs: If you purchased your printers, check your records to average their yearly cost. Print-Related Labor Costs = Labor Hours Spent Managing Paper x Average Hourly Wage x Number of Workdays per Year After you look at the cost of this to your office, you may then have to look at another aspect of paper files, accessibility. With work-from-home and hybrid environments, your workers may not be able to access the documents that they need to perform their jobs effectively. This means lower productivity and higher costs to process tasks for your company. Digitization can be easy if done right. Scanning documents into a traditional Windows folder structure could lead to more confusion and misplaced files if there is not a simple and effective way to retrieve those files when needed. This is where a Content Management System or Document Management System comes into play. These systems allow for full text search and a more structured system for filing and retrieving those documents. Bonus, they are typically cloud based, which means that they can be accessed anywhere with a secure log-in and you do not have to worry about the extra burden on your IT infrastructure. Contact us to help make your office more efficient, streamlined and productive! Author: Tom Hubler, Technical Solutions Consultant at Boring
How to handle compromised credentials
You’ve just discovered there are compromised employee credentials or other sensitive data of your company exposed and available on the Dark Web. The reality is, once exposed on the Dark Web, your information cannot ever be completely removed or hidden. You cannot file a complaint or contact a support line to demand your data be removed. Your company should immediately start taking appropriate steps and measures to correct or minimize the risks and potential damages associated with this exposed data. Identify, understand and learn from past mistakes or failures, and adopt a more proactive and preventative approach to your business’ cybersecurity strategies moving forward. Sound the Alarms Important Business Alert Alert all employees, top to bottom, of the compromised data and explain or educate them about the Dark Web. Review individual compromises with critical users. Explain specific threats and risks – both to the business and potentially, the user Establish/update strict password policies and review and share with users. Retire old and exposed passwords Define what a strong password is and implement a password construction policy Make different passwords for each business account mandatory and keep personal ones separate Determine a schedule for routine password changes Change passwords Change passwords for exposed logins – all accounts using the compromised passwords Replace with unique passwords for each account Change/refresh any passwords older than six months Cybersecurity Best Practices to Proactively Protect Your Business Implement Multi-Factor Authentication Even the strongest and most complex passwords won’t protect you if they have been compromised and exposed on the Dark Web. Requiring users to verify who they say they are via two or more unique security factors will virtually eliminate more than half the threats and risks associated with exposed user credentials. Consider Single Sign On (SSO) and Password Management Solution The combined benefits of a Secure SSO and Password Management platform will enable your entire workforce to adapt and thrive in a security-first environment while reducing password frustration and fatigue for users and empowering increased productivity. Ongoing Security Awareness Training for Users Users continue to be the weakest link in security for businesses worldwide. This is often due to genuine ignorance regarding security best practices and a lack of knowledge or awareness of common threats and risks. Establish ongoing security awareness training for all users and turn your weakest link into your strongest security defense. Perform Regular Risk Assessments A comprehensive audit of your business infrastructure and systems will inevitably reveal vulnerabilities and security gaps within your network, applications or on your devices. Performing regular assessments will allow you to stay in the know and enable you to achieve and maintain a more preventative approach to security, often eliminating issues or problems before they arise. Proactively Monitor for Breaches and Cyber Threats Cyber threats continue to increase and evolve, and hardware and software vulnerabilities are discovered regularly, exposing your business to a steady barrage of security risks. To adopt a proactive and preventative approach to cybersecurity, your business must have visibility and insight into both internal and external activities, trends and threats to the network and data. Back Up Everything It is imperative that you ensure your business and customer data is protected and secured against any incident or disaster such as system failure, human error, hackers, ransomware and everything in between. In addition, make sure you explore the importance of accessibility and consider investing in business continuity as part of your backup strategies. Invest in Cyber Insurance Sometimes things do not work out no matter how much effort you put into them. As a business, you must do everything right. However, a hacker only needs a single gap or weak point in your security systems to slip past your defenses like a trojan horse. Every business in operation today needs cyber liability insurance to protect their business when all else fails. Don’t wait until you are the next news headline or statistic. Contact us today to start implementing the comprehensive security solutions your business deserves.
Are your credentials in the Dark Web?
Digital credentials are at risk 39% of adults in the U.S. use the same or very similar passwords for multiple online services, which increases to 47% for adults ages 18-29. Passwords are a twentieth-century solution to a twenty-first century problem. Unfortunately, usernames and passwords are all that stands between your employees and vital online services. A good security practice is to use a completely different password for every service. How are credentials compromised? Phishing – Send emails disguised as legitimate messages. Malvertising – Inject malware into legitimate online advertising networks. Watering Holes – Target a popular social media, corporate intranet. Web Attacks – Scan Internet-facing company assets for vulnerabilities. How does a hacker use credentials? Send spam from compromised email accounts. Deface web properties and host malicious content. Install malware on compromised systems. Compromise other accounts using the same credentials. Exfiltrate sensitive data (data breach) Identity theft Data is sold at auction For those who make credentials available on the Dark Web, the financial rewards can be significant. A criminal dealing in stolen credentials can make tens of thousands of dollars from buyers interested in purchasing them. And by selling those credentials to multiple buyers, organizations that experience a breach of credentials can easily be under digital assault from dozens or even hundreds of attackers. The numbers are staggering The average number of data records per company, including credentials, compromised during a data breach is 28,500! Protecting against compromise While there is always a risk that attackers will compromise a company’s systems through advanced attacks, the fact is that most data breaches exploit common vectors such as known vulnerabilities, unpatched systems and unaware employees. Only through defense in depth – implementing a suite of tools such as security monitoring, data leak prevention, multifactor authentication, improved security awareness and others – can organizations protect their credentials and other digital assets from seeping onto the Dark Web. We keep you out of the Dark Web Small businesses need Dark Web Monitoring for today’s cybersecurity risk. Protect your business and secure your assets. We make Dark Web Monitoring affordable enough for small businesses to take advantage of enterprise-level actionable intelligence. Contact us to learn more about our Dark Web Monitoring services.
5 Common Social Engineering Scams
Social engineering scams have been going on for years and yet, we continue to fall for them every single day. This is due to the overwhelming lack of cybersecurity training available to the employees of organizations big and small. In an effort to spread awareness of this tactic and fight back, here is a quick overview of common social engineering scams. Managed service providers (MSPs) have an opportunity to educate their small and medium business clients to learn to identify these attacks, making avoiding threats like ransomware much easier. Phishing Phishing is a leading form of social engineering attack that is typically delivered in the form of an email, chat, web ad or website that has been designed to impersonate a real system, person, or organization. Phishing messages are crafted to deliver a sense of urgency or fear with the end goal of capturing an end user’s sensitive data. A phishing message might come from a bank, the government or a major corporation. The call to actions vary. Some ask the end user to “verify” their login information of an account and include a mocked-up login page complete with logos and branding to look legitimate. Some claim the end user is the “winner” of a grand prize or lottery and request access to a bank account in which to deliver the winnings. Some ask for charitable donations (and provide wiring instructions) after a natural disaster or tragedy. A successful attack often culminates in access to systems and lost data. Organizations of all sizes should consider backing up business-critical data with a business continuity and disaster recovery solution to recover from such situations. Baiting Baiting, similar to phishing, involves offering something enticing to an end user, in exchange for login information or private data. The “bait” comes in many forms, both digital, such as a music or movie download on a peer-to-peer site, and physical, such as a corporate branded flash drive labeled “Executive Salary Summary Q3” that is left out on a desk for an end user to find. Once the bait is downloaded or used, malicious software is delivered directly into the end users system and the hacker is able to get to work. Quid Pro Quo Similar to baiting, quid pro quo involves a hacker requesting the exchange of critical data or login credentials in exchange for a service. For example, an end user might receive a phone call from the hacker who, posed as a technology expert, offers free IT assistance or technology improvements in exchange for login credentials. Another common example is a hacker, posing as a researcher, asks for access to the company’s network as part of an experiment in exchange for $100. If an offer sounds too good to be true, it probably is quid pro quo. Piggybacking Piggybacking, also called tailgating, is when an unauthorized person physically follows an authorized person into a restricted corporate area or system. One tried-and-true method of piggybacking is when a hacker calls out to an employee to hold a door open for them as they’ve forgotten their ID card. Another method involves a person asking an employee to “borrow” his or her laptop for a few minutes, during which the criminal is able to quickly install malicious software. Pretexting Pretexting, the human equivalent of phishing, is when a hacker creates a false sense of trust between themselves and the end user by impersonating a co-worker or a figure of authority well known to an end user in order to gain access to login information. An example of this type of scam is an email to an employee from what appears to be the head of IT support or a chat message from an investigator who claims to be performing a corporate audit. Pretexting is highly effective as it reduces human defenses to phishing by creating the expectation that something is legitimate and safe to interact with. Pretexting emails are particularly successful in gaining access to passwords and business data as impersonators can seem legitimate, so it’s important to have a third-party backup provider. For all employees to be aware of the various forms of social engineering is essential for ensuring corporate cybersecurity. If users know the main characteristics of these attacks, it’s much more likely they can avoid falling for them. Aside from education and awareness, there are other ways to reduce the risk of being hacked. Employees should be instructed not to open emails or click links from unknown sources. Computers should never be shared with anyone, even for a moment. By default, all company desktops, laptops, and mobile devices should automatically lock when left idle for longer than five minutes (or less). Lastly, ensure your business is prepared to quickly recover from this kind of attack in case an employee does fall victim to one of these schemes. Humans are humans after all. By leveraging a solid backup and recovery solution, everyone can rest easy. Source: Datto.com, Courtney Heinbach
Humans And Cybersecurity Practices
Based on a comprehensive survey of 5,000 IT managers across 26 countries, Cybersecurity: The Human Challenge provides brand new insights into the state of cybersecurity skills and resources across the globe. It reveals the realities facing IT teams when it comes to the human-led delivery of cybersecurity, and explores how organizations are responding to the skills challenges they face. The study also exposes unique insights into the relationship between an organization falling victim to ransomware and their day-to-day cybersecurity practices. Key findings IT teams are showing progress in many battles IT teams are on top of patching. Three-quarters of IT teams apply patches to desktops, servers, applications, and internet-facing assets within a week of release. Servers and internet-facing assets are patched most quickly, with 39% of respondents patching them within 24 hours. Prevention is prioritized. On average, IT teams dedicate nearly half their time (45%) to prevention. After that, 30% of time is spent on detection and the remaining 25% is spent on response. IT managers are keeping up to date with cybersecurity. The majority (72%) say that they and their teams are up to date with or ahead of cybersecurity threats. Just 11% think they are significantly behind. Improving cybersecurity requires people – who are in short supply There is an urgent need for human-led threat hunting. Forty-eight percent of respondents have already incorporated human-led threat hunts in their security procedures and a further 48% plan to implement them within a year. The cybersecurity skills shortage is directly implementing protection. Over a quarter (27%) of managers said their ability to find and retain skilled IT security professionals is the single biggest challenge to their ability to deliver IT security, while 54% say it is a major challenge. Organizations are changing the ways they deliver security Improving operational efficiency is a key priority. Four in ten (39%) respondents said that improving operational efficiency and scalability is one of their biggest priorities for the IT team this year. Outsourcing IT security is rising fast. Currently, 65% outsource some or all of their IT security efforts. This is set to rise to 72% by 2022. The percentage of organizations that exclusively uses in-house staffing will drop from 34% to 26%. Ransomware victims display different behaviors and attitudes than those who haven’t been hit Ransomware victims are more exposed to infection from third parties. Twenty-nine percent of organizations hit by ransomware in the last year allow five or more suppliers to connect directly to their network – compared to just 13% for those that weren’t hit. Ransomware damages professional confidence. IT managers whose organizations were hit by ransomware are nearly three times as likely to feel “significantly behind” on cyberthreats than those that weren’t (17% vs. 6%). Being hit accelerates implementation of human-led threat hunting. Forty-three percent of ransomware victims plan to implement human-led hunting within six months, compared to 33% for those that didn’t suffer an attack. Victims have learned the importance of skilled security professionals. More than one-third (35%) of ransomware victims said recruiting and retaining skilled IT security professionals is their single biggest challenge when it comes to cybersecurity, compared to just 19% who hadn’t been hit. Download the full PDF report for more findings, including results for each of the 26 countries surveyed. About the survey Sophos commissioned specialist research house Vanson Bourne to survey 5,000 IT managers during January and February 2020. Sophos had no role in the selection of respondents and all responses were provided anonymously. Respondents came from 26 countries across six continents: Australia, Belgium, Brazil, Canada, China, Colombia, Czech Republic, France, Germany, India, Italy, Japan, Malaysia, Mexico, the Netherlands, Nigeria, the Philippines, Poland, Singapore, South Africa, Spain, Sweden, Turkey, UAE, the UK, and the US. Fifty percent of respondents were from organizations of between 100 and 1,000 employees, and 50% were from organizations of between 1,001 and 5,000 employees. Respondents came from a range of sectors, both public and private. Source: Sophos.com, Sally Adam