Elizabeth MyersBusiness, Featured No Comments

Talk to Your Staff About Tech Success and Stumbling Blocks

You may be in charge of tech for your entire business, but that doesn’t mean you actually use all the technology you source, install, and maintain. You’re responsible for updating that tech, supporting it, and monitoring for threats, yet you don’t have hands-on with that tech day in and day out. That means you can’t fully understand what’s working and what isn’t.

To gain a holistic picture of how your technology is working, ask the people who use it every day. You can’t rely on the fact that people aren’t complaining to mean your hardware or software is running smoothly.

There are many reasons employees might not reach out to tell you what’s wrong:

  • They are too busy to bring up their issues.
  • They don’t know how to communicate what’s holding them up.
  • They don’t realize that the obstacle they’re hitting isn’t normal for a particular solution.
  • They don’t know who to talk to about the problems they are having.

So, it’s up to you to be proactive. Reach out to employees to find out what they need to do their jobs better.

Gain the employee’s perspective

If you’re in IT, you’re seldom found in the trenches with your sales or marketing. You aren’t in accounting trying to track payments or keep up with supply-chain management. So, you can’t expect to know what the lived experience of your tech is like for those teams.

Talking to your staff about what’s needed can help you learn about:

  • digital solutions your people have heard about from peers at other companies;
  • new technologies staff would like to try;
  • roadblocks that are slowing productivity and undermining employee morale;
  • low-hanging-fruit changes that you can make to improve an employee’s experience (e.g. adding a second screen may be all that a disgruntled staffer needs to see their job isn’t so bad).

You might host a lunch-and-learn, where you discuss technology with different teams, or you could send around a survey. Emailing employees directly, and asking them to answer key questions can help, too. Focus your information gathering in three areas:

  • What works well for you?
  • What challenges are you facing?
  • What would make your life easier?

Of course, people are going to have different ways of speaking about technology. They probably don’t know a LAN from a PAN or a WAN, for example, but they will be able to convey whether they feel the network is too slow or not.

Prioritize tech solutions

Talking to people in the trenches with tech can help set infrastructure priorities. Once you’ve learned what tech is needed and what isn’t working as you’d hoped, reach out to a managed service provider for help. We can consult on new solutions and help you streamline business processes. We know tech for small businesses. Contact us today at 317-497-5500.

Elizabeth MyersBusiness, Featured No Comments

How Often Do You Need to Train Employees on Cybersecurity Awareness?

You’ve completed your annual phishing training. This includes teaching employees how to spot phishing emails. You’re feeling good about it. That is until about 5-6 months later. Your company suffers a costly ransomware infection due to a click on a phishing link.

You wonder why you seem to need to train on the same information every year. But you still suffer from security incidents. The problem is that you’re not training your employees often enough.

People can’t change behaviors if training isn’t reinforced. They can also easily forget what they’ve learned after several months go by.

So, how often is often enough to improve your team’s cybersecurity awareness? It turns out that training every four months is the “sweet spot.” This is when you see more consistent results in your IT security.

Why Is Cybersecurity Awareness Training Each 4-Months Recommended?

So, where does this four-month recommendation come from? There was a study presented at the USENIX SOUPS security conference recently. It looked at users’ ability to detect phishing emails versus training frequency. It looked at training on phishing awareness and IT security.

Employees took phishing identification tests at several different time increments:

  • 4-months
  • 6-months
  • 8-months
  • 10-months
  • 12-months

The study found that four months after their training scores were good. Employees were still able to accurately identify and avoid clicking on phishing emails. But after 6-months, their scores started to get worse. Scores continued to decline the more months that passed after their initial training.

To keep employees well prepared, they need training and refreshers on security awareness. This will help them to act as a positive agent in your cybersecurity strategy.

 

Tips on What & How to Train Employees to Develop a Cybersecure Culture

The gold standard for security awareness training is to develop a cybersecure culture. This is one where everyone is cognizant of the need to protect sensitive data. As well as avoid phishing scams, and keep passwords secured.

This is not the case in most organizations, According to the 2021 Sophos Threat Report. One of the biggest threats to network security is a lack of good security practices.

The report states the following,

“A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks we’ve investigated.”

Well-trained employees significantly reduce a company’s risk. They reduce the chance of falling victim to any number of different online attacks. To be well-trained doesn’t mean you have to conduct a long day of cybersecurity training. It’s better to mix up the delivery methods.

Here are some examples of engaging ways to train employees on cybersecurity. You can include these in your training plan:

  • Self-service videos that get emailed once per month
  • Team-based roundtable discussions
  • Security “Tip of the Week” in company newsletters or messaging channels
  • Training session given by an IT professional
  • Simulated phishing tests
  • Cybersecurity posters
  • Celebrate Cybersecurity Awareness Month in October

When conducting training, phishing is a big topic to cover, but it’s not the only one. Here are some important topics that you want to include in your mix of awareness training.

Phishing by Email, Text & Social Media

Email phishing is still the most prevalent form. But SMS phishing (“smishing”) and phishing over social media are both growing. Employees must know what these look like, so they can avoid falling for these sinister scams.

Credential & Password Security

Many businesses have moved most of their data and processes to cloud-based platforms. This has led to a steep increase in credential theft because it’s the easiest way to breach SaaS cloud tools.

Credential theft is now the #1 cause of data breaches globally. This makes it a topic that is critical to address with your team. Discuss the need to keep passwords secure and the use of strong passwords. Also, help them learn tools like a business password manager.

Mobile Device Security

Mobile devices are now used for a large part of the workload in a typical office. They’re handy for reading and replying to an email from anywhere. Most companies will not even consider using software these days if it doesn’t have a great mobile app.

Review security needs for employee devices that access business data and apps. Such as securing the phone with a passcode and keeping it properly updated.

Data Security

Data privacy regulations are something else that has been rising over the years. Most companies have more than one data privacy regulation requiring compliance.

Train employees on proper data handling and security procedures. This reduces the risk you’ll fall victim to a data leak or breach that can end up in a costly compliance penalty.

Need Help Keeping Your Team Trained on Cybersecurity?

Take training off your plate and train your team with cybersecurity professionals. We can help you with an engaging training program. One that helps your team change their behaviors to improve cyber hygiene. Give us a call!

Article used with permission from The Technology Press.

Elizabeth MyersBusiness, Featured No Comments

How Secure is Cloud Data?

Data security is a common concern when migrating to the cloud. When data is on-premises, the business secures the sensitive data, and that feels safer. But that isn’t always the case. In fact, data can be safer in the cloud than on-site at your business.

When you put together your business infrastructure, you have many business priorities. Securely storing data is only one of your objectives and could even be one that you added on later.

A cloud services provider builds from the ground up with the goal of securing data online. Thus, cloud companies typically offer far more robust cybersecurity measures. After all, the success of Dropbox or Amazon Web Services depends on securing cloud data.

A hacker can use malware or phishing emails to target the data on your business devices. With ransomware, they make it impossible to reach your data unless you pay a ransom (or have a good data backup). Yet these cyberattacks don’t work in the cloud. Bad actors might access what’s stored on an individual user’s device, but they can’t get to the larger trove of data online.

Cloud servers are also safer because they’re in data warehouses most workers can’t physically access. Plus, the service providers will usually set up redundancies. So, for example, if a natural disaster hits one server site, they will offer continued access from another site.

Some cloud service vendors will also invest in third-party testing. To keep data safe, they hire external companies to test for vulnerabilities.

More reasons cloud data is safe

Cloud data is encrypted not only in storage but usually also in transit to and from the servers. This means your information is scrambled, and a bad actor getting between your business and its cloud data can’t understand it.

Cloud service providers also regularly monitor and maintain security. They spend more resources ensuring systems are up to date. They’re also more likely to use data analytics to identify trends or threats to their security. You might do the same, but you are unlikely to do so on the same scale.

Another advantage of keeping your data in the cloud? When you move to the cloud, you no longer have to store all that data on your own hardware. You still have access to your documents, media, or reports, but the third-party provider will likely have more storage space and processing speed. So, your on-site technology may function better, too.

You’re also cutting out common cybersecurity risks. You don’t have to risk storing data on laptops, which can get lost or stolen. You also end the need for thumb drives (or USB drives), which can also be stolen or lost. Plugging in these external devices can also expose you to viruses or other risks.

How to secure data in the cloud

First off, encrypt your data. Make sure you contract with a provider who will encrypt data in transit. This makes it more difficult for hackers to get at your information.

Enabling multi-factor authentication can also help secure data by adding layers of rigor. It moves your data security beyond just asking for a username and password. We know all too well that those are often compromised or guessed.

When you move your data to the cloud, you will need to pay attention to compliance regulations. Depending on your industry, there may be particular standards for data storage. Encryption is a common compliance expectation.

It’s also a good idea to train your employees on the importance of securing data. Engaging in ongoing security awareness training can help protect your endpoints. This is particularly important with people working remotely and connecting from off-site locations.

Help with securing your cloud

Migrating to the cloud has its benefits. Still, that doesn’t make it a straightforward process. Work with our IT experts to move your data to the cloud with minimal disruption. We can help you find the right cloud service provider and assist with data backup processes. Contact us today at 317-497-5500.

Elizabeth MyersBusiness, Featured No Comments

What is Digital Friction, and What to Do About It?

No one wants to work harder than they have to. Digital transformation is one way businesses can make employees’ lives easier. Yet simply increasing the amount of technology isn’t the answer. Digital friction can actually make the workday more challenging. Read on to learn more about digital friction, its demotivating force, and how to avoid it.

Digital friction describes added challenges employees face trying to work with business technology. As businesses add more digital tools, teams must adapt to a more complex ecosystem, but problems can arise:

  • Technology isn’t integrated, so there are now more steps to follow.
  • Workflows grow more complicated, as there are several digital solutions to navigate.
  • Employees are overwhelmed with notifications tracking, managing, and monitoring digital workflows.
  • New approaches create or duplicate manual processes.
  • Employees become overloaded with information thanks to the many new collaborative, digital tools.

Any of these issues is counterproductive to digital transformation. The idea behind adding new digital solutions is to streamline and simplify, but if you’re complicating the work environment, you’ll undermine productivity. You aren’t helping employee engagement and morale either. Your people grow frustrated with your fresh expectations.

 

Sources of digital friction

When you install new tech, you intend to save time, reduce effort, and improve productivity, but the best intentions don’t avoid digital friction. If you’re going to install digital technologies be wary of these problems:

  • Poor understanding of workflow. If you don’t understand what is happening now, you can’t effectively install digital processes.
  • Inconsistent workflows. When employees approach processes differently, there will be friction on new, digital solutions.
  • Poor-quality data. Digital technology relies on data. A major source of digital friction is low-quality data. Employees spend too much time locating, validating, and formatting data to see benefits.
  • Lack of understanding of a solution’s impact. Investing in tech for the sake of “going digital” is not setting employees up for success. You need to know what the technology can do and how it will impact employees’ daily work.

 

What to do about digital friction

Before even adding technology, consult with your employees. Learn their pain points and what they want from a digital solution. Find out how they are doing their jobs today. Then, you can work with an IT consultant to determine which digital offerings will add value.

Look for opportunities to integrate your digital technology. Help employees avoid information overload and being constantly pinged and notified. Take stock of all the apps and software you’re using. Identify where you are duplicating processes, especially manual ones. Ferret out the places where your people are having to work harder to do their jobs. Know that data quality is a prime culprit.

Make decisions about new digital technology based on outcomes. What do you want the software to do? How will it be used and managed? Be sure you know how this new tool you’re offering is going to help people if you want them to embrace the change.

Simplify access by ensuring employees have a positive user experience. With more employees working remotely or hybrid, they need to do their jobs on a wider range of devices.

Need help cutting digital friction? Our technology-agnostic IT experts can identify problems and increase productivity. We can also consult on legacy tech and data migration to support digital transformation success. Contact us today at 317-497-5500.

Elizabeth MyersBusiness, Featured No Comments

Important Steps to Take Before You Recycle a Mobile Phone Number

It’s not unusual to change a mobile number from time to time. For example, when you move, you may want a number that is local to the area you just moved to. Companies also may end up recycling mobile numbers throughout their staff as people come and go. 

If you don’t properly detach your mobile phone number from all the accounts it’s used with, you can leave yourself open to identity theft, credit card fraud, and other crimes. 

In a 2021 Princeton University study, it was found that 66% of mobile numbers listed as available by major mobile service providers were still connected to accounts on popular sites (Amazon, PayPal, etc.).  

So, after the former owners had turned in the number, it was available for someone else to use when signing up for mobile service. And that number was still being used on the former owner’s cloud accounts, allowing those accounts to easily be breached.  

Because our mobile numbers are connected to much of our online and offline life, it’s important to take certain steps to ensure that you don’t leave yourself at risk when recycling your phone number. 

CHANGE YOUR PHONE NUMBER FOR ONLINE ACCOUNTS

We all generally have more online accounts than we immediately remember. The average person must juggle 100 passwords, and most of those passwords will be to a website or cloud app service of some kind. 

The first thing you want to do is begin visiting your online accounts and cloud applications to update your mobile phone number. Many of these apps now use a text message to your number as a form of verification if you’ve lost your password. 

You want to ensure any password reset messages go to you and not someone that has requested your old number for the express purpose of identity theft or account compromise. 

CHANGE YOUR MOBILE NUMBER FOR SOCIAL MEDIA ACCOUNTS

Technically, a social media account is also an online account, but many people think of them as a separate entity. When a Facebook or LinkedIn account is compromised, the hacker often will send social phishing messages out to your friend connections to try to gain access to sensitive data or scam them out of money. 

Make sure to change the phone number listed in your social media accounts. If you are using WhatsApp, which is tied directly to your mobile number, make sure to follow their instructions on changing your number so your communications will remain secure. 

CHANGE YOUR MOBILE PHONE NUMBER FOR SERVICE PROVIDERS THAT SEND YOU TEXTS

Text messaging is beginning to replace email for many types of communications. This includes things like shipping notices, confirmations of payments from utility companies, appointment reminders, and sale notices from retailers. 

This puts you more at risk if you change your mobile number because the texts you receive from various service providers can be used for identity theft.  

Make sure to connect with any services you use that contact you by calling or texting your mobile number to update your information. These offline services could be a: 

  • Plumbing or HVAC company 
  • Dentist or doctor’s office 
  • Pharmacy 
  • Local retailer 
  • Utility company 

DOUBLE CHECK ALL YOUR MULTI-FACTOR AUTHENTICATION PROMPTS

One of the big dangers of having a stranger able to receive your text messages is that they could have access to your codes for multi-factor authentication (MFA). 

MFA is designed as a safeguard to help prevent an account breach, even if the perpetrator has your username and password. But if the criminal gets the MFA codes sent to your old number, they can easily get in and change your password, locking you out of your own account. 

As you go through the process to update your mobile number in your online accounts, double-check the MFA prompt for any that use this form of authentication security. You want to make sure it’s been properly changed to send a message to your new number. 

REVIEW YOUR TEXT MESSAGE HISTORY FOR ANYTHING YOU’VE MISSED

Inevitably, there will be online accounts or service providers that you’ve missed. For example, that place you always order flowers for on a loved one’s birthday every year but never visit at other times. 

Scroll through your text message history to find any other accounts that you may have forgotten to update. 

TEXT FRIENDS, FAMILY & COLLEAGUES FROM THE NEW NUMBER

Once your online security is taken care of, you want to stop friends, family, and colleagues from accidentally texting your old number. This can happen in both one-on-one and group SMS chats. 

Send a text message from your new number asking them to immediately update your contact with that number when they receive it. Then go the additional step by asking them to delete any messages that used your old phone number. This can help prevent them from accidentally grabbing that message instead of your new one when texting you in the future. 

HOW SECURE IS YOUR MOBILE DEVICE?

Mobile devices are increasingly being attacked by malware and phishing. Is your device properly secured? Don’t leave yourself at risk, request a mobile security check to protect your personal data and identity. 

 

Article used with permission from The Technology Press.  

Elizabeth MyersBusiness, Featured No Comments

These Google Search Tips Will Save You Tons of Time!

Over 2.4 million searches happen every minute on Google. It’s often the first stop people make when they go online. 

We search daily for both personal and work needs, and often searching out the right information can take a lot of time if you have to sift through several irrelevant results. 

One study by consulting firm, McKinsey, found that employees spend an average of 1.8 hours daily, or 9.3 hours each week, searching and gathering information. This can be a productivity sinkhole as more web results keep getting added to the internet every day. 

One way you can save time on your personal and work-related searches is to learn some “secret” Google search tips. These help you narrow down your search results and improve productivity by helping you find the information you need faster. 

SEARCH A SPECIFIC WEBSITE USING “SITE:”

Sometimes you need to find information on a specific website. For example, you might need to locate a government statistic that you know is out there but can’t seem to bring up on a general search. 

You can use Google to search keywords on a specific website by using the “site” function. 

In the search bar use the following:  site:(site url) (keyword) 

This will bring up search results only for that one specific URL. 

FIND FLIGHT INFORMATION WITHOUT LEAVING GOOGLE

When you need to access flight information, you’re often on the go. Either getting ready to head to the airport or waiting for someone to arrive. Having to load multiple site pages in your browser can take valuable time. Instead, get your flight results directly from Google. 

Just type in the flight number and the name of the airlines, and you’ll get a listing of flight information without having to click to another page. You can even tab to choose flight info for that same flight on different days. 

LOOK FOR DOCUMENT TYPES USING “FILETYPE:” 

If you’ve just been tasked with coming up with a presentation on sustainable energy, it can be helpful to see what other people have done on the same subject. 

Searching websites can give you a lot of details to sift through but searching for another PowerPoint presentation can provide you with even more insight into how others have distilled that information down into a presentation. 

Google has a search function that allows you to search on a file type, so instead of webpages showing up in your results, files of the file type you searched will appear. 

To use this function, type in the following: filetype:(type) (keyword) 

In the case of wanting to find a PowerPoint on sustainable energy, you could use the following in the search bar: filetype:ppt sustainable energy. 

All the results will be PPT presentations. 

You can also use this function for other file types, such as: 

  • DOC 
  • PDF 
  • XLS or XLSX 
  • SVG 
  • and more 

NARROW DOWN TIMEFRAME USING THE “TOOLS” LINK

One frustration is when you’re looking up something like a population or cybersecurity statistic and you end up with results that are too old to be relevant. You can spend valuable time paging through the search results, or you can tell Google what time frame you’d like to search. 

To narrow your search results by a specific timeframe, do the following: 

  • Enter your keyword and click to search. 
  • Under the search bar, click the “Tools” link. 
  • Click the “Any time” link. 
  • Choose your timeframe. 

You can choose from preset timeframes, like past hour or past year, or you can set a custom date range for your results. 

LOCATE SIMILAR SITES USING “RELATED:”

When you’re researching a topic online, it’s often helpful to find similar websites to the one you are viewing. Seeing related sites can also be used if you’re trying to find a specific product or service online and want to do some comparison shopping. 

Google can provide you with a list of related websites when you use the “related” function. 

In your search bar, type the following: related:https://website.com 

One more way that you can leverage this search tip is to look for competitors by entering your own website URL in the search. 

GET RID OF RESULTS YOU DON’T WANT USING “-(KEYWORD)”

Non-relevant results are one of the main timewasters of online searching. You have to page through results that have nothing to do with what you really want to find, just because they use a related keyword. 

For example, say you were searching the Ruby Slipper Cafe in New Orleans. But in your search results, you keep getting pages related to the movie the Wizard of Oz. You could eliminate those irrelevant results by using the negative keyword function. 

Just type: (keyword) -(keyword) 

Basically, you are just putting a minus sign in front of a keyword that you want to exclude from your search. In the example above, you would type: ruby slippers -oz. 

LOOKING FOR MORE WAYS TO BOOST PRODUCTIVITY & SAVE TIME?

IT consultants aren’t just for large projects, we can also help you boost productivity in your everyday workflow to make your life easier. Contact us if you wish to discuss further!

 

Article used with permission from The Technology Press.  

Elizabeth MyersBusiness, Featured No Comments

Top 5 Cybersecurity Mistakes That Leave Your Data at Risk

The global damage of cybercrime has risen to an average of $11 million USD per minute, which is a cost of $190,000 each second.  

60% of small and mid-sized companies that have a data breach end up closing their doors within six months because they can’t afford the costs. The costs of falling victim to a cyberattack can include loss of business, downtime/productivity losses, reparation costs for customers that have had data stolen, and more. 

You may think that this means investing more in cybersecurity, and it is true that you need to have appropriate IT security safeguards in place (anti-malware, firewall, etc.). However, many of the most damaging breaches are due to common cybersecurity mistakes that companies and their employees make. 

The 2021 Sophos Threat Report, which looked at thousands of global data breaches, found that what it termed “everyday threats” were some of the most dangerous. The report stated, “A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks we’ve investigated.” 

Is your company making a dangerous cybersecurity mistake that is leaving you at high risk for a data breach, cloud account takeover, or ransomware infection? 

Here are several of the most common missteps when it comes to basic IT security best practices. 

NOT IMPLEMENTING MUTI-FACTOR AUTHENTICATION (MFA)

Credential theft has become the top cause of data breaches around the world, according to IBM Security. With most company processes and data now being cloud-based, login credentials hold the key to multiple types of attacks on company networks. 

Not protecting your user logins with multi-factor authentication is a common mistake and one that leaves companies at a much higher risk of falling victim to a breach. 

MFA reduces fraudulent sign-in attempts by a staggering 99.9%. 

IGNORING THE USE OF SHADOW IT  

Shadow IT is the use of cloud applications by employees for business data that haven’t been approved and may not even be known about by a company. 

Shadow IT use leaves companies at risk for several reasons: 

  • Data may be used in a non-secure application 
  • Data isn’t included in company backup strategies 
  • If the employee leaves, the data could be lost 
  • The app being used might not meet company compliance requirements 

Employees often begin using apps on their own because they’re trying to fill a gap in their workflow and are unaware of the risks involved with using an app that hasn’t been vetted by their company’s IT team. 

It’s important to have cloud use policies in place that spell out for employees the applications that can and cannot be used for work. 

THINKING YOU’RE FINE WITH ONLY AN ANTIVIRUS APPLICATION

No matter how small your business is, a simple antivirus application is not enough to keep you protected. In fact, many of today’s threats don’t use a malicious file at all. 

Phishing emails will contain commands sent to legitimate PC systems that aren’t flagged as a virus or malware. Phishing also overwhelmingly uses links these days rather than file attachments to send users to malicious sites. Those links won’t get caught by simple antivirus solutions. 

You need to have a multi-layered strategy in place that includes things like: 

  • Next-gen anti-malware (uses AI and machine learning) 
  • Next-gen firewall 
  • Email filtering 
  • DNS filtering 
  • Automated application and cloud security policies 
  • Cloud access monitoring 

NOT HAVING DEVICE MANAGEMENT IN PLACE  

A majority of companies around the world have had employees working remotely from home since the pandemic, and they’re planning to keep it that way. However, device management for those remote employee devices as well as smartphones used for business hasn’t always been put in place. 

If you’re not managing security or data access for all the endpoints (company and employee-owned) in your business, you’re at a higher risk of a data breach. 

If you don’t have one already, it’s time to put a device management application in place, like Intune in Microsoft 365. 

NOT PROVIDING ADEQUATE TRAINING TO EMPLOYEES

An astonishing 95% of cybersecurity breaches are caused by human error. Too many companies don’t take the time to continually train their employees, and thus users haven’t developed the skills needed for a culture of good cybersecurity. 

Employee IT security awareness training should be done throughout the year, not just annually or during an onboarding process. The more you keep IT security front and center, the better equipped your team will be to identify phishing attacks and follow proper data handling procedures. 

Some ways to infuse cybersecurity training into your company culture include: 

  • Short training videos 
  • IT security posters 
  • Webinars 
  • Team training sessions 
  • Cybersecurity tips in company newsletters 

 

WHEN DID YOU LAST HAVE A CYBERSECURITY CHECKUP? 

Don’t stay in the dark about your IT security vulnerabilities. Schedule a cybersecurity audit to uncover vulnerabilities so they can be fortified to reduce your risk. 

 

Article used with permission from The Technology Press.