security risks

Saying Farewell to Windows 7: Why It’s Time to Move On to an Updated Product

July 20, 2019 by securewebsite

In the Fall of 2018, Microsoft announced that its Windows 7 product would experience its end of life as of January 14, 2020. This will have major implications for businesses as Microsoft will stop providing free Windows 7 support such as security updates. That means business leaders will have to choose between paying Microsoft an annual fee per device for updates and support to maintain Windows 7 or businesses will have to move on to an updated product such as Windows 10. This blog outlines what the end of life for Windows 7 will look like for the consumer, what your options are, and what the experts at ORAM recommend.

End of Life

Just as the human body runs out of steam and becomes too old or sick to continue to function properly, the same is true of technology. Newer, safer, better versions become available so the old technology typically goes the way of the Dodo. This is due to the fact that software manufacturers don’t have the manpower to continue to produce updates and provide support for older products as newer versions become available.

According to a June 2019 update for the Windows Lifecycle Fact Sheet, “Every Windows product has a lifecycle. The lifecycle begins when a product is released and ends when it’s no longer supported. Knowing key dates in this lifecycle helps you make informed decisions about when to update, upgrade or make other changes to your software.”

Extended Support Updates

While the end of life for Windows 7 is set for January 14, 2020, businesses not yet ready to make the switch to a newer version of Windows can opt-in for Extended Support Updates (ESUs). Businesses should be prepared as this extended support is expensive, especially for businesses that have numerous computers, and the cost will continue to increase over time.

For example, the first year of ESUs (January 2020 to January 2021) will cost $25 per device for Windows Enterprise and $50 per device for Windows 7 Pro. The second year of ESUs (January 2021 to January 2022), this cost will double and, by year three, it will double again.

In addition to the extraordinary cost for ESUs, the older versions of Windows won’t have the same capabilities on some newer devices which, again, limits its use.

“Prior versions of Windows, including Windows 7 and Windows 8.1, have limited support when running on new processors and chipsets from manufacturers like Intel, AMD, NVidia, and Qualcomm,” according to Microsoft. “A device may not be able to run prior versions of Windows if the device hardware is incompatible, lacks current drivers, or is otherwise outside the original equipment manufacturer’s (OEM) support period.”

Microsoft makes it clear on its site that, “If you continue to use Windows 7 after support has ended, your PC will still work, but it may become more vulnerable to security risks and viruses. Your PC will continue to start and run, but Microsoft will no longer provide the following support for your business (unless you pay the extra annual fee per device): No technical support, no software updates, no security updates.”

What it all boils down to is that without the continued support for Windows 7, businesses are putting themselves at a much higher risk of experiencing a breach or data loss.

It’s Time to Upgrade

In order to avoid security risks and viruses, Microsoft recommends that you upgrade to Windows 10. At ORAM, we agree with Microsoft’s recommendation that it’s time for businesses to make the move to an updated software such as Windows 10. Not only does keeping Windows 7 put your business at a higher security risk, which may put you out of regulatory compliance in some cases, but the cost of ESUs is prohibitive for most businesses and will likely cost your business more money in the long run than it would to upgrade, depending on your individual circumstances.

The software system of Microsoft 7 is very dated. It’s been out for 10 years now and Microsoft can’t maintain so many operating systems. To stay on the cutting edge of technology and save money, it behooves business leaders to upgrade their software.

Hardware Upgrades

In addition to software, now is the time to also take a good look at your business hardware. We recommend new hardware every three to four years to keep up with manufacturer warranties. We want to make sure our clients have hardware that is up to speed, can be effectively managed and is warranted by the manufacturer.

For machines more than a year old, ORAM recommends a hardware upgrade. The reason for this is that there is more activity happening online than there was just three years ago. This means consumers, the clients your business serves, use the latest technology and expect your business is doing the same. For example, voice recognition technology has made huge leaps and bounds in just the last couple of years and consumers are using it more every day.

If you make the move to upgrade your software without upgrading your hardware there are many steps to making the change. This can be costly in terms of IT hours and services. For starters, you’ll need to remove all information from your computer, install the new operating system, reinstall all applications, and then bring your data back over. The cost of that can be quite prohibitive as it can take three to four hours per device to make these updates to older hardware.

Installing new hardware with the new software already on board is more cost effective. It allows you to simply upload the apps you want and add your data. You’re all set to move ahead from there and it takes much less time. Of course, for ORAM clients on managed services contracts, installing new hardware and migrating data is part of our monthly services.

Beat the Rush

At ORAM, we recommend that our clients start getting ahead of replacements and upgrades now as hardware may end up on backorder depending on the increase in demand as we approach the end of life deadline. Additionally, you can expect that the cost of new hardware and software may even increase the closer we get to January. Also, you’ll want to schedule your managed services provider to perform updates and the swapping of hardware as soon as possible before they get completely booked.

For more information about end of life for Windows 7, software and hardware upgrades, or managed services, please contact ORAM Corporate Advisors now at (617) 933-5060 or visit us online.

Bring Your Own Device vs. Enterprise Devices

April 20, 2019 by securewebsite

Why Businesses Should Make the Investment for Employees

Mobility has become a major asset for modern businesses. It gives companies an edge when employees can work from anywhere with remote access on any device ranging from a cell phone, tablet, smartwatch, or laptop. Mobile technology has enabled unsurpassed flexibility in the workplace the likes of which the world has never seen before.

But as Spiderman’s Uncle Ben said, “With great power comes great responsibility.” When it comes to mobile devices, many business leaders wonder which is better: Allowing employees to bring their own devices to work or dropping the money to provide enterprise devices to all employees.

The Advancement of Technology

The development of the smartphone has shifted the way people communicate on a daily basis. In a recent survey conducted by Zinwave, “Over 85 percent of respondents, which included more than 1,000 office workers within the United States, utilize their cell phones on a weekly basis, at a minimum, for external communications, and usage was only slightly lower for internal communications.”

Not only do modern workers use their phones for voice capabilities (i.e. phone calls), but they use email through their phones as a prime form of communication. The aforementioned Zinwave study found email was the preferred means of external and internal communication for people while they are at work.

The ability to access the internet, company information, and messaging services (text) has made smartphones and tablets a necessity when it comes to productivity in modern business. “For example, 65 percent of industrial and 62 percent of healthcare workers utilize work-related data daily for a variety of applications,” according to Zinwave.

Technology has removed boundaries, improved flexibility, and enhanced communications with lower overhead costs. It can be tailored to the user experience and specific needs of any business. Mobile technology has even allowed organizations to increase their revenue potential.

“In our information-rich society, there are two critical types of interactions that must be fostered: employee empowerment and customer engagement,” according to the blog “6 Ways Mobility Can Transform the Workplace” by iOffice. “For many, mobility has become the backbone of their interactive strategy.”

The BYOD Market

According to an online article at GlobeNewswire, the U.S. BYOD market size was $30 billion in 2014 and is expected to grow 15 percent by 2022.

“Declining hardware prices, increasing mobile user workforce, and high smartphone penetration are the factors responsible for increasing BYOD market share across the region,” according to the article, which sourced BYOD research by Global Market Insights. “Increasing personal technology along with IT consumerization is also expected to boost the industry.”

While the popularity and benefits of mobile devices speak for themselves, business leaders must consider whether to allow BYOD or provide the devices for employees. Traditionally, BYOD was a highly accepted practice. Recently, there has been a move to corporate owned, personally enabled devices (COPE), the practice of organizations providing employees with mobile devices due to concerns over security, IT compatibility, and legal issues over user privacy versus company control.

At ORAM Corporate Advisors, our recommendation for mobile device management is that every employee should have a corporate-owned device. With an enterprise device, you can manage all of the security, firmware upgrades, software applications, and tracking your employees require to do their job. Additionally, COPE offers many other benefits.

Providing Mobile Devices

When your business owns the line of service for its devices, it has more control. You get to select the devices you prefer your employees to use rather than paying for and having the headache of supporting all device types. Additionally, you get to keep your devices up to date so you aren’t forced to make your network support older devices.

Protecting Your Assets

A study from Wall Street Journal Custom Studios commissioned by Symantec, showed “79 percent of employees admit to engaging in risky behaviors- intentionally or unintentionally- that place corporate data at risk” and “48 percent of employees don’t think about security risks when transferring files or sharing documents over cloud-based services.”

With corporate devices, you’re protecting your business assets. If your business owns the devices employees use, you’re able to wipe them in case they are stolen or lost somehow. This can be done remotely and quickly for theft or loss to prevent personally identifiable information (PII), trade secrets, or other secret data from falling into the wrong hands.

If a device such as a smartphone is owned by the company, you can simply call the phone carrier and wipe the phone’s memory. You request this by stating, “I need access to X, Y, Z employee’s phone. Here are the records that we are authorized to do so.” If the phone is a BYOD that’s accessing the corporate information, your business doesn’t have that same ability. The employee owns access to the account and the functions of that device.

Easy Access & Support

The same is true of the ability to access data easily. This is important when every minute counts in business. Take a smartphone for example. If there are any files, emails, or different communications downloaded to a phone on a corporate account, you’re able to search and query that device on demand. This is an improvement over waiting for an employee to submit paperwork at the end of the month in their call log when you need information immediately.

In addition, employees who use COPE devices have support from your IT department. Employees’ personal devices may not be compatible with your business network which could cause functionality issues. With corporate-owned devices, employees can simply contact IT for assistance.

Regulatory Compliance

COPE devices allow a company to reduce their exposure to security risk as well as legal and human resource issues. With tighter control through COPE devices, your business can implement the security measures it needs to keep its data and network safe. Furthermore, litigation resulting from breaches, loss of data, and regulation non-compliance is reduced.

In a highly-regulated industry such as finance, your business will need to be able to report such instances of loss or theft against that device to regulatory agencies such as the Securities and Exchange Commission. This is especially important should your business be audited or examined by such an entity.

The Money Factor

You may be thinking that providing mobile devices such as phones, tablets, and laptops to your employees is not cost effective, but the fact is that it can be. First, consider that many organizations provide a stipend for employees who bring their own devices. That stipend in and of itself is a cost. If you’re going to have the cost regardless, you should have the control as well.

Group mobile plans are getting less expensive for businesses of all sizes and can be written off as a business expense on taxes at the end of each year. In addition, when it comes to tablets, laptops, and other mobile devices, organizations buy in bulk to get a better price which benefits both the business and the employee. Another option for reducing the cost is to set up a cost-sharing option for both the device and its use with your employees.

Finally, when it comes to keeping your business secure to avoid regulatory penalties for non-compliance, the potential for lost revenue, and easy access to data, the investment up front is worth the return. That sense of security is priceless for most business leaders who wish to avoid potential breaches, lost revenue, and issues that can be caused by disgruntled employees.

The Employee Factor

Consider your best salesperson. If they use their personal devices to access your business information such as sales logs, client contacts, and invoices, they have information that could potentially damage your business financially if they were to leave.

In addition, your salesperson likely gives your clients that personal mobile number so they can contact them if they need anything. If your salesperson were to leave the company, your clients would still call that salesperson who can then easily take your customers to their new company with them. This means a loss of revenue for your business.

Should an employee leave, your business gets to keep the phone number. This means their clients will still be contacting one of your employees at your business through the same phone number. This reduces the odds of lost revenue for your company.

Create Policy & Enforce It

Every business, especially those in highly-regulated industries, should create policies regarding BYOD. This is true regardless of whether you allow BYOD or employ COPE devices in your business. You need a very secure policy and the correct mobile device management in place. In addition, your policy should outline that only legitimate work will be conducted on these devices.

If you need assistance with BYOD or COPE devices, creating policy, or mobile device management, contact ORAM today at (617) 933-5060. Our IT and security experts are always here to help your business grow smart while reducing its risks

The Modern Office and Business Continuity

March 7, 2019 by securewebsite

What you need to know to protect your company

The modern office requires that all components of your business environment work together harmoniously to ensure the best use of your IT infrastructure and seamless scalability as your business grows. One of the major components of the modern office is business continuity. This is an imperative piece of a solid IT plan for every company regardless of size or industry.

Business Continuity

When IT professionals discuss business continuity, they are generally referring to a proactive approach of having the right processes and procedures in place to ensure mission-critical functions continue to work properly in the face of a disaster or while a business is recovering from one. When it comes to business, there are many moving parts that still need to continue operating smoothly whether your company experiences a devastating fire or a nasty data breach.

The IT and business statistics are shocking. In the last five years, one in three organizations were hit by a virus or malware attack, according to DataCore, and more than half of companies (54%) experienced downtime that lasted more than eight hours. That’s a full day of work lost! While DataCore shows only 35 percent of outages are caused by natural disasters, 45 percent of outages are operational and another 19 percent are due to human error. These site outages can cost businesses thousands of dollars in lost revenue and restoration costs for every incident. Gartner, Inc., a global research and advisory firm, estimates that only 35 percent of small and medium businesses (SMBs) have a comprehensive business continuity plan and the financial loss for every hour of downtime can reach into the thousands even for SMBs.

Business continuity requires comprehensive planning before tragedy strikes an organization to allow them to overcome long-term challenges that would otherwise stop them in their tracks. With prior planning, business continuity ensures your entire business returns to full functionality as fast as possible following a crisis. That means everything from vital employee records and payroll to stored data access and email.

Think Cybersecurity

One of the first steps in a complete cybersecurity plan is business continuity. To start, you’ll want to ensure your business employs the best technology to combat the latest threats from ransomware and malware to other types of breaches. This means updating protections such as antivirus and firewalls, using multifactor authentication, and engaging your employees in ongoing, meaningful cybersecurity training.

Cybersecurity plans, which are typically handled internally by the chief information security officer (CISO) in larger businesses, should be designed as a living document that can expand and adjust when necessary to meet the changing needs of your business. Small to medium enterprises often don’t have a dedicated CISO so they can outsource this responsibility to organizations like ORAM Corporate Advisors.

Written Information Security Plan

As part of your business continuity plan, you’ll need a written information security plan (WISP), which also happens to be a requirement of many regulatory bodies, especially for businesses who contract or subcontract with the government and financial institutions. While government regulations vary from state to state and with the federal government, in Massachusetts this written document should contain, “certain minimum administrative, technical, and physical safeguards to protect” personal information such as names, driver’s license numbers, social security numbers, and financial account numbers. You’ll need to check with both your state and federal government to determine which regulations impact you as well as any industry-specific regulations. This is another place a CISO or third-party IT vendor can help.

Your WISP should designate an individual responsible for maintaining your IT program. This may be a business owner, CISO, or even a trusted advisor such as ORAM. It will also need to identify any reasonably foreseeable data security risks as well as protect and restrict access to electronic data that may include personal information for your employees and/or clients. This plan should also outline the oversight of third-party service providers and ensure those providers comply with local, state, federal, and industry regulations as well.

Because your business and its processes, risks, and procedures are unique, your WISP will be very specific to your organization. It cannot effectively protect you from culpability in the event of a breach or loss if it doesn’t address the particular risks of your company or if it includes practices that have not been put into practice in your business. Through coordination with your IT team and/or third-party IT vendor, you will need to identify “reasonably foreseeable risks” to ensure your WISP includes the practices your business adheres to.

In addition to IT functionality, your WISP will also address the non-technical operations that will still need to work in a disaster situation to keep your business moving forward. For example, it might address the accounting measures you have in place to keep employees and bills paid and clients invoiced if the worse should happen.

What Crisis Looks Like

Stolen laptops, lost cell phones, and an employee clicking on a phishing email that infects your entire network. These are all crisis that can and often do occur in the business world. Think of all the critical information that can be lost, stolen, or even held ransom. What do you do and who do you talk to? This is where planning ahead and having a WISP helps. It will outline how to respond to a variety of incidents.

Lost your company cell? Your WISP will inform you of who to call to wipe the lost phone and deactivate it before serious damage can be done. Did your organization experience a data breach? Your WISP will have identified a data backup plan so that nothing is completely lost. Has a virus made accessing email impossible? Your WISP will have determined if your email is stored locally, in the cloud, or both to decide how to get it up and running again fast. This thinking ahead with recommendations by your IT team or third-party vendor will help ensure you have continued access to business email which is the lifeblood of most commerce today.

Recovering from Incidents

One of the best things your WISP will do is outline policies and procedures for how to react and recover in a crisis situations. Regardless of the disaster that strikes, your WISP will point you to who to contact and how to react. Part of your WISP will address incident response and crisis management to minimize the impact when things do go awry, as they inevitably do.

Incident response and crisis management involves having the ability to maintain critical business functions during a disaster scenario. It also encompasses having plans in place for a rapid recovery from catastrophic incidents. If your business were to experience a flood, fire, or data breach today, would it be able to recover quickly and efficiently? Business continuity is all about having a plan in place that expects the unexpected and is prepared to handle it.

When it comes to IT and business continuity, the big question is, “How do you operate tomorrow?” If you don’t know the answer, it’s time to get a plan in place starting with an evaluation of the foreseeable risks your organization may face and a WISP to address them. Think of it as an insurance plan that also helps your business with regulatory compliance. When disaster strikes, your business’s IT team, CISO, or third-party IT vendor should have already given you advice. Hopefully, you have followed it. Then you know who you can call when things go wrong so they can tell you how to react to keep your business moving full-steam ahead.

If your company or organization needs assistance with risk assessment, developing a WISP, and planning for business continuity, call the trusted advisors at ORAM today at (617) 933-5060 or visit us online. Our experienced professionals are here to help and we are dedicated to partnering with small businesses to assist them in achieving success.