Microsoft Support for Non-Profit Organizations in San Francisco

Microsoft Support for Non-Profit Organizations in San Francisco

Everything non-profit’s need to know about managing and optimizing Microsoft solutions

Just like businesses, non-profit organizations are realizing the productive and cost-effective potential that strategic technology can offer. Microsoft solutions are designed to help organizations of any kind or size position themselves for greater flexibility and cost-efficiency. However, when it comes to non-profit organizations, Microsoft offers specific benefits that help these organizations do more with less.

Non-Profits Working with Microsoft: What Are the Eligibility Requirements

Before we dive into the different ways that Microsoft can help non-profit organizations stay strategic, let’s go over what kind of organizations are eligible for working with Microsoft under the ‘non-profit’ umbrella. Microsoft lists clear instructions regarding which organizations are considered non-profits and what eligibility requirements must be met in order for a non-profit entity to take advantage of exclusive Microsoft benefits.

Organizations who wish to take part in Microsoft non-profit programs must:

  • Hold legal charitable status as defined by their country of operation
  • Operate on an exclusively not-for-profit model
  • Promote and maintain a mission to benefit the community
  • Abide by Microsoft’s anti-discrimination policy
  • Only assign Microsoft licenses to eligible staff
  • Only use Microsoft licenses for their organization and not any partner or third-party organizations

How Does Microsoft Help Non-Profit Organizations?

Now that you know whether or not you qualify to take advantage of Microsoft’s specialized programs for non-profit organizations, it’s like to get down to the details of how these programs are designed to benefit non-profit entities like yours. The fact of the matter is, Microsoft has designed a number of ways that non-profit organizations can save costs and optimize their use of Microsoft solutions.

Here are the key benefits that Microsoft offers non-profit organizations like yours:

  • Discounted pricing model on Microsoft products and services

Right out of the gate Microsoft offers non-profit entities significant discounts on their products, services, and solutions. Eligible non-profit organizations can receive discounts on almost everything Microsoft offers including: Cloud services like Office 365, Azure, and Dynamics 265, Surface hardware, and on-premises software.

  • Facilitation of software donation programs

Microsoft also works with partners to facilitate the donation of software to non-profit organizations who need it. TechSoup – Microsoft’s international partnership network – facilitates the donation of software to nonprofits, charities, and NGOs in 236 countries and territories. While Microsoft doesn’t currently have a hardware donation program, they, along with their partners, seek to allocate affordable hardware for non-profits on a regular basis.

  • Free Microsoft software training events

In addition to providing discounted and free products and services to non-profits, Microsoft also hosts regular and free training events to help non-profit organizations better understand, deploy, and optimize Microsoft technologies. These training events are hosted by Microsoft offices around the country and the goal is to help non-profit organizations get the very most out of their Microsoft solutions.

  • Installation and optimization support from Microsoft partners

Microsoft also has a vast network of support partners that are available to help non-profit organizations deploy and optimize the Microsoft solutions they use. This support network acts as an extension of direct Microsoft support. Support partners are certified Microsoft experts and can help non-profit organizations of any size position their Microsoft solutions for greater flexibility and productivity.

Can A Managed IT Provider Help Your San Francisco Non-Profit Optimize Microsoft Solutions?

We’ve touched on this a bit already but finding a managed IT provider to help your non-profit organization optimize Microsoft solutions really can go a long way. By partnering with a team of certified Microsoft experts in San Francisco, you’ll take a lot of the stress out of deploying and optimizing your Microsoft technologies. Above all, the right provider will be able to answer your questions, provide recommendations, and identify areas for optimization.

A strategic managed IT provider can help your organization by:

  • Selecting the right Microsoft solutions that will help your organization thrive
  • Strategically implementing and deploying the Microsoft solutions that you choose
  • Optimizing your Microsoft solutions to ensure maximum functionality
  • Providing ongoing support and consultation on Microsoft solutions
  • Helping you plan for the long-term by keeping up-to-date with Microsoft innovation

Microsoft Support for Non-Profits In San Francisco: Finding the Right Managed Service Provider

If your non-profit organization is looking for a managed IT provider to help you deploy or optimize Microsoft solutions, we recommend going into your search with this guide in mind. Be sure to ask specific questions about how your organization can be taking advantage of Microsoft non-profit benefits. Remember, it’s a good idea to choose a provider that is a certified Microsoft partner. This will help ensure you’re getting the best support possible and taking advantage of all the benefits you’re eligible for.

We welcome you to start your search by reaching out to the team of managed IT professionals at On Time Tech. Our team has the experience and expertise necessary to help your non-profit organization ensure you’re taking advantage of all the benefits Microsoft offers to entities like yours.

Wondering if your San Francisco non-profit organization is taking full advantage of Microsoft benefits? We can help. Reach out to the team of Microsoft experts from On Time Tech at (415) 294-5250 or via email at info@ontimetech.com. We can’t wait to position your non-profit organization for increased flexibility and success.

On Time Tech specializes in working with Nonprofit organizations throughout San Francisco and the entire Bay Area. Call us first.

Microsoft’s Hyper-V Server 2019 Finally Released: Here’s What You Need to Know

Microsoft’s Hyper-V Server 2019 Finally Released

After being plagued with everything from data loss issues to a lack of available hardware, Microsoft finally released their long-awaited Hyper-V Server 2019 to their Evaluation Center approximately eight months after the expected release date of October 2, 2018. This is even after the Microsoft team skipped the crucial RTM (“release-to-manufacturing”) stage that allowed hardware developers to deploy and test adequately, forcing a holdup before organizations could even utilize the update. The mysterious delays of this free enterprise-class server virtualization solution may make users a little wary, but the functionality offered may simply be too tempting to overlook the release.

hyper-v to amazon

What Is Microsoft Hyper-V Server 2019?

Microsoft’s Hyper-V Server 2019 is a free product that is meant to compete directly with VMWare, providing enterprise-class virtualization for your datacenter and hybrid cloud, according to Microsoft’s Evaluation Center website. Essentially, you’re able to quickly scale and balance workloads to meet the demanding performance requirements of today’s data-heavy businesses. The release contains the Windows hypervisor technology as well as a simple and reliable virtualization component and a Windows Server driver model. The product is intended to help reduce costs and improve overall server utilization. You can easily compare Windows Server versions in this free online tool from Microsoft.

“We Found Some Issues with the Media”

Microsoft’s bland explanation of why they quickly pulled Windows Hyper-V Server 2019 from the Evaluation Center almost immediately included this note on their blog: “As we were getting ready to publish Microsoft Hyper-V Server 2019 in the Evaluation Center, we found some issues with the media. We are actively working on resolving it”. This was after the software giant released the Windows Server 2019 evaluation media, minus the Hyper-V Server portion of the package. While it’s fortunate that Microsoft immediately discovered these issues before the software was widely implemented, there were still some critical features that users had been anxiously awaiting for many months. It appears there were some issues with Remote Desktop Protocol and media installation problems, too.

While it seems that all of the glitches have been safely ironed from Microsoft’s latest release, wary users may want to give the platform a few months before launching into full utilization. After more than seven months of delays, Microsoft has left fans wondering if they’re preparing to phase out the popular — and free — tool in the future.

Microsoft’s Hyper-V Server 2019 Finally Released After being plagued with everything from data loss issues to a lack of available hardware, Microsoft finally released their long-awaited Hyper-V Server 2019 to their Evaluation Center approximately eight months after the expected release date of October 2, 2018. This is even after the Microsoft team skipped the crucial RTM (“release-to-manufacturing”) […]

How Does Windows 10 Improve Security and Data Protection?

Windows 10 Data Protection

Windows 10 comes a step closer to preventing cyberattacks and privacy threats facing users. It’s a next-generation solution that helps you fight threats from hackers and criminals who target your business. This is a big plus for cybersecurity managers. The past several years have brought some of the worst and most frequent cyberattacks in history. Security professionals are constantly on the lookout for new ways to prevent network breaches and safeguard the data of clients and the enterprise. Let’s take a closer look at how Windows 10 can help.

What Are the Security Advantages of Window 10?

Microsoft introduces Windows as a service in this version of their OS. It includes a unique way of creating, implementing and maintaining Windows. Each update adds new features to protect the security and privacy of users. The idea is that protection is layered into the functionality so that it doesn’t affect performance or distract users.

Windows; Core Services Engineering and Operations is thus better able to protect data and privacy. Built-in features identify suspicious activity that can put your business in jeopardy. This helps your security team detect and block sophisticated attacks faster. Releases focus on adding new features that combat new or anticipated risks. This is all possible thanks to the software giant’s finger on the pulse of the latest ransomware and malware hitting around the globe.

Windows 10 is considered to be the most secure version yet released. Because Microsoft has addressed cyberattacks during the engineering phase, improved security itself becomes a major bulwark, protecting your system from files and executables sent by hackers.

How Does Windows 10 Protect Your Data Better?

Here are some of the ways that Windows 10 improves its protection, including the new tools that can detect threats:

  • Windows 10 disrupts malware and thwarts hackers by changing the playing field. Bad actors can’t attack systems in the same old ways.
  • Device Guard acts as a shield against malware by allowing you to block unwanted apps. This gives users a proactive way to prevent ransomware and malware attacks as well as spyware.
  • Windows Defender uses machine learning, the cloud and behavior analysis to respond to new threats. This is like having a smart guard dog that not only prevents intruders from entering but smells them coming a mile away.
  • Microsoft Edge systemically disrupts malware, phishing and hacking attacks so that fewer threats make it through the system to trick users.
  • Windows 10 has aggressive data protection that meets compliance requirements without slowing down users, who expect the same solid performance Windows has always offered.
  • Windows Information Protection contains business data so it cannot be leaked to unauthorized users via apps, docs and the web.
  • BitLocker helps your security team protect sensitive data from prying eyes. Military-grade encryption takes over when a device is lost, stolen or otherwise compromised.
  • Azure Information Protection partners with Windows Information Protection to assign permissions that govern how certain data is shared.

What Ways Does Windows 10 Protect User Identify?

Windows 10 has built-in identity and access management protocols. This advanced technology safeguards user identities. For example, Windows Hello presents an alternative to passwords. It uses many factors to achieve solid security, such as a PIN, biometrics and a companion device.

Credential Guard uses NTLM-based authentication protocols, while Windows pass the hash (PtH) method authenticates without displaying the user’s text when a password is being entered. There’s also a hardware-based component that also limits access.

What Does This Additional Protection Mean for Security Teams?

While 57% of organizations offer training and incentives to security recruits, it’s hard to keep these resources for very long. This is due mainly to the high demand for qualified candidates. With additional protection built into applications themselves, busy cybersecurity teams can concentrate on other crucial tasks to protect the company’s data and reputation.

Windows 10 comes a step closer to preventing cyberattacks and privacy threats facing users. It’s a next-generation solution that helps you fight threats from hackers and criminals who target your business. This is a big plus for cybersecurity managers. The past several years have brought some of the worst and most frequent cyberattacks in history. […]

Mac Operating Systems Vulnerable to New Security Exploit

recently discovered security vulnerability could leave Mac users exposed to malware disguising itself in other programs. If your business relies on Mac, it’s important to know how you can protect your company from falling victim to a cyberattack.

Mac Security Breach

What is the Security Vulnerability?

In early 2019, security expert Filippo Cavallarin discovered a bug in Apple’s Gatekeeper functionality. Gatekeeper is a service that inspects apps that you want to install on a device to ensure they are certified by Apple. If not, you’ll get an “are you sure?” message before you complete the installation.

Cavallarin discovered that there’s a flaw that lets untrustworthy apps trick Gatekeeper into giving the all-clear signal, meaning you never get that “do you really want to do this?” alert.

Instead, once bypassed, you will get a simple, “please download” message, which could contain a zip file that once unpacked, connects back to the hackers’ server.

Cavallarin gave Apple 90 days to repair the flaw, but Apple did not, leading the researcher to disclose the exploit himself in late May. The vulnerability affects all macOS versions. As of this posting, Apple has yet to address the vulnerability.

How Can the Vulnerability Be Exploited?

In late June, cybersecurity companies began noticing the first identified attempts to bypass the Gatekeeper function, now dubbed OSX/Linker. The first identified attempts were believed to be a test to see if the flaw can truly be exploited and worked by writing something to a text file on a compromised computer. Those test runs were signed with certificates used by known adware producers behind the OSX/Surfbuyer malware.

At present, it does not appear that the OSX/Linker malware has taken root outside of test environments.

The identified malware attempts also used a common technique used by malware writers. In a second strain discovered, the malware was disguised to look like Adobe Flash Player installers, a tried and true approach that tricks Apple users into downloading malware when they think they’re downloading a routine software update.

The second strain of malware, dubbed OSX/CrescentCore, checks to see if there’s evidence of common third-party anti-malware software and tools that reverse engineer code on a computer. It also checks to see if it’s being installed on a virtual machine. If so, it will not install itself. Researchers have already found OSX/CrescentCore on multiple websites. It’s also disguised as an Adobe Flash Player installer.

CrescentCore also appeared via high-ranking Google search result listings, which redirected multiple times to a suspicious website.

Once installed, OSX/CrescentCore installs a LaunchAgent folder in a Mac Library folder that includes code to be run every time a user logs in.

It appears the malware coders got access to an Apple Developer ID to deliver the sample code in some instances.

Another identified exploit, called OSX/NewTab, inserts new tabs into a Safari browser session. The injected tabs can contain loaders or malware packages.

One danger of this potential malware is that the embedded code on disk images points to a malicious app on a single linked server. That means that a malicious app could be distributed more easily at any time.

Aren’t Apple Computers Virus-Proof and Much Safer than Windows and Other Operating Systems?

It’s a longstanding myth that Macs are inherently safer than Windows PCs. In recent years, hackers have increasingly targeted Apple operating systems to exploit vulnerabilities.

In February 2018, for example, OSX/Shlayer was discovered, yet another Adobe Flash Player scam that would download additional adware and malware. Similar to the newly discovered threats, it also looked for installed anti-malware software. The year also brought the discovery of OSX/MaMi, which pointed an infected computer to a server allowing them to access websites, even those with encrypted traffic.

June 2018 was an active month for malware discovery. There were several types of malware that exploited a Firefox browser vulnerability. A cryptocurrency miner was discovered embedded in pirated copies of audio software, making it possible to take over a Mac’s processing capabilities to mine.

What Can My Business Do To Protect Our Systems?

There are several security steps to take if there are Apple operating systems in play on any devices connected to your business network.

  1. Stick to What You Know and Trust
    Make sure you stick to apps you know are certified by Apple or are from highly trusted sources. Be suspicious about any apps that are downloaded from an unrecognized source, too.
  2. Scan Your System
    Make sure that your anti-virus programs have added the OSX/Linker vulnerability to their detection registries. Many commercial and free anti-virus apps and tools have already added the vulnerability to their known threat lists.
  3. Don’t Install Adobe Flash Player
    It’s really not necessary or helpful to install Flash at this point, as Adobe is discontinuing the product and will stop releasing security updates after 2020.
  4. Partner for Security
    No matter what operating systems your organization uses, you need comprehensive network and data security. Partnering with a valued managed IT services company gives you the security and confidence that hardware and software are protected and monitored constantly. With next-generation firewalls and best-in-class anti-malware protection, you can keep hacker threats contained and minimized.

A recently discovered security vulnerability could leave Mac users exposed to malware disguising itself in other programs. If your business relies on Mac, it’s important to know how you can protect your company from falling victim to a cyberattack. What is the Security Vulnerability? In early 2019, security expert Filippo Cavallarin discovered a bug in Apple’s Gatekeeper […]

A Law Firm’s Guide To Managed IT Services

Law Firm Managed IT Services

Technological downtime can make or break a law firm. Even an hour of downtime can cost a small or medium firm as much as $250,000.

What Exactly Can Go Wrong?

Unfortunately, Murphy’s Law has been known to apply in legal cases, meaning if there is an opportunity for things to go wrong they will. It is important that your firm has a dedicated professional, our team of professionals, either inside or outside the firm that can honor your firm’s confidentiality and keep potential problems at bay and/or under control. Some potential issues include

Case Management Issues

Filing is most efficient when stored electronically. They manage related documents, billing, and customer relationships

Security Problems

Reputation is everything for a law firm, and that extends to the attorneys and other staff at the firm. Still, even with so much on the line, the American Bar Association found that as many as a quarter of firms did not have security policies in place. Nothing puts a damper on a firm’s reputation, or even on specific lawyers than a security breach,

Compliance Issues and Software Integration

Various industries and professions have their own set of confidentiality agreements, that any legal team that works with the company needs to follow in order to protect clients, consumers, and any others involved. Some of these include Health Insurance Portability and Accountability (HIPAA), the Gramm-Leach-Billey Act of 1999 (GLB) and the Sarbanes-Oxley Act (SOX). Following these privacy acts means that legal professionals are prevented from disclosing information. The same discretion needs to translate to technology compliance.It is necessary to have software in place that can handle this responsibility, and see to it that attorneys and anyone else with access can run any necessary software correctly and efficiently without violating compliance standards.

Internal Collaboration

Internal Collaboration is an issue that needs constant monitoring due to the way social media quickly evolves. It is common for attorneys to use the internet for communication, however, it is less common for them to communicate internally about a case, which would make their casework more efficient. The right social media integration can help improve communication and make casework more thorough and efficient. Salesforce, customer relationship management solutions are a common tool used by attorneys and their firms in order to produce better results for clients.

How a Managed Service Provider Can Help

Proactive and Regular Maintenance at a fixed can cost can help with all these issues by applying the knowledge to give your firm or business the right IT infrastructure that will support your needs. That means that attorneys and other employees will receive the training they need to serve your clients confidently and safely. if you have an existing system in place, we can analyze what you have been doing so that any necessary changes can be quickly set in motion.

While we at the {company} manage your system remotely, we are still there remotely to answer questions remotely that will improve customer relations and overall productivity. To learn more about how {company} can help your firm contact us today.

Technological downtime can make or break a law firm. Even an hour of downtime can cost a small or medium firm as much as $250,000. What Exactly Can Go Wrong? Unfortunately, Murphy’s Law has been known to apply in legal cases, meaning if there is an opportunity for things to go wrong they will. It […]

Using Today View in iOS 12

iOS 12 brings a lot to the table and you will want to take full advantage of it to get the most out of your device. The Today View in iOS 12 is one feature that is worth exploring to determine how you can leverage it to make your workday and personal life more organized. As the name implies, the Today View is there to let you know what is going on right now. But there are a lot of different information points that your device can inform you of, so customizing your Today View and learning to navigate it is essential to getting more out of your iPhone.

The Today View in iOS 12

Your iPhone is designed to keep you organized and updated on the things that matter most to you. As a business user, that means staying abreast of what is going on in your department, your company and your industry. If you are like most business users, it also means managing your professional life and your personal life on the same device.

Taking care of all these needs requires using a variety of apps. In the olden days of earlier smartphones, those apps would need to be opened to see what they had to offer. But today, with your iPhone and iOS 12, you can get most of the information you need from each app on your Today View—at least the fundamental information that you are likely to want access to at a glance. Instead of having to go to your Home screen to get the information you need, you can just do a quick swipe and see what you need more quickly and more conveniently than you would if you have to open each app individually.

One of the most useful things about the Today View is that you do not even need to unlock your phone to access it. As long as you have your security settings established where your Today View shows on your Lock screen—which is the way your phone comes by default—you can check your Today View at any time whether the phone is locked or unlocked.

How to Access Your Today View

Whether you are on your iPhone’s Lock screen or on your Home screen, your action to get to the Today View is the same. You will simply swipe to the right side of your phone screen. You can start your swipe from the left side of the phone, from the middle of the phone screen and even from pretty close to the right edge of the screen. Wherever you begin your swipe, as long as you slide your finger off the right edge of the screen, your Today View will pop up.

When you want to leave the Today View, you perform the opposite gesture. Swipe to the left edge of your screen to leave the Today View both on your Home screen and on your Lock screen.

What Does the Today View Show You?

The things that you will see on your Today View will vary based on the apps you have installed and the widgets you have told your phone to include on the Today View. For instance, you will see FAVORITES that shows some of your favorite contacts that you have called recently. You will also see other widgets that are based on the apps that you have recently used. Like if you have used Maps recently, your Today View will show a MAPS DESTINATIONS widget with a destination that you are likely to want to go to—such as your home.

Show More

Many of your widgets will give you an option to show more information if you need it. The option to Show More will show to the right of the name of the widget. Just click the Show More section and the widget will expand. For example, your FAVORITES widget will only show four favorite contacts initially, but if you click Show More you will see eight contacts.

Launching Apps

Some of the widgets on your phone will give you the option of launching the app just by tapping the widget. For instance, the Maps app widget, MAP DESTINATIONS, will launch Maps if you tap the widget and create a map to the destination offered in the widget—like your home address.

Changing Widgets

You can add or remove widgets from your Today View by tapping Edit at the bottom of the Today View and tapping the minus or plus symbol to the left of the app name. You can also reorganize your widgets by tapping and holding the three horizontal lines to the right of an app name, then shifting the app up or down the list.

iOS 12 Today View

iOS 12 brings a lot to the table and you will want to take full advantage of it to get the most out of your device. The Today View in iOS 12 is one feature that is worth exploring to determine how you can leverage it to make your workday and personal life more organized. […]

What Is The CMO’s Role In IT For 2020 And Beyond?

CMO Technician

The role of the CMO has changed dramatically in recent years, and the push for more integration of marketing and technology shows no signs of stopping. With 2020 just around the corner, it is worthwhile to look more closely at how CMOs are doing their jobs today—and what the future holds for those serving as chief marketing officers.

The lines between marketing and IT continue to blur, which means CMOs and CIOs are going to be getting closer and closer as time goes on. By integrating areas of expertise when necessary, CMOs and CIOs can both benefit from the changes that are coming in the future. Each will still need to be the best at what they do, but CMOs can certainly learn from their interactions with CIOs and vice versa.

Change is a Part of the Job for CMOs

It was not that long ago that CMOs focused exclusively on marketing. They were tasked with developing advertising campaigns, connecting with customers and establishing brands. The evidence of their effectiveness in these areas is all around—just look at the many brands that are household names. But in the past decade, information technology has moved along at a rapid clip and become incorporated in the public landscape in ways that no one would have predicted 30 years ago. Big data, AI, social media—the world has changed significantly, and the role of the CMO has had to change along with it.

Today, CMOs are as involved in technology as they are in marketing. They really do not have a choice in the matter. The way that companies interact with their customers is dictated by a variety of ubiquitous technology platforms that seem to be here to stay. And even if the big players today fail to hold their top positions, it is almost certain that others will move in to fill in the gaps. The end result is that technology is just a part of life for most people—and those people are the customers that CMOs need to reach. Doing so will likely always require a deft touch with technology from now on.

Developing a CMO/CIO Relationship for the Future

Just a few decades ago, the main interactions between CMOs and CIOs centered on very specific needs. Fixing computers, installing software, handling antivirus programs—when the marketing team had tech issues with their hardware or software, they got help from the IT department. It was unlikely that the CMO and CIO would hang out and talk about marketing technology strategy because the marketing technologies that were available were few and far between.

Now, though, CMOs need the help of CIOs for a large portion of their work. CMOs need to leverage tech to reach customers and establish branding, and CIOs are still the leaders in the technology sphere for businesses. While CMOs can gain some substantial proficiency with marketing technology or martech, they are unlikely to be as technologically proficient as CIOs. Rather than trying to reinvent the wheel, CMOs look to CIOs to help them take full advantage of the technology tools at their disposal.

The developing of a close working relationship between CMOs and CIOs is going to be a major pillar of the business world in 2020 and beyond. While each executive will have their own sphere of responsibilities and expectations, those spheres will overlap in significant ways. Both need the business to succeed, and both need each other to make that happen.

What CMOs Will Be Doing in 2020 and Beyond

CMOs in the coming years are going to be tasked with performing the responsibilities of a marketing leader while also leveraging whatever technologies are available to achieve optimal results. If that sounds like a lot to take on for one person, that’s because it is. This is why CMOs are not going to be going it alone like they may have once done. They are going to require the assistance of skilled professionals who know how to provide the support necessary to achieve company objectives.

In practice, the role the CMO will play will be one founded in collaboration. The CMO will have company objectives to achieve and marketing objectives that will dictate the actions of the department. Making progress towards those objectives will require using various technologies to gather data, analyze data, communicate with customers, and predict future trends and more. Choosing which tech to use and how to use it to achieve business objectives is where the insight of CIOs will prove pivotal, which is why CMOs will be cooperating with CIOs regularly.

One of the most exciting developments for both CMOs and CIOs will be the development of cross-department expertise on both sides of the relationship. CMOs will know more about how CIOs think and what they need, while CIOs will gain a clearer understanding of how to help CMOs achieve marketing objectives. Eventually, each will be able to offer suggestions and insights that might never have developed without working together regularly. CMOs and CIOs are likely to become greater than the sum of each position, which could bring about even more substantial changes in how businesses operate and interact with consumers.

The role of the CMO has changed dramatically in recent years, and the push for more integration of marketing and technology shows no signs of stopping. With 2020 just around the corner, it is worthwhile to look more closely at how CMOs are doing their jobs today—and what the future holds for those serving as […]

Acquiring A New Business? Check Their Cybersecurity Posture

Merger and Acquisition

Buying a company is no small undertaking, even if the company is considered “small” by industry standards. Due diligence is a huge part of the process. Anyone considering purchasing business must review a whole host of issues with the company to ensure that they are making a good decision. Things like accounts receivable, market position, and vendor relationships should all be considered, just to name a few.

Potential buyers sometimes get so caught up in the financial side of purchasing a business that they may overlook a company’s technology, including their cybersecurity and related issues. Sometimes a business’s technology can end up having a huge impact on whether it will be viable moving forward.

5 Must-Ask Questions Regarding Cybersecurity When Purchasing a Business

There is a tendency to avoid taking an in-depth look at cybersecurity when purchasing a company because threats vary so significantly over time. In fact, something that was not a threat the day that negotiations began may be a serious concern on the date of the sale. It is tempting to just review cybersecurity after the fact because of these unique challenges. However, there should at least be some investigation into potential problem areas with cybersecurity long before the sale.

Below are a few questions to consider while working through the due diligence process.

What are the company’s significant digital assets?

Digital assets are sometimes overlooked not only in terms of value for a company but also for security purposes. Knowing what potential assets need protection, how important they are to the company, and the ramifications, if that information is released to others, is an essential first step in assessing cybersecurity risk.

Has the company been a victim of previous breaches?

Data breaches can result in serious problems with a company’s reputation and revenue stream. However, they can also signify a bigger security problem as well. Ask whether there have been any breaches and how they were addressed or corrected.

Can the company bounce back after a cyber attack?

Some companies are so dependent on their technology that a breach could result in a complete failure of the business. Consider what a security breach will do a company from a variety of angles—from small, minor breaches, to serious breaches that affect virtually every aspect of the business. Is there a way to stop breaches once they start? What protocols are in place to deal with a breach?

Is the business compliant with industry-standard cybersecurity?

Every industry has its own requirements or minimum standards for security. A financial business, for example, is likely going to have higher standards than the average manufacturing company. Is the company following at least the lowest benchmarks? Are there legal compliance requirements that must be met? If there is some misalignment with requirements, what are the consequences of failing to comply? How difficult will it be to change the company to ensure that it complies?

What policies are in place or what software is used regarding cybersecurity?

Some companies, especially smaller ones, do not have much of anything implemented in the way of security. They may have a simple virus protection program, for example, when they should be using higher level encryption. Take an inventory of everything that is used within the business and have it reviewed by a professional who knows the types of security that this type of company should really have in place—do not assume that the previous owner was doing things correctly.

One of the Biggest Threats: Employees and Cybersecurity

Perhaps one of the most significant threats to cybersecurity are actually the employees within a company. In fact, employee negligence is one of the biggest cybersecurity risks for many companies.

All of the protocols and tools in the world cannot protect against employees who do not care or are not adequately trained on protocols regarding cybersecurity. A company’s culture regarding cybersecurity and willingness to make changes is a huge part of whether a company can adapt to operate safely in the future.

Surveying current employees regarding their willingness to make changes and their current standards can go a long way in understanding several things, including:

  • What current policies and procedures are in place
  • What training they have done or are required to do as a part of their employment
  • Whether employees are following those procedures (or even know about them)
  • Whether employees will be willing to make changes to increase security down the road

Resistance to change requires more than just purchasing software—it requires leadership and training that can take a significant amount of time and effort.

Buying a company is no small undertaking, even if the company is considered “small” by industry standards. Due diligence is a huge part of the process. Anyone considering purchasing business must review a whole host of issues with the company to ensure that they are making a good decision. Things like accounts receivable, market position, […]

Why Security Awareness Training Makes Sense for Your Small Business

Cyber Security Awareness Training

Your small business needs a cybersecurity strategy, but beyond that, it also needs security awareness training. These two areas are not one and the same. There are important, distinct differences.

The Importance of a Cyber Security Strategy

First, let’s talk about cybersecurity in general. By now you likely understand the importance of cybersecurity for your small business. If not, here’s a brief overview. Joe Galvin, chief research officer for Vistage, writes over at Inc. on some of his firm’s recent research. 62% of small and medium firms admit to having an out-of-date, inactive, or nonexistent cybersecurity strategy.

This is highly problematic, he says, because small and medium businesses are huge targets for cybercriminals. These companies tend to have weaker security and less skilled security personnel (if they have any security personnel) than larger companies do. Yet they often store huge treasure troves of valuable data, like credit card numbers and other personally identifiable information.

Cybercriminals see this as a win-win. Security is lower and easier to beat, and the data available is often just as valuable as what they could get going after a bigger company.

Further, the stakes are so much higher than just a momentary loss of productivity. Many firms that undergo a cyber attack never recover and are out of business within a year.

Clearly, cybersecurity is of utmost importance for small businesses like yours.

The Importance of Security Awareness

Cybersecurity is important, yes. However, the best, most robust, most secure cybersecurity plan won’t protect you from your most dangerous threat: your own employees. That’s a blunt and surprising statement, but bear with us.

You need to be protected against traditional, “movie style” hacking, where bad actors infiltrate your systems from some faraway location. That is a real thing, certainly (though we can’t say it looks anything like it does on TV). It’s just not as common (or as easy to do) as the movies suggest.

In the real world, most of the cyber threats you’ll encounter don’t look like the movies. Instead, they look more like phishing and social engineering. That’s where security awareness training comes in.

What’s the Difference?

We’re arguing that both a cybersecurity strategy and security awareness training are essential for your small business. In case it’s not clear yet quite what the difference is between the two, we’ll restate it this way. Security awareness training handles the human component, while your cybersecurity strategy covers the digital component. Both are important, but they follow very different processes.

What Security Awareness Training Looks Like

Security awareness training can take a few different forms. Some security awareness training is done online. Your employees read materials or watch static videos, then they take assessments to gauge what they have learned.

The convenience factor with this method is nice: employees can work at their own pace and at any time of the workday. There are some trade-offs with this method, too. The training can be a bit stuffy, and it’s not interactive. If employees need help or clarification, it’s hard to get it. Hands-on learners may struggle with this method, too.

Some companies also offer a hybrid approach, where static courses are combined with live webinar-style classes. Some employees will benefit from the immediacy of a live teacher, but the trade-off there is that all employees must be present at the same time.

Some companies also offer live, on-site instruction, either as a standalone or as a premium add-on to their basic package. This can be a great option for single-location organizations.

Available Courses

A firm that specializes in security awareness training won’t take a one-size-fits-all approach. As your organization grows in complexity, varying business areas may need differing instruction. Certainly, some fields have specific, unique needs, too. Organizations that work in the health care orbit will have HIPAA rules to contend with, while those in education or finance will have their own.

Some firms offer 50 or more different courses as a part of their security awareness training protocols. Make sure that the providers you consider have courses that fit the needs of your business and industry.

Cost of Security Awareness Training

The cost of security awareness training varies based on many factors. The number of users receiving training is often the starting point. $1000 per year for an organization with 50 employees is a common starting point, but understand that program customizations and add-ons can increase this figure.

Other factors influencing costs include industry requirements, languages needed, and whether certification is desired. The number of courses each user takes may also affect cost.

Ask the providers that you are considering for a custom quote that breaks down the costs you can expect to see and which services those costs are associated with.

Conclusion

Having a cyber security plan and providing security awareness training are two vital components to your business’s digital security strategy. If you’re ready to explore what security awareness training should look like in your business, contact us today.

Your small business needs a cybersecurity strategy, but beyond that, it also needs security awareness training. These two areas are not one and the same. There are important, distinct differences. The Importance of a Cyber Security Strategy First, let’s talk about cybersecurity in general. By now you likely understand the importance of cybersecurity for your […]

Why Is Cybersecurity the Number One Concern for CEOs in 2019?

CEO Cybersecurity

While some might assume that fear of an economic recession would be at the top of the list of key issues CEOs concern themselves with, a recent survey found that another issue is of much greater concern: Cybersecurity.

This is no surprise.

For the past several years, cybercrimes and data breaches among companies large and small, governments, and even individual citizens have risen drastically. While it’s true that many CEOs still assume a data breach at their own company is highly unlikely, with the ultimate price tag of such attacks ramping up to the millions of dollars (and recovery being hardly successful), it makes sense that CEOs are taking notice.

What Does a More Concentrated Focus on Cybersecurity Mean for Companies?

Corporate chiefs and C-suites who are most concerned with cybersecurity are naturally becoming more involved in their companies’ defense strategies. After all, a breach of data isn’t just about the loss of money. It can also mean the loss of a job for a CEO or C-suite member and a permanent label as someone who can’t secure their company.

Furthermore, even if a breach doesn’t cost a corporate leader their job, customers, clients, and investors are sure to drop their interest in a company that’s lost data, money, and trustworthiness after a cyberattack. Large companies like Yahoo, Target, Equifax, and others have all felt the blow of such fallout.

How Do Most Cyber Attacks Originate?

When most people think of a cyberattack, images of an ultra-sophisticated Russian hacker sitting in a darkened basement with glowing green and blue lights comes to mind. However, cyberattacks can come from anywhere and from anyone. They may be performed on public computers, from office buildings, at public Wi-Fi cafes, from residential homes, or even in airports.

Your own cyber attacker could be coming from across the world … or down the street. Once you find out that your company’s data’s been compromised … it may not really matter anyway.

Because of their cloak and dagger way of operating, cyber attackers and criminals are rarely located and seldom caught or prosecuted. Part of being a cybercriminal, after all, means knowing how to confuse and reroute IP addresses through a multitude of countries. This makes retracing the invader’s steps a serious challenge — even for the most advanced IT specialists.

Therefore, the key to avoiding such attacks is, of course, to prevent them in the first place. This is the goal of an increasing number of savvy CEOs. It means putting cybersecurity first and foremost on their priority list and recruiting the help of highly-educated and trained information technology specialists.

How Can CEOs Prevent Cyberattacks in Their Companies?

The key to preventing cyberattacks is knowing how they start in the first place — and remember, it’s not where most people would think.

Again, many people assume that cybercriminals work by being absolutely amazing at breaking into super-advanced and complicated security systems. But nearly all mid- and large-sized companies have advanced security systems, and they still get hacked. Assuming that cybercriminals can simply break into these systems is giving them too much credit. Instead, most cybercriminals gain access much in the way vampires are said to gain access to their victims: Essentially, by being invited.

While lore claims that vampires must be invited into a home before they can step foot inside, cybercriminals also work their magic by essentially being given access to sensitive data by unknowing company employees — or even CEOs and other upper management members themselves.

It’s called phishing, and it’s the number one way cyber attackers gain security access to companies’, organizations’, governments’, and individuals’ data.

What Is Phishing and How Can You Prevent It?

Phishing generally takes place via email. The target receives a fraudulent email that claims to be from someone the target trusts, like the institution they bank at, human resources at their company, or upper management.

Somewhere in the email, the target is asked to send sensitive information for a “security check” or similar. Alternatively, they may be asked to “click here” for more information or to receive a coupon special, for example.

This is all with the goal of getting the target to do something that will allow malware onto their computer. Once this happens, the hacker who sent the phishing email will be able to steal, ransom, or corrupt sensitive company data.

The best — and in some ways, the only — way to combat phishing is to adequately train your employees and entire staff. You’ll need to teach them to:

  • Be suspicious of any unanticipated or surprising emails — especially those that ask the recipient to take certain steps
  • Double check email addresses for authenticity
  • Double check web addresses for authenticity
  • Be wary of threatening or enticing language
  • Never click on unsolicited links or attachments sent to them

If you are a CEO or C-suite member who’s concerned about the cybersecurity of your company in 2019, you’re on the right track. While the growth of your business and the frightening possibility of a recession are surely important to you as well, everything can be lost in an instant if your company is attacked by a cybercriminal. Taking steps now to better train your employees and enlist the right cybersecurity professionals to protect your business is wise and responsible.

While some might assume that fear of an economic recession would be at the top of the list of key issues CEOs concern themselves with, a recent survey found that another issue is of much greater concern: Cybersecurity. This is no surprise. For the past several years, cybercrimes and data breaches among companies large and small, […]