Do you use Microsoft Teams on a device running iOS? You should know that in October of this year, Microsoft will drop support on any versions below iOS 13. Any phones running iOS 13 will still be able to use Microsoft Teams after October, but they won’t receive any updates. This also includes important security updates. In addition, you will not be able to reinstall the build from the app store if you uninstall Teams or reset your device.
What you need to know:
- Microsoft Teams will no longer support iOS 13 or older after October 2021.
- Phones running iOS 13 will still be able to use Teams after the cutoff but won’t receive any new updates.
- Users should upgrade to iOS 14 where possible
HAVE QUESTIONS? We would be glad to answer them and discuss how mPowered IT services can transform your business. Call us at 678-389-6200 or contact us here.
The Growing Cyber Security Threat
How serious of a problem is cybercrime? A study by Cybersecurity Ventures predicts these crimes will cost the world $6 trillion a year by 2021. This is a big number, but it’s no surprise to anyone who has followed the exploits of hackers and online scammers.
Cybercrimes have become big news, with large data and security breaches at companies generating headlines, and cyberthreats from foreign locales such as China and Russia threatening U.S. businesses and elections.
The increasing amount of large-scale, well-publicized breaches suggests that not only are the number of security breaches going up — they’re increasing in severity, as well. Data breaches expose sensitive information that often leave exposed users at risk for identity theft, ruin companies’ reputations and almost always leave the company liable for compliance violations.
Security breaches have increased by 11% since 2018, and the average lifecycle of a breach in 2019 was 314 days (from the breach to containment). That’s a lot of time for data to be stolen, corrupted, or held for ransom.
Even enterprise companies and multinational corporations are discovering that their current IT security is not sufficient to fend off an ever-evolving list of cyber threats. This is perhaps most evident in the recent high-profile data breaches that have made headlines. A network breach can result in catastrophic losses of data and high costs for recovery and damage control. A breach can ruin a company’s reputation, making it harder for them to do business in the future. Security breaches at large companies are a matter of national security, as they have damaged our infrastructure and threatened our financial markets.
It’s tempting for small-to-medium sized businesses to assume that they won’t be a target of threats such as ransomware, malware, and phishing because of their size. The reality is that hackers target thousands of businesses simultaneously — size is not really a factor. If you have a connection to the internet, you’re a target.
Dependence upon cloud computing and an increasingly remote, mobile workforce means threats that compromise one system can compromise a larger network relatively easily. All it takes is a single security gap. To combat these threats, businesses are naturally turning to their own IT departments to shore up their networks, implement disaster recovery plans, and coach their fellow employees on data security.
Unfortunately, skill shortages and budget constraints have made security a significant challenge even at the largest, most well-funded companies.
To augment their own IT departments, manage costs, and gain access to additional IT resources, businesses of all sizes have relied on managed service providers (MSPs).
What is the difference between a Managed Service Provider and a Managed Security Service Provider?
It’s important to understand the difference between a managed service provider (MSP) and an MSSP. An MSP is a third-party organization that is contracted to perform ongoing IT services, essentially an outsourced IT department for businesses or organizations who do not want it all managed in-house.
A managed security service provider (MSSP) is similar to a managed service provider, but with more cybersecurity capabilities such as virus and spam blocking, next-generation firewalls, breach detection, and end user security training. An MSP can function as an MSSP as long as they offer that level of specialization and select services, which mPowered IT is.
Both MSPs and MSSPs are designed to help organizations tackle complex IT problems without taking on the burden alone. Each tends to operate on a strategic level, offering valuable solutions and insights throughout all stages of the business’ life cycle.
Why do Businesses turn to MSSPs?
Skilled IT Professionals are in Short Supply
There simply aren’t enough trained and experienced cybersecurity specialists to handle the needs of the modern threat landscape. Unfortunately, hackers and other bad actors can function alone or in small cells, but cybersecurity is typically a team effort that requires constant attention from skilled individuals.
IT Departments are Often Spread too Thin
When a business’ internal IT department becomes overwhelmed, they will often turn to MSPs or MSSPs to fill in gaps. This is generally a much faster way to find and deploy a knowledgeable team without spending months hiring and training new staff.
Even Small Businesses need to be Secure
Small businesses are being targeted more frequently as larger enterprises shore up their own security. Hackers usually look for the weakest points, and that is usually the small business who isn’t taking cybersecurity seriously, not the massive corporation with a huge IT budget.
Cyberthreats are Constantly Evolving
One of the most challenging aspects of IT is that it is constantly evolving — and that goes double for the cybersecurity landscape. IT professionals and cybersecurity specialists must maintain a constant state of continuing education to keep up with the changes in their industries. This isn’t the kind of thing that business owners or C-level executives have time to do on their own. By working with an MSSP, a business can be sure that their defenses are evolving to meet the changing needs of the times.
What Services does an MSSP Provide?
The typical MSSP works as an extension of your business through consulting, planning, and project-based action or ongoing management. Cybersecurity must work in layers, and that means every business needs a tailored suite of solutions working together to completely protect their network and data.
Here are some of the Essential Services Offered by MSSPs:
- Offsite Backups and Recovery Plans
- Employee Awareness Training
- Next-Generation Firewall Protection
- Encryption Services
- Password Regulations
- Security Assessments
- Email & Web Filtering
- 24/7 Network Monitoring
- Offsite Backups and Recovery Plans
- Antivirus Services
- Breach Prevention Services
- Automated Updates
- Dark Web Scanning
- Multi-Factor Authentication
End User Awareness Training
In most of the recent high-profile security breach cases, the cause was employee negligence — usually initiated by a phishing email or SMS text message. Humans are almost always the weakest link in a security chain, which means the weakness must be addressed through training in threat awareness and avoidance.
According to a study reported by Tech Republic, 54% of the 1,000 IT professionals surveyed said poor password policies and the careless actions of employees were the root causes of cybersecurity incidents at their companies. More than 50% of the companies surveyed had experienced a ransomware attack in the past year, and 79% of those affected said the ransomware entered their system through a social engineering attack (such as phishing).
What are the other common culprits? Poor password maintenance, a lack of two-factor authentication, or having no password regulations in place at all.
While it’s important to strengthen your network, the human factor must be addressed for your security effort to be successful. MSSPs can be contracted to create a culture of security at your company. They’ll coach your employees to recognize common security threats like phishing emails and malicious links. They can even help you establish a password policy so that passwords are updated regularly and stronger company-wide.
24-7 Network Monitoring
Most organizations can’t afford a staff of in-house IT professionals to manage their network around the clock. Network Operations Center (NOC) monitoring is an important service provided by MSPs, typically to monitor for network outages, server overloads, and other errors by scanning critical network functions. MSSPs provide 24/7 Security Operations Center (SOC) monitoring to identify security issues, manage firewalls, scan for vulnerabilities, and provide intrusion protection and prevention.
MSSPs can monitor networks continuously via their own SOC or through specialized third-party providers. In the event of an issue or security threat, engineers at the MSSP are notified and act quickly to resolve problems. This type of active monitoring is the surest way to ensure data security and minimize downtime.
Emergency Backup and Recovery
Data backup is common at most companies and often required when regulatory compliance is a factor.
Offsite data protection ensures your data is secure and ready to be recovered in the event a system crash or internal error. It also ensures your data is protected in the event of a catastrophic natural disaster. Secure, reliable backups can also serve as a means to access and recover data in the event of a ransomware attack.
To combat growing security threats, modern organizations need a layered approach to security. This includes enterprise level antivirus software as well as anti-malware, Next-Generation Firewall Protection, intrusion detection and prevention, and well-trained employees. An MSSP provides all of these security layers as part of a package to your organization.
Don’t make the mistake of relying on consumer-grade antivirus software in a business environment. While many commercial antivirus solutions are fine for personal use, they do not offer all of the solutions needed when protecting a business. You should be able to manage and monitor all your devices from a single platform. Your antivirus software should receive automated updates and provide advanced protection beyond what is needed for personal use.
Email & Web Filtering
Email filtering helps to identify spam and phishing emails and delete or quarantine them before they can do harm. Most modern email platforms, such as Gmail or Office 365, have a built-in spam filter, but hackers have become very good at bypassing these filters. Since some spam will always make into your employees’ inboxes, scam or fraudulent emails will always be a threat to your business.
An MSSP can provide you with advanced layers of email filtering services along with training to help you identify harmful emails before they’re opened and clicked. The security tools provided by an MSSP can also help you filter out malicious websites when your employees are browsing online. To increase employee productivity, you can also use web filtering to block specific types of content such as online shopping sites, social media sites, and gaming sites.
A breach occurs when data is compromised and finds it way into the wrong hands. This can happen through network intrusion, through a malicious email link, or if someone downloads your data to physical storage and then uploads it to the dark web (like from a stolen device).
With so many ways for breaches to occur, cyber defense must move beyond the IT department and into your organization as a whole by fostering a culture of security. In addition to monitoring for attacks and unusual behavior, an MSSP can help you create this culture at your company through training, monitoring, and technical expertise. They’ll help you get control over who is accessing your data so you can stay proactive and prevent dangerous activity before it occurs.
Updates to your applications, software, and operating systems aren’t just to improve functionality. Many updates are sent to protect the software or device against a new type of threat or to patch vulnerabilities that have been recently discovered. These updates don’t always download and apply themselves automatically. They must be authorized by a user, or by an administrator. Too often, important updates are neglected because internal IT staff are overstretched or unsure of what an update will do to the system. Neglected updates quite frequently leave your system vulnerable.
An MSSP ensures that you’ll never have to worry about missing updates and making yourself vulnerable to avoidable threats. Part of their job is to find outdated software and provide automated updates and patching services so you’ll never need to go through your systems and apply updates manually.
As we mentioned, humans are usually the weakest link in a security chain. One way that is true is that people are often careless with creating and maintaining their passwords. When employees are responsible for creating and maintaining their own passwords, you can expect vulnerabilities. Employees will often use the same password for all their accounts, use passwords for years at a time, or they may use a very weak password like “12345,” “password,” or their name and birthdate.
Passwords like these are easy for password cracking programs to decipher. If the same password is used for multiple logins, it could give hackers access to your entire system as well as any software you use. Part of the issue is that too much of the burden is placed on individual employees, many of whom simply want to log in and get to work without having to deal with complicated passwords.
Without any guidance, they’re likely to pick a password that’s easy to remember and stick with it. An MSSP can help your company develop a strong password policy and implement password standards for all your employees. Password regulations, or password policies, govern how your employees create, manage, and use passwords. You may also benefit from using a password manager to help your employees keep track of their passwords. This may be necessary if they use several accounts throughout the day.
Data Encryption Services
Data encryption is important for businesses that must meet regulatory requirements, but every business should include encryption as part of their security strategy. The most comprehensive approach is usually to encrypt any and all data that may be passing through or coming from your business via email, your website, or the internet in general.
Encryption is about protecting data during transit so that theft by interception is nearly impossible. There are many forms of encryption including website, email, network, and hardware encryption. Encryption is becoming the new standard for many businesses. Most major email plat- forms either encrypt emails automatically or make it easy to encrypt emails yourself. At the beginning of 2017, Wired magazine reported that at least half of the web is now encrypted.⁵
Nonetheless, managing the encryption of your data can be difficult and time-consuming. An MSSP can provide your company with Encryption as a Service (EaaS) so you can focus on other tasks with the knowledge that your data is secure. They can also provide additional network layer encryption and hardware encryption.
Many organizations are bound by regulations and must have certain security measures in place in case they are audited, but any organization that handles important data should check their security status regularly. An MSSP can help you conduct such evaluations and asses your own security. It’s important to do this regularly, as time creates gaps in security that can make you vulnerable to new forms of attack. During a security assessment, an MSSP will look for common problems, including:
- Poor network architecture
- System configuration errors
- Data integrity and confidentiality
- Weak passwords and poor password regulation
- Missing system updates and patches
- Network vulnerabilities
An MSSP can provide an initial security assessment of your organization followed by periodic assessments to keep you secure.
Dark Web Scanning
The dark web is part of the internet that is hidden from conventional search engines like Google, and thus, doesn’t attract much legitimate traffic. It acts as a marketplace for stolen data and hosts many other illicit activities and illegal trades. When a system is breached, it’s common for cybercriminals and other bad actors to post data on the dark web for sale. An MSSP can provide you with dark web scanning to help identify any of your data for sale on the dark web, thus allowing you to minimize further damages.
Although the best protection is to protect your business from breaches in the first place, dark web scanning helps to mitigate damages. It also serves as a means to located stolen data that could have been originated before your current cybersecurity strategy was put into place.
Multifactor or Two-factor Authentication (2FA) has become almost essential, as it helps to offset the risks associated with weak passwords. While you should still focus on creating strong passwords and enforcing password policies at your company, you should also take into account the possibility that at least one of those passwords will eventually be compromised. Hackers can decode passwords using cracking programs, buy them from adjacent data breaches, or bypass them using phishing scams.
Once a password is revealed, it won’t matter how strong it is. If one email account is breached, it can be used to reset the passwords of other accounts or perform further spoof email attacks within the network.
In a two-factor authentication (2FA) system, an account holder must provide two separate pieces of information to access an account. This often takes the form of a primary password and a temporary, randomly generated PIN that is usually sent to the account holder’s smartphone via SMS or email.
This can also be accomplished through a specific device that generates a random PIN, token, or password which the account holder possesses. The second piece of information, or token, is secure because only the account holder has access to it. Additional layers of security can be put in place for extremely sensitive information. For example, you can add biometrics, such as a thumbprint, as a requirement for access. Such an approach offers three layers of protection: “something the user knows,” “something the user has,” and “something the user is.”
Who are we?
mPowered IT provides a full range of IT Support, including technical helpdesk, data backup and recovery, and strategic consulting to small and medium-sized businesses. We take cybersecurity very seriously and always go the extra mile in securing both ourselves and our clients from the latest cyber threats.
We work with many types of businesses throughout the area, and strive to eliminate IT issues before they become costly and frustrating. You can continue to drive your business forward while we make sure your technology is functional and secure. Our dedicated staff loves seeing our clients succeed.
Give those hours wasted on IT problems back to your staff and create a lasting impression on your clients through superior technology services and customer care. Give us a call at 678-389-6200 or visit our website to learn more.
Learn to Spot Phishing Email | Good Email Hygiene
Avoid the spread of ransomware by learning to avoid malicious emails. Most phishing attacks can be stopped with a little diligence and awareness. Don’t let one bad click bring down your company!
Can you spot…
…use of a trusted name?
…an almost legitimate sender address?
…a generic greeting?
…attempts to create urgency?
…a suspicious attachment?
…a malicious link?
…generally unprofessional look and feel?
Train for phishing awareness
WATCH FOR GENERIC CONTENT AND GREETINGS
Greetings like “Dear valued customer” or “Important client” are a bad sign. If you or your company isn’t identified by name at the beginning of the email, be suspicious.
NOTICE MISSPELLINGS, INCORRECT GRAMMAR, & ODD PHRASING
Phishing emails from other countries (which is the majority of them) often contain poor grammar and misspelled words.
URGENCY IS THEIR MOST POWERFUL TOOL
Scammers have known this for ages: if you make someone panic or hurry, it’s much easier to make them slip up.
MANUALLY CHECK ALL LINKS
Mouse over every link to check the URL you’ll be sent to. If you don’t know for sure that it’s safe, don’t take the chance.
EXAMINE THE SENDER’S EMAIL ADDRESS
Scammers use email addresses that look almost like legitimate email servers. Be wary of addresses like “@microsoft.custsupport.com” or “@ups-service.com”
ONLY INPUT DATA ON SECURE WEBSITES
Any webpage where you enter personal information should have a url beginning with https://.
For ways to protect your small business, call mPowered IT at 678-389-6200 or visit mpoweredit.com.
Cybersecurity is a complex subject, which makes many businesses hesitate to fully address it. Don’t be one of them.
The first step to understanding the importance of cybersecurity is to realize the number and type of current threats, the potential damages they can cause to your business, and the common mistakes that increase cyber risk.
1. It’s predicted that, by 2021, cybercrime will cost the world $6 trillion annually.
2. On average, a cyberattack is carried out every 39 seconds.
3. 1 in 323 emails sent to small businesses involve malicious links or a phishing attempt.
4. 95% of cybersecurity breaches can be traced back to human error.
5. The average cost of a data breach in 2021 will exceed $150 million.
6. 60% of small businesses that fall victim to a cyberattack go out of business within six months.
7. 56% of Americans are unsure how to respond in the event of a data breach.
8. On average, SMBs experience 8+ hours of downtime during a breach.
9. 62% of SMBs lack the in-house skills to handle cybersecurity.
10. 21% of business data folders are not encrypted or access controlled in any way.
Ransomware is still one of the most common threats to businesses in 2021. Typically spread through seemingly-harmless emails, ransomware can easily make its way into your network and lock access to your systems and data.
11. 63% of ransomware victims in 2019 were small businesses.
12. During 2019, in the US, ransomware infected 113 state and municipal governments and agencies, 764 healthcare providers, and 89 universities, colleges, and school districts.
DATA Backup and Disaster Recovery
Every business should have a data backup solution in place, regardless of size or industry. With technology playing such a huge role, the prospect of losing files or being denied access to your own systems is costly — and could be devastating.
13. Only 21% of SME companies have a full disaster recovery plan.
14. The average cost of downtime to a business is $5,600 per minute.
15. The most common causes of data loss are hardware/system failure (31%), human error (29%), and viruses, malware, or ransomware (29%).
16. A simple drive recovery can cost upwards of $7,500, and success is not guaranteed.
17. 58% of SMBs say they test their disaster recovery plan just once a year or less, while 33% say they test infrequently or never at all.
For ways to protect your small business, call mPowered IT at 678-389-6200 or visit mpoweredit.com.
Since 2016, there have been 855 cyber incidents publicly disclosed by U.S. schools and districts, according to data from the K–12 Cybersecurity Resource Center. There were 348 in 2019 alone, nearly three times the number in 2018. With the increased use of technology for teaching, learning and continuing school operations in today’s remote environment, schools have also become more vulnerable to cyberattacks.
PHISHING – The most common threat is social engineering attacks, which includes phishing. Phishing is a tactic scammers use to trick users into giving them confidential information such as passwords and network credentials or installing malicious software through fraudulent downloads or attachments. Campaigns run the gamut from impersonating government agencies asking for bank account information to issue stimulus checks to fake businesses pretending to sell personal protective equipment.
RANSOMEWARE ATTACKS – Ransomware attacks, which involve bad actors encrypting data files and systems through malicious software and requiring districts to pay a ransom to regain access, are also another huge threat to school districts. These attacks are particularly challenging in a remote environment because a lot of systems aren’t necessarily set up to be automatically patched once they’re off the network.
EXPLOITATION – Cyberattacks also exploit open Remote Desktop Protocol (RDP) ports and Server Message Block (SMB), a protocol used for file sharing and access to remote services, to spread malware like wildfire. Users accessing blocked websites has become a bigger challenge with everyone working remotely.
It’s not often that the technology fails. It’s individuals behaving in ways that put an organization at risk by not using a complex password, or showing reluctance to using multifactor authentication. Educating users is important, especially with looming budget cuts that may affect spending on security improvements such as firewall upgrades and higher-level endpoint protection. Training needs to be ongoing and should include everyone in a district.
Are you interested in learning more on how an MSP could help your organization stay safe? Give us a call at 678-389-6200 or visit mPoweredIT.com.
Sources: K–12 Cybersecurity Resource Center https://k12cybersecure.com/map/
Your organization needs IT support from professionals with experience in the legal sector. How can your law firm can benefit from Managed IT Services? Are technology-related struggles becoming part of the daily challenges of running your law firm? They don’t have to be.
Why Should technology Be A Priority For Your Law Firm?
The previous decade has proven that managed IT services provide the best model for addressing the IT needs of law firms like yours. Rather than taking a break/fix approach to IT, managed services set you up with a comprehensive stack of proactive solutions, productivity tools, and risk mitigation strategies.
What challenges will arise without fully-managed it?
- Frequent support calls
When your IT support charges by the hour, it doesn’t benefit them if your tech is working the way it should. With no motivation to minimize service call volume, you could find yourself repeatedly calling them to help with a problem that never quite gets resolved.
- Rapid Escalation
A minor computer problem can quickly turn into a disaster if left unchecked. Take ransomware attacks as an example; What starts out with just one malicious email can spread throughout your entire network, locking down your data, and bringing your operations to a halt.
- High Cost Of Downtime
A non-managed IT service will only start working after something has broken — and the clock on downtime has begun.
This is why so many law firms are opting for managed support, which can be best delivered by an IT company with experience in the legal sector. Providers like us are familiar with the needs of law firms, as well as the relevant compliance standards and increased security needs that are involved.
How Will Your firm Benefit From Managed IT Services?
Much of what a law firm does is reliant on technology, whether it be maintaining records, scheduling court dates, or communicating by email. The state of your technology directly impacts your firm’s success. Fully managed IT services are generally considered the best option for keeping your technology working, your staff productive, and your data secure.
In practice, instead of waiting for something to go wrong and stepping in to correct it, an IT company that provides IT services takes on all the responsibilities of a traditional in-house IT department. This means working to prevent issues from happening in the first place.
- Protect Your Firm
Security is one of the most important aspects of modern technology. As the role of tech evolves and the depth of data expands, the number of ways your IT network can be compromised increases. Protective measures must be put in place, and your security constantly monitored.
Working with a managed IT services company, you’ll have access to cybersecurity technologies and best practices that were once only available to large enterprises. Whereas affording enterprise anti-virus solutions, advanced email security software, and end-user awareness training would be cost-prohibitive on an independent basis, doing so with a managed IT services company is extremely cost-effective.
- Vendor MANAGEMENT
Your IT system is a complex — and often expensive — investment. From budgeting to installation to ongoing maintenance, operating the hardware and software necessary to support a business is a daunting task. It also involves choosing and managing large numbers of hardware and software vendors.
The research for external service alone is enough to frustrate anyone that would rather just have their IT infrastructure meet their business needs without all the hassle. You also need to communicate with vendors in other areas of your firm (copiers, alarm systems, phones, etc.) to address all of your needs.
As their technologies integrate into your IT environment, you need to make sure they’re being managed properly. Your IT support should make use of every industry connection they have in communicating with third-party vendors on your behalf. Whether they are software developers, Internet service providers, copier or telephone companies, your IT company should work on your behalf to get the best solutions, products, and services for your business.
- improved Efficiency and productivity
Downtime is extremely harmful for businesses of all types. Small businesses with up to 50 million in annual revenue reported last year that just a single hour of downtime cost them $8,600. The main cost of downtime is not remediation, it’s the loss in your firm’s productivity. If an IT-related or natural disaster occurs and takes critical systems offline, employees will be unable to complete their tasks, yet your normal business expenses will carry on.
During downtime, you will incur all the expenses of running a firm without the revenue you would usually generate. Even if downtime does not bring your entire operation to a halt, some of your staff will have to divert themselves from their normal work to mitigate the problem resulting in wasted hours. While your systems are down, it’s almost certain you can’t deliver services, conduct research, or communicate effectively with clients.
The fact is that downtime is often the result of poorly supported IT. The best way to approach downtime prevention is proactively – you need to keep an eye out for minor issues that could spiral into total stoppages. You should implement and test backup solutions to minimize losses from outages. You need to enhance your cybersecurity to protect against cybercrime.
Clearly, that’s a lot of IT to handle on your own, especially when you have other work to focus on. This is exactly why Managed IT Services companies have become so popular in the legal space. They’ll provide 24/7 active monitoring of your systems, enact business continuity best practices, backup solutions, and cybersecurity services that will keep costly downtime at a minimum. Managed IT providers are simply the easiest, fastest way to turn your technology into an asset instead of a hassle.
For more information, call mPowered IT at 678-389-6200 or visit mpoweredit.com.
Every business is looking for affordable proactive IT management and support. The managed service approach should provide a range of necessary, proactive services that will keep your technology running and productive. These services include Virtualization, Server Infrastructure, Data Management, Operating Systems, Security, Unified Communications, Cloud Solutions, and more.
DATA CENTER/NETWORK ADMINISTRATION
Critical IT infrastructure is our specialty, and our data centers hold the highest level of security certification, verified through regular audits. As well as holding true to various IT compliance standards, we meet the stringent criteria laid out by the banking and payment sector — Payment Card Industry Data Security Standard (PCI-DSS) — and healthcare — HIPAA. Our flexible end-to-end data center services can help to accelerate your business growth and satisfy any number of data management needs.
The right mix of private and hybrid cloud solutions can meet your needs while cutting your overall IT expenses. With the continued and accelerating move to cloud computing, notably IaaS and SaaS, we are focused on providing a managed services-led solution that makes transitioning your business to the cloud a snap.
Our managed cybersecurity services are designed to supplement or replace in-house security staff. As a true managed security service provider, we provide solutions for today’s most complex information security challenges. Through active monitoring and live remediation, our services help eliminate blind spots and minimize your risk profile.
APPLICATIONS MANAGED SERVICES
Our team delivers world-class applications management, customized for your specific operational needs. Drawing on extensive expertise across a wide array of enterprise applications, our application support and maintenance services include enhancements, 24×7 support, production support, service help desk, monitoring, and more.
ENTERPRISE SYSTEM MANAGEMENT
Enjoy the benefits of hosting, consulting and support services, and proactive monitoring all from a single provider. You gain access to a systems management operating system, as well as a host of support functionality to keep your systems productive through the power of the cloud, and offer you an integrated view of your entire infrastructure.
END USER COMPUTING SERVICES
Our team can evaluate your computing needs to align them with best-practices, giving you an environment that delivers consistency and reliability at all times.
For more information, call mPowered IT at 678-389-6200 or visit mpoweredit.com.
Research shows that most law firms are confident about their cybersecurity — but are they really as safe as they believe?
Cybersecurity and Your Law Firm
The legal sector is facing truly challenging opponents outside of the courtroom – cyber criminals.
The stakes have never been higher.
These rising threats are why cybersecurity is becoming a more common topic of discussion in the legal industry. And while surveys have shown that 80% of legal organizations consider their cybersecurity to be sufficient, that may not be the case.
“[…] cybersecurity practices at law firms are generally not very strong,” says Eli Wald, author of Legal Ethics’ Next Frontier. “[…] lawyers in general tend to delegate cybersecurity concerns and responsibility for infrastructure to others, usually the IT group, and so they may not know how vulnerable they are.”
Why Are Law Firms Targets For Cybercriminals?
The short answer is that law firms store lots of private data about their clients. “Law firms present a tempting target for cyber crime,” says Jason Rorie, CEO of MSP Overwatch. “Their servers hold incredibly valuable personal information.”
“Cybercriminals tend to focus on targets that are rich in personal or financial data,” adds Rorie. “They gain access to the data through ransomware or a breach, then sell it on the Dark Web to other criminals who use it in a number of ways.”
Stolen private data is used for everything from voter fraud to opening credit accounts. This activity often happens months after the initial theft of the data.
How Are Legal Firms Addressing Cybersecurity?
Recently, a third of in-house counsel respondents in “The State of Cybersecurity Report: an in-house perspective” reported that they had experienced a data breach. Cybercrime is only expected to grow from here, with the occurrence rate of data breaches estimated to increase by 22.5% each year up to 2023. According to a recent study by the American Bar Association (ABA):
- 75% of firms are using some anti-virus software.
- 58% of responding firms are using a firewall or anti-phishing software.
- 33% of firms are using email encryption software.
- 25% are using device encryption software.
- 17% of law firms have some directory security in place.
- 25% of firms train their staff on cybersecurity best practices.
5 Ways to Improve Your Cybersecurity Posture
1. Two-Factor Authentication
Two-Factor Authentication is the current standard for adding an extra layer of protection to existing system and account logins. 45% of polled businesses began using 2FA in 2018, compared to 25% the year prior. Biometrics like fingerprints, voice, or even iris scans are also options, as are physical objects like keycards. Complete security usually demands multiple authentication methods: something you know (like a password), something you have (like your phone for 2FA), and something you are (like a fingerprint or other biometric).
2. Data Encryption
Encrypted data is formatted using a key, storing or transmitting it in such a way that it would be meaningless if intercepted. It is one of the most efficient ways to secure a database given that decryption can only take place with the correct key.
3. Access Monitoring
In addition to encryption, the client data you store should be protected from unauthorized access:
- A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users from gaining access to your data. Firewalls are deployed via hardware, software, or a combination of the two.
- Intrusion Detection. One of the only surefire ways to protect your network and data is to actively watch over it. A Security Operations Center (SOC) can monitor your network traffic around the clock and respond to any intrusion attempts in real time.
- Length and Complexity. The easier it is for you to remember a password, the easier it’ll be for a hacker to crack.
- Personal Information. Password recovery systems use personal details to verify a user’s identity – unfortunately, with widespread use of social media, it’s not difficult for hackers to research a target through Facebook to determine when they were born, information about their family, personal interests, etc.
- Numbers, Case, and Symbols. While it may be easier to remember a password that’s all lower-case letters, it’s important to mix in numbers, capitals, and symbols in order to increase the complexity.
- Avoid Patterns and Sequences. “abc123”, or the first row of letters on the keyboard, “qwerty”, etc., are extremely easy for hackers to guess.
5. Avoid Dangerous Emails
Always exercise caution when it comes to clicking on a link or downloading an attachment. Be careful even if the email seems to be coming from a known source or even from within your organization as email addresses are often spoofed:
- Be wary of links and attachments in email messages. They may contain malware that can infect your computer.
- Confirm the real sender of the message. The company name in the “From” field should match the address. Also, watch for addresses that contain typographical errors or lookalike domains like “email@example.com”.
- Hover over the URL in the email to view the full address. If you don’t recognize it, or if all the URLs in the email are the same, phishing is likely.
Cybersecurity is as complex as it is essential. Most law firms don’t have the resources (or the desire) to handle everything on their own. A knowledgeable IT services company can make all the difference. An IT provider with a proven track record of cybersecurity success can help you develop a cybersecurity plan capable of defending your law firm and your clients against hackers.
For more information, call mPowered IT at 678-389-6200 or visit mpoweredit.com.
Your Own Employees are Your Biggest Threat – and Last Line of Defense Against a Ransomware Attack on Your Business
Major ransomware attacks are on the rise across the country, not just taking down single businesses, but entire infrastructure systems. The cybercriminals are gaining in sophistication, finding more clever ways to hack into your network. They hold your systems and data hostage and demand payment.
What can your business do about it?
Train Your Employees!
In the past, cybercrime was easier to notice and avoid. Today, the criminals are savvy and can fool even those who are watching and aware. Your employees are answering phone calls and emails all day every day, and they need to be well trained and hyper aware of the dangers around them. All it takes is one employee responding to a bogus email, or providing a bit of information on a phone call, to allow a cybercriminal access to your network.
Most employees already know to ignore emails from people they don’t know, and never click a link from an unknown sender. But increasingly bogus emails are looking exactly like real ones. Phone calls can seem to be from legit sources, and the person on the other end knows exactly how to gain trust and extract information.
mPowered IT CEO John Mamon is a huge advocate for training employees to protect the employer’s business. “We have extensive technology to protect businesses from all kinds of security threats, and they work extremely well,” he explained. “But one employee can innocently give a hacker enough info to get into your system and hold your data hostage. The employee won’t even know they did anything wrong.”
Small businesses are ripe for ransomware attacks
Most small business don’t have real security measures in place, or the security they have is outdated and ineffective. Security measures have to keep innovating to stay ahead of cybercriminals, who spend all day every day thinking up more devious ways to get your data, take your money, or both.
To stay ahead of the criminals, you need an MSP who focuses on security, stays ahead of security technology, and can train your employees to be the last line of defense.
For more information, call mPowered IT at 678-389-6200 or visit mpoweredit.com.
There is no one-size-fits-all solution in the world of business technology. That said, the best IT providers will approach your situation with fresh eyes and develop a plan tailored to your unique needs.
Your IT provider should start by asking discovery questions that will inform them about your business. Only by understanding what you do and how you do it will the MSP be able to properly serve you.
Do you want to scale production? Improve customer service? Improve fulfilment? On the surface, it might not seem like technology can affect so many aspects of your business. In truth, an IT provider knows that technology can support — or hinder — every part of your business. A technology plan must address this and holistically support your plans for the business.
Your IT provider should be fully versed in business technology. Having skills that go beyond setting up basic hardware is crucial. Maintaining an entire network of computers, servers, peripherals, and devices requires many years of experience and high-level knowledge. MSPs need to have a deep understanding of business processes and industry best practices. This is especially true when cybersecurity and compliance come into play.
When interviewing a potential managed IT service provider, ask about scalability, staff with specific skill sets, proactive versus reactive support methods, and what they hold as general best practices in IT management. These questions tend to be far more important than those regarding the size of their support staff or their software certifications.
Choose a managed service provider that knows how to leverage technology to improve your business and has the expertise to make it happen. Avoid the provider that will only fix issues as they occur rather than helping you maximize your investment.
A good managed service provider should have your back 24/7/365. They should monitor your systems around the clock and resolve any problems regardless of the time or date. IT problems don’t take holidays off.
While remote monitoring and service can handle many problems, there are situations where an IT provider needs to come on-site for a fix or audit. These visits should always be accounted for in your plan, either built into the invoice or defined through blocks of prepaid time. Ensure that you know what you’re paying for and that you won’t be surprised with additional charges down the road.
For an IT company, maintaining consistent results and delivery is critical. Your IT company should be able and willing to share examples of their documented policies and processes, and show how they would be applied to your business. It’s a red flag if they can’t explain what they do, how they do it, and why it is effective. This also applies to current partnerships. Trustworthy MSPs are happy to share details of their value and can demonstrate how they justify their cost.
In addition to the above, make sure your prospective IT provider offers:
- Proactive monitoring to detect and prevent problems before they cause downtime, data loss, or other catastrophes.
- Modern detection and alert solutions, good response times, scaling potential, automation, and a comprehensive web-based user portal.
- Regular audits of your technology, tests of backup and recovery systems, and comprehensive cybersecurity solutions including training.
The IT infrastructure of today has changed considerably since a decade ago. The typical office will have many desktops, laptops, servers, mobile devices, IoT gadgets, and software — and just as many different vendors.
An IT provider should design a support plan that encompasses all of your business’ technology. They must be able to handle all of the different software companies and vendors that make up your tech ecosystem. An MSP who has good relationships with multiple leading vendors is ideal, as is an IT provider who is familiar with your industry’s proprietary software.
On the other hand, you should seek out an IT provider who is vendor neutral. If they are contracted or partial to using only certain vendors’ products, you could end up with solutions that aren’t exactly right for your needs. A good MSP should always focus on selecting the technology that provides the best results for you.
HAVE QUESTIONS? The team at mPowered IT will be glad to answer any questions you may have about how managed IT services can transform your business. Call us at 678-389-6200 or contact us here.