Pricing Out a Managed IT Services Plan: What You Need To Know? Developing a cost-effective and customized price plan for managed IT services It’s no surprise that any modern business is – to some degree – dependent on technology. No matter what kind of devices your organization uses or the kind of work your organization does, making sure your technology is up and running to support operations is critical. Even more critical? Determining the right kind of IT support to match organizational needs and determining the right price to pay for it. Like with any other managed service, pricing out IT support services must reflect the unique needs and realities of each business. There really is no ‘one-size-fits-all’ managed IT price plan. Professionals looking to price out managed IT services need to adopt an informed and proactive approach. Don’t wait until a disaster happens to start pricing out managed IT support. The first step is determining what you need – and that means taking a detailed IT inventory. Strategic Spending: How Taking a Tech Inventory Will Help You Price Out Managed IT When you go to the grocery store, it’s common practice to make a list. Otherwise, you find yourself wandering the aisles, unsure of what needs to be stocked up at home. You end up getting home with a bag full of things you didn’t need and realize you forgot some of the main items you went to the store for. It sounds simplistic, but pricing out your managed IT service plan should follow the same logic You don’t want to dive headlong into pricing out a provider before you know exactly what you need. How many computers and devices does your company use? Do they all need to be monitored? What about software and hardware updates – is your organization behind the times and in need of rejuvenation? Do you need round-the-clock support or are you looking for help on an as-needed basis? Asking yourself these questions will make pricing out managed IT services much easier. Even better? It will help ensure that you don’t end up with a wealth of services and features that you don’t need or that don’t apply to you. This way, when you meet with providers, you’ll be armed with a clear idea of what’s required and what isn’t. Being proactive and thorough is the best way to start a transparent and productive pricing conversation with potential providers. Comparing Existing Models: Understanding the Pros and Cons of Each Once you understand the extent and type of IT support services you require, exploring the existing pricing models is a great next step. There are five main pricing models that organizations choose from. Each has its own benefits and drawbacks. However, the ultimate usefulness of each will vary based on the needs of different organizations. Let’s explore some of the leading managed IT service pricing models: Per-Device/Per-User The per-device or per-user pricing models are celebrated for their flexibility and simplicity. On the per-device model, you pay a flat rate for a device that is supported and monitored by the IT partner, including desktops, laptops, servers, smartphones, tablets, etc. Per-device models are attractive in that they offer the easy adding or removing of devices as needed. However, it’s a good idea to do some research and ensure the per-device rate you’ve been offered is set appropriately based on market realities. On the per-user device model, a flat rate is issued for each user or employee at your organization – no matter how many or what kind of devices each person uses. Per-user pricing models are attractive because they simplify the billing process. However, if your user base is continually growing and each user is starting to use two or three devices each, keep in mind that your managed IT partner may want to revisit cost-margin considerations. Value-Based Flat Fee Flat-fee, value-based pricing models are becoming more and more popular in the managed service sector. Often referred to as ‘cake’ pricing, the value-based model offers organizations ‘full-service’ coverage instead of separated and specialized components. On this model, you truly do ‘buy the cake’ rather than the ingredients you need to make it. Value-based pricing models are great options for SMBs since the model offers wide-spread, comprehensive coverage and services. Under the value-based pricing model, your managed IT partner essentially takes on the role of your outsourced IT department. They take care of everything for a singular flat rate. Keep in mind though, that if you select this option, you must trust your managed IT partner to cover all your bases and provide adequate full-scope coverage as your IT needs evolve. Tiered Under the tiered pricing model, managed service providers offer a variety of service packages, ranked using levels like Bronze, Silver, Gold, and Platinum. Each tier includes a specified range of services and support. This makes it easy for business owners to check out the specs of each package and choose one that is both cost-effective and tailored to their specific needs. Do keep in mind, however, that sometimes service packages will contain some things you need and some you may not. While its possible, pre-established tiered service packages may not always be a flawless fit with your needs and budget parameters. When using this model, its best to select the service tier that gives you as much relevant support as possible while staying inside your cost margins. This way you’ll avoid investing in services or fancy solutions that you don’t want or need. A-la-carte The a-la-carte pricing model works just as it sounds. You’re able to build-your-own service plan based on the supports and solutions that you require and nothing more. This is perhaps the most celebrated model as it offers maximum flexibility and customization for organizations. However, when using an a-la-carte pricing model, it’s a great idea to consult with a third-party expert to ensure you have all your bases covered. The last thing you want is to draw up a service agreement, thinking

On July 4th we as Americans honor the formation of the union we call The United States of America. Whether enjoying the holiday at the beach; a backyard barbeque; watching a fireworks celebration in the city; working hard in the office or shop; or marching in a local community parade; we all celebrate the birth of our great nation together as one. Here’s to our beautiful lakes, our majestic mountains and everything that makes American the greatest place to live! For anyone who’s not American, or new to our country, here’s what Independence Day is all about. Independence Day is celebrated each year on July 4th. It’s often known as “the Fourth of July.” It’s the anniversary of the publication of the declaration of independence from Great Britain in 1776. In 1775, the people of New England began fighting the British for their independence. On July 2, 1776, the Congress secretly voted for the country’s independence from Great Britain. Two days later, on July 4, 1776, the final wording of the Declaration of Independence was approved, and the document was published. The first public reading of the Declaration of Independence occurred on July 8, 1776. Congressional delegates began signing it on August 2, 1776. Fifty-six congressional delegates signed the document. The delegates signed by states from North to South, beginning with Josiah Bartlett of New Hampshire, and ending with George Walton of Georgia. Some delegates refused to sign the Declaration, including John Dickinson of Pennsylvania, and James Duane, Robert Livingston, and John Jay of New York. Some opposed the document but signed it anyway to present the appearance of a unanimous Congress. This included Carter Braxton of Virginia, Robert Morris of Pennsylvania, George Reed of Delaware, and Edward Rutledge of South Carolina. Five delegates were absent including Generals George Washington, John Sullivan, James Clinton, and Christopher Gadsden, as well as Virginia Governor Patrick Henry. John Adams sent a description of how Independence Day would be celebrated in a letter to his wife Abigail on July 3, 1776. He described “pomp and parade, with shows, games, sports, guns, bells, bonfires, and illuminations” throughout the country. An interesting note: Thomas Jefferson and John Adams, both signers of the Declaration of Independence and presidents of the United States, died on July 4, 1826, exactly 50 years after the adoption of the Declaration. For our Help Desk employees, Independence Day is a workday. We plan to celebrate the 4th just like the rest of our countrymen (and women!). But we do this by being here if you have any technical issues. Our Help Desk is your front-line support for submitting incidents and service requests. We say that we operate 24/7/365 and we mean it – Independence Day, Memorial Day, Christmas, New Year’s Day, Easter – no matter the holiday or day of the week. You’ll have direct access to the IT professionals who help you onsite and provide the advice, guidance, and rapid restoration of services you need to keep your business running.  When you call, one of our agents will log your request into our IT service management system and either resolve it for your then or escalate it to the next level of support. You have the option of reporting an incident or service request by email or by contacting us by phone. When you do, this will generate a “ticket” in our IT service management system. Once the ticket is created, you’ll automatically receive an email receipt confirmation with your ticket or reference number. This confirmation tells you that your request has been logged at our Help Desk and that it’s been assigned to a tech specialist who knows your business and is experienced in your particular IT issue. Here’s what we ask that you provide when submitting a request to our Help Desk: Your name, business name, phone number, and email address. A detailed description of the problem or concern. Whether the issue you’re experiencing affects only one user, many users, your entire office or multiple offices. The impact your issue has on your business, including whether any critical applications have been affected. Anything you or your staff have done to try to resolve the issue before contacting us. Prioritizing Tickets It also helps if you prioritize your need. Here’s an example of what we mean: Non-Urgent: Your problem is minimal and doesn’t impact your ability to work. It’s something that you could wait to be addressed within the next week. (For example, you’d like us to provide a new piece of computer equipment for you.) Normal: The IT issue has some impact on your day-to-day operations. However, you could wait for two days for it to be addressed. (For example, you’d like us to help you find a better way to use an application or replace it with a different one.) Urgent: The issue you face has a significant impact on one user’s ability to work. You need help sometime during the workday. Emergency: This issue has a significant team-wide impact on your staff’s ability to work. Multiple employees are affected. You need help as soon as possible, no matter if it’s after hours, over the weekend, or on a holiday (like the 4th of July). This is for things like outages and downtime. Please do your best not to prioritize something as “Urgent” or “Emergency” when it’s not. This helps us get to those really urgent requests much faster. We want you to know that you and your staff can enjoy Independence Day with the peace of mind that our Help Desk is always here for you. Happy 4th of July everyone!

The Top 5 Cybersecurity Risks Your Company Hasn’t Considered Exploring the leading cybersecurity threats facing business professionals today There’s no getting around the prevalence of cybercrime today; it’s happening more and more, all across the globe. Even worse? The identity thieves and malicious attackers lurking behind the scenes are getting better at exploiting weaknesses to get their hands on confidential business data. Understandably, business owners are often scrambling to ensure they’re doing enough to keep security tight. Maybe they invest in some “total solution” software or perhaps they overload a tech savvy employee with IT security work. Some business owners simply decide to roll the dice and hope for the best. Whether it’s doing too much or too little, business professionals often get caught up in a less-than-ideal approach to cybersecurity. So, with all the horror stories in the headlines about companies and government agencies getting breached, what’s a business owner to do? The key is to remain focused and strategic so you can put together a level-headed plan. This involves taking a closer look at some of those gargantuan cyber threats we often forget about. Narrowing Down the Doom: 5 Concrete Risks You Can Focus on Fixing Today In order to develop a realistic and strategic approach to cybersecurity, you have to cut out all the noise. Put the headlines and your own fears to the side and try to stay focused on the things you and your staff can control. Think long and hard about the various ways cyberattacks could occur in your organization and then consider how you can work to close the gaps in each section. Check out these Top 5 Security Risks that your organization must be carefully managing:  1. Your own team No one likes to admit that internal risks exist, but the reality is that employees are the weakest link in the cybersecurity chain. Sometimes these internal threats are malicious, but most often it’s a matter of ignorance and carelessness. In fact, human error is the catalyst for the vast majority of cyber-attacks on businesses. The reality is, an uninformed and unprepared team can have drastic consequences for your organization’s cybersecurity. You may have employees who are more likely to click a malicious link or download a bad file from a phishing scam. Perhaps your team receives fraudulent business email compromise (BEC) scams that seem legitimate. No matter the error, your workforce – when uninformed – can put your organization at serious risk. How to tackle an uneducated team: The best way to counteract employees who aren’t in the know is to teach them! Yes, this will require some investment of time and resources but in the long run, your organization will be stronger and more secure. Find ways to get your team on board and help empower them to be cybersecurity superheroes. Help them determine how to identify threats and create an environment for open and honest communication about suspicious activity of any kind. With an informed and vigilant team, your cybersecurity woes will be reduced significantly. Password malpractice Passwords are supposed to keep your organizational and employee data safe and secure. But when’s the last time your team changed their passwords? Is there a culture of password-sharing or posting in your office that threatens security? For that matter, have you and your team ever had an open conversation about choosing strong passwords? These are questions you must ask yourself in order to get on top of password malpractice. How to manage password malpractice: Like with any other part of your business, best practice for password management is to have standard operating procedures in place to ensure your team knows what is expected. Make it a rule that passwords must be kept private and changed on a 30 or 60-day basis. Mark calendars with password change dates and makes it a group activity. Make it a rule that passwords must be unique and not repeats of old passwords or other accounts. Ensure there is a chain of command for access and control – superiors should never be sharing login credentials with employees – no matter how convenient. Finally, consider setting up two-factor authentication at all endpoints to add an extra layer of verification security. 2. Patch procrastination In an increasingly digital workforce, hardware and software updates seem to pop-up daily. However, it is becoming blatantly clear that updated software and hardware are a critical part of maintaining strong cyber security. Why? Because updates very often include patches designed specifically to fix security holes or glitches. Who can forget the massive WannaCry scam from 2017? Even though a patch had been released in March, it had not been installed on countless machines who were then infected by the virus in May. Even with the high profile WannaCry case, it is still common practice for many business professionals to avoid or put off software updates. Sometimes there is fear of change or increased technical issues once an update is installed – and this can happen. However, for the most part, updates are designed correctly and will work wonders by patching unseen security flaws. This can make a huge difference in keeping your network secure. How to stop patch procrastination: Again, schedule your updates and mark them on calendars as much as possible. Taking the time to make a physical note will help emphasize the importance of staying on top of patchwork. Most importantly, when your machine gives you a reminder to install an update – install it! Get out of the habit of clicking “Remind Me Later” – your network will thank you. It’s not just about security either. Staying on top of updates and patches will help your systems run at optimal capacity at all times. Make updates to your new habit and explain this priority to other administrators. 3. Other organizations This is perhaps the biggest risk that business professionals often forget. It’s not just your own cybersecurity practices you should be worried about – it’s the other companies you work with.

Cyber Hacks on DNA-Testing Companies Raise Fears about Genetic Data Privacy   DNA-testing companies the latest to be targeted by cybercriminals Stories of businesses getting hacked by cybercriminals are pretty much par for the course nowadays. Increasingly, companies who collect and store large amounts of user data are prime targets for malicious and greedy hackers. From social networking sites to ride-share companies, large stores of user data are one of the hottest commodities on the cybercrime market. MyHeritage hack: Over 90 million users affected One of the most recently reported attacks saw the email addresses and passwords of roughly 92 million users hacked. MyHeritage – an international company based out of Israel – is a DNA testing provider that offers customers the unique experience of determining the specific makeup of their ethnic ancestry and lineage. The MyHeritage hack stands out among others for the very obvious fact that the company doesn’t simply collect basic user info like emails and passwords – it collects and stores mass amounts of genetic DNA from subscribers. Now, it must be noted that the MyHeritage attack only saw the theft of user emails and passwords. According to the company, none of the genetic data and DNA information provided by customers was compromised. Nonetheless, the attack serves as a critical reminder that nearly any kind of data stored on servers is at risk of being hacked. The hack – which occurred in October of 2017 – was only identified and reported to the company by a security researcher seven months later in early June of this year. With about 92 million users affected, MyHeritage has been in damage control mode ever since. While representatives for the company claim there is no evidence to suggest the attack was malicious, they’ve admitted they can’t know for sure. No genetic data affected, but can it be protected?  It’s important to remember that none of the genetic data collected by MyHeritage was hacked. In fact, most genetic data is stored separately and organized anonymously using a numbered barcode system. However, as cybercriminals continue to become more sophisticated and as user data becomes more valuable, companies will be required to work harder to keep even seemingly secure data safe. Especially when the data being collected includes genetic profiles of users. MyHeritage has been taking steps to tighten cybersecurity protocols and increase user-controls and account security settings. A forced password change for the nearly 100 million affected users arrived by email. Additionally, the company has facilitated two-step verification controls to ensure user logins are better managed. However, some experts argue that this could have been set-up proactively to mitigate hack risks ahead of time. Rob Verger, the Assistant Tech Editor at Popular Science Magazine raised a valid point in a recent interview. “If they can’t protect user data,” Verger said, “what makes them able to protect the genetic data?” Going digital: Balancing benefits with risk in the modern marketplace There’s a balancing act to be done when considering cases like these. There’s no denying that the electronic storage of data has been an asset – especially to the health and sciences industry. Doctors across the nation are making moves to paperless Electronic Medical Record (EMR) systems that make the patient experience more efficient and organized. Genetic testing companies have been revolutionary in their ability to efficiently and privately connect customers with priceless genetic information. So how do you know when to draw the line? How can individual consumers reap the benefits of these technologies without leaving themselves open to invasions of privacy? According to Verger, the best strategy when giving out personal data is caution and a second thought. “People should be careful about the types of information they give these services,” Verger said. “If your biggest nightmare is having your email address all the way to your ethnic history being hacked, then you shouldn’t subscribe to these companies or provide data.” At the end of the day, what matters most is how the users were affected and how MyHeritage responded. When it comes down to it, users have a right to be wary. Not only about the attack, but also about the incredibly long time it took for the hack to be identified and disclosed to users. Identification by a security researcher, seven months after the fact is hardly what anyone would call a vigilant cybersecurity effort. While MyHeritage is doing their best to rectify the situation and beef up security efforts, the doubt caused by the hack is understandably unsettling for affected users and potential consumers everywhere. Walking the tightrope in an increasingly digital world It’s no secret that today’s cyber-climate is more populated, dynamic, and personalized than ever before. The efficiency and customization that the online market offers are unparalleled. However, there is an underside to all this innovation that must be remembered. Service providers and their advertising teams are constantly looking for the most dynamic and personalized ways to advertise to their target markets in these online spaces. This means collecting as much data on their consumers as possible and at whatever cost. Consumer’s digital fingerprints are increasingly valuable to companies across the digital market. If a company wants to get a consumer’s attention on the information highway, they know they need to personalize the experience as much as possible. This means that all the bits of data entered into your browser become fingerprints to help identify and sell to you. In this competitive climate, genetic testing companies face an increased risk simply because of the personal nature of the data they collect. Having the genetic makeup of over 90 million consumers is an advertising goldmine, not to mention other potentially dangerous motivations of more malicious hackers. The bottom line? Users need to think twice and be vigilant about the data they choose to share. “It’s a double-edged sword – EMR and genetic testing can help medicine,” Verger reiterates. “However, nothing out there is perfect,” Verger claims. “Things kept on servers can possibly be hacked or compromised

Check Out These Pros and Cons First. Many of today’s business owners have decided to move their IT infrastructure to the cloud. In a large company, the number of services and workloads can be staggering, making the transformation a hugely complex procedure. Even in smaller businesses, there are pitfalls to be aware of. If you know about these before you begin, then you can avoid some costly mistakes. Remember that all clouds do not have silver linings. Some are just big ole thunderclouds that are about to dump 10 inches of rain on your parade. If you understand the issues and complications that can crop up, then you can bring your umbrella and escape getting all wet. If not, you may be in for some rainy days ahead. What are the benefits? Migrating to the cloud can deliver some “big-company benefits” that small businesses need these days in order to compete in the global marketplace. However, as many business owners have learned, there can be security issues, unexpected costs, and other snafus. The most successful cloud migration approach involves careful planning. It’s often a great idea to engage with some experts in cloud technology to help you. These experts understand what’s required and they’re familiar with cloud best practices. They can help you optimize the migration process. You also need clear heads who can keep you on the right road. Why are you moving to the cloud? Most business owners will answer that they’re hoping to reduce their infrastructure costs. That’s a good reason and the primary motivation behind most moves. The problem is that somewhere during the move, it’s easy to lose sight of these basic fundamentals. Cost reduction does occur for most companies but it’s not a guarantee. If the process is carried out incorrectly and/or the wrong cloud management maturity roadmap is followed, you could wind up in a ditch instead of on cloud 9. The hybrid infrastructure strategy Digital transformation and hybrid architecture – these are terms that many business owners struggle with. Though you’re probably an exceptional CEO, manager, or small business owner, if your expertise is not in the realm of Information Technology, hire a pro. In the midst of moving to the cloud, you need to know that everything is being done according to best practices. The diverse environments of infrastructure and operations (I&O) present numerous challenges. Before you move everything to the cloud, consider the following: The full cost of this process including hidden expenses On-premise vs. public cloud The security of your data Bandwidth availability Ownership of the data Availability of moving the data Developing a multi-year strategy that includes ongoing ROI The cloud roadmap In order to seamlessly migrate your physical infrastructures to private, public, and multi-cloud environments, you must first decide which services and applications are best suited for the cloud. Not every application is a good fit for the cloud. A good operational model will help your select the right services and apps based on their unique requirements. In other words, you need a good solid roadmap that outlines what will be moved, when it will be moved, and whether you have the right security to protect all your data throughout the process. This is especially important in industries where compliance is a factor, such as the healthcare industry. One HIPAA violation can be expensive but a good IT specialist will make sure that all data both in and out of the cloud is well-protected. Assess the risks Begin your cloud journey with an assessment of your current business network and IT technology. Include your current resources, along with the maturity of your processes and people. Consider these questions: Which services and applications can best benefit from migrating to Azure, AWS, or other cloud platforms? How will you manage third-party vendors to prevent data leaks? Do you have an IT team or outsourced IT provider with the right experience for this job? Should you migrate everything at once or do it in stages? Have you considered whether your new cloud environment is viable for both the short- and long-term? Can your new cloud infrastructure support growth? Hybrid infrastructure offers unique benefits to business owners. But it’s not a solution that will fix every IT problem you have. Instead, it’s more of a strategy for ensuring that your business can compete in a global marketplace. Cloud solutions and hybrid architecture aside, no one can predict the future. But it’s a good bet that cloud technology will evolve rapidly and your new cloud solution should be able to grow right along with it. That means flexibility. And, it should continuously assess your network security and compliance to relevant regulations. One single data breach these days can cost a million dollars. What to do next Before you take the next step, it can be highly beneficial to engage with cloud experts who have completed this journey for other companies. When you work with experienced professionals, they’ll guide you down the right path. As you move your applications and services over to the cloud environment, they will advise you every step of the way. This can eliminate a lot of the worry and stress, plus it usually helps you to complete the process without wasting precious time, money, and resources. Know where you’re going before you begin your journey and the cloud transformation can be an exciting new adventure for your business.

Nest Labs, a division of Google, recently discovered a list of email addresses and passwords that had been published online. As part of their ongoing commitment to protect their customers from hackers, Nest continuously monitors databases found online of stolen or leaked passwords. When they found that some of their customers’ passwords were listed on a phishing website, they sent out an email to customers. Consumers remain the weakest link Security experts all agree that the weakest link when it comes to internet security is the consumer. People click on suspicious links that download a virus or worm onto their device. They also frequently use the same password across multiple accounts. Many users visit sites that are unsafe where they may be exposed to malware. Often, consumers use the same password for years. All these practices make it very easy for hackers to steal passwords then break into various accounts. Nest takes proactive stance When Nest found the databases of leaked passwords, they sent out emails to all of their customers that read in part: “Nest monitors publicly leaked password databases and checks our own databases for matches. We’ve found that your email and password were included in a list of accounts shared online. Common causes of password theft are falling victim to phishing emails or websites, malware, and password reuse on other websites which may have been compromised.” The letter goes on to give instructions to users about what to do next and this applies to anyone who suspects that their password has been stolen. Instructions are below: Sign in to your Nest Account (bank account, credit card account, etc.) immediately. Navigate to the account management screen and find the item that says, “Reset Password.” Select a new password. Be sure to use numbers, letters, capital letters and symbols. An example of a good password would be: 57Rop*82!@HK. A password like this is much harder for crooks to decipher. An example of a weak password would be: time1234. This password would be easy for hackers to learn. Click “Save” to save the new password. Be sure to make a note of the password. You can also go to the log-in screen of any account including Nest and click on “Forgot Password.” This will initiate a procedure where you are sent a code (usually as a text message). Enter that code where prompted, then proceed to create your new password. Nest reminded its users that unless they did log on and change their password within a set length of time, the company might disable access to their account. Often, users put off changing passwords so the company most likely felt like it was necessary to include this veiled threat to shut down the account until a new password was chosen. How to change your Nest password using the app The company also included instructions for changing the password via the Nest app and these are given below for your convenience: On the Nest app home screen, tap the Menu icon. Select the Account icon. Select “Manage account,” then “Account security,” then “Account password. Enter your current password and your new password, then tap “Save changes.” How to use Two-Factor Verification (2FA) Nest also offers the option of 2-step (2-factor) verification, which can add a layer of protection to any account. This is very important to do for financial accounts and other accounts like Nest where your home, family or money might be at risk. The instructions for adding 2-step verification are given below: On the Nest app’s home screen, select the Menu icon at the top. Select Account. Select “Manage account,” then “Account security.” Select “2-step verification.” Then tap the switch to toggle 2-step verification on. Follow the prompts to enter your password, phone number, and the unique verification code sent to your phone. Cyber theft increasing globally Many experts are now recommending that customers add 2-step verification to all their online accounts. The increase in hacking and phishing schemes worldwide has alarmed many security experts, as well as consumers. It has become commonplace to read that one of your favorite stores or most trusted brands has lost millions of data records to hackers. This fact has spawned a new generation of security experts and advocacy groups whose purpose is to stem the tide of the growing number of cyber thefts. One of these groups called the Internet Society was the first to discover the Nest breach when they stumbled across an email from Nest to one of its customers. The society forwarded the email to the Online Trust Alliance and they published it as a blog post. Once this occurred, the story made international news. How Nest learned of the breach Though Nest has not revealed how they learned about the compromised passwords, it is believed that they regularly check a site called “Have I Been Pwned?” which is run by Troy Hunt, a security researcher. The site can be used to check whether any of your passwords have been stolen or leaked online. It includes half a billion passwords and other credentials stolen from consumers all over the world. About Nest Labs Nest Labs, now a division of Google, provides home automation tools that are programmable, sensor-driven and self-learning. Using your home’s Wi-Fi system, Nest products can be controlled either at home or remotely. These products include smoke detectors, thermostats, indoor and outdoor security cameras, security systems, lights, and other common household appliances. Nest was founded in 2010 by Matt Rogers and Tony Fadell, engineers who formerly worked for Apple. The company grew quickly to 130 employees and within just a few short years, Nest Labs had grown to 280 employees worldwide. In 2014, Google acquired the company for an estimated $3.2 billion. Today, the company has over 1,200 employees. They recently built a state-of-the-art engineering center in Seattle, Washington.

Cybercriminals are getting more fearless by the day and their crimes are getting more and more sophisticated. Cybercrimes are costing businesses and organizations billions of dollars each year. This has spawned a new generation of cybercrime fighters who search for ways to end this threat once and for all. With each new attack, the crimes get more sophisticated. Hackers are learning from their mistakes and tweaking their methods to make them even more effective. While most attempts to end hacking seem futile, it is an industry that will continue to require experts in managed threat detection. Stopping thieves before they can get into your database is the preferred method and this has now become possible. The latest technology can assess your network’s weaknesses and your IT professional can recommend various ways to shut down those weak areas. Why the rise in popularity of managed threat detection? Investments in technologies that prevent cybercrimes are currently on the rise. There are now a number of solutions that prevent intrusion into your computers. But many companies feel they just don’t have the money to install the latest threat detection equipment. Though there is an initial expense involved, business owners with these new threat detection systems do enjoy greater peace of mind. One cyber-attack is now estimated to cost approximately $1.3 million on average. In addition, customer trust is eroded once the public learns of the breach and overall sales can go down. The expenses for a breach can often linger for years. What is Managed Detection and Response? MDR is a combination of technologies and skills that provide global threat intelligence, deep threat analytics, and earlier incident mitigation. The most effective response to a breach requires a collaborative, far-reaching effort. Managed Detection and Response works well because it is set up to function every minute of every day. It provides more thorough protection from the viruses, worms, ransomware, and malware that exist on the World Wide Web. MDR is commonly used together with traditional managed security services (MSS) to ensure complete protection. These services can be provided by specialized vendors who focus mainly on threat management. They can also be provided by specialists who have MDR capabilities. Managed detection is chiefly distinguished by the fact that it works even in circumstances where the traditional methods of protection, which are focused on limited log collection and rules-based analysis, do not work. How is MDR delivered? Today, businesses will find a few cybersecurity experts who understand the ever-changing landscape in the world of cybercrime. Thieves utilize a number of methods that evolve with each new attack. The only truly effective response to these attacks is to develop a system of crushing cyber-attacks that also evolves with each new event. New technology focuses on a series of effective approaches to threat detection and elimination. The initial step is known as threat anticipation, which measures the level of a company’s preparedness. This determines how high a company’s chances are of being targeted by cyber thieves. MDR also includes threat hunting. Instead of waiting for an event to occur, this technology actively hunts for threats and eliminates them. Third, security monitoring is essential. This service is basically exactly what it says. A system is put in place that constantly monitors all hardware, software, and networking equipment, looking for loopholes that thieves might exploit. Security monitoring should include alert response, incident response, and breach management. Why is Managed Detection and Response popular? For most business owners, there just isn’t time each day to worry about cyber breaches and data leaks. Though the costs to address them can be enormous, a business person needs to focus on running his company. Your business can suffer if you must constantly be pulled away to address potential security threats. That’s the major reason why business owners are opting for a greater level of protection for all their computers and networking equipment. Threat detection and prevention is a full-time job and most business people just don’t have the time or skills to deal with it. Your company needs the finest protection available so you can get back to work without the stress of knowing that a breach could occur at any moment. MDR service providers are able to collect data from various sources on the threats that your organization may face. This enables them to know exactly which threats are more pronounced. Once an organization knows where their weaknesses lie, they are in a better position to respond, repair those flaws, and move forward with more confidence. Of course, a good managed detection and response program should also include all the measures to respond should a breach occur. In spite of all the advances in technology, if just one of your employees clicks on a malicious link, they could download ransomware or other harmful malware into your system. You can mitigate the damage though, by knowing exactly what to do. Final Thoughts Managed Detection and Response (MDR) is designed to handle anything that cyber-thieves can throw at you. It initially seeks to find and close any weaknesses, but it also includes a sound response plan should a breach occur. It utilizes today’s best detection tools, threat intelligence, forensic investigation tools, and human analysts. It can give business owners the peace of mind they need to get back to running their companies without the constant worry of an expensive data breach.

In a day and time when everyone is being super careful not to click on suspicious links, there’s a new threat lurking. Just about every home and office have a router. It’s an inconspicuous piece of equipment that most of us rarely think about. And now, a new alert issued by the FBI says that Russian hackers have targeted routers in 50 countries around the world. Why the router? Routers are rarely updated. Unlike the operating system on a smartphone or computer, most router manufacturers do not send out regular updates for their products. Last January, a complaint was filed against router manufacturer, D-Link. In the complaint, the FTC said that the manufacturer was leaving their users at risk by not installing adequate security measure. Their failure to do so had left many consumers open to attacks from hackers. Experts are now saying that there’s no incentive for router manufacturers to release regular updates to their products that could stave off attacks. Up to now, these manufacturers have not been held liable and when there’s no liability, manufacturers will often take cost-saving shortcuts. How hackers are getting in Using malware to target the VPN filter, cybercriminals are able to collect user data. Once the hacker has control of the router, they can use it to eavesdrop on consumers. This weakness also allows hackers a doorway to all home computers, TVs or anything connected via the router. The FBI recently discovered one website that hackers had set up to use in their attack. This website was designed to give instructions to the routers that had been taken over. Though shutting this site down did cut off one avenue of attack, the FBI warned that millions of routers were still infected. This leaves millions of consumers around the world vulnerable and most users will not even realize they’ve been hacked. Who is responsible for the hacks? The Justice Department said the hacking group referred to itself as “Sofacy” and that they answered to the Russian government. The hacking group also goes by the names Fancy Bear and APT28 and they have been involved in some very high-profile targets over the last few years. This group was blamed for the hacks carried out during the 2016 presidential campaign that targeted the Democratic National Convention. Cisco Systems Inc. performed its own investigation and found that the targeted routers include Netgear, Belkin’s Linksys, QNAP, Mikro Tik, and TP-Link. There may be others involved as well and most were purchased by consumers at local electronic stores and online. Cisco shared the results of their investigation with the Ukrainian government and the U.S. The FBI said that they believe some of the affected routers were also provided by internet service companies. New types of warfare between Russia and Ukraine Russia has long been involved in attacks against Ukrainian companies due to ongoing hostilities between the two countries. In the past, these attacks have cost millions of dollars and exposed the personal, confidential information of both businesses and individuals. At least one attack was responsible for an electricity blackout in Ukraine. The Ukrainian government recently stated that the Russian government was planning a cyber-attack against some privately held companies, along with Ukrainian state bodies. They believe these attacks were meant to disrupt the Champions League soccer finals which were being held in Kyiv. What to do next Experts are recommending that everyone using a router shut it down and reboot it. They also recommend disabling remote manager settings. If at all possible, upgrade the router to the latest firmware and change your password. The FBI warned, “The size and scope of the infrastructure by VPNFilter malware is significant.” Their experts said that hackers could render the routers affected completely inoperable if they wanted to, but that wasn’t their primary goal. Instead, they were planning to steal data off the computers, phones, and other connected devices by taking over the routers that controlled internet access. The FBI stated that the malware would be very hard to detect even by professionals because of encryption and other tactics used by the hacking group.

When we think of Memorial Day, we have visions of parades, going to the beach, enjoying a picnic in the park, or gathering with family and friends for a barbeque. But, as most of us know, this is a special day to honor military members who made the ultimate sacrifice for our country. Many of us will be visiting the gravesites and memorials of the men and women who served and died performing military service for our country. The History Of Memorial Day This year, Memorial Day is on Monday, May 28th. Memorial Day was first known as Decoration Day. It originally honored only those who lost their lives while fighting in the Civil War. In the spring of 1865 at the end of the Civil War, people throughout the U.S. held tributes to fallen soldiers by decorating their graves with flowers on Decoration Day. General John A. Logan of the Grand Army of the Republic, proclaimed that the first Decoration Day be observed each year on May 30th.  On the first Decoration Day, General James Garfield made a speech at Arlington National Cemetery where 5,000 attendees decorated the graves of the more than 20,000 soldiers from both the Union and Confederacy. It was during this time that the federal government established the first national cemeteries. Americans in the northern states followed suit with their own commemorative events, and by 1890 each recognized Decoration Day an official state holiday. Southern states honored their dead on separate days. After World War I, the holiday evolved to commemorate American military members who died in all wars. In 1966, the federal government declared Waterloo, New York as the official birthplace of Memorial Day. They chose this city because, on May 5, 1866, Waterloo closed businesses so residents had a day where they could decorate the graves of soldiers. However, a number of other cities claim to be the birthplace of Memorial Day. These include: Columbus, Mississippi Richmond, Virginia Macon, Georgia Carbondale, Illinois Boalsburg, Pennsylvania In 1968, the U.S. Congress passed the Uniform Monday Holiday Act, which established Memorial Day as the last Monday in May. It went into effect in 1971 and Memorial Day has been designated a federal holiday ever since. In the year 2000, President Clinton signed the “National Moment of Remembrance Act,” which designates 3:00 p.m. local time on each Memorial Day as the National Moment of Remembrance. Today, cities and towns across America hold Memorial Day parades each year along with military personnel and members of veterans’ organizations. Some of the largest parades take place in Washington, D.C., New York, and Chicago. What Will You Be Doing On Memorial Day? When Congress made Memorial Day into a mandatory three-day weekend with the National Holiday Act of 1971, it, unfortunately, caused some to think of it as a vacation weekend and to be distracted from the spirit and meaning of the day. Some people confuse Memorial Day with Veterans Day. Veterans Day is a commemoration of all the individuals who have served or are currently serving in the nation’s armed forces. Memorial Day was specifically enacted to honor those who died while serving the country. Because we also think of it as a “beginning of summer” celebration, this can tend to minimize the true meaning of Memorial Day. Because of this, Hawaii Senator Daniel Inouye, a World War II veteran, introduced a Congressional measure to return Memorial Day to May 30 in 1987. He continued to do so every year until his death in 2012. In 1999, he wrote: “Mr. President, in our effort to accommodate many Americans by making the last Monday in May, Memorial Day, we have lost sight of the significance of this day to our nation. Instead of using Memorial Day as a time to honor and reflect on the sacrifices made by Americans in combat, many Americans use the day as a celebration of the beginning of summer.” 3 Honoring Our Fallen Military Members Without the sacrifice of the men and women in our Armed Forces, we wouldn’t enjoy the freedoms we have today. Even if you’re having fun celebrating this Memorial Day holiday, we should all take a moment to remember them. Civil War – Approximately 620,000 Americans died. The Union lost almost 365,000 troops and the Confederacy about 260,000. More than half of these deaths were caused by disease. World War I – 116,516 Americans died, more than half from disease. World War II – 405,399 Americans died. Korean War – 36,574 Americans died. Vietnam Conflict – 58,220 Americans died. Operation Desert Shield/Desert Storm – 383 service members died. Operation Iraqi Freedom – 4,411 service members died. Operation New Dawn – 73 service members died. Operation Enduring Freedom – 2,346 service members died. Operation Freedom’s Sentinel – 48 service members have died as of May 2018. Operation Inherent Resolve – 61 service members have died as of May 2018. 1 A national moment of remembrance occurs at 3:00 p.m. local time on Memorial Day. Please join us in taking the time to remember and thank all of our fallen military members. https://www.cnn.com/2013/05/23/us/memorial-day-fast-facts/index.html https://www.history.com/topics/holidays/memorial-day-history http://people.com/celebrity/why-happy-memorial-day-is-inappropriate/

Your manufacturing company is in the crosshairs of hackers. Cyber-spies are using backdoor viruses to steal intellectual property from businesses like yours. According to Verizon’s 2017 Data Breach Investigations Report, these cyber-spies are supported by nation states. 620 of data breaches hit the manufacturing sector last year, and 94% were committed by state-affiliated actors. 91% of the intellectual property (IP) that was stolen was proprietary data owned by manufacturing businesses. China in particular expanded their state-sanctioned hacking of US manufacturers in 2017. It’s expensive to do the R&D necessary to design and build a product. It’s a lot less costly just to steal it. Nation-state cyber-espionage is the predominant cause of breaches in the manufacturing industry. In February 2018 the Worldwide Threat Assessment of the U.S. Intelligence Community confirmed that some nation-state actors are continuing to use cyber attacks to “acquire U.S. intellectual property and proprietary information to advance their own economic and national security objectives.” They say that advances in manufacturing, particularly the development of 3D printing, almost certainly will become even more accessible to a variety of state and nonstate actors and be used in ways contrary to our interests. The problem is that while manufacturing increasingly involves high-tech processes, in many cases manufacturing businesses don’t have the right IT security in place. 40% of manufacturing security professionals say they don’t have a formal IT security strategy in place. And 37% say they don’t have an incident response plan. This makes manufacturing businesses a prime target for hackers who want to steal IP. A Backdoor Could Be Secretly Leaking Your IP The Verizon report reveals that most computer intrusions in the manufacturing industry began with a spear-phishing email that was sent to a company employee and which contained a malicious link or attachment. The malware comes in the form of a backdoor that gives the hacker secret remote access to the computer. A backdoor is an undetectable technique where a technology system’s security is bypassed without anyone knowing so a thief can steal data. Hackers use backdoors to install malware to modify a code or detect files and gain system and data access. Any connected device in the manufacturing process is at risk. Social engineering and malware-based cyberattacks combined for a whopping 73 percent of all data breaches in the manufacturing sector last year. Spies favor email phishing techniques with malware to compromise victims. A recent article in the CIO Journal stated: “Almost any connected device, whether on the shop floor in an automated system or remotely located at a third-party contract manufacturer, should be considered a risk.” Manufacturers aren’t asking their Technology Service Providers to perform cyber risk assessments on technology they use on the factory floor. If they did, these backdoors could be detected and “closed.” This is a nightmare that will only get worse if manufacturing companies don’t perform their due diligence where IT security is concerned. If this doesn’t scare you, these statistics should. In 2017: 21 percent of manufacturers lost intellectual property to hackers. Four of the top ten cyberthreats facing manufacturing organizations are caused by their employees. 28 percent of manufacturing organizations lost revenue due to cyber threats. Over 35% of manufacturing executives believe IP theft was the primary motive for the cyber attacks in their businesses. To change this paradigm requires buy-in from leadership. However, although the manufacturing industry is focused on innovation, updating and enhancing technologies on the factory floor is a cumbersome, slow process. Hackers know this. It’s time to protect your intellectual property. Develop a cyber-risk management program with the help of your Technology Solutions Provider. They can do a complete IT risk assessment and detect if there are any backdoors installed on your systems. The right Technology Solutions Provider (TSP) will customize an IT strategy for you that includes protection for your intellectual property. Data Security: With ever-increasing threats from cybercrime, your manufacturing business requires risk assessments, data protection, data recovery, staff awareness training, and maximum security of your critical data. You must be able to backup, protect and recover your proprietary and confidential information. To do this, you should outsource your disaster recovery and backup solutions to an expert TSP who will analyze your current state of preparedness and offer guidance on potential courses of action. Disaster Recovery/Business Continuity: You must be able to recover data after a power outage, disaster, or when IT services are compromised. This requires backing up data to a secure, offsite location so it can be retrieved anywhere you have an internet connection. This way, your employees can continue working. The right TSP will: Develop and deploy a complete Business Continuity and Disaster Recovery Plan, a customized program to integrate the policies and procedures into your corporate culture, and conduct training sessions to ensure all employees are comfortable with procedures. Maintain an on-going program designed to ensure the validity of the Business Continuity and Disaster Recovery Plan and keep the plan up to date and communicated to all key personnel. Security Enhancement Via Continuous Monitoring and Maintenance: The right TSP provides continuous monitoring to remotely view your technology network, identify risks and halt IT attacks and breaches. They will address IT issues before they cause downtime or data loss. Identity and Access Management: They will help you comply with security and regulatory requirements, allowing only authorized individuals to access confidential information. Virtualization—Servers, Desktop, Storage, Applications, Data Center: Virtualization in information technology refers to the use of virtual servers, desktops, storage devices, applications, and computer network resources. It allows you to virtualize your entire IT infrastructure or specific aspects of it. Virtualization simplifies technology to promote security and efficiencies and reduce costs for your manufacturing business. The right Technology Solution Provider will ensure the security of your intellectual property. They will also be available 24/7 to provide the specialized and customized IT Service and Support you need to succeed.