What You Don’t Know Can’t Help You

I expect you have heard the old saying:

“What you don’t know won’t hurt you.” — Anonymous

In the cloud-y world of IT services and solutions, the lesson is better expressed as:

“What you don’t know, can’t help you!” — Allen Falcon

For a long time, small and midsize businesses (SMBs) moved to the cloud to replace existing services with more efficient, secure, and accessible cloud services. This was good for a while, but the landscape has and will continue to change. Now, when we talk to SMBs like yours about current IT services and the cloud, we talk about your business objectives and priorities. We talk about your growth opportunities, challenges to overcome, and how we can help you and your business succeed.

Today’s cloud services reflect your need for business results.

Cloud services, like Microsoft 365 Business, include a range of additional apps new to Office and, in most cases, unique to the cloud.  These apps give you access to value-add tools designed to help your business, such as:

  • Outlook Customer Manager: A simple contact manager and CRM tool that integrates with your existing inbox, calendar, and contacts
  • Bookings: An app that allows customers to easily self-schedule appointments from available time slots
  • Listings: A marketing app to build online pages and presence on Facebook, Google, and other platforms
  • MileIQ: Automated mileage tracking app for expense reports and/or tax filings
  • Connections: An easy-to-use app for simple email marketing tasks and campaigns
  • Flow: Automate processes, work flows, and approvals

These apps are joined by low-cost add-on services that let you to consolidate and simplify your IT environment — and save money.  For example, in Microsoft 365, adding PSTN conferencing gives you a standard telephone bridge for any Skype for Business or Teams conference call.  You can replace paid conferencing and web meeting services like WebEx, Zoom, and GoToMeeting with a tool that truly integrates with Outlook, your inbox, and your calendar.  At a cost of only $4 per user per month, and the ability to limit your purchase to users with a defined need, you can dramatically lower the cost of audio and video conferencing while providing a better experience for organizers and attendees.

Clearly, Microsoft 365 is not simply “Office in the Cloud.”  The value-add apps, low cost add-on services, and more than a half dozen additional security features in Microsoft 365 create a more robust ecosystem for productivity, efficiency, and growth.

The Challenge is Adoption.

Adding value only happens when your team is aware of, and knows how to use, the broad range of capabilities in services like Microsoft 365.  Getting your team from Point A to Point B, and then Point C, takes effort.

Here are some ideas to help you empower your team and enable your business:

  • Don’t Overwhelm:
    • Presenting too many capabilities, or too much training, all at once can overwhelm your team. Instead of understanding how they can do their jobs more efficiently, they may feel lost.
    • Not knowing where to start leads to paralysis.
  • Start with the Familiar:
    • Even the traditional Office applications (Word, Excel, etc.) have features that are unique to the Microsoft 365 versions and ecosystem.
    • Refresh your team’s knowledge of the apps they already use and know, adding these incremental productivity features into the mix.
  • Focus on Capabilities Specific to each Role:
    • Not every person needs every app or feature.
    • Focus on matching specific features, apps, and capabilities to the people on your team that will benefit the most.
    • Lessons and learning should be relevant to each team member’s job.
  • Provide Continuous Learning for Continuous Improvement:
    • Make learning an on-going activity that happens in small, manageable events.
    • 3 to 5 minutes per day, less than 20 minutes per week, can provide team members with ideas and insight they can put to immediate use.
  • Create a Culture of Learning:
    • Incent participation to set clear expectations and establish value for the learning process.
    • Monitor team member participation and progress.
    • Provide feedback and encouragement, particularly to the “leaders” and “laggers”.
    • Encourage team members to share their knowledge with peers.

Getting more value from your existing IT and cloud solutions starts when your team understands what is there for them, and how to use it to their advantage.  Improving adoption improves results, and need not be a major cost or time commitment.


Cumulus Global offers a self-paced, video learning system that tailors content to roles within your organization.  For more information, contact us for a brief call with one of our Cloud Advisors.


 

Dark Web Threat Alerts

When Your Identity is on the Dark Web

Dark Web Threat AlertsAs a courtesy to our existing clients and prospective clients, we have been running complementary Dark Web Summary Scans of their domains. These summary scans let us know how many email addresses from each domain currently appear on dark web and identity theft websites. We can then perform a more detailed scan and analysis to identify the specific user identities.

The results are fascinating.

Of 200 domains recently scanned:

  • 87.4% had at least one potential identity compromised
  • The average number of potentially compromised identities is 41%
  • 16% of the companies had more exposed identities than users, indicating breaches occurred from multiple sources

What does this mean?

Just because employee@yourcompany.com appears on a dark web or identity theft site does not mean that the user account on your system has been breached.

It does mean, however, that a breach is likely. And, the more exposed identities for your domain, the greater the risk.

How does it work?

Chances are, your employees are using their work email address, employee@yourcompany.com, as their login identity for other systems.  These other systems are often work related services like Uber, Dropbox, online banking, credit cards used for business expenses, etc. Studies show that about 80% of people use the same or substantially similar passwords across systems.

If there is a data leak or breach at one of these third party services, hackers will test the identity on other systems.  If you have an employee whose email and password were leaked in one of the Dropbox incidents, for example, cyber criminals will test that email address and password, along with similar passwords, across common services like G Suite, Office 365, Facebook, LinkedIn, Instagram, and others.

A compromised identity on a third party service can easily lead to a breach of your systems.

What to do:

  • Get the Details:
    Get a detailed scan on your domain to clearly identify which user identities are exposed and at risk.
  • Mitigate Your Risk:
    Work directly with identified staff to reset passwords. Run additional scans on their systems for malware.
  • Communicate:
    Educate, train, and guide users on the risk of identity breach and how to avoid becoming a victim. Provide guidance, coaching, and policies around the use of company email addresses on other systems and best practices for password selection and management.
  • Challenge:
    Periodically test your employees using “honeypot” and “sandbox” methods to determine who is following best practices and who remains susceptible to attack.
  • Monitor:
    Monitor your domain, and personal accounts of key executives, for future issues and respond accordingly.

Next Steps

Your best next step is to contact us (email or web) to

  1. Request a detailed Dark Web Scan
  2. Discuss security education and testing services
  3. Setup on-going monitoring for your domain

 

 

Email Encryption

EFail Flaw: Encryption Alone Does Not Protect Your Email

Email EncryptionAs reported last week by eWeek and others, researched found two flaws that allow hackers with access to email accounts to read emails encrypted with OpenPGP and S/MIME.  This is significant for two reasons:

  1. These standards are available for us in almost every email client
  2. Budget-conscious users often relay on public-domain or free tools to use OpenPGP or S/MIME for email encryption

As noted in the eWeek article, 23 of 35 email clients tested as of the publication date were vulnerable.  While the actual risk from EFail is currently moderately low — hackers need access to the encrypted emails before they can exploit EFail, the rate of identity compromise is on the rise. Secondary threats, such as EFail, will become a more prominent form of attack in the future.

Free Encryption Solutions Often Lack Sufficient Protection

Robust email security and encryption services include features, such as validation of digital signatures, that ensure the integrity of encrypted email messages.

Furthermore, solutions, like ZixEncrypt, control both ends of the encryption process, so any messages (with or without S/MIME encrypted attachments) with an invalid or missing digital signature get bounced. Integrity checks prevent the delivery of compromised messages, thereby preventing exposure.

As you face an increasing need to secure email communications, the robust features in services like ZixEncrypt create a value proposition most businesses cannot and should not ignore.


Contact us for more information about email security, encryption, and compliance.


 

WiFi Performance

5 Things You Don’t Know Are Killing Your WiFi

WiFi Performance

Bad WiFi service frustrates employees, hurts productivity, and can send customers to your competitors.  Even if you use your wireless access point (AP) vendor’s management tool, here are five (5) things that may be hurting your WiFi service quality without your knowledge:

  1. Network traffic actually transmitted over the air:
    APs know that they attempted to transmit  data to a client, but cannot detect if a malfunction prevented transmissions.  APs cannot detect their own transmission problems, such as dropped packets, chatter, and jitter.
  2. Clients consuming channel bandwidth that are not connected to your infrastructure:
    Not every device using channel bandwidth connects to your network. These devices often interfere with connected traffic, hurting performance for others.
  3. Misconfiguration within your infrastructure:
    APs cannot self-detect if they are configured improperly or if neighboring APs are creating interference. APs are not clients on the network, so they can only see what they transmit and what they receive.
  4. Clients connected to APs not managed by your AP controller:
    While your AP management tool may identify unmanaged or unauthorized APs on your network, they cannot detect or analyze clients connected to those APs and/or the impact these unmanaged devices have on your WiFi performance.
  5. Interference from devices and networks outside of your control:
    Vendor AP management tools are built to manage the vendor’s APs. These tools do not identify or analyze neighboring networks that interfere with yours. Bandwidth and channel conflicts go undetected and unresolved.

Your vendor AP manager misses these issues because your APs are not WiFi clients.

The best way to monitor and manage WiFi performance and reliability is to place a passive sensor client in your environment.  Unlike expensive WiFi assessments of the past, done by on-site technicians lugging around specially equipped computers and meters, innovative services like the Wyebot Wireless Intelligence Platform™ (WIP) give you a plug-and-go solution for about 1/10th the cost.  WIP is a vendor agnostic tool that can see and monitor your entire WiFi environment, analyze and prioritize issues with alerts, make knowledge-driven solution recommendations, and provide remote network testing tools.

Tools like Wyebot help you ensure your WiFi network best serves your business.


Please download our eBook, Understanding WiFi Quality, for more information, or contact us to arrange an initial WiFi Assessment.


 

WiFi Quality

WiFi Quality is About the User Experience

WiFi QualityAn ever increasing number of businesses are learning that WiFi is more than a convenient network connection.

  • Restaurants, bars, and coffee shops that want patrons to linger and spend more lose business when customers can’t check the score, answer an email, or scan their social apps.
  • When your mobile app doesn’t work in your establishment because of poor WiFi service quality, your patrons go elsewhere.
  • WiFi quality influences which conference rooms get booked, where teams choose to huddle, where individuals choose to sit and work, and where people choose to socialize.

WiFi service quality is becoming a competitive factor that can help or hurt your business.

Most network managers rely on vendor management tools to monitor and control their wireless Access Points (APs). These tools provide basic statistics on traffic volume and patterns.  The more sophisticated solutions provide cool looking color-coded heat mats that overlay WiFi signal strength onto blueprints of your business. Some tools even use APs to triangulate users’ locations within their business.

What vendor AP management tools do not show you, however, is the client experience. You can have great WiFi signal coverage, but applications time-out if client devices experience too much interference. Your network may be setup to support a high density of users, but if clients end AP-hopping for signal strength, management overhead can cripple performance.

To understand WiFi quality: Understand the user experience.

By definition, your Access Points are not and cannot be clients on your WiFi network. The data your APs gather represents only what goes in and out of (or is simulated by) each Access Point. WiFi clients will see your network performance and reliability differently than your APs.

Think of it this way.  A chef creates a new signature dish. The chef knows that she’s used the best, freshest ingredients. The chef has sampled dozens of variations to get the taste just right.  The chef believes that this her best new meal ever. Even so, a few, many, most, or all customers may not like the taste, texture, or presentation of the meal. Fortunately, WiFi quality and reliability is not subject to personal taste and preferences; WiFi service quality is determined by the client experience.

The only way to understand, monitor, and manage WiFi service quality is to monitor your network from a client.

Historically, this has meant expensive service engagements in which technicians bring in monitoring and analysis systems for a “point in time” assessment. These assessments, which can cost thousands of dollars and only capture one point in time, are beyond the budget of most small and midsize businesses and schools.

New solutions, however, provide vendor-agnostic analyses of your WiFi network using passive sensor WiFi clients, prioritize identification of service issues, and offer knowledge-driven recommended solutions.  With the Wyebot Wireless Intelligence Platform™ (WIP), for example, in most instances we can provide periodic WiFi Assessments for less than 1/10th the cost of a traditional assessments. Ongoing monitoring becomes affordable for nearly all businesses and schools, the the added value of historical data analysis, real-time alerts, and remote network testing.

If your business relies on WiFi, you can now afford to make sure your WiFi network is reliable and performs well.


For more information, download our eBook, Understanding WiFi Quality, or contact us about arranging an initial WiFi Assessment.


 

Echo of Non-Compliance

Everyday, we hear about new ways we can use our smart speakers. Retailers, radio stations, product companies, and others remind us that we can use our Amazon Echo or Google Home to buy, listen, or learn. The term “smart speaker”, however, is misleading.  These are microphones and they are always listening. They are also likely recording everything they hear.

If you are covered by HIPAA or other privacy regulations, do not talk about protected information within earshot of Alexa.

This warning stems from a 2015 murder case in Arkansas. Believing that the Amazon Echo may have “heard” a murder, the District Attorney subpoenaed any recordings that Amazon may keep from the device. Amazon fought the decision on First Amendment and privacy rights, not by claiming that it was not recording. Amazon did not deny having recordings.

The issue for data privacy compliance is that your smart speaker may be listening to and recording conversations you have about protected information.  Allowing this is a violation of HIPAA and other regulations protecting personal identifying information (PII).

When is your Amazon Echo recording?

The short answer is: we are not sure, but maybe always.

Looking at the Alexa Terms of Use, Amazon tells us “Alexa streams audio to the cloud when you interact with Alexa” and “Alexa uses recordings of your voice to create an acoustic profile of your voice characteristics.” Alexa use is also covered by the Amazon Privacy Notice, which states, “We receive and store any information you enter on our Web site or give us in any other way.”

While Amazon tells us they are recording your “Hey, Alexa” commands, the Terms of Use and Privacy Notice are a bit more ambiguous. Neither document tells us that Amazon records only when listing and processing commands. Nor do the policies limit Amazon’s recording to those commands. We do not know, for sure, when Amazon is not recording what it hears on your Echo.

Better Safe Than Sorry

When speaking about sensitive or protected information, stay away from your “smart speaker” or manually mute the device.


One more thought:  Ever notice how after certain conversations, you see ads on Facebook related to the topic discussed?  Unless you turn off microphone access, Facebook is using your phone to listen to your conversations, analyze what you say, and profile you. Letting Facebook listen is another potential HIPAA and PII breach.


 

Newtons Cradle

Inertia: The Science of Business Continuity

Newtons CradleTo paraphrase Newton’s Laws of Motion (with credit to Galileo) …

Absent an unbalanced force, an object in motion will stay in motion and an object at rest will stay at rest.

While this holds true for objects in a friction-less environment, it holds true for our businesses as well. Our businesses are in motion, working each day to service our customers with rhythms and cycles throughout each day, week, month, and year.

Our business cycles continue, until we meet an unbalanced force.

Some forces we expect, like changes in the economy that occur over a period of weeks or months.  Others forces are event-driven, such as storms, cyber attacks, and key employee departures. The sudden nature of event-driven forces can catch us by surprise, cripple our businesses in the short-term, and disrupt our normal cycles for the long-term.

A Case in Point

A company here in the northeast manufactures and distributes a customized product that customers generally replace or re-order every 2 to 3 years.  80% of the firm’s business is repeat, creating a strong and stable business. The company was hit by ransomware twice in a 3 month period.  The first attack, scrambled their files and their servers, but left their financial system in place.  They lost a day’s worth of data.  The immediate recovery took 3 days; the full recovery took nearly two weeks.  After three days of cleaning systems and restoring data, the company’s systems were up and running. They then had to enter the initial day lost data and all of the business activity for the 3 days their systems were down.  They allocated 1/3 of everybody’s time to recover the data, reducing productivity by 33% and impacting their responsiveness to customers. To enter the 4 days of missing data took over 10 days with the team working part time.

Inertia Takes Hold

This initial event changed the cycles and motions of the company. Whenever dealing with any business activity during the outage and recovery periods, they need to double check to make sure the information entered was complete and correct. And since some activities, like shipping and invoices related to prior activities, they need to double-check these connections.  Long after the two week recovery period, productivity is still down as the company’s daily motion now includes double-checking information that they are not sure they can trust.

Lesson NOT Learned

With so much focus on getting the business back into its normal rhythm, and the additional cost involved, the company did not act on recommendations that could help prevent a future attack and better ensure their ability to recover should a future attack occur. Whether the second attack was a different attack or they had failed to fully clean their systems does not matter.  The second attack was not caught until after the company’s backup server was hit, rendering their backups useless.  The company lost three years of data.

Inertia Creates a New Cycle

To recover from this attack took more than balancing data entry and on-going business. It was not feasible to manually recreate three years of data. While entering about 6 months of data for the fiscal year, they settled for a solution that created new methods and rhythms with long-term effects. They recalled all of their paper records from storage into an expanded warehouse space.  When a customer calls to re-order product they ordered 2 or 3 years ago, they search and retrieve the physical paperwork so they can create the new order. Every returning customer creates a scramble to find the paperwork in short order. Actions required in an emergency become part of the new normal. Inertia.

What You Can Do

You can be prepared with solutions that balance external forces beyond your control.

  • An educated and aware workforce balances the human manipulation that enables cyber attacks
  • Advanced threat, DNS, and web protections balance the forces of cyber attacks hitting us daily.
  • A robust backup/recovery and continuity system balances the forceful impact of disruptive events, giving you the ability to be up and running in hours not days.

If the company in our case study had implemented the recommended solutions after the first attack, they second attack would have disrupted the business for less than half a day — and may not have happened at all. The investment in communication, prevention, and recovery, while not trivial, was minor compared to the short term recovery and long term impact on the business.

If you are not ready or willing to have your business’ inertia redirected by forces beyond your control, now is the time to act.


Contact us for a free, no obligation, Cloud Advisor Session to discuss your business recovery and continuity needs and plans.


 

Pending Storm; Pending Doom

A quick scan of the weather headlines late on Thursday afternoon: a “Nor’easter” storm going through rapid escalation, know as “Bombogenisis”, looks ready to hit New England tomorrow with rain, snow and hurricane force wind gusts. Now it is Sunday, and many small and midsize businesses along the northeastern coast are wondering when, or if, they will be able to reopen. The impact of disasters is increasing. We can argue about climate change versus weather. We can discuss our aging infrastructure. We can debate whether to plan for disaster causes or effects. If we do not, however, make our businesses more resilient, the quantity and severity of disruptions will continue to grow.

The coming storm should not foretell coming doom.

By taking advantage of proven cloud services, most small and midsize businesses can protect themselves from disruption. Many businesses in coastal areas of New England may be without power and other utilities for 2 to 4 days. Businesses with no continuity plan are down and out. Given that about 50% of businesses shut down for a week will fail within six months, “down and out” can be fatal. If you rely on VPN or remote desktop to on-premise systems, you are still at risk — no power means no on-premise networks or servers.

Businesses with key systems in the cloud, however, can be up and running if employees have power and Internet access.

So what are your next steps?

First, measure the impact on your business of a disruption lasting one day, three days, and five days?  As you do, consider the full cost of recovery, including post-disaster productivity loss as your work to recover lost data and time while keeping things moving forward.

Second, consider the value of keeping your business running rather than having to recover and regroup. Beyond the dollars and cents, understand the value to your customers, to your reputation.

Third, contact us for a complimentary Cloud Advisor Session to discuss your cloud and continuity strategies.

Quickbooks

The QuickBooks Hosting Challenge

QuickbooksQuickBooks is the leading accounting package for small business. And yet, many businesses cannot run QuickBooks Online, the Software-as-a-Service (SaaS) version. Whether the online versions lack industry-specific features you need, or you have integrated third party tools/add-ons, staying with an on-premise version of QuickBooks remains the best solution for your business.

As you move to the cloud, hosting your QuickBooks Pro, Premier, or Enterprise system makes sense. You keep the version of QuickBooks you need and improve accessibility, reliability, security, and resiliency from system failures and disasters.

In general, we find two levels of common QuickBooks hosting options. Looking at these services more closely, we find these services often fail to meet basic needs without expensive upgrades.  Fortunately, we have a third option designed to deliver the business value you need and want.

Basic

Basic QuickBooks hosting services run between $27 and $30 per user per month, with you purchasing and providing the QuickBooks license key. These services start with 1 GB of storage with fees for added storage that add-up quickly. Adding storage you need for reports, exports, etc., can easily increase the cost to the $75-$90 per user per month range. More importantly, your instance of QuickBooks is running on shared servers and on a shared network. As such, you have greater risk for performance issues, security breaches, and outages. In this type of multi-tenant environment, the actions of other can impact your business. These services offer backup, usually once per day with a fixed retention period of 7, 14, 30, or 90 days, depending on the service.

Better

The better QuickBooks hosting services cost between $49 and $60 per user per month, with you purchasing and providing the QuickBooks license key.  These services also start with 1 GB of storage with fees that add up when you need more space. Typical fees quickly creep up to the $95 to $120 per user per month range.  The main difference is that these services generally run your version of QuickBooks on a dedicated server, but still run on a shared network. While this does reduce the chance of interference from other tenants, this model still has your service running in the same security envelope as other companies. You still have a risk. Like the basic services, you have a once per day backup with a fixed retention period that varies with each service provider.

Best

The best solution for hosting QuickBooks will use your license of QuickBooks in the following environment:

  • Dedicated server
  • Private network
  • A usable amount of storage included (100 GB or more)
  • Flexible backup schedules and retention plans
  • Easy access from desktops, laptops, tablets, and smartphones
  • Access to Excel (MS Office) in the hosted environment

We this type of setup, you are more secure, will have better performance, and greater reliability.

The good news is that we can build you this type of environment at a cost comparable to other services, and we can integrate your QuickBooks environment with your Office 365 or G Suite service.


If you are interested in learning more about QuickBooks hosting options, please contact us for a free Cloud Advisor session.


 

G Suite

G Suite Business Upgrade Incentives

G SuiteThrough June 30, 2018, you can upgrade from G Suite Basic to G Suite Business and save up to 33%.

To qualify, you must:

  • Running G Suite Basic with at least 1 user (no minimum user limit)
  • Upgrade before June 3o, 2018
  • If you are on an annual commitment plan, you can upgrade during your renewal
  • If you are on the monthly flex plan, you can upgrade at anytime
  • Contact us and let us know you want the savings

Why G Suite Business?

  • Unlimited Gmail and Drive Storage
  • Team Drives for central ownership and management of files
  • Email Archiving, eDiscovery, DLP for simple legal compliance
  • Advanced reports and admin alerts for better usage visibility
  • “Org” unit controls to adjust access and sharing rights by department
  • THE platform for new features, such as AppMaker and AI/machine learning enabled services

For more information, contact us, or see what our clients say about G Suite Business.