Data Protection

Customer Notice: Email Advanced Threat Protection

Data Protection

(Updated January 20, 2020)

We continue to witness the devastating impact of ransomware, crypto attacks, and other forms of cyber attacks on our customers.  The recovery cost and frequency of attacks are increasing at alarming rates. The average cost for a small or midsize business (SMB) to fully recovery from a cyber attack has increased to between $145,000 and $180,000. This includes loss of direct business, remediation costs, damage to reputation, and employee downtime.  At the same time, the number of ransomware attacks so far in 2019 has doubled when compared with the same period in 2018.

As a managed cloud service provider, you have heard from us that you “should” have more protections in place. Our position is changing: these protections are a “must”.

Multi-factor authentication (MFA) and email Advanced Threat Protection (ATP) are necessary, baseline services for protecting your business. 

Beginning April 1, 2020, we will require and will begin adding Advanced Threat Protection to all of our customers’ email service unless you specifically opt out. If you opt out, the cost of our data recovery efforts will not be covered under our unlimited support plans (See our Support Services SLA). When we add ATP to your service, we will discuss with you when we can add MFA.

We will mitigate the cost.

We are sensitive to your budget.

  • ATP requires a technical setup and typically incurs a setup fee along with the monthly or annual subscription.  We are discounting both the setup and subscription fees for all customers. For customers requesting Priority Opt-In, we will waive the ATP related setup fees completely.
  • MFA implementation is covered by our support plans as an administrative change.  If you do not have on of our support plans, we will provide an affordable, discounted quote for the project.
  • For customers without an unlimited support plan and/or those that choose to Opt-Out, we will discount our hourly fees for recovery work.

For more information on specific discounts and pricing, and to let us know if you want to Opt-In, to have Priority Opt-In, or to Opt-Out, please visit this web page and complete the form.

We realize that this is a significant change for most of our customers.  We also understand the importance of these protections.  Please contact us with questions or concerns

Thank you for being part of our community,
Allen Falcon
CEO & Pragmatic Evangelist

Best Practices

Best Practices: Policies for Using File Sync-and-Share Services

File sync share
One of the most popular cloud applications for small and mid-size enterprises is file sync-and-share. It makes sense: people need to share files and most file sync-and-share services are easy to install and use.

If not properly managed, however, file sync-and-sharing can result in data breaches and loss, and can place your company in legal jeopardy.

To minimize these risks, we recommend all businesses enact a simple set of policies that are easy to communicate and explain … and easy to follow.

  • Employees may use file sync-and-share services, provided they have an business need to do so, use only company approved and managed services, and adhere to company policies.
  • Only company approved services should be used for file storage and sharing; employees may not use free, consumer, or public apps or services.
  • Employees must keep their usernames and passwords for file sync-and-share services secure, and must manage these passwords in accordance with company policies.
  • Only relevant business information may be stored are shared using the company’s file sync-and-share services.
  • Unless otherwise instructed, file sync-and-share services are intended for temporary sharing of files. Original versions of files should reside on company file servers or services.
  • Access to files should be removed, particularly by external parties, when no longer necessary.
  • Copyrighted, private, or secure information should only be shared if both the sender and recipient are authorized to view and/or use the information. This information should be encrypted by the file sync-and-share service, or a separate tool, before it is shared.
  • The company’s file sync-and-share services are subject central administration and management, including access controls and permissions.
  • Use of the company’s file sync-and-share services is subject to all relevant company policies regarding professional and personal conduct. The company’s file sync-and-share services are subject to company monitoring in accordance with company policies.

With these policies in place, you can provide employees with vetted file sync-and-share services both meet employees’ needs to share and collaborate, while protecting your data, your regulatory compliance, and your business.

Why Google Changed the Mobile Search Game

Guest Post: Matt Ward
President/CEO of inConcert Web Solutions

In case you are not aware, Google changed the game on April 21st as it pertains to search results on mobile devices.  Having announced the changes in February, mobile search results give preference to sites that are mobile friendly.

To be frank, Google rarely ever tells the public that there will be an update.  They are very secretive about their algorithm, keeping their secret sauce a secret to prevent anybody from “gaming” the algorithm. With these changes, Google clearly wants businesses to use best practices.  Google stated that they made these changes to improve the overall user experience on mobile devices, as mobile is becoming increasingly the method by which users access the internet and search for goods and services.

Fact and Fiction

With all the hype about “mobilegeddon”, let’s separate fact from fiction.

  • Fact:
    • They set the date, and rolled out the new algorithm on April 21st
    • They created a huge buzz
  • Fiction:
    • Your site will be banned from Google
    • This change also affects the desktop search
    • Google will call you to sell you and upgrade

Best Practices

Needing to make sure your site is mobile-friendly, let’s talk about a few best practices:

  • Contact your current web developer and ask questions about your site and any changes that have been, or should be made.
  • Don’t rely on cold calls from strangers to guide you on this change.  There are a lot of self-proclaimed “experts” calling into companies with no knowledge of their websites. These are typically automated robo-calls that imply that Google is calling. Google is not going to call you about updating your web site.
  • Test your website to be sure its mobile-friendly.
    • If it passes, great!
      • Test your site again every quarter.
      • Things change in mobile devices and technology; don’t assume if you test it once, it’s not going to ever change.
    • If not, focus your web efforts on getting your site converted.
      • It may cost less to produce a new, mobile-friendly website than to convert your existing site.
      • There are many paths to a mobile friendly site.  The cheapest path is not always the most cost-effective.
    • Focus your mobile-friendly version on driving calls to action, either clicks or calls.
      • Most site visitors on cell phones want to click and call a business, which is often easier then web surfing on a small screen.
      • Make sure you menu structure is clean and easy to follow.
      • Your most important information and calls to action should show up first

With some testing and updating, you can ensure that not only will your site be found by Google’s mobile search, but that visitors will enjoy visiting your site.

If you want to speak with an expert, please contact Matt and his team at inConcert Web Solutions. Specializing in web design & development, maintenance & marketing plans, and print & promotional services, the team at inConcert will gladly help you choose the best approach for your site and your business. 




Microsoft Acknowledges Security Best Practice Failures

It was an easy post to miss in the run up to the Thanksgiving holiday.  On November 25, we posted the results of an Electronic Frontier Foundation (EFF) survey detailing how Microsoft fails to meet 4 out of 5 security best practices for its cloud service data centers and its customers’ data (Google and Dropbox were the only vendors surveyed that meet all 5 criteria).

This week, Microsoft acknowledged that not all customer data is encrypted in their data centers — at rest, or in transit within and between data centers.  In a ZDNet article dated December 5th, Chris Dunkett reports that Microsoft will not fully protect stored user data until the end 2014.

The article also quotes Brad Smith, Microsoft general counsel and executive vice president, legal and corporate affairs, stating that Microsoft will work “…with other companies across the industry to ensure that data traveling between services — from one email provider to another, for instance — is protected.”  Microsoft is acknowledging that they currently do not run STARTTLS services, and industry security best practice.

While Microsoft is actively positions itself as the “enterprise knowledgeable” competitor to a “consumer-centric” Google, pointing out how Microsoft runs its own large data centers. Once again, however, Microsoft fails to realize that the methods and practices used to run their own data centers do not translate to multi-tenant data centers hosting customer data.