Posts

9 Cyber Security Tips

Since the start of the COVID-19 pandemic, cyber threats and ransomware attacks have accelerated, exceeding 30,000 attacks per day in the US. Cybersecurity measures have never been more important. The move to remote working environments as well as the vulnerability of global economies in crisis has created an open-season for cybercriminals. No business—big or small—is safe.

Small and medium businesses (SMBs) seemingly have a target on their backs, so strengthening your security posture is essential right now. The good news: There are ways to protect your business against ransomware attacks.

Here are nine tips you that boost your business’ resilience to cyber attacks:

Communicate & Educate

1. Conduct a security risk assessment. Understand potential security threats (e.g., downtime from ransomware) and the impact they may have on your business (lost revenue). Use this information to shape a security strategy that meets your specific needs.

2. Create straightforward cybersecurity policies. Write and distribute a clear set of rules and instructions on cybersecurity practices for employees. This will vary from business to business but may include policies on social media use, bring your own device, authentication requirements, etc.

3. Train your employees. Because cybersecurity threats are constantly evolving, an ongoing training plan should be implemented for all employees. This should include examples of threats, as well as instruction on security best practices, and periodic testing.

Prevent & Protect

4. Protect your network and devices. Implement a password policy that requires strong passwords and monitor your employee accounts for breach intel through dark web monitoring. Deploy firewall, VPN, and next-gen antivirus technologies with advanced threat protection. Ensure your network and endpoints are not vulnerable to attacks. Implement mandatory multi-factor authentication. Ongoing network monitoring is essential, as is encrypting hard drives.

5. Keep software up to date. Be vigilant about patch management. Cyber criminals exploit software vulnerabilities using a variety of tactics to gain access to computers and data. Your IT provider should automate this for your businesses with a remote monitoring and management. Keep your mobile phones up to date as well.

6. Back up your data. Daily (or more frequent) backups are a requirement to recover from data corruption or loss resulting from security breaches. Consider using a data protection tools that take incremental backups of data periodically throughout the day to prevent data loss. Remember that you need to protect your data in the cloud as well as you protect your data on local servers and workstations.

7. Know where your data resides. The more places data exists, the more likely it is that unauthorized individuals will be able to access it. Use data discovery tools to find and appropriately secure data along with business-class Software-as-a-Service (SaaS) applications that allow for corporate control of data. Eliminate redundant and “Shadow IT” services.

8. Control access to computers. Use key cards or similar security measures to control access to facilities. Ensure that employees use strong passwords for laptops and desktops. Give administrative privileges only to trusted staff as needed.

Respond & Recover

9. Enable uptime. Choose a powerful data protection solution that enables “instant recovery” of data and applications. In fact, 92% of managed IT service providers report that companies with business continuity disaster recovery (BCDR) products in place are less likely to experience significant downtime from ransomware and are back up and running quickly. Application downtime can significantly impact a business’ ability to generate revenue. Can your business afford downtime costs that are 23X greater (up by 200% year-over-year) than the average ransom requested in 2019?

The best defense is a good offense. A robust, multi-layered cybersecurity strategy can save your business. Contact us to learn more and for a free Cyber Security Assessment.

COVID-19 Survey: Revenue Losses and Diminishing Cash Reserves

In a national survey of more than 2400 businesses conducted and published by American City Business Journals finds that small and midsize businesses are seeing severe impacts from the COVID-19 pandemic.

The Impacts: Profits, Revenue, Cash, and Survivability

About 69% of respondents have seen revenue decline since the major onset of COVID-19 in March 2020.  Of those seeing revenue decline, close to half see revenue falling by 50% or more year over year.

Additionally, 47% indicate that they have not been profitable and nearly one third report being cash flow negative over the first six months of the pandemic. About 70% of those losing money are losing more than $10,000 per month and 64% will run out of funds within the five months.

About 40% of respondents raised cash through loans or equity investments since March 1, with 91% of these businesses receiving loans from a federal stimulus program, such as the Paycheck Protection Program. These funds were predominantly used to cover payroll and operating expenses as opposed to funding investment or growth.

Change in Focus

With the stark financial impacts, most smaller businesses are changing their focus. Rather than looking forward one to three years, most SMBs are focuses on the current and next quarter. The shift from strategic to tactical is a direct response to the many unknowns of the pandemic, the near-term economy, business sector and market impacts, and government recovery and stimulus plans.

The near-term focus makes sense as we look to minimize costs, conserve cash, and ensure profits and our sustainability.

Where IT Services Can Help

Leveraging the right IT services can help you prepare and react to changes as you navigate the on-going unknowns.  Here are 5 ideas to consider.

Audit your IT services for redundant services.
  • Most businesses find they are paying for multiple services with redundant or overlapping capabilities.
  • In many instances, we see businesses paying for third party services that are available for no additional cost in their productivity suites.
  • Eliminating duplication will require some change of habits, but can dramatically reduce on-going IT costs.
Audit your communication tools.
  • Are you paying for, and not using your available communication tools?
  • Chat, video, and collaboration tools are standard in Microsoft 365 and G Suite, and can reduce or eliminate the need for expensive voice, teleconference, video conference, and online meeting solutions.
  • A modest investment in training/education can help minimize communication costs.
Replace file servers with file services.
  • Most businesses using Microsoft 365 or G Suite are storing files in these systems; these same businesses still run on-premise or hosted file servers.
  • OneDrive, SharePoint, My Drive, and Shared Drives make it easy to save, share, and manage files.  The OneDrive and Drive File Stream clients connect your end user applications to your cloud file services.
  • Moving files from servers to cloud services eliminates the need for physical services, monthly MSP monitoring fees, backup/recovery costs, anti-virus costs, and more.
  • If your staff need to access your on-premise services remotely, you may also be able to reduce or eliminate expenses related to VPN and other remote access services.
  • While you will still want and need to protect cloud-resident files, your cost to store, share, and manage files will be lower.
Move applications and systems from on-premise to cloud
  • You can lower you monthly operating costs and give you the ability to scale your resources and costs up and down as needed on a monthly basis.
  • Make it easier to reduce your physical footprint for potential savings on rent and utilities.
  • Scale your services up and down as needed to avoid unnecessary costs and capital expenditures.
Execute a service and data governance strategy
  • Scale services up and down as needed to manage costs
  • Ensure data is secure, managed, and protected
  • Leverage data archiving services to minimize active account costs

To explore your options and best next moves, contact us for a complimentary Cloud Advisor session.


 

SBA Re-Opens Disaster Loan and Grant Program

(Published 6/17/2020)

The Small Business Administration (sba.gov) announced earlier this week that small businesses can again apply for relief via the Economic Injury Disaster Loan (EIDL) program.  This includes applications for fee, up to 10,000 advances, regardless of the loan’s approval.

The interest rate is fixed at 3.75 percent and terms run from 2 to 30 years based on each borrower’s cash flow and ability to make payments. You can defer an EIDL for a year and can use the funds for “debts, payroll, accounts payable, and other bills that cannot be paid due to the impact of the disaster and that are not already covered by a Paycheck Protection Program loan,” the SBA wrote in a news release.

You can request an advance of $1,000 per employee, up to a combined $10,000. This advance will not have to be repaid, and small businesses may receive an advance even if they are not approved for a loan. If you have received a Paycheck Protection Program (PPP) loan, the amount that can be forgiven will be reduced by the amount of your EIDL advance.

Some agricultural businesses are now also eligible as a result of the latest round of funds appropriated by Congress in response to the COVID-19 pandemic.

Unlike PPP loans, you must apply directly through the SBA, and not through a lender. Click here to learn more or here to apply.

Resources for Opening Safely

(Published 5/21/20)

As part of our commitment to collate and share COVID-19 response and recovery information , we have compiled resource list to help you safely and appropriately open your physical locations.

General Guidance

Worker Safety and Accommodations

Unemployment Insurance

Families First Coronavirus Response Act (FFRCA)

Cleaning and Disinfecting

Social Distancing

Screening / Monitoring Employee Health

Business Travel Limitations

Protective Equipment


For more COVID-19 related assistance, please contact us.


 

SBA Clarifies “Good-Faith” Certification for PPP Loans

(Published 5/13/20)

The US Small Business Administration, today, published and update to the PPP Frequently Asked Questions (PDF) to clarify confusion regarding loan audits and the “Good Faith” certification of need signed as part of the loan application process and form. The SBA added Question 46 as, “How will SBA review borrowers’ required good-faith certification concerning the necessity of their loan request?”

To summarize the impact

  • PPP loans under $2 million will not be audited.
  • Affiliated PPP loans will be consolidated for audit purposes.
  • The term “current economic uncertainty which makes the PPP loan request necessary to support the ongoing operations” was not clearly defined. Audits will most likely be based on individual facts and circumstances for each borrower.
  • Borrowers and affiliated borrowers with loans in excess of $2 million should be prepared to support their need of a PPP loan with documentation.

The full content of the question and answer is quoted as follows:

Question: How will SBA review borrowers’ required good-faith certification concerning the necessity of their loan request?

Answer: When submitting a PPP application, all borrowers must certify in good faith that “[c]urrent economic uncertainty makes this loan request necessary to support the ongoing operations of the Applicant.” SBA, in consultation with the Department of the Treasury, has determined that the following safe harbor will apply to SBA’s review of PPP loans with respect to this issue: Any borrower that, together with its affiliates, received PPP loans with an original principal amount of less than $2 million will be deemed to have made the required certification concerning the necessity of the loan request in good faith.

SBA has determined that this safe harbor is appropriate because borrowers with loans below this threshold are generally less likely to have had access to adequate sources of liquidity in the current economic environment than borrowers that obtained larger loans. This safe harbor will also promote economic certainty as PPP borrowers with more limited resources endeavor to retain and rehire employees. In addition, given the large volume of PPP loans, this approach will enable SBA to conserve its finite audit resources and focus its reviews on larger loans, where the compliance effort may yield higher returns.

Importantly, borrowers with loans greater than $2 million that do not satisfy this safe harbor may still have an adequate basis for making the required good-faith certification, based on their individual circumstances in light of the language of the certification and SBA guidance. SBA has previously stated that all PPP loans in excess of $2 million, and other PPP loans as appropriate, will be subject to review by SBA for compliance with program requirements set forth in the PPP Interim Final Rules and in the Borrower Application Form. If SBA determines in the course of its review that a borrower lacked an adequate basis for the required certification concerning the necessity of the loan request, SBA will seek repayment of the outstanding PPP loan balance and will inform the lender that the borrower is not eligible for loan forgiveness. If the borrower repays the loan after receiving notification from SBA, SBA will not pursue administrative enforcement or referrals to other agencies based on its determination with respect to the certification concerning necessity of the loan request. SBA’s determination concerning the certification regarding the necessity of the loan request will not affect SBA’s loan guarantee.

Detailed Guidance from CDC on Re-Opening Businesses

(Published 5/8/20)

As reported by the Associated Press, scientists at the Centers for Disease Control and Prevention (CDC) prepared a report providing specific guidance for re-opening for different types of businesses and organizations. The report, Guidance for Implementing the Opening Up America Again Framework, was due to be released on May 1st, but was blocked by the administration.  We are providing a link to a copy of the leaked report.

As business owners and leaders, we are responsible for the safety of our employees, customers, and others with whom we come in contact.  The more factual information and science-based guidance we have, the better. For our businesses to survive and grow, we will need to operate safely and effectively in the months ahead.  We need to prepare and execute plans well.

Click here to see the report.

5 Ideas for Successful Remote Shopping and Customer Pickup Services

As more areas of the country move into Phase 1 of re-opening the economy, you may be able to offer remote shopping and curbside (no contact) pickup.  While you may already have a way to hold items for pickup by customers, moving completely to the “take out” model of business requires you to make changes and scale your processes.  Here are 5 ideas to improve your customer experience:

1. Accept Online and Advance Payments

Customers paying online or by phone before coming for their pickup dramatically reduces the in-person interaction needed to complete the sale. This is safe for your employees and your customers.

  • Adding a shopping cart experience to your website is not a simple process; check with your web developer and verify they have the experience to create a secure, easy to use flow for your customers.
  • If adding a shopping cart experience to your website is not feasible in the short term, you have alternatives:
    • Check with your current card processing service; many offer payment portals that can work well in this situation.
    • Spin up a separate online store using a turnkey solution, like Shopify, to which you can upload inventory and product information
    • Create an online payment account via services like PayPal or Venmo (make sure you have or create a company-specific account)
  • Remember that you must still comply with PCI regulations.  Make sure employees know that when taking credit card information, they should not write down or otherwise record the information expect to put it into the POS or card processing systems.

2. Offer Video Shopping Appointments

Allow customers to schedule video shopping appointments, during with a member of your staff can walk the store and help your customers pick out items.

  • Use a secure video meeting tool. If you use Microsoft Office 365 or G Suite, you already have access to video meetings via Microsoft Teams and Google Meet, respectively. Employees should NOT be using personal accounts, email addresses, or phone numbers to setup or run these sessions.
  • Roll out a scheduling tool that lets customers pick from preset, available times.  Bookings is a free tool included with MS Office 365.  Tools like Calendly integrate with both G Suite and Office 365 services.
  • Get a few tripods with phone/tablet holders.  This will allow a single employee to manage the camera while displaying merchandise. It also makes for a “steady” shot and better shopping experience.

3. Live Chat with Customers

Give your customers an easy way to get in touch with you once they are on your website.

  • Live chat is an inexpensive way for customers to communicate with your team.
  • Most live chat solutions allow your staff to answer questions and transfer the conversation.  Staff working from home can cover the live chat service and answer most customer questions. The chat can be transferred to in-store staff as needed.

4. Create a “Service Desk” for Customer Questions

Going beyond live chat, let your customers interact with you however they want, when they want.  At the same time, you can enable staff working from home to support the team working in-store.

  • Setup a cloud-based service desk phone system that allows multiple team members to answer calls, text messages, and voice messages.
    • Employees sign in as ‘agents’ and can indicate when they are available / not available to answer calls.
    • The system will route calls to an available ‘agent’ in a round robin basis or other priority that you configure.
    • Using a “soft phone” application, your employees access the system via computer or mobile device; their personal phone numbers and information remain private.
  • Setup a shared inbox to allow your staff to respond to, and manage, email communications.
    • More than a distribution list, a managed shared inbox lets your team assign emails and discussion threads to employees and track their work and progress.
    • Using the shared inbox, employees’ personal information and individual work emails remain private.
    • Employees can connect/disconnect to the service as needed to cover shifts

5. Measure Customer Satisfaction

Follow up every sale with a thank you email and solicit customer feedback.

  • Cloud-based customer satisfaction (CSAT) tools let you embed one-click feedback questions into your email templates. These often use familiar green, yellow, and red icons to indicate satisfaction levels.
  • CSAT tools can also solicit comments. These comments can be used to identify and resolve customer issues, as well as generate testimonials for your web site and marketing efforts.
  • More advanced CSAT tools can also ask a “Net Promoter Score” question, so you can measure how many of your customers would recommend your business to others.

A Final Note: As you implement these (or other) ideas, procedures, and technologies, remember to take care of your “back office” and employees. Initiating or improving your customer pickup services means new and changed processes. You may also decide to change roles. For example, some stores dedicate one team member per shift to process online payments as a way of managing access to the tools and information.  Take the time to train your staff and make sure they are comfortable with the changes.  Also, solicit their feedback and ideas. They probably have suggestions that will help you impress your customers.


Please contact us for a free Response and Recovery Assessment. We are happy to discuss ideas and solutions, and to assist with getting the technologies and training in place.


 

Prepare Your Business for the Next Normal

(Updated 5/4/20)

With some states and local jurisdictions beginning to loosen or remove stay-at-home and essential business orders and advisories, many small businesses will begin to adjust for the next phase of response and recovery.  For some, this will be a re-opening; for others it will be another shift in how we conduct our business on a day-to-day basis.  Either way, the process will be a minefield of financial, operational, legal, liability, and personnel issues. Before “flipping” the sign from closed to open, plan your return with care and compassion. Both will be needed to keep your employees, customers, and business safe.

Prepare the Groundwork

Guidance on opening is coming from many sources. We recommend a top-down approach, starting at the federal level and working down the your local municipalities and property owners.

  1. Start with the expertise and guidance from the US Centers for Disease Control and Prevention (CDC).  The CDC website  provides guidance for different types of businesses and gathering places that centers on three mitigation strategies:
    • Personal protective measures (e.g., hand-washing, cough etiquette, and face coverings) that persons can use at home or while in community settings
    • Social distancing (e.g., maintaining physical distance between persons in community settings and staying at home)
    • Environmental surface cleaning at home and in community settings, such as schools or workplaces.
  2. Review current laws and regulations under the Families First Coronavirus Recovery Act (FFCRA). This legislation requires almost all employers to provide expanded sick time, medical leave, and family leave pay for employees dealing with illness or childcare issues themselves or within their immediate family unit.  Make sure your return to work plans accommodate these programs and
  3. Second, understand your state’s rules and regulations with with respect to physically opening your business.  Many states are staging how they will allow business to open.  Then, check with local governments where your business is located and where your employees live.  In some states, municipalities and counties are adjusting how they implement state and federal orders and advisories to address local needs and issues.
  4.  Understand your state’s unemployment rules and regulations. In some states, lifting of stay-at-home orders may mean employees are no longer eligible for unemployment even if you keep your business closed or cannot bring everyone back to work. Your team will have differing concerns and levels of comfort; it is important to provide them with timely and accurate communications.
  5. Check with your landlord. Many office and retail complexes are setting up guidelines and rules for how businesses can and will be able to operate in their properties.  Some office complexes, for example, are limiting access to employees only and restricting access to trades and delivery personnel.
  6. Ask your landlord what additional steps they will be taking to clean and sanitize bathrooms, elevators, stair railings, door handles, and other common areas and high touch surfaces.  You and your employees will want and need to know how safe the environment will be when then return to the office or store.

With an understanding of how you can and want to take your next steps, create a Communications Plan.  More than just determined who, when, and how you will share information with employees and other stakeholders, the plan should provide a clear and easy way for employees to get answers to their questions.  As many smaller businesses do not have internal HR resources, you may want to assign a particular manager or executive team to the role.  If you have a contracted HR service or consultant, you will need to coordinate both the process and information. Set clear expectations for how quickly you will answer questions and how answers to common questions will be addressed to the company at large.

Prepare Your Place

As you do your groundwork, begin planning and putting your workplace together for the return of staff.  Social distancing is the current normal. With an expected recurrence of COVID-19 in the fall, social distancing will be part of our lives, and work places, for some time to come. For employees to return, you may be considering:

  • Setting up protocols to ensure that workers who may be ill, or have been exposed, do not enter the workplace and accidentally infect others.
  • Placing dividers between work spaces, or re-configuring your office layout to create separation.
  • Acquiring additional office space, temporarily, to allow more team members to return.
  • Requiring the use of masks or other appropriate personal protective equipment (PPE). Depending on your work environment, this may be full-time or only when employees leave personal work spaces and head to common or communal areas.
  • Cleaning and sanitation of common areas, like kitchens and break rooms, and high touch surfaces.
  • Coordinating disinfection and sanitation efforts with building management and neighboring businesses in leased office spaces.
  • Ensuring availability of cleaning supplies, disinfectants, and sanitizers.
  • Creating a means for employees to express concerns about the work environment and actions of others, without fear of retribution.

For some businesses, the safest course of action will be establishing split shifts or a rotating schedule of employee teams working in the office. Doing so can ease physical separation issues, but we should expect that some employees will need to, or want to, continue working from home.

Prepare Your People

Communications — timely, open, and honest — will be critical for successfully taking the next steps with your business.  For many, personal anxiety and stress will be high as we navigate shifts in our personal and work lives.

Provide your team as much information as possible on what to expect, and how things will move forward, as you go through each upcoming phase of your plans.

As you communicate with your team, keep in mind that employees may be dealing with personal COVID-19 impacts, such as:

  • Death of a family member of close friend
  • Sick or quarantined family member(s)
  • Loss of income by a spouse/partner/family member
  • Supervision of children learning from home
  • Lack of available daycare
  • Anxiety and stress
  • Feeling unable to return to working in the office

Be prepared to deal with the human side of Covid-19, not just the logistics.

  • Anticipate and have answers ready for employees about your requirements and their options
  • Establish a feedback loop and listen to staff issues and concerns
  • Engage your HR staff, service, or consultants to assist with communications, feedback, and responses
  • Update plans and timing as needed to mitigate staff concerns and business conditions

Prepare to Settle In

Set Expectations

As noted, above, experts are telling us to expect local/regional COVID-19 outbreaks throughout the fall and winter. With this expectation, we should plan for future stay-at-home orders and business restrictions. These will likely vary by location, complicating your planning efforts.

Remote work will be part of our operations for the foreseeable future. As you plan your next steps, make sure that your team is ideally equipped to continue working from home.

In the scramble to respond to stay-at-home orders, many businesses make necessary technology decisions for the near-term.  Now is the time to step back and take a long-term view. Employees may be working on home computers, using personal software, and working in a less-then-ideal space. Many businesses are also finding employees have signed up for free or consumer IT services to work around limitations, such as difficulty accessing files on company servers.  We still have a responsibility to keep information secure and private, and our employees and businesses safe.

Get Your IT Resources in Place

Settling in means adapting work environments — at the office and in employees’ homes — to our anticipated reality.

  • Improve security and access to company systems and data
    • Move data from on-premise servers to cloud file services to improve access and security; Map drives to cloud-data for compatibility with desktop software
    • Use Remote desktop and VDI solutions to move on-premise applications to the cloud, providing easy, high performance access without distributing data to remote computers
  • Ensure employees have workable use of your phone system (see this post for more info)
  • Reduce the need for remote PC, VPN and other remote access solutions that increase cost, complexity, and delays
  • Eliminate the need for shadow IT services by helping employees use existing capabilities in your productivity suite
  • Provide devices for employees that do not usually work from home
    • Consider rental, lease, and device-as-a-service option to manage costs
  • If unable to provide devices, upgrade home computers:
    • Add memory for performance and ensure the ability to run business applications
    • Deploy licenses of business software, even if employees are using consumer versions of the applications
    • “Next Gen” endpoint protections from viruses, malware, and ransomware
    • Web filtering and DNS security to prevent malware from infected websites
  • Provide employees with helpful accessories, such as noise cancelling headsets for video calls

We are here to help you plan and execute your next steps.  Our free Response and Recovery Assessment will help you with your planning, fully utilize your existing IT Services, and identify budget-friendly solutions to address any unmet needs and priorities. Email us or complete the form on our home page to schedule your assessment.


 

Coronavirus and the American with Disabilities Act

(Published 5/4/20)

The US Equal Opportunity Employment Commission (EEOC) has published guidance on the applicability and limits of the Americans With Disabilities Act (ADA) and the Rehabilitation Act.

While the ADA and Rehabilitation Act rules continue to apply, the do not interfere with, or prevent employers from following the guidelines and suggestions made by the CDC regarding steps employers should take regarding the Coronavirus (COVID-19).

The EEOC has provided guidance, consistent with these workplace protections and rules, that can help employers implement strategies to navigate the impact of Coronavirus (COVID-19) in the workplace.

Federal Reserve Opens Main Street Lending Program with $600 Billion

(Published 4/25/20 – New links to program information)


On April 9, 2020, the Federal Reserve System quietly announced the opening of the Main Street Lending Program.  Through this program, the “Fed” is providing $600 Billion in loans to small and mid-market businesses. Loans are available to companies with up to 10,000 employees and annual revenues up to $2.5 Billion. Business must commit to make reasonable efforts to maintain payroll and retain workers.  Loans may be new, or may be used to expand existing loans.

Given the limited funds in the SBA’s EIDL Program, the Main Street Lending Program may be a useful alternative.

The program has two types of loans:

  1. Main Street New Loan Facility (MSNLF), which provides new loans to businesses per the MSNLF Term Sheet.
  2. Main Street Expanded Loan Facility (MSELF), which expands existing loans to businesses per the MSELF Term Sheet.

The minimum loan is $1 million and the term is fixed at 4 years with the amortization of principal and interest deferred for the first year.  The rate is adjustable based on the Secured Overnight Funds Rate (SOFR) plus 250 to 400 basis points, equating to a current rate between 2.51% and 4.01%.