Reducing the Challenges of Workforce Collaboration

How Do You Reduce Headaches Of Managing Projects (While Saving Money On IT)?

It’s a special kind of relentless attack which all business owners and managers face: the persistent, crazy, chaotic assault on your time and attention. No one is immune, and every business deals with it.

Some leaders handle the constant pressure on their attention brilliantly, keeping the team organized and highly productive. But most people struggle with this, They often feel crushed and overwhelmed by all the things they have to keep track of and do. This goes double if your business is in growth mode and not “standing still” or casually strolling through its existence. 

Add to this a remote workforce, and it can be intensely difficult to wrap your head around all the projects, to-dos, deadlines and client deliverables you and your leadership team must manage. Pulling all the pieces together from many different directions is complicated. Keeping things from slipping through the cracks can become a full time job. 

While we as an IT company cannot tell you what projects are most important, we can absolutely help you and your team stay far more organized. With the right tools it is easy to know if the people on your team are properly aligned, prioritizing the right work, and focused on their MVP's (Most Vital Priorities). We can also help you organize communication to lessen the chances of a dropped ball or a breakdown in communications. In our experience, this is by far the #1 reason why problems happen in business.

One of the tools we recommend to clients wanting to regain operational control and experience clearer communication is Microsoft Teams. There are a lot of reasons why this is a “super tool” for productivity and organizational alignment, and as a bonus, it typically ends up saving our clients quite a bit of money on technology. We often find that clients are using multiple channels of communication between different areas of their business. Applications like Slack, Zoom, and a myriad of popular project management platforms can be replaced by leveraging the power of Microsoft Teams, a core component of Microsoft 365. The result is putting all of these divergent technologies into one lower-cost, more secure, and more tightly integrated system.

Let me share just a few of the cool features you’ll love in Teams. Keep in mind that this list is far from complete. Microsoft Teams has over 1,900 applications you can pick from to integrate into a Teams Channel to organize information, workflow, tasks, deadlines and documents.

Posts: The “post” feature works a lot like Slack in that it will allow you to post questions, reminders and status updates to everyone on that Team regarding that project. This not only keeps ALL communication for a project in one place, but it creates a history and alerts everyone on the team to what’s going on. This feature saves a lot of money for companies using Slack since it’s native and included in Microsoft Teams.

Workflow Management: This section of Teams is one of our favorites because it allows you to create “complex” to-do lists where you can assign each item to one or more people; have a progress status, priority and due date; add documents and files; and create a checklist of all the things that need to be done. Better yet, team members who are responsible for the project can provide status updates and check off items that are completed so you know where you are with any given project. If you want to put this part of Teams on steroids, consider integrating with workflow management apps such as Tello. One of the challenges, especially in a distributed, remote workforce, is keeping an effective sense of workflow.  Being able to easily assign team members to particular project tasks using an app like Trello means fewer details fall through the cracks.

Video Conferencing: While Teams is not as slick as Zoom, it does have some features that make it better for team collaboration and projects. The biggest advantage over Zoom is that you can hold a video conference, and the recording of the meeting – along with all of the notes, files and links – will remain in that Team for easy reference later on. This can be extremely helpful for people who might not have been able to attend a meeting, making it easy for them to find and watch the recording, and it also retains a record of critical conversations. Plus, it eliminates expensive Zoom licenses for all employees because it’s included in Microsoft 365.

Business Intelligence: Tracking project goals, data points, and trends is made easier in the Teams environment when the data mining and reporting features of Power BI are integrated with the popular collaboration platform. Embedded interactive reports can help move discussions along and fuel innovation, growth, and a deeper sense of buy-in.

These examples only scratch the surface of what you can do with Teams, With such a wide array of integrations, Teams can be customized to fit most every business to enhance organizational collaboration and control. If you want to see a demo of Teams or do a cost analysis to see how implementing this can save your organization money on Slack, Zoom and other project management platforms by combining it into one application, click here to schedule a brief call.

Who Owns It: Cybersecurity Compliance?

 Why Cybersecurity Compliance Doesn’t Belong In The IT Department’s Hands

What if you discovered that all of the hard work, investments and time you’ve put into growing your business is at risk due to a failure of your outsourced IT company, or possibly even your well-meaning (but overburdened) in-house IT department? If you were exposed to that level of risk, wouldn’t you want someone to tell you about it?

This article is that wake-up call.

 

Over the last several years, the risks associated with cyber security attacks have grown in magnitude. They are no longer a low-probability hazard that will result in a minor inconvenience. Businesses of all sizes and types are getting hacked and losing hundreds of thousands of dollars, or even multiple millions, in addition to suffering significant reputational damage and loss of customer goodwill. For some, it’s a business-ending event. For nearly everyone else, it’s a significant financial disaster that can negatively impact profits and revenue for years.

 

Yet too many CEOs and small business owners are still abdicating critical decisions regarding risk tolerance and compliance policies to their IT company or IT department when these decisions never really belonged there. For many organizations, they rely on the basic risk assessments offered by external IT companies as enough information to base what amount to policy decisions.  It is not enough. They do a commendable job assessing one facet of risk, typically the technology side of things, yet leave the people and process components to their own devices.  

 

Here's a good example: Let’s suppose you have an employee who refuses to comply with your data security and password policies. They also consistently avoid taking the proscribed cyber security awareness training. These deficiencies put your company at risk for a cyber-attack and compliance violation. This is clearly a People and Process problem. Should your IT manager or IT company discipline this employee?

 

Is it sensible for the CEO to abdicate a response to what is purely a culture problem to their IT department? If you say yes, the question is, when was the last time you met with them to specifically address this issue and direct them on how to monitor and manage it? Likely never – or once, a very long time ago.

 

Therein lies the problem. Most CEOs would agree that it’s not up to the IT department to make that call. And yet, many of these same CEOs leave it entirely up to the IT department (or outsourced IT company) to handle the situation and make decisions about what is and isn’t allowed, how much risk they want to take, etc.

 

Worse yet, many CEOs aren’t even aware that they SHOULD have such policies in place to ensure their company isn’t compromised or at risk – and it’s not necessarily your IT person’s job to determine what should or shouldn’t be allowed. That’s clearly the responsibility of the CEO. Culture starts at the top.

 

As another example, many companies have invested in cyber liability, ransomware, or crime insurance policies to provide financial relief in the event of a cyber-attack. The logic here is to cover the exorbitant legal, IT, and related cleanup costs that result when such an event occurs. Yet our experience shows that most insurance agents and brokers do not understand and cannot convey to the CEOs to whom they are selling a policy what the IT requirements needed to secure a policy. Therefore, they never advise their client to make sure they get with their IT provider or internal IT to ENSURE the right protocols are in place, or risk having coverage denied for failure to comply with the requirements in the policy they just sold them.

 When a cyber event occurs and the claim gets denied, whose fault is it? The insurance agent for not warning you? Your IT department or company for not putting in place protocols they weren’t even briefed on? Ultimately, it’s on you, which is why you as the CEO must make sure that decisions impacting the risk to your organization are informed ones, not decisions made by default.

 

Of course, a great IT company will bring these issues to your attention and offer guidance, but most are just keeping the “lights” on and the systems up, NOT consulting their clients on enterprise risk and legal compliance.

If you want to make sure your organization is prepared for and protected from the aftermath of a cyber-attack, call (413) 786-9675 or click here  to schedule a private consultation with one of our compliance advisors about your concerns. It’s free of charge and may be extremely eye-opening for you

MOVEit over? Not just yet!

This HUGE And Recent Data Breach Practically Guarantees YOUR Personal Information Was Stolen

Back in May, the company MOVEit, a file transfer platform made by Progress Software, was compromised by a Russian ransomware operation called Cl0p. They used a vulnerability in Progress’s software that was unknown to exist at the time. Shortly after the attack was noticed, a patch was issued. However, some users continued to be attacked because they didn’t install it.

The software is used by thousands of governments and financial institutions and hundreds of other public and private companies from around the world, and it’s been estimated that at least 455 organizations and over 23 MILLION individuals who were customers of MOVEit have had their information stolen. As the days, weeks, and months pass, more affected business and government agencies have indicated that they, too, were compromised.

Some of these organizations include:

•      The US Department of Energy
•          New York City Department of Education
•          UCLA
•          Shell
•          Ernst & Young
•          Northwest Mutual
•          Pacific Premier Bank
•          TransAmerica Life Insurance
•          Honeywell
•          Bristol Myers Squibb
•          Gen/Norton LifeLock
•          Radisson Hotel
•          BBC
•          British Airways

The majority of those organizations (73%) are based in the US, while the rest are international, with the most heavily impacted sectors being finance, professional services and educational institutions.

Cl0p is a type of ransomware that has been used in cyber-attacks since 2019. Data stolen is published to a site on the dark web – a section of the worldwide web where cybercriminals sell and trade information without having to reveal themselves. The ransomware and website have been linked to FIN11, a financially motivated cybercrime operation that has been connected to both Russia and Ukraine and is believed to be part of a larger umbrella operation known as TA505.

What makes this attack so terrible is that many of the organizations compromised provide services to many other companies and government entities, which means it’s very likely their customers, patients, taxpayers and students were compromised by association. As more victims come into the light, the chances of the breach impacting millions more is imminent. And yes, you’re probably one of them.

The big question is, were you notified?

For some reason, this breach didn’t make mainstream headlines, often only during the late news cycle when only those of us with insomnia were watching.  The truth is, however, when a company is compromised, they are obligated to tell you if your data was stolen. This can come in the form of an e-mail or snail mail letter. However, due to spam filters, e-mail delivery is clearly not a reliable way to ensure an important message is received.  

And, how many pieces of junk mail do you receive in your home mailbox that never make it to the door, but rather wind up in the waste bin? Unless it is clearly marked from an organization you recognize there is a pretty good chance that it will not be opened in a timely manner, if at all. Let’s face it, the logistics of organizing a letter for over 36 million people can take time. Just like that proverbial check, the notification letters may still be “in the mail”.

What to do: If you suspect that your account credentials may be among those compromised (and they probably are), you need to ensure that all your passwords and PINs are changed ASAP! You must also be on the lookout for any strange activity. Don’t use the same passwords and make sure they are at least 12 or more characters long, using uppercase and lowercase letters, as well as special characters and numbers. If you do not already used one, consider a password management application like Keeper which will allow you to use longer, more challenging passwords without losing your mind.

You should also ensure that MFA, or multifactor authentication, is turned on for all critical software applications and websites you use, such as Microsoft Office, QuickBooks, banking and payroll software, your credit card processor, etc.

Want to know if your company’s information is on the dark web? Click here to request a free Dark Web Vulnerability Scan for your organization (sorry, we don’t offer this for individuals). Simply let us know your domain name and we’ll conduct the search for free and contact you to discuss what was found via a confidential review (NOT via e-mail). Questions? Call us at 413-786-9675. 

7 Quick Fixes To Fix SLOW Home Wi-Fi

7 Quick Fixes To Fix SLOW Home Wi-Fi
(or.. How to claw your way out of the pit of frustration)

Nothing is more aggravating than attempting to watch a video or use your PC when the Internet is operating slower than molasses flowing uphill in winter. Well.. maybe getting disconnected from your big sales pitch video conference when working from home might trump binge watching the latest hit shows just a little bit..

For our clients, we have many solutions to make your Internet connection faster, more reliable and secure. But what about at your home? Spotty, unreliable Wi-Fi is almost certain to happen at the most inconvenient time, like when you’re about to watch a great movie on a Friday night.

Here are our top 7 fixes for slow home WiFi signals.

Step 1: Make sure your Internet Service Provider (ISP) isn’t having issues. Most ISPs will have outages published on their website. It is best to check this using your phone’s mobile network instead of your home Wi-Fi. If there are no outages or known problems, you can move on to the next steps.

Side Note: If you haven’t talked to your ISP in over a year, you should call and see if they have new plans that will give you more bandwidth for less money. You might also shop other providers to see if they have recently upgraded their network and can offer better, faster service than your current ISP.

Step 2: Update your router, especially if you haven’t done so in the last 2 to 3 months. This will not only reset your router with the latest (and fastest) connection speeds but also ensure you’re up-to-date with security patches and other preventative programs. You might just reboot it as well, powering it off and on again. Sometimes that’s enough to fix the problem.

I would also suggest you get a new router if yours is over 3 years old. Aim for one with Wi-Fi 6 and dual or triple band capabilities, which allows your router to connect with multiple devices without sacrificing any speed or bandwidth.

Step 3: Change the channel. Download the app Network Analyzer to help find the most appropriate channel for your connection. If you’re using the 2.4 GHz frequency, change to another less “noisy” channel. How you do this depends on the brand and model of your router, so refer to your router’s manufacturer for details. 2.4G signals can be impacted by other devices in that wireless range. With more home appliances connected to the net (and most often on 2.4G bands), your network can quickly become saturated. Also, some home appliances like microwave ovens when in use can disrupt a 2.4G WiFi signal.

Step 4: Upgrade to a mesh Wi-Fi router. When too many devices connect, Internet speeds decline. One option is to get a mesh router like NETGEAR’s Orbi Mesh, Asus ZenWiFi AX (XT8), or Eero Pro 6E Mesh from Amazon.  Unlike a traditional router which broadcasts it’s signal from a single device, a mesh system uses multiple devices to balance loads among many points of entry. In smaller homes, upgrading to a single, more expensive router like a Nighthawk could help. One downside of mesh systems: they struggle in old homes such as Victorian era construction due to the density of the building materials used.

Step 5: Turn on QoS, or Quality of Service. This is a router feature that lets you prioritize traffic and apps, such as Zoom or gaming programs. Essentially, your router will prioritize certain uses over others. Of course, how this is done varies by router, so you’ll have to check your router’s manual for details.

Step 6: Check that you haven’t been compromised. If your Wi-Fi network is open without security or is using WEP, WPA or WPA2, change your settings immediately. Go with WPA3 encryption (which is the most secure) and disable any remote management options on your router. Viruses and hacks can suck up resources and may be the reason for your network grinding to a halt. Also, make sure your devices firmware is up to date and you have changed the default password to a complex password with more than 12 characters (we recommend 20 or more characters).

Step 7: Change your router’s location. The basement might not be the best place to store your router. Try placing it up high and as close to the center of your home as possible, free from obstructions and appliances, mirrors, concrete walls and metal materials that can cause signals to bounce or be blocked. If you put your router on a wall of your house, your signal is only impacting half of your home. If you have a large house, you will probably need to invest in Wi-Fi extenders around the house to boost the signal.

If your business Wi-Fi is slow, spotty and problematic, click here to request a free diagnostic of your office Internet connection to see what’s causing the problems you’re experiencing. Obviously, business Wi-Fi is more important than home Wi-Fi and can cost you in untold frustration and low productivity if not fixed. Contact us today at 413-786-9675!

Are Your Business Tools Ticking Time Bombs For A Cyber-Attack?

 Business Risk Starts Within...

In June a popular file-sharing software amongst big-name companies likes Shell, Siemens Energy, Sony, several large law firms, a number of US federal agencies such as the Department of Health and more was hacked by Russia-linked cybercrime group Cl0p. In its August 24 article, Security Magazine reported that, to date, there are 988 known companies impacted by the breach, resulting in the personal information of more than 59 million people being compromised. More are expected to emerge as the investigation continues.

If you’re reading that list of company names thinking, “I’m just a small business compared to these big guys – that won’t happen to me,” we’ve got news for you. Many of these companies have cyber security budgets in the millions, and it still happened to them, not because they were ignoring the importance of cyber security, but because of a piece of software they use to run their business.

Progress Software’s MOVEit, ironically advertised as a tool you can use to “securely share files across the enterprise and globally,” “reduce the risk of data loss” and “assure regulatory compliance,” was exploited by a tactic called a zero-day attack. This occurs when there is a flaw in the application that creates a gap in security and has no available patch or defense because the software maker doesn’t know it exists. Cybercriminals quickly release malware to exploit the vulnerability before the software maker can patch it, essentially giving them “zero days” to respond.

These attacks are dangerous because they are difficult to prevent and can quickly and easily ruin smaller businesses.

Depending on the organization’s motives, the stolen data can be deleted, held for ransom or sold on the dark web. Or, if you are lucky enough to recover your data, you might still end up paying out thousands or more in fines and lawsuits, losing money from downtime and coming out on the other end with a damaged reputation that causes clients to leave anyway. In MOVEit’s case, the cybercrime agency Cl0p has claimed on their website that their motivation is purely financial and has allegedly deleted data obtained from government agencies as they were not the intended targets.

What does this mean for small businesses?

For starters, it underlines the harsh reality that cyber security isn’t just the concern of big businesses and government agencies. In fact, small businesses can be more vulnerable to cyber-attacks, as they often dedicate fewer resources to protection. While the small business might think that no one is interested in their data, the threat actors know that it is important to the business owner and their clients. Using that leverage, either through ransomware or extortion, the threat actor often wins. Again, their motivations are most often purely financial in nature.

It also means that even if your organization is secure, the third-party vendors you work with and the tools you choose to use in your business still pose potential risks. Most of MOVEit’s customers that were affected likely had strong cyber security measures in place. Even though it was no direct fault of their own, at the end of the day, those companies still must go back to their clients, disclose what happened and take the verbal, legal and financial beating that comes with a data breach.

The MOVEit hack serves as a grim reminder of the critical importance of cyber security for businesses of all sizes. In the face of an increasingly sophisticated and fast-moving cyberthreat landscape, businesses cannot afford to ignore these risks. Cyber security must be an ongoing effort, involving regular assessments, updates, monitoring, training and more. As this terrible incident shows, a single vulnerability can lead to a catastrophic breach with severe implications for the business and its customers.

In the digital age, cyber security isn’t just a technical issue – it’s a business imperative.

An important facet of creating a cybersecurity aware culture in your organization is to ensure that all your business tools, service providers, and third party resources have been evaluated to determine what level of risk they impose on your organization. From there, determine what controls must be implemented to minimize that risk. When you consider your current IT provider, to what extent do THEY protect themselves from becoming a headache for you?

If you have ANY concerns about your own business or simply want to have a second set of eyes examine your network for vulnerabilities, we offer a FREE, objective Cyber Security Risk Assessment.

Click here to schedule a quick consultation to discuss your current situation and get an assessment on the schedule.

The Key To Scaling Your Company Efficiently

As a business owner, you know that continuous, steady growth is an essential part of success. When you’re ready to get serious about scaling your organization, several vital activities must happen. Documented workflows and processes, streamlined hiring, onboarding and training, well-oiled marketing systems and more top the list. One key but often overlooked element of scaling success that can make or break your efforts is leveraging technology to enhance operations quickly, efficiently, and cost-effectively.

With the realization of Covid-19 causing a major shift from office-based to distributed workforces, many companies were caught flat-footed. With much of their corporate culture driven by internal, on-premise systems, the lift and shift from on-premise to remote work posed unanticipated constraints on pivoting to the new normal. This became the Achilles Heel for many businesses. As we look in the rear-view mirror at a challenge that, sadly, resulted in the downfall of many small to mid-sized businesses, we need to look at the lessons learned. This relates directly to businesses looking to grow.

As history taught us, flexibility is a must for a business to thrive and grow in today’s economy. When we look at the available options of how to use technology as a leverage point for growth, one resource we can’t overlook is implementing cloud based systems and resources. The cloud, which now integrates with numerous AI tools, giving it more capabilities than ever before, allows you to streamline and automate your operations without large, unnecessary investments.

In this article we’ll cover what the cloud is, the major benefits you should take advantage of and how you can use it to grow your organization without overspending.

The cloud is simply a global infrastructure of servers that gives you remote, on-demand access to both applications (think Microsoft 365), as well as computer system resources, including cloud based servers, workstations, and data storage. Cloud based resources are in most cases virtual systems run on in data center and accessed over the Internet instead of on your computer’s hard drive. With these capabilities, your business doesn’t need to invest in its own hardware or perpetual software licenses, allowing you to pay only for what you use when you use it. Software and hardware can be expensive, making this a great solution for businesses in growth mode without unlimited budgets.

How can the cloud help your organization? Here are 5 benefits to consider:

1. Economies of Scale – As mentioned, with most cloud-based programs you can expand the services as your business grows. When revenue increases and you take on more clients, you can choose to upgrade your services or invest in new features or capabilities, so you never pay for more than you need at the time. It takes only a few clicks from an administrator.
2. Enhanced Collaboration – In a digital world, we need real-time access to tools for collaboration, no matter where our employees are. Cloud-based programs can typically be accessed anywhere in the world on any device by multiple members of the team simultaneously. This allows for colleagues to work on projects together even if they aren’t in a physical office or are in different time zones, increasing productivity all around.
3. Increased Automation – You can save money and your employees’ time by having cloud-based programs automate certain repeatable tasks such as regular backups, logging and monitoring networks, resource allocation and much more. Most business owners don’t know how many tasks they can automate or how much money and time they can save until they have an IT professional review their network.
4. Faster Access to Resources – With the cloud, your employees no longer have to wait for extensive downloads or installations. Most tools are readily available instantly, making it easier and faster to get work done.
5. Reduced Disaster Recovery Costs – Disasters rarely damage cloud-based data and assets that are hosted virtually on servers, not on hardware in the office. Your IT professional should have multiple backups of your data, so if something goes wrong, it will be easy to get it back up and running.

Cloud-based programs are a great resource for business owners who want to scale. They are generally easy to use, simple and flexible to expand, cost-effective, great for collaboration, more secure than other programs, and much more.

If you think you’re not harnessing all the power that cloud tools provide, you’re probably not. The best next step is to have an IT professional do an in-depth review of your current network to find the areas of opportunity in your business.

We offer a FREE Network Assessment, where we’ll extensively review your network and sit down with you to review what should be done differently to save you money and enhance your business operations. If you’re serious about scaling and want to do it the right way, click here to book a Network Assessment with our team or call our office at (413) 786-9675 to get a meeting on the schedule. 

Best Kept Secrets About Cyber-Liability Insurance

Warning: The Hole In Your Cyber-Insurance Policy That Could Result In Your Claim Being Denied Coverage

You’ve all heard the stats – small businesses are the #1 target for cybercriminals because they’re easy targets. A recent article in Security Magazine reports that nearly two-thirds (63%) of small businesses have experienced a cyber-attack and 58% an actual breach. What many still don’t understand (or simply don’t appreciate) is how much a cyber-attack can cost you.

That’s why one of the fastest-growing categories in insurance is cyber liability. Cyber liability covers the massive costs associated with a breach, which may include the following, depending on your policy:

• Legal fees to handle any number of lawsuits, including class action litigation against your organization, as well as fines and penalties incurred by a regulatory investigation by government and law enforcement agencies.
• Negotiation and payment of a ransomware demand.
• Data restoration and emergency IT fees to recover your network and get it operational again.
• Customer notifications and credit and identity theft monitoring for clients and employees.
• Public relations expertise and call center costs for taking inbound calls and questions.
• Loss of revenue related to being unable to transact; if your operations and data are frozen, you might not be able to process sales and deliver goods and services for days or weeks.
•  Errors and omissions to cover liability related to a failure to perform and deliver services to customers, as well as allegations of negligence in protecting your customers’ data.

If you want to make sure you don’t lose everything you worked so hard for to a cyber scumbag, cyber liability is a very important part of protecting your assets.

Here’s the new reality, and what you need to know: In order to get coverage, businesses are required by insurance companies to implement much more robust and comprehensive cyber-protections. Obviously, the insurers want the companies they are underwriting to reduce the chances and the overall financial impact of a devastating cyber-attack so they don’t have to pay out – and this is where you need to pay attention.

MANY business owners are signing (verifying) that they DO have such policies and protections in place, such as 2FA, a strength of password requirement, employee awareness training and data recovery and backups, but aren’t actually implementing them, because they assume their IT company or person knows this and is doing what is outlined in the policy. Not so in many cases.

Unless cyber security is your area of expertise, it’s very easy for you to misrepresent and make false statements in the application for insurance, which can lead to your being denied coverage in the event of an attack and having your policy rescinded.

If you have cyber liability or similar insurance policies in place, I urge you to revisit the application you completed with your IT person or company to make absolutely certain they are doing everything you represented and affirmed you are doing. Your insurance agent or broker should be willing to assist you with this process since your IT company or person cannot be expected to be insurance professionals who know how to interpret the legal requirements outlined.

What’s critical here is that you work with your IT company or person to ensure 100% compliance with the security standards, protocols and protections you agreed to and verified having in place when you applied for coverage. IF A BREACH HAPPENS, your insurance provider will NOT just cut you a check. They will conduct an investigation to determine what happened and what caused the breach. They will want to see tangible evidence and documentation that proves the preventative measures you had in place to ward off cyberthreats. 

If it’s discovered that you failed to put in place the adequate preventative measures that you affirmed you had in place and would continue to maintain on your insurance application, your insurance company has every reason to deny your claim and coverage. Be certain that the insurance company is going to look for every possible way to get out of paying the claim.

Many small businesses fail to seek cyber-liability coverage due to the cost. The average cost of a cyber-event cleanup is in the hundreds of thousands of dollars.  If you lack adequate coverage (the rider in your general liability policy typically caps out at $10,000 and only covers about 6 of the 40 or more components that make up a cyber incident response. Failure to have adequate coverage is like playing Russian Roulette with semi-automatic weapon.  It's not likely to end well. 

If you have ANY concerns over this – including whether or not you need coverage, whether your coverage is sufficient and whether you are doing what you need to do to avoid an insurance denial, click here to schedule a quick consultation to discuss your current situation and to receive a referral to a cyber insurance expert we recommend.

Further, if you would like us to conduct a FREE cyber security risk assessment to show just how secure and prepared you are for ransomware or a cyber-attack, we can discuss that too! Just click here to schedule a phone consultation.
 

Your Personal Titanic Moment

 

On a recent interview about the Titan sub catastrophe, director of the movie Titanic James Cameron, who has made 33 successful dives to the Titanic wreckage site, pointed out that this tragedy is eerily similar to the 1912 Titanic disaster: the captain of the 1912 RMS Titanic was repeatedly warned about ice ahead of his ship, yet he plowed ahead at full speed into an ice field on a moonless night, resulting in the deaths of over 1,500 innocent souls.

The captain of the sub Titan and CEO of the company OceanGate, Stockton Rush, was also repeatedly warned about his vessel’s safety, lack of certification for the vessel’s integrity, lack of a tracking device (think airplane black box), their experimental approach to deep dives (despite the fact that this is a very mature and well-understood practice) and lack of a backup sub. He also proceeded to plow ahead at full speed, taking people in an extremely unsafe vehicle, which resulted in the deaths of innocent people. If there was ever an example of willful negligence, this is it.

When it comes to IT security and compliance for small business, this kind of willful negligence is rampant. Sometimes it ends with an abrupt, catastrophic “implosion,” as with the Titan, where a company is destroyed by a ransomware attack, operations shut down, unable to transact, employees and clients harmed and their reputation tarnished.

In other cases, the risk is there but hasn’t been addressed because nothing bad has happened – yet. Willful negligence in IT security and regulatory compliance to data privacy and protection comes in three forms.

The first is willful ignorance. Some people running a business are young and inexperienced, too new to the business world to understand the risks they are incurring by failing to protect their clients and themselves. They don’t know what they don’t know. Often, they are being advised by the wrong people – an IT firm that knows how to make their tech work but lacks the expertise to implement good security protections. You kind of can’t blame them for getting it wrong initially, but at some point they’ll get smacked with a cyber-attack and learn the error of their ways the hard way.

The second type of willful negligence is willfully foolish.

This group CANNOT claim “ignorance” as their defense. They KNOW they should be protecting their business and their clients’ data from cyber-attacks. They’ve heard the stories, they know the laws and may have been warned by their IT company or person, but foolishly believe “that can’t happen to us,” or choose to assume they’re “fine” because they are using a cloud application that promises compliance (which is correct for THEM, not necessarily for YOU). They trust but don’t verify that their IT person or company is actually doing what they’re supposed to, and often lack cyber liability insurance, choosing to take the risk because they’re cheap or can’t be bothered.

The third type of willful negligence is, in my opinion, the TRUE meaning of willful negligence and the most immoral and unforgivable. Determined negligence. These people stubbornly insist on continuing to operate without proper security protocols in place, without a disaster recovery plan, without any insurance, without assessing and inspecting their environment, refusing to acknowledge ALL facts, history and evidence to the contrary. They know they are acting irresponsibly but don’t care.

After the tragedy of the sub, multiple experts came forward to point out all the risky behaviors Rush was allowing. The hull had not gone through any type of cyclical pressure testing or thermal expansion and contraction testing. The hatch could only be opened from the outside and not the inside, which wouldn’t allow them to escape if needed in the event of an emergency – one small fire inside would have been catastrophic. No atmospheric system to monitor interior gases such as oxygen, carbon dioxide and carbon monoxide. No emergency air breathing system. The viewing window was only certified to 4,000 feet, not the 12,500 feet of the Titanic wreck. But the most egregious of all was an egotistical assumption by the CEO that he knew better than everyone else around him.

I wonder if he put all of this in the brochure and explained that philosophy to the people in the sub who lost their lives that day.

Everyone makes mistakes. Everyone has a moment in their lives when they place trust in someone they shouldn’t. Everyone has blind spots, and we’re all ignorant and misinformed about something. The question is do you STAY willfully ignorant or foolish to the point of being determined to hold steady to your course of action to the point where you not only do harm to yourself, but to others as well?

If you do, it’s only a matter of time before you have your own ship sunk, your own personal Titanic-size wreck. Sadly, if you’re the CEO of a company that holds financial data, credit cards, medical records, tax returns, Social Security numbers, birthdays or even the contact details of your clients OR employees, YOUR willful negligence in cyber protection will absolutely harm others.  

This doesn't mean that all those who are veering towards that proverbial ice field can’t change course. Hopefully this entry in The Werks stirred within even those with the hardest of heads to take a different tack. If your business is important to you.. and as a business owner, I know it is.. it’s not too late. If you are ready to steer away from the iceberg, get on our calendar to discuss your options by clicking here.

Cybersecurity Awareness Training Pitfalls to Avoid

The One Lesson Business Owners Miss When Training Employees That Can Cost Them Thousands

Training employees on anything can be an expensive process. You incur the cost of investing in necessary materials plus the time it takes away from your employees doing revenue-generating activities. But what’s worse when it comes to cyber security training is the expense you’ll incur if that training fails.

Recent studies show that human error plays a role in a shocking 90% of data breach cases! Smart business owners are taking a proactive approach and training their employees on cyber security do’s and don’ts. While we applaud their efforts and encourage all owners to take this step, research suggests their efforts aren’t paying off. Despite their willingness to train employees, the number of data breaches continues to increase.

What gives? We’ll be first to say it – cyber security training can be boring. And what happens during boring presentations? People aren’t engaged, so they tune out and miss the critical information needed to keep your company secure. After the presentation, they sign off, saying they have learned the lessons, but have they really or are they a ticking time bomb in your organization?

The latter is likely true. If you want the information to stick, you must take some additional steps – and the most important is putting them to the test!

According to Education World, interactive activities are six times more effective when learning and remembering material than simply listening to a lesson. You can incorporate this tactic by putting employees to the test to find out whether or not they can apply what they learned.

One of the best ways to do this is to use phishing simulations. Here’s how the process works:

1. A third party creates a realistic but fake phishing e-mail that shows identifiable signs discussed in the training. An example could be creating an e-mail that is similar to the CEO’s requesting private information, an outside company sending a bad link, etc. You can customize it to look like something relevant that your employees could potentially see and fall for.
2. The employees are then put to the test. You choose which employees will receive what links and what dates the e-mails will be sent. Will they be able to identify the threats or will they fall for the scams?
3. The results are collected and shared with you to develop more comprehensive training programs and help you identify which employees are your biggest risks so you can provide specific coaching.

Another great way to use phishing simulations is to send out the tests before the training. When employees see that people in the company are making mistakes, they are more likely to pay attention to the lesson.

It’s not enough to just teach the information! It must be learned and implemented every day to be effective and keep your organization secure.

If you’re looking for effective cyber security awareness training for your employees, our team has a comprehensive program that will engage, teach and test your employees so you can have peace of mind knowing they are working to keep your company safe. Click here to get in touch with our team and get started on your cyber security training session today.

What You Need To Know About The FTC Safeguards Rule

 

The Shocking Facts About The New FTC Safeguards Rule That Affect Nearly EVERY Small Business Operating Today

As former President Ronald Regan once said, the scariest words you’ll ever hear are “We’re from the government, and we’re here to help.”

In this case, the government is trying to help by forcing nearly all businesses to implement and maintain a strong cyber security program to protect the customer information these companies host – definitely not a bad thing, and all businesses should take this seriously without the government mandating it.

Sadly, the majority of small businesses don’t take cyber security seriously enough and believe they are doing enough to prevent a cyber-attack when they aren’t, which is why the government is having to step in and create laws (the GLBA Act) to enforce better security protocols.

What Is The New FTC Gramm-Leach-Bliley Act Safeguards Rule And Who Does It Apply To?

Back in April of 2022, the FTC issued a new publication entitled “FTC Safeguards Rule: What Your Business Needs to Know.” This was published as a “compliance guide” to ensure that all companies that fall under the Safeguards Rule maintain safeguards to protect the security of customer information.

While you might think your business is “too small” to need to comply or doesn’t hold any data “that a hacker would want,” you’ll be shocked to discover you are likely to be wrong on both fronts.

Hacking groups use automated bots to randomly carry out their attacks – and small businesses are their #1 target due to the gross negligence and inadequate protections they have. You are low-hanging fruit. That’s why it’s not only the obvious organizations, such as CPAs, financial institutions and credit unions, that need to comply. Here’s a short list of just a few of the organizations that fall under this new law. You should know that this is NOT a complete list:

·         Printers that print checks or other financial documents.

·         Automotive dealers who provide financing for car purchases.

·         Any organization that accepts credit or loans for the goods and services they sell, whether or not the credit is granted.

·         Companies that do tax preparation or credit counseling of any kind.

·         Real estate settlements, services or appraisals.

·         Career counselors that provide services to people employed by or recently displaced from a financial organization.

As you can see, the companies that must comply are growing rapidly. Bottom line, if you handle any kind of financial data or personally identifiable information, you need to make sure you are complying with these new standards.

What You Need To Do Now

The rule requires you to implement a “reasonable” information security program. But what does that mean? For starters, you need to designate a qualified individual to implement and supervise your IT security program – and you cannot outsource this. Yes, you can and should get a professional IT firm like us to guide you on the implementation, but the buck still stops with you.

The person you designate doesn’t have to have a background in IT or cyber security – but they will be the person responsible for ensuring your company is taking reasonable precautions to comply with the new security standards.

Second, the Safeguards Rule requires you to conduct a risk assessment to initiate an effective security program. From there, you would work with your IT company (us!) to roll out a plan to secure and protect the data you have by putting in place access controls, encryption, data backups, 2FA and a number of other protections.

Cyber security is not something you do once – it’s an ongoing effort of protection as new threats evolve. If you want to see where your organization stands on cyber security, click here to sign up for a quick, easy and completely free Cyber Security Risk Assessment. That is the first step toward complying and will give you the information you need to know about your own security stance.

Beware of Posers!

Holy False Promises, Batman! 

It looks like could be too good to be true! 

Another day, another scam! A new wave of social media scams has emerged, targeting unsuspecting Facebook and Instagram users. Whether you use your page for personal or business use, this new con could affect you. In this article, you'll discover what this scam is, how to detect if hackers are targeting you, and how to avoid falling for it and potentially leaking your private information.

If you're a social media user, you may have noticed that in recent years, both platforms are quick to hand out page violations. An inappropriate comment or post can land you in "Facebook jail" or with a 30-day suspension for repeated offenses. Facebook’s goal appears noble – keep these platforms a positive, kind place for all users.

To help identify these comments, the platforms have developed a sophisticated bot that can read the posts and detect "flagged" phrases that the platform has deemed inappropriate. Typically, they remove the inappropriate content and notify the user that the post was flagged and warn if they continue posting similar content a ban can occur.

However, this robotic peacekeeper is not perfect. It has a reputation for flagging ordinary content because of key trigger words and banning unoffending accounts. This situation is frustrating for users who don't want to lose access to their social media platforms for an offense they didn't commit or are worried that years' worth of memories they've accumulated on their account could disappear if their account is wrongfully deleted.

Cybercriminals saw their opportunity and went for it. Hackers pose as support agents from Facebook or Instagram, contacting users via direct message on the platforms saying there has been a policy violation and they'll help the user resolve it by filling out a simple form that gives them the information they need to make this digital slap on the wrist go away. The alarming twist? Once users submit their information, it falls directly into these skilled hackers' hands, who can use it for who knows what.

If you want to protect yourself from this scam, you must first be able to recognize it. If you receive a message like the one below – don't panic. Cybercriminals want you to be worried, so you slip up and make a mistake. Remember, a Facebook agent will never directly contact you unless you go through the support chat first. The platforms have in-app notifications about banned or flagged content that you will see first, and they will follow up via email.

The image below features an actual screenshot of this scam in action and points out other factors to notice when determining the legitimacy of a violation.

 

We didn't request the form to see what information it collects (and neither should you), but we can guess. Facebook has developed strict verification processes for confirming identities to reduce the number of imposters on Facebook and determine the rightful ownership of accounts in hacking situations. The platform will request proof of identity with a photo of your ID or sometimes even business documents proving ownership. Cybercriminals will likely request this information but may take it further by asking to confirm your password, social security number, and more.

This deceptive tactic highlights the ever-evolving nature of cybercrime. Just as we've seen with the rise of AI-powered tools used in voice cloning scams, these hackers are becoming increasingly creative and sophisticated in their efforts to manipulate social media users. They are watching what's happening and adapting their tactics accordingly. The stakes are high, and so is the potential damage to individuals and businesses.

To safeguard yourself and your business from such threats, it's crucial to remain vigilant and informed. Here are a few practical tips to help you stay protected:

• Always verify the authenticity of messages received from social media platforms. Support does not contact you via message unless you request chat support, and they will never ask you to provide sensitive information through direct messages.
•  Be cautious of unsolicited messages requesting you to click a link or fill out a form. Instead of clicking the link, visit the platform's help center or contact support directly to inquire about the issue.
•  Strengthen your account security by enabling two-factor authentication, regularly updating your passwords, and using unique, complex combinations of characters.
• Provide regular security awareness training to your employees. Share articles like this one that shed light on emerging scams and engage in ongoing education to ensure your team remains alert and prepared.
• Collaborate with your IT service provider to implement robust cybersecurity measures and disaster recovery protocols. Investing in comprehensive protection is essential in minimizing the risk of falling victim to these sophisticated attacks.

Remember, prevention is critical. Don't wait until it's too late to act. If you're concerned about the security measures your IT service provider has in place, click here to request a FREE IT Security Risk Assessment. This assessment will give you a clear understanding of your current security stance and whether you're well-equipped to handle a cyber-attack.

Feel the need to be Big Brother when dealing with your remote workforce?

Is It Illegal To Track Your Employees’ Activities When They’re Working From Home?

Along with the surge of people working from home or in hybrid situations over the last few years, there has also been an increase in employers looking for ways to monitor their employees’ work activities to ensure they actually ARE working when remote.

This is no surprise given the new “quiet quitting” trend that has now evolved into “Bare Minimum Mondays” and “Try Less Tuesdays.” Sadly, some employees are taking advantage of working remotely as a way of working less.

Of course, not all remote employees are slackers – but how can an employer know the difference? That’s where tools like Teramind and ActivTrak come into play. These are software tools that can be installed on employees’ workstations and laptops to monitor their activity, both while in the office and remote.

Not only will these tools provide insights into productivity and where employees are spending their time, an employer can also see when someone checks in to work and leaves for the day. These apps can also help in ensuring employees aren’t surfing inappropriate websites during work hours using company resources.

While many people are against productivity monitoring, it’s perfectly legal in the US, provided this is for work-related activities on workplace devices. Monitoring laws do vary by state, so you should always check with an HR attorney on any employee-related monitoring. While there is no requirement to gain consent on a federal level, some states require that you establish consent before monitoring.

It’s also legal to monitor company-owned devices outside of work hours, including Internet traffic, search terms, websites visited, GPS geolocation and content viewed, to name a few things. If you issue your employees’ phones, you are legally allowed to monitor them as well. It’s even legal to monitor your employees’ own personal devices if you have a BYOD (bring your own device) to work policy, provided those devices are used for work purposes.

If you are thinking of rolling out employee-monitoring software, here are a few recommendations.

·        Let your employees know you WILL be monitoring them, and how, before rolling out any monitoring activities. Make sure this is documented in your work from home/telecommuting  policy and ensure that any and all changes have been clearly communicated with all impacted parties. Being totally transparent about what you are monitoring and why is important to establishing and maintaining trust with your employees. Most people would be very upset to discover you were monitoring them without their knowledge. While it’s legally your right (in most states) to monitor without letting them know, we feel it’s best to be open about this, so they understand what’s being tracked.

·        Put in writing what is and isn’t allowed during work hours and on company-owned assets. If you don’t want employees visiting what you deem as inappropriate websites and mixing personal activities with work activities on company-owned devices, let them know that. If they work from home, set guidelines such as start and end times for work and how long and how frequently they can take breaks, detailing when they need to be available (at work).  No one likes getting a speeding ticket when there’s no speed limit signs posted. Be absolutely clear on your expectations and put them in writing so there’s no risk of “You never told me that…” happening.

·        Get legal advice before implementing any kind of monitoring software, cameras, or activities. Laws can change – and with privacy of data becoming more critical (and a legal hot potato), we suggest you work with an HR attorney to make sure you’re not violating anyone’s rights. Recently, the fast-food restaurant White Castle was hit with a lawsuit that could cost them up to $17 billion for using fingerprint login software for their employees to access certain systems. The lawsuit claims they violated Illinois’s biometric identification laws by asking employees to use their fingerprint as a secure way of logging in to their systems without first gaining consent.

So, while it’s legal to monitor employees, you still need to be mindful of employment laws and data and privacy protection of the employees you monitor.

Need help implementing a more secure and productive remote workplace? Click here to schedule a quick call to discuss your options and to get ideas on how we can help you and your entire team be productive and safe, no matter where or how you choose to work.