It’s scary to think that most businesses don’t know if their data backup and disaster recovery plan will work until it doesn’t. Here are 4 quick questions to ask yourself about your IT service provider’s backup and disaster recovery plan.
#1 Does my service provider perform periodic test restores of my backups to make sure the data is not corrupt and could be restored in the event of a disaster?
mPowered IT: We regularly perform a test restore from backup for our clients to make sure their data can be recovered in the event of an emergency. After all, the worst time to “test” a backup is when you desperately need it.
#2 Does my service provider offer both off-site AND an on-site backup with monitoring?
mPowered IT: One size does not fit all clients. We always recommend the most appropriate and up-to-date backup option for your business, and we diligently monitor for successful completion.
#3 Does my service provider insist on backing up my network BEFORE performing any type of project or upgrade?
mPowered IT: We do.
#4 If I were to experience a major disaster, does my service provider have an option for how my data could be quickly restored and/or one that enables me to work from a remote location?
mPowered IT: All clients receive a simple disaster recovery plan for their data and network. We encourage them to do a full disaster recovery plan for their office, but at a minimum, their network will be covered should something happen.
Your business relies on its data – your customer database, employee records, inventory, work files, financials – everything. If your network crashes and your backup system doesn’t restore your data as promised, your business will come to a halt until it’s restored. Many small businesses do not survive the cost of a network disaster.
There’s no need to fret about gloom and doom scenarios. You just need to be able to trust your IT service provider to keep your data safe. If any of the four protocols above are not part of your provider’s business model, please call us at 678-389-6200 or contact us online.
Penetration testing is a security exercise where a cyber-security expert attempts to exploit vulnerabilities in your computer system. The purpose of penetration testing is to identify any weak spots in your system’s defenses in which attackers could take advantage.
This is like a bank hiring someone to think like a burglar and try to break into their building and gain access to the vault. If the ‘burglar’ succeeds and gets into the bank or the vault, the bank will gain valuable information on how they need to tighten their security measures.
Many times it’s best to have a penetration test performed by someone with little-to-no prior knowledge of how the system is secured because they may be able to expose blind spots.
At mPowered IT, our industry leading penetration tests are standards-based. They are closely tied to the fundamentals found in the Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES) and the Open Web Application Security Project (OWASP) Penetration Testing Guide.
What we provide is not simply a digital scan and a generic report. Our penetration testing is thorough and comprehensive, performed by trained professionals. Our goal is to identify areas of risk that impact the security of your systems and data.
Having knowledge of your system’s vulnerabilities is step one. Step two is doing something about it. We provide a custom remediation plan tailored specifically for your organization’s needs for security and compliance, within your budget.
For more, call us at 678-389-6200 or contact us online.
If you’re paying someone to keep your network running, you should expect – at minimum – that your network is nearly always running as it should, with very few issues. And when you do have an issue, they should have the same sense of urgency that you have to resolve it.
Here are 5 quick questions to ask yourself about your IT service provider.
#1 Is your service provider committed to a quick response to service requests?
mPowered IT: We respond to service requests in 15 minutes or less. This is part of our promise and commitment to delivering an exceptional IT service experience.
#2 Does your service provider consistently (and proactively) offer new ways to improve your network’s performance, or do they wait until you have a problem to make recommendations?
mPowered IT: We work as your CIO, always making sure your technology is serving your business interests. We help our clients look for new ways to help improve their operations, lower costs, increase efficiencies and resolve any problems that may be arising. We help our clients be more profitable, efficient and competitive.
#3 Is your service provider’s help desk US-based or outsourced to an overseas company or third party?
mPowered IT: We provide our own in-house help desk, staffed by American engineers, and we make sure the folks helping you are friendly and helpful. We consider this one of the most important aspects of customer service.
#4 Does your service provider take the time to explain what they are doing and answer your questions in terms that you can understand (not geek-speak)?
mPowered IT: We want every user to have a great experience, so we treat every customer with respect and help them to understand the issues. We welcome questions and are happy to answer them. That’s giving an “Extra Scoop”.
#5 Is your service provider familiar with (and can they support) your unique line-of-business applications?
mPowered IT: We own the problems with all line-of-business applications for our clients. That doesn’t mean we can fix faulty software – but we WILL be the liaison between you and your vendor to resolve problems you are having and make sure these applications work smoothly for you. We will never point fingers, and that goes for your other vendors like the Internet Provider.
mPowered IT likely costs the same or less than what you’re currently paying, and you get the “Extra Scoop Experience”! We go out of our way to make sure every client loves our service. We are so committed, the owner of mPowered IT wrote a book about it!
For more, call us at 678-389-6200 or contact us online.
Most business don’t realize that there are no set standards or regulations for accountability in the IT industry. So, your current provider could be highly accountable, but you may not know that until a situation puts them to the test – unless you just ask a few good questions.
#1 When something goes wrong with your internet service, phone systems, printers or other IT services, does your service provider own the problem or do they say, “That’s not our problem to fix”?
mPowered IT: We feel WE should own the problem for our clients so they don’t have to try and resolve any of these issues on their own – that’s just plain old good service and something many managed services providers don’t do. I call that adding an “Extra Scoop“!
#2 Does your service provider have other engineers on staff who are familiar with your network in case your regular engineer goes on vacation or gets sick?
mPowered IT: Our customers have an assisted team dedicated to your support and we keep detailed network documentation (basically a blueprint of your computer network) and updates on every client’s account, so any of our engineers are able to help you If necessary.
#3 Does your service provider complete projects on time and on budget?
mPowered IT: Generally speaking, all projects are fixed-priced and are completed on time. This is important because some service providers will only quote “time and materials,” which can become an incentive to take more time than is necessary to complete the project.
#4 Does your service provider issue detailed invoices that clearly explain what you are paying for?
mPowered IT: We provide detailed invoices that show what work was done, why and when, so you never have to guess what you are paying for. We also double-check our invoices for accuracy before they are sent to you.
#5 Does your service provider have adequate errors and omissions insurance as well as workers’ compensation insurance to protect YOU?
mPowered IT:: Here’s something to consider: if your provider caused a problem with your network that causes you to be down for hours or days, or to lose data, who’s responsible? Here’s another question to consider: if one of their technicians gets hurt at your office, who’s paying? In this litigious society we live in, you better make sure whomever you hire is adequately insured with both errors and omissions insurance AND workers’ compensation – and don’t be shy about asking to see their latest insurance policies!
At mPowered IT, we hold ourselves to the highest standards are always transparent and accountable for our work. You won’t even have to ask. We’ll prove it each day.
For more, call us at 678-389-6200 or head here for more information.
IT cybersecurity professionals have been challenged to the hilt through the first half of 2020. At the height of the pandemic, phishing attacks increased by upwards of 600% – all while executives made haste to move to the Cloud or increase their remote workforce infrastructure.
Industry leaders have been so busy dealing with emergencies at hand, they haven’t had a moment to prepare for emerging cybersecurity threats.
As Gartner analyst Peter Firstbrook explains, the changes implemented to deal with the pandemic “accelerated digitalization of business processes.” And putting operations on a wireless fast track may have left organizations increasingly vulnerable to wide-ranging threats. According to antivirus software giant Norton, these are the top cybersecurity threats organizations may not be prepared to handle:
- Deepfakes: This trick uses artificial intelligence to combine words and create phony images and messaging.
- Synthetic Identities: This new method to perpetrate fraud blends real and fabricated personal identity information to build a representation of a real person.
- AI-Powered Digital Attacks: Cybercriminals can now create programs that even replicate human behaviors to fool people into providing sensitive financial information.
- 5G Challenges: The rollout of 5G is expected to increase cybersecurity risks on the Internet of Things (IoT) logistics networks.
- Auto Hacks: Increased reliance on technology in cars, SUVs, and other vehicles, has cracked the door for a new type of automobile hack.
- Cloud Jacking: This type of cyber-attack leverages weaknesses in programs and systems to penetrate Cloud-based networks and use them to mine cryptocurrency.
- Ransomware Attacks: According to Security Magazine, more than 151 million ransomware attacks were carried out during the first three-quarters of 2019 alone. They show no sign of slowing down.
Decision-makers who are finally getting their feet under them would like nothing better than to focus exclusively on profit-driving endeavors – but that can all be brought to a screeching halt by a debilitating data breach or costly ransomware attack.
The question industry leaders need to ask right now is: are we prepared to deal with critical threats? These are the strategies cybersecurity consultants believe are the solutions going forward:
Chief Security Officers
Given the emergence of non-traditional threats that evolved during 2019, organizations are looking for enterprise-level chief security officers (CSOs) to deliver on the promise of increased investment. Managed IT professionals rallied around the banner of “enterprise-level cybersecurity” for years. But perhaps the missing piece of the puzzle was decision-makers who understand the underlying infrastructure and salient details.
As ransomware attacks, GPS spoofing, and the next scheme rears its ugly head, having a security professional who can assess, secure, defend, and pivot with agility could make a significant difference. Either CSOs will need to catch up to the wave of next-generation threats or make way for a new breed of enterprise-level executives.
The Need For Privacy-Compliance Professionals
Complying with government data privacy and protection regulations appears to be growing into a discipline of its own. New York, California, and even the EU have pushed through regulations that have national and global implications. And although these laws are stringent, they don’t even scratch the surface of industry-specific data protection and privacy oversight.
Industry leaders find themselves at a crossroads in 2020, deciding whether to create a full-time management position to provide regulatory oversight or outsource. Many are opting to work with a high-level cybersecurity firm to harden their defenses and ensure best practices that always meet or exceed compliance regulations.
Growth in Zero-Trust Networks
In some cybersecurity circles, consultants advocate for an increase in zero-trust networks that shield applications and data from the view of prying eyes. Although virtual private networks (VPN) were considered high-level protection for remote workers, zero-trust appears to be proving even more beneficial. The underlying premise is that a VPN might be difficult to uncover, but a hacker can wreak havoc once breached. Zero-trust networks, by contrast, limit access by the user. Even if a digital scammer swipes someone’s login information, they gain only limited and managed access.
The advanced schemes trolled out by digital thieves gives industry leaders and cybersecurity specialists a headache every year. Although hackers in 2020 leverage cutting-edge technologies, these bad actors can still be contained.
If your organization, like many others, could be vulnerable to these or other next-generation cybersecurity threats, it’s time to harden your defenses. A third-party cybersecurity firm can conduct a full review of your network, evaluate best practices, compliance, and provide a report. With this objective information in hand, your organization can be prepared, come what may.
Need help? Reach out to us at 678-389-6200 or contact us online.
The COVID-19 lockdowns have naturally changed how many organizations and companies operate. Educational institutions are embracing virtual classes, events that were previously held in person are now fully virtual, and a whopping 98% of employees worked from home to avoid spreading the novel coronavirus. Sadly, not all IT managed service providers were able to keep up with their customers’ needs during this challenging time, leading disaffected business owners to search for new IT managed services that can handle a company’s current and future IT challenges.
While finding a competent IT service is imperative, it’s also vital to know how to change companies without disrupting your current IT operations. The following are some expert tips that can help a company transition to a new IT service safely and smoothly.
Don’t tear up your contract with your current IT managed service provider until you find another provider that can take their place. Furthermore, you’ll need your new provider to get to work on your IT set-up right away. Once your new IT service has everything under control, you can pull the plug on your former IT service.
What does this operation entail? Here are some steps you’ll need to take to make sure your business is ready to switch IT managed services:
- Make sure you have all your login information and administrative access to all your accounts. Any decent IT managed service will provide you with this information even before you ask for it. Sadly, some subpar services try to hold onto your information to force you to continue to work with them.
- Have your new company do a thorough cybersecurity assessment of your business to ensure there are no back doors that former IT technicians can use to gain access to your valuable company information.
- Let your staff members know that you will be changing IT managed services by a specific date. Inform them of new protocols that will be put in place once you make the switch.
- Schedule IT training sessions with your new managed IT service as soon as possible so your staff members can learn how to master new programs and cybersecurity rules quickly and easily.
What Does a Good Managed IT Service Look Like?
Selecting the right IT managed service provider to replace your current IT service is no easy task. Here are some tips that can help you make smart decisions.
- Make sure the IT managed service is familiar with your industry.
- Look up reviews online and ask prospective IT managed services to provide references from clients they have worked with in the past.
- Ask about the pay structure. It should be a fixed monthly price, with allowance to scale services as the need arises.
- Make sure the IT service can meet your future needs as well as your current ones.
- Choose an IT service provider that puts a premium on cybersecurity services. Data breaches are becoming more commonplace than ever, with more than eight billion records exposed in the first quarter of 2020 alone.
Switching IT managed services can be challenging. It shouldn’t be done in a hurry; at the same time, you shouldn’t hesitate to find a new service provider if your current one is unable to meet your present and future needs. Do careful research to ensure your new provider is the best fit for your business, and start the transition process before notifying your current IT company that you will no longer use its services. Doing so will protect your business from disruptions while improving your IT efficiency and security.
Time to make a change? Interested in switching to an MSP? Reach out to us at 678-389-6200 or contact us online.
Internal IT vs. Outsourcing IT: The Value of Outsourcing to a Managed Service Provider
The question of whether to outsource or rely on an internal IT team is common. Services that were once considered “nice to have” are now necessities – including machine learning, artificial intelligence, and cloud computing. While they add a lot of value to your business, they can be difficult to manage if you don’t have a reliable team of IT experts.
Why Outsourcing To An MSP Make Sense
While having an in-house team presents unique benefits, the value of outsourcing is unrivaled. Some of the reasons why it may be a better choice include the following:
1. Optimized Uptime and Consistency
Having an in-house team is a good idea, but how do you deal with issues after their working hours? Your in-house team has specific working hours. They may need to be away from work because of sickness or personal emergencies. Even the slightest problem could cost you days or hours of work. Outsourcing takes care of that problem. You can enjoy consistent and comprehensive IT support. Your MSP can handle issues as soon as they occur. They are available 24/7 and don’t need to take breaks. Your provider offers regular maintenance to promote peak efficiency.
With cybersecurity, consistency is critical. Most ransomware attacks happen outside regular working hours. If you rely on your internal team, you need to wait until the next business day to address them. MSPs, on the other hand, can keep your business safe while you are away.
2. Specialized IT Support
Your in-house IT experts may do their best, but they are unlikely to deliver the expertise you need to take advantage of modern technologies. As your business evolves, you may need to train them or hire a new team. However, the right MSP can cater to the needs of your business as it grows. With their help, your business can take advantage of the latest technologies.
3. A Variety of IT Skillsets for Your Company
Your MSP can provide you with a range of skillsets that are essential for successful network management. They can provide you with IT strategy and planning, cybersecurity, and cloud and mobile expertise. Finding members of an in-house team that have all of these skillsets is difficult, especially if you have a limited budget. The most realistic way to take advantage of all possible competencies is by working with an MSP.
4. Maximizing Productivity
Outsourcing is a smart way to free up some time for your team. They can focus on the core purpose of your business while your MSP focuses on IT matters. Your MSP handles issues that your in-house employees would otherwise waste a lot of time trying to resolve.
5. Safeguarding Your Institutional Knowledge
If you choose to work with an in-house team, you may need to spend a lot of time and money training them. When they leave your company, they take all your institutional knowledge with them. The IT industry is competitive, and your former employees are likely to share what they learned from you with their new organizations. With an MSP, you don’t need to go through the trouble of hiring, training, and rehiring staff members. They are a long-term partner that gets you through all the stages of growth.
6. Saving Money
Working with an MSP may be cheaper than hiring an in-house team. It cuts out the cost of training and hiring employees. With MSPs, your business can have less downtime and improved productivity.
The benefits of outsourcing IT services outweigh the advantages of working with an in-house team. The most outstanding ones include safeguarding your institutional knowledge, improving your productivity, 24/7 support, and specialized IT support.
Interested in switching to an MSP? Reach out to us at 678-389-6200 or contact us online.
Protect Yourself – Use Two-Factor Authentication for Your Business
Two-factor authentication is something every business should be using to protect themselves and their customers. You know the value of adding layers of security to your business – if you have a brick and mortar operation, you probably have a lot more than a simple lock on your front door. Security cameras, alarms, barriers, and more are common for most businesses because one layer of security is never enough.
The same is true for online security. Two-factor authentication gives your business and customers another layer of protection beyond the standard password – so why not use it to improve your security?
What is Two-Factor Authentication?
You’ve probably already encountered two-factor authentication as you navigate the internet for personal or business reasons – all the major tech companies like Google and Facebook are using it because it. The process of two-factor authentication goes something like this:
- Input your username and password. Two-factor authentication starts off just like your standard security measures. You input your username and password for the site you are trying to access or the app you are trying to use. This is the first step of the authentication process, the first factor.
- Provide a second factor to authenticate yourself. Here is where two-factor authentication becomes special. It asks for you to provide a second factor that is much harder for hackers to mimic. For example, it might ask to send an authorization code to your smartphone or ask for your fingerprint to verify your identity. Hackers are much less likely to have these available to mimic you and try to access your account.
You have definitely encountered the older way to verify your identity – security questions. But over time, security questions have become less and less effective at protecting your information. Most security question answers can be found on your social media account, after all. Hackers can spend just a little time doing some research to find all the answers they need, particularly if they have already stolen your password from another site.
How to Use Two-Factor Authentication in Your Business
You can easily implement two-factor authentication into your current business security efforts – both for your employees and your customers. There are multiple ways you can use two-factor authentication, including:
- Text Messages (SMS). Most people prefer to use SMS to verify their identities over the other methods listed below because it is so easy to check your text messages and access the authorization code. All the user needs to do is log in with their username and password, then receive the code through SMS and type the code into the verification box. The only drawback to this method is that if the user loses their phone they can’t authenticate.
- Email. You can also allow users to send their verification code to their email. They need to be able to access their email – which usually isn’t a problem – but if they can’t this method would not work. The other problem that can come up with emails is that they can sometimes get caught in spam filters and never arrive at the person’s inbox.
- Phone Call. While this option is not used nearly as often as the two above, it is a possibility depending on the system you are using. The user can choose to get a phone call which will use text to speech to deliver the code they need to log in.
- Tokens. Some companies find it easiest to give employees tokens, either hardware tokens like key fobs or software tokens through apps, that can then be used to provide the second factor in the authentication process.
- Push Notifications. It is possible to get an app that will allow users to receive push notifications so that they can authenticate their accounts. They get the notification, then click yes or no to authenticate.
Two-factor authentication is possible using a variety of methods – the most important thing is that you start using it to begin with. Whichever authentication method you choose, your business and your customers will be more secure as a result.
Need help setting up? Reach out to us at 678-389-6200 or contact us online.
How to Protect Your Business From the Surge in Phishing Websites
As the entire world is worrying about the coronavirus, cybercriminals are taking advantage of the global crisis to line their pockets. Google reports that there has been a 350% increase in phishing websites in the last two months alone. This threat is genuine, and you need to take steps to protect yourself, your business, and your data.
What Is a Phishing Website?
Phishing websites are designed to steal your information, but they can work in a variety of different ways. For instance, a cybercriminal may make a website that looks like your bank site. You think the site is real so you enter your username and password, and then, the criminals have everything they need to access your account.
Similarly, a phishing website may look like it’s for a charity helping people with the coronavirus. In fact, it’s just a scam designed to steal money and credit card information. In some cases, phishing websites download malicious files to your computer when you visit them — once executed, these files may encrypt your data until you pay a ransom, copy all your keystrokes, or steal information from your computer in other ways.
Rise in Phishing Websites During the Coronavirus
In January, Google reported that it knew of 149,000 active phishing websites. By February, the number almost doubled to 293,000. As the virus began to take hold in the United States in March, the number increased to 522,000. That’s a 350% increase since January.
During the coronavirus, the most significant increases in phishing sites have happened during the most stressful times. The most significant day-over-day increase occurred on March 21st, the day after New York, Illinois, and Connecticut told their residents to shelter in place. The second-biggest increase? March 11th, the day the World Health Organization declared the virus as a pandemic. Both of these days saw about a threefold increase.
Unfortunately, no one is immune — one survey indicates that 22% of Americans say they have been targeted by cybercrime related to COVID-19.
Critical Strategies for Protecting Yourself From Phishing Websites
To protect yourself and your business from phishing websites, you need to take a multi-pronged approach. Keep these essential practices in mind:
- Educate your employees about the risks of phishing websites. Send out a newsletter, set up a training session over videoconferencing, or find another way to talk with your employees about how to protect your business from phishing attacks.
- Don’t click on links in emails from unknown senders. A lot of cybercriminals use phishing emails to direct users to their sites. If the email appears to be from someone you know, double-check the sender, and consider reaching out to them directly before clicking on any links.
- Invest in quality cybersecurity tools that block malicious websites, prevent your computers from executing approved applications, or protect your network in other ways.
- Be aware of the signs of a phishing website. These may include misspelled names of companies or charity organizations or forms that ask for information you usually don’t provide. For instance, a phishing website trying to steal your bank details may ask for your username, password, and PIN, while your bank’s actual website only requests your username and password.
- Advise your team to be selective about the websites they visit. Ideally, if they are searching for information on the virus or trying to donate, they should go to sites that they know and trust, rather than going to unknown websites.
- Work with a cybersecurity specialist. They can help you safeguard your network, which ultimately protects your money, your data, your business, and your reputation.
To stay as safe as possible from cybercrime during the coronavirus, you need to be aware of the heightened risks. If your team is working remotely, your network is likely to be even more vulnerable than usual.
To get help protecting your team, reach out to us at 678-389-6200 or contact us online.
Zoom Scrambles to Address Cybersecurity Issues in Meeting Platform
The Zoom platform has increasingly has been the target of hackers exploiting the vast numbers of users working from home. As Zoom usage skyrockets around the world, so too do the opportunities to exploit users unfamiliar with the tool. According to MarketWatch, the company’s daily active user count was up 378% from a year earlier, as of March 22,
How Are Hackers Exploiting the Zoom Platform?
For many exploits, it starts with a website.
According to Check Point, more than 1,700 domains have been registered using the word zoom in the first three months of 2020. Many of those domains point to an email server, which can indicate the site is part of a phishing scheme.
Remote workers may receive seemingly official meeting notices using the Zoom platform. Hackers ask recipients to head to a login page and enter their corporate credentials.
It’s a perfect storm that’s playing into the hands of hackers. It also means companies need to be vigilant in helping users understand how to access and use the platform and other tools used in this paradigm shift of how work is done.
“Zoom users should be aware that links to our platform will only ever have a zoom.us or zoom.com domain name,” a spokesman noted. “Prior to clicking on a link, they should carefully review the URL, being mindful of lookalike domain names and spelling errors.”
What Is Zoom Doing to Protect Users?
Zoom has had to take several steps recently to address security concerns related to its dramatic usage growth. The company has increased its training sessions and reduced customer service wait times. Here are several of the other issues that Zoom has addressed:
- Zoombombing: Multiple incidents of “Zoombombing” have arisen in recent weeks. According to NPR, “…intruders hijack video calls and post hate speech and offensive images such as pornography. It’s a phenomenon so alarming that the FBI has issued a warning about using Zoom.” That’s led to wider use of passwords, waiting rooms, and muting controls. Never post a public link to a Zoom meeting.
- Windows 10. The company has addressed an issue that affected those using Zoom’s Windows 10 client group chat tool. If participants used the tool to share links, the Windows network credentials of anyone who clicks on a link were exposed.
- Facebook Interface for Apple Devices. Zoom removed Facebook’s software developer kit from its iOS client to prevent it from collecting users’ device information.
The company announced it was freezing all feature enhancements to redeploy software engineers to focus on what it calls “our biggest trust, safety, and privacy issues.”
How Can You Protect Zoom Users from Cyberattacks?
Here are some tips to ensure that Zoom users are protected:
- Use password features to require meeting attendees to log in before being allowed access.
- Update the software. Upon finishing a meeting, the software will check to see if an update is necessary
- Encourage managers to use the Manage Participants section features, which can control the use of users’ microphones and cameras. Sharing restrictions are also a good practice.
- Be careful about recording meetings. The recording sits in a file, either online or the host’s computer, and could be stolen.
Cybersecurity is a sad reality in these turbulent times. However, a focus on prevention and detection are important deterrents to cybercriminals and can reduce the risks to your business.
For more, call us at 678-389-6200 or contact us online.