Microsoft Office 365

Budgeting for Technology in the New Year

January 24, 2019 by securewebsite

How to squeeze the most out of your IT and save your business money

With the New Year in full swing you’re probably preparing to implement your updated information technology (IT) plan. As a business owner or leader, you probably have many questions such as, “How much should my business budget?” You may also be wondering if you’re making the most of the IT you already have in place. In this blog, we break down what every business should be budgeting at the very least as well steps for ensuring your business has the technology it needs and that your network is as secure as possible.

Cloud Computing
If your business has not yet migrated to the cloud for your email and other services, now is the time to do so. There are several reasons it is best for businesses to move to the cloud. From saving money to better data security, cloud computing offers a ton of benefits to modern businesses.

To begin, establishing and maintaining your own data storage is expensive. Not only do you need to purchase the right hardware and software, but you have to hire people to install it and set it up. Cloud computing allows you to pay for just the services you use and can reduce your IT costs. It is so affordable that is was estimated in research by McAfee that nearly one-third of worldwide enterprises would be using software-as-a-service (SaaS) by the end of 2018. Cloud providers typically charge based on the features you choose, storage used, and number of users. Most also charge for time and memory space. This means you get to select the package that best suits your IT budget.

Cloud computing also allows you both flexibility and scalability. Cloud computing lets your employees work from anywhere they have internet access through virtualization. Giving employees the option to work remotely means you can cut the number of workspaces at the office further reducing your costs. In addition, scaling Cloud computing services is a cinch. You don’t have to spend a ton of money on new servers, storage, and licenses as your business grows. With the cloud, you just sign up for additional storage space or features as your business needs them.

If you store your own data, a breach or disaster such as a fire could devastate your business’s valuable information. With the cloud, your data will always be available as long as users have internet access. Many businesses use the cloud specifically for backup and disaster recovery for this very reason.

Data security is also a top priority in this day and age of hacks, breaches, and ransomware. Email is the lifeblood of most businesses to ensuring it is secure should be a top priority. Storing data and using email on the cloud is often more secure than storing it or hosting on physical servers and data centers in your office. Laptops and desktops can be stolen as can other hardware. Data on the cloud can be deleted remotely or moved to a different account and hackers face a greater challenge in breaching cloud platforms so your data is simply more secure. As a matter of fact, 85 percent of enterprises keep sensitive data in the cloud according to Vormetric.

Finally, cloud computing is one of the most effective ways to promote collaboration and it gives you a wide variety of service options to choose from. Your employees will be able to easily share data, collaborate on projects, and provide updates in real time from the field. Time wasted on repetitive tasks such as data entry are no longer an issue and you get to choose the services your business really needs whether it is abundant storage or software from a wide range of providers.

Leveraging Your Existing IT
Hardware and software can be hugely expensive investments for many businesses. Your business needs to get the most out of every bit of IT it has invested in. For example, you may already be using Office 365 for email but is your business using it for file sharing or collaboration between teams? A network assessment and IT audit can tell you where you have room for improvement, opportunities for growth, and options for cost savings.

A study by Bank of America in 2017 revealed small business owners found the greatest barrier to achieving a balance between work and their personal life involved administrative tasks. Perhaps you have software that can help you automate administrative tasks to help your business free up time. For example, Intuit’s QuickBooks Self-Employed software has an expense management system built right into it. An independent IT auditor can show you how to best use what you already have to meet your organization’s needs without spending more money unnecessarily.

Hardware Replacement
Most businesses cannot afford to replace their desktops and laptops all at once. This is especially true when the average lifespan of a desktop today is between three and five years according to a piece by Chron, an online news source.

“Of course, this number is just a generalization and a number of factors play into lifespan, ranging from the computer’s quality, care, and room for upgrades,” according to the blog, “What is the Life Span of the Average PC?” “For small business owners, every new computer is an expense and an investment, one whose worth over time largely depends on how you use it and care for it.”

Laptops are also a typical expense for most businesses. According to a blog by TechGuided, the lifespan of a laptop will depend on the quality of the product you purchase, how often it is used, and how it is maintained. “A mid-range laptop should probably last around four to five years, though, give or take a year or two depending on how you use it,” advises the piece.

To make such updating of your IT more affordable, we recommend making replacements in quarterly cycles rather than all at once. Your IT personnel or your IT auditor can make recommendations as to which hardware needs to be replaced immediately, which can hold off for a few months, and which pieces still have a good life ahead of them. Based on these recommendations, you can schedule a plan for cycling out old hardware each quarter on a regular basis. This serves to level out your IT spending rather than investing a ton of money all at once.

According to an article by Business.org, businesses should “expect to pay between $400 for a basic model with limited storage space to $3,500 for a top of the line desktop with a large hard drive. Desktops also range in price based on operating system as well. For example, models that run Windows may be less expensive than Apple models. Apple desktops vary in cost from $1,500-$3,500, depending on which features you need.”

The same piece also stated that laptops “range from $300 for the most basic models to $3,000 for high-speed models with large storage capacity. Similar to desktops, laptops also vary in cost depending on which operating system you prefer. Apple laptops tend to fall towards the middle of the price scale, ranging in cost from $1,000 to $2,500. Laptops that run Windows have a wider price range, and cost depends mostly on features and brand.”

The Latest Software
In addition to hardware, businesses will also need to consider the software they are using. When you purchase software, it is licensed to your business and may have an end date to your user agreement. Additionally, software changes over time and there may be upgrades that could benefit your company or even new software that is better than what you have.

This is where the IT audit can once again assist your business with saving money. Your IT auditor can evaluate your existing needs versus the software you have in place. They can determine if you have the latest software or if the software you have simply needs to be patched or updated. A real IT expert can educate you about software to help you achieve your business goals while saving you money. Based on their recommendations, you can choose to either use what you already have or purchase better software to save your business money over the long term.

Email Security
As we mentioned before, email is as critical to business continuity as breathing is to life. That means you need to have quality security for your email. Software such as Microsoft Office 365 and other programs can scan for threats, identify phishing attempts, and filter spam. Programs such as Mimecast offer many of the same advantages and can also aid employees when it comes to identifying websites as safe or unsafe to visit based on URL reputation. Anti-virus, anti-spam, and firewall software are also good to include in your IT plan.

The cost of software will vary by brand and product. For example, a one-year subscription to Office 365 Unlimited Professional is just $99.00 online. That cost covers up to five desktops, five tablets, and five mobile devices such as smartphones. There are also monthly subscriptions to Office 365 Business for as little as $8.25 a month. What you spend will ultimately depend on what software you purchase or subscribe to, how many devices you need to cover, and for what length of time.

Technology Awareness Program
All of the hardware and software in the world won’t protect your business if your employees are not technology savvy. Any IT expert will tell you that regularly-scheduled, ongoing employee education is the cornerstone of securing your business data. This is something that every business should budget for because it’s your employees that can make or break your business.

The cost of security awareness and end-user training will, again, vary from business to business. This is because most companies that handle Technology Awareness Training programs, such as Oram Corporate Advisors, base their rate on how many people are being trained, how in depth the training will be, and how frequently you host trainings. Ideally though, businesses should train every new employee as part of their onboarding process with all-staff training every six months to keep employees updated on the latest threats and how to avoid or combat them. This investment in training will pay off in dividends as each employee becomes more aware of the threats they face and their role in protecting your business.

At the end of the day, how much your business should budget for technology this year will depend on a variety of factors from how you store your data to what hardware and software you have as well as your business goals. If you would like more information about IT asset management, network assessments and IT auditing, or other IT support services, please contact Oram at (617) 933-5060 or visit us online. We can even schedule a free technology assessment to get your business started off on the right foot in 2019.

Threats to business cybersecurity and a strategy for resiliency

October 4, 2018 by securewebsite

Imagine going into work, settling into your routine, and realizing you can’t access your email. You try refreshing your browser, logging out and then back in again, only to realize something malicious has happened. You start to panic. You can’t work, don’t understand how this could have happened, and wonder what the cost to your business will be.

Email is arguably the most vital tool used in modern business. It helps us communicate with our customers, collaborate internally, and keeps the information we need to move forward flowing like the blood in our veins. Without it, the livelihood of our business is at stake.

What has become the lifeblood of today’s businesses, Cybercriminals are using to become just as successful. According to the report The State of Email Security 2018 by Mimecast, email is the main way hackers initiate attacks to defraud businesses such as phishing scams, malware delivery (such as ransomware), and impersonation. As a matter of fact, the report shows a whopping 90 percent of global organizations studied in the 2018 report described consistency or rise in the number of phishing attacks experienced in the previous year.

BEC and EAC Threats
The 2017 Internet Crime Report issued by the United States Federal Bureau of Investigation’s Internet Crime Complain Center confirms email is a major target of bad actors. The report shows business email compromise (BEC) is a huge trend. This sophisticated scam targets organizations that frequently work with foreign suppliers and/or businesses and perform wire transfers on a regular basis. A variation of the threat, known as email account compromise (EAC) specifically targets individuals who regularly make wire transfers.

The FBI warns that though some businesses report using checks rather than wire transfers, cybercriminals will very casually employ the method that your business typically uses to steal your funds so as not to draw attention to themselves. They do this by compromising your “legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.”

Hacking and Spoofing
In 2013, the FBI’s report shows victims indicated the email accounts of Chief Executive Officers (CEOs) and Chief Financial Officers (CFO’s) were often spoofed or hacked.

When an email is hacked, criminals can intercept important messages and data. One example is Climategate. This occurred when email archives from the Climatic Research Unit at the University of East Anglia were copied by the thousands. The breach occurred just before the Copenhagen Summit on climate change. Skeptics used information from the stolen emails as grounds to argue that global warming was a scientific conspiracy.

Email spoofing, or impersonation, is the forgery of an email header so a message appears to have originated with someone other than the actual source. This is a common tactic used by cybercriminals in phishing campaigns and spam emails because employees with access to data and/or funds are likely to respond to emails from supervisors or clients. A bad actor may spoof the email header of a CEO and send an email to someone that often handles wire transfers within the company, demanding an immediate wire transfer to avoid an emergency situation. In addition, spoofing can also be used by bad actors to fraudulently invoice business customers for goods or services with the funds going directly to accounts they have set up in order to steal money from the pockets of your unsuspecting clients.

Attackers are becoming ever more clever in the way they deceive victims. With social engineering, cybercriminals are learning to target specific individuals in a company by impersonating them online. In the last year, nearly 40 percent of organizations have seen impersonations of “finance/accounts” personnel and 28 percent report C-suite executives as targets of impersonations. Another 25 percent of organizations reported impersonations of human resources staff. In total, 20 percent of respondents studied in the Mimecast report suffered a direct financial loss as the result of an impersonation attack.

Phishing by Numbers
Phishing is another form of email threat. Phishing occurs when someone sends an unsolicited email, text message, or telephone call that is purportedly from a legitimate company. Such phishing messages may request personal or financial information or even login credentials. An online article by TripWire reported that three-quarters of organizations experienced phishing attacks in 2017. This number held steady from the previous year.

A study by Dr. Zinaida Benenson, a professor at the University of Erlangen-Nuremberg who leads the “Human Factors in Security and Privacy” research group, demonstrated that 45 percent of people will click on a malicious link if it includes their name. In a second study where the recipient name was not used, 20 percent of people still clicked on the link. She suggested companies employ a “reporting” feature to flag suspicious emails or that utilize digital signatures to stop them before employees have a chance to get click happy.

Ransomware
Ransomware is a form of malware. It targets weaknesses by both security technology and human users. This malicious type of malware is typically delivered through vectors such as remote desktop protocols which allow computers to connect to one another across networks. Additionally, ransomware can also be sent through phishing emails that are sent to an end user resulting in the rapid encryption of sensitive data or files in a network.

Cybercriminals seize control of a business’s data in these ways and then hold it for ransom, often demanding large sums of money to restore access. Some cybercriminals even threaten to release proprietary information or data if a ransom is not paid within a given timeframe. Aside from that, the Mimecast report shows an average downtime three days after a ransomware attack which can cost your business even more money.

WannaCry, also known as WannaCrypt, was one of the major ransomware attacks in the history of IT. It affected several hundred thousand machines around the world bringing businesses from banks to law enforcement agencies as well as infrastructure companies to their knees.

Internal Threats
The Mimecast report also demonstrates that internal threats are also on the rise. Of the organizations studied, 88 percent reported internal threats caused by careless employees over the course of the last 12 months. To make matters worse, another 80 percent reported accounts had been compromised and 7- percent identified malicious insiders as a cause of internal issues during the same period.

Insiders have a distinct opportunity to wield emails. They can steal information and send it to outsiders or publish it for their own gain. This is where using the practice of least privilege can help protect your business.

Prevention is the Best Medicine
It’s been said that the best defense is strong offense. That is particularly true when it comes to cybersecurity. Just as you inoculate a child against disease with vaccinations, businesses should employ preventative measures to reduce the odds of an attacker getting in through their email.

Oddly enough, businesses have taken a more reactionary approach to cybersecurity and it’s costing them big time. Changes in data storage technology such as migrating email to platforms such as the Cloud or Microsoft Office 365 is leading businesses to oversimplify their security strategy. Business leaders believe they can save money and minimize the complexity of managing their cybersecurity by employing a defense-only model. This way of thinking falls short of providing the forethought and prevention the best security has to offer.

“Attackers are leveraging these same changes and are working in real-time to exploit gaps in your security program,” warns the Mimecast report, which predicts that 50 percent of organizations will suffer a negative business impact from an email-borne attack this year.

Education is Key
While email is unequivocally a major business tool, it can also be a major security threat. Of the organizations studied for the Mimecast report, “61 percent were hit by an attacker where malicious activity was spread from one infected user to other employees via email.” That is why cybersecurity awareness training is so imperative to a solid business security strategy, especially for business leaders.

According to Mimecast, nearly 40 percent of organizations see the CEO of their organization as a “weak link” in the cyber security chain. In fact, the study showed 31 percent of C-level employees have unintentionally sent sensitive information to the wrong person in the last year compared to 22 percent of other employees. This is due in part to corporate level employees having access to more sensitive business data than the average employee. Over the last 12 months, the report also showed 20 percent of organizations had C-level employees send proprietary data via email in response to a phishing email.

All employees should receive regular cyber security awareness training to prevent breaches before they can happen. While every employee needs regular training to keep up on the latest threats, this is especially true for C-level employees and those with access to sensitive data. You want to ensure there is security expertise at the leadership level of your business and the right training can get you there.

Cyber Resilience is Everyone’s Job
Implementing a solid cyber resilience plan is the responsibility of every employee. It doesn’t just fall to one person or department. Of businesses that have employed a cyber resilience plan, 80 percent feel prepared to fight ransomware and are confident that their sensitive data and files are properly backed up and encrypted, according to the report by Mimecast.

There are several steps to implementing a cyber resilience plan for any business based on the four dimensions of cyber resilience: Threat protection, adaptability, durability, and recoverability. Those steps include ensuring:

• The right security services are in place before an attack happens.
• A durability plan to keep email and business operations running during an attack or security breach.
• The ability to recover data and other corporate IP after a cyber incident or breach occurs.

Extra Tips
Here are a few more tips from the State of Email Security report to help close the security gaps at your business:

• Place cybersecurity into the function that manages overall risk mitigation for your business.
• Understand upper management sets the tone for company culture including security.
• Benchmark your security controls and risk management programs against similar businesses on a regular basis.
• Engage your security team on a regular basis to discuss your security program and requirements as well as the need for changes.
• Leverage internal marketing to communicate that security is everyone’s responsibility.

For more information on implementing a winning cyber resilience strategy for your small business, contact Oram now at (617) 933-5060.