So, what, exactly, is Malware?

Listen to the news? Read the internet? You know cyber crime is a very big business. Hackers and criminals are out there doing all sorts of nefarious things. Most generally, you hear that malware is some kind of virus that attacks your software programs, infects your hardware, and bungles up your network. But there are many different types of malware, just as there are many types of criminals–each with their own MO and bad intentions. In this e-guide, we will run through some of the major categories of malware, and then suggest 7 different ways you can work to protect your business from malware.

Malware defined – Malware is a generic term that covers all manner of software that is designed to attack your devices, applications, programs, and networks. It is software that has bad intentions. Malicious + Software= Malware. Hackers and criminals create malware for an array of reasons. Some may create it just to attack massive amounts of machines just to show that they can disrupt the cybersphere. Other malware may be created for political reasons. The major reason criminals create malware? To make money without earning it. Yes, stealing. Either by directly pulling money out of accounts, or improperly acquiring data that ultimately provides access to funds. Example: Stealing your SSN and setting up a credit card to use that info, or convincing you to provide the password to your checking account. Others will snatch your organization’s data and hold it for ransom. As usual, it is all about money.

FUN FACT: Before the internet, passing around malware to infect a PC meant a criminal had to find a way to infect a floppy disc and trick users into inserting it into their computer. One of the first was created by a high schooler in the early 80’s. It was relatively benign and just created a pop-up with a Seuss-like poem
The program with a personality
It will get on all your disks
It will infiltrate your chips
Yes it’s Cloner!
It will stick to you like glue
It will modify RAM too
Send in the Cloner!

Unfortunately, most viruses now have far more nasty intentions, and the internet has made it much easier for criminals to break in. No waiting for you to insert a disc drive to steal your data, disrupt your internal business operation, or take down your website. One bad click and you’re in trouble.

Malware is a general term and there are several types.

VIRUS – Like the pathogen we associate with human disease, a virus is a “piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data.” Source: “https://languages.oup.com/google-dictionary-en/”

A characteristic of a virus is that it requires the user to take some action for it to infect your hardware, software, network, etc. For example, inserting an infected thumb drive or clicking on a link found in an email.

ADWARE -Adware is less a type of malware than a symptom created by the infection. Adware invades and then drives the user crazy with endless pop-up advertisements.

WORMS – Similar to viruses, worms replicate and attempt to cause damage but they don’t require a user action. Worms find vulnerabilities or holes in code that allows them access.

TROJAN HORSE – Yes, named after the Greek myth, Trojans trick you into accepting something you want, but inside it has bad intentions. A trojan refers to the method the cybercriminal uses to get you to download a virus or other infected program, rather than the nature of the specific virus.

KEYLOGGERS – This is malware that can track your keystrokes. This particular malware’s goal is to track your keystrokes and identify passwords or credit card information, and then log into your accounts.

RANSOMWARE – If there was any malware that gets more media attention, we aren’t aware of it. And it deserves everyone’s attention. Unlike some other forms of malware, once this has invaded, there is very little you can do to eliminate the virus. Ransomware sneaks in, snatches your data and holds it for ransom. Unless you choose to pay the ransom fee, usually in some cryptocurrency, you are out of luck. In the specific case of ransomware, prevention is the key. Having clean backups of your data which are kept continuously up to date is about the only way to sidestep a ransomware attack on your data.

/by

Your business runs on data, but so do the cyber criminals who want to steal yours

One very painful truth about running a business is that you possess data that is attractive to criminals. There is no avoiding that reality. You have data. They want data. It is an ongoing challenge to maintain data security as cyber criminals’ efforts evolve and change on a daily basis. The wall that kept you safe last week may have holes in them today. Keeping up with the latest threats is a specialized field that in-house IT support likely doesn’t have. An MSP can provide the support you need in the face of ransomware threats and other malware. Also, an MSP can provide 24/7 monitoring.

Speaking of data security, brand damage isn’t the only issue with data security breaches. In many cases, there are data protection laws that regulate how you secure personal information. In specific industries there are federal, state, and even overseas regulations that set standards for data protection. How you choose to protect data may be out of your hands. MSPs have the experience and knowledge to address compliance management. For example, there are a number of data protection laws (HIPAA, FERPA, CA Privacy Act, GDPR, FTC Safeguards Rule) out there that not only provide penalties if a data breach occurs, but also mandate specific protocols to better ensure your data is protected. Avoiding a data breach isn’t enough. Some of these protocols can be quite demanding and some require periodic testing and are subject to audits. Samples of the types of requirements mandated by some of these laws may include.

Not only do you have to set up protocols, you may have to prove they are operative and be subject to audits. All of this can be extremely distracting to a small business.

Another area related to data security is the issue of backup and recovery. So much can go wrong. There is nefarious activity: criminals actively trying to break into your data and steal it. There is human error: individuals taking actions that accidently delete or damage data. And of course, hardware can fail and software can have bugs. And, if not done correctly, backups may be infected and be of little value.

An MSP can design backups that are continual and are protected at an offsite location.

More importantly, it isn’t enough to know your data is safe if something happens. Your business is dependent on using that data. Losing a day of access can cripple your business. That means planning for recovery in case something happens. How will you transition to another mode of data access? Your customers expect 24/7 availability. An MSP can develop recovery plans that work to ensure your operations see minimal disruption in the event of a failure.

/by

One thing that the best MSP can do is become a strategic partner. Your expertise is your industry, business, or profession. Trends and innovations in technology aren’t your focus. However, your business can benefit from some long-term strategic planning in terms of the technology you will deploy to remain competitive. New technology will offer new opportunities. An MSP who has experience in your industry can become a partner. After taking the time to learn your business, your goals, and the competitive field in which you operate, an MSP can take a seat at the table of your business planning. At the highest level, this is where a skilled MSP becomes a significant asset as your business grows and faces new market challenges.

Additionally, An MSP can help with other parts of your IT infrastructure to protect your data as well as facilitate more effective collaboration internally as well as with clients. Here are three examples.

Backup and recovery

Another area related to data security is the process of securing your data in the event of theft, a hardware or software issue, or even a natural disaster that cuts access to your data’s physical location. Backing up your data needs to involve a lot more than running nightly backup to an external drive. That may be ok for your home laptop, but it doesn’t cut it if you want to protect your business data. An MSP can support continual data backup to offsite locations. This means at any point there is a system failure or breach, all of your data remains secure at one or more distant locations. Backup also includes recovery. Having your data safely stored in the event of a disaster isn’t enough. Your business will need continuing access to that data. An MSP can develop recovery plans that work to ensure your operations see minimal disruption in the event of a failure. Also, clean backups are critical for avoiding the consequences of a ransomware attack. Poorly handled back procedures can leave your data vulnerable,

Cloud Services

The decision to use cloud services is closely related to data security and cybercrime. Locating all of your data and software applications physically in your own location may seem like the safest thing to do, but that may not be correct. If you utilize cloud storage, you can maintain access to that data from any location. If a natural disaster or other emergency limits access to your physical locations or disables it, your business and employees can access the data from anywhere. Also, the cloud offers economies of scale. To maintain sufficient capacity to meet peak times, maintain all of the necessary hardware and software, and monitor it 24/7 involves considerable in-house labor and capital expense. Migrating to the cloud means you share those fixed costs with others. An MSP can handle selecting and designing a cloud solution most appropriate to the needs of your specific industry and business.

Unified Communications

Unified communications is a service that pulls together the different channels your employees and clients use to collaborate, sell, communicate, etc. Unified communications systems have many moving parts. Encryption, data security, ease of use, cross platform support as well as other support services can create a communications system that works for everyone, no matter what channel they choose to be using.

/by

Strategic IT planning for your business

One thing that the best MSP can do is become a strategic partner. Your expertise is your industry, business, or profession. Trends and innovations in technology aren’t your focus. However, your business can benefit from some long-term strategic planning in terms of the technology you will deploy to remain competitive. New technology will offer new opportunities. An MSP who has experience in your industry can become a partner. After taking the time to learn your business, your goals, and the competitive field in which you operate, an MSP can take a seat at the table of your business planning. At the highest level, this is where a skilled MSP becomes a significant asset as your business grows and faces new market challenges.

Additionally, An MSP can help with other parts of your IT infrastructure to protect your data as well as facilitate more effective collaboration internally as well as with clients. Here are three examples.<br>

Another area related to data security is the process of securing your data in the event of theft, a hardware or software issue, or even a natural disaster that cuts access to your data’s physical location. Backing up your data needs to involve a lot more than running nightly backup to an external drive. That may be ok for your home laptop, but it doesn’t cut it if you want to protect your business data. An MSP can support continual data backup to offsite locations. This means at any point there is a system failure or breach, all of your data remains secure at one or more distant locations. Backup also includes recovery. Having your data safely stored in the event of a disaster isn’t enough. Your business will need continuing access to that data. An MSP can develop recovery plans that work to ensure your operations see minimal disruption in the event of a failure. Also, clean backups are critical for avoiding the consequences of a ransomware attack. Poorly handled back procedures can leave your data vulnerable,<br>

The decision to use cloud services is closely related to data security and cybercrime. Locating all of your data and software applications physically in your own location may seem like the safest thing to do, but that may not be correct. If you utilize cloud storage, you can maintain access to that data from any location. If a natural disaster or other emergency limits access to your physical locations or disables it, your business and employees can access the data from anywhere. Also, the cloud offers economies of scale. To maintain sufficient capacity to meet peak times, maintain all of the necessary hardware and software, and monitor it 24/7 involves considerable in-house labor and capital expense. Migrating to the cloud means you share those fixed costs with others. An MSP can handle selecting and designing a cloud solution most appropriate to the needs of your specific industry and business.

Unified communications is a service that pulls together the different channels your employees and clients use to collaborate, sell, communicate, etc. Unified communications systems have many moving parts. Encryption, data security, ease of use, cross platform support as well as other support services can create a communications system that works for everyone, no matter what channel they choose to be using.</div>

/by

Are you a small- or medium-sized business that is in need of a more complete, dependable IT solution to support your business than you presently have? When your main focus is running your business, everything else becomes an afterthought. Other support operations tend to take a backseat. However, your business depends upon a reliable, stable “always running” IT infrastructure and you probably find that isn’t always the case. Even if you have an in-house staff, it isn’t large enough to put out fires and handle strategic planning and provide 24/7 support when something goes wrong. That is why many businesses large and small rely fully or partially on the support of a Managed Service Provider (MSP).

So what are the typical services available from an MSP? There are many different types of support that can be provided to clients. In this e-guide we will break them down.

Managed IT Services

This is the overarching set of services that define the purpose of an MSP. Generally, a business will sign a service level contract with an MSP for a set of defined IT services for a period of time. One advantage typically derived from such an agreement is that the contract provides that you get 24/7 emergency support with priority. Typically, if you have a crisis and call a provider, the non-contract clients take a lower priority. This can mean longer down times and those mean revenue losses. Also, your contract with an MSP means that you can do a better job predicting your IT expenses into the future, and predictability is always a benefit for any enterprise.

Cyber Security Services

One specific area of expertise that everyone needs, no matter how small the business, is up-to-date, ongoing protection against data theft and cyber crimes. An MSP can bring a depth of knowledge that is difficult to create in-house. Ransomware and data theft are rampant. Cyber criminals attack businesses of any size ( in fact, small ones can be more vulnerable. And smaller businesses often don’t have the deep pockets to recover from the revenue losses of a cyber attack). This is a very specialized sector of IT management where businesses frequently choose to use the services of an MSP because of its complexity. Also, keeping up-to-date with the latest malware, and handling 24/7 monitoring can be very labor intensive if done in-house.

Compliance Management

  • There are a number of data protection laws (HIPAA, FERPA, CA Privacy Act, GDPR, FTC Safeguards Rule) out there that not only provide penalties if a data breach occurs, many of them mandate specific protocols to better ensure your data is protected. Avoiding a data breach isn’t enough. Some of these protocols can be quite demanding and some require periodic testing and are subject to audits. Samples of the types of requirements mandated by some of these laws may include.
  • Designating one individual to oversee data protection and security
  • Conducting a risk assessment – This means analyzing what data you possess, where it is stored, and in what ways it is vulnerable.
  • Creating safeguards to address all potential areas of vulnerability
  • Designing and documenting tools to secure your data and tracking access
  • Tracing the location and security of all data whether it is at rest or in transit.

An MSP can be a critical resource in designing these safety measures and ensuring your company is in compliance and remains so. Handling compliance issues and audits can be a big distraction when you are trying to run your business and drive revenues.

/by

Can a small business use AI?

One area where AI tools can help even the smallest business is in sales and marketing. Every business is marketing and selling in the online digital world. Marketing on social media is a given for every business, and can be a game-changer for a small startup. However, a lot of the tasks of marketing on social media and through your website can involve tedious, time consuming tasks. Marketing tools that use AI can help with drip email campaigns, website visitor tracking, and understanding where each customer exists in the sales funnel at any given moment. Other digital tools that increase customer engagement and drive sales are available and are an excellent introduction to AI as a marketing tool. Using these tools, you can focus your limited sales resources on other, more critical tasks such as closing a sale with a customer that is now ready to buy and not simply exploring vague options. These AI tools are readily available and your MSP can guide you in the adoption and use of them.

An MSP or MSSP can also be a resource for data protection. As you begin using such tools, you amass enormous amounts of data about prospects as well as customers. How you hold, use, transmit and store this data is subject to some data regulations, either by your state, a federal agency, or even the European Union. Regulation is growing because of the increasing concern about an individual’s online privacy. Because so much personal data is being collected about each of us, there is increasing concern about misuse of that data, protecting it from bad actors, and other privacy rights issues. While you may not be physically located in a state that has data privacy regulations, if you conduct business in a state or country that regulates data privacy, you are likely subject to their rules. An MSP or MSSP is an important resource to determine where you are subject to those laws. More importantly, if you are subject to those laws (e.g. HIPAA, The FTC Safeguard Rules, the CA Privacy act or the General Data Protection Regulation of the EU), you may also be required to prove that you have developed protocols for the protection of data as defined under those regulations. It isn’t enough to say “everything is safe.” You may have to provide evidence you have created the specific data protection protocols specified under the regulation.

In short, AI can be a helpful tool to grow your business, but it comes with responsibilities and concerns that may not have concerned you before. An MSP is an important resource as you wade into the world of marketing, sales, and other operational areas.

/by

Leveraging your business data to drive better business outcomes

Smaller firms may hear about AI and how data is driving the big corporations of the world, but they often don’t realize that they can do the same. The size and age of your business doesn’t have to be a limiting factor in whether you use data. Today’s blog is a quick look at data management for the small firm.

The first lesson is: don’t take your data for granted. The basic business model for some large IT companies is monetizing the data that they collect. While this may not be your goal, you probably collect a great deal of data about your customers, prospects, and operations. An MSP can help you make better use of that data. Here are just three examples:

Marketing

Data tells you who is interested, when they’re interested, and in what they are interested. Data can tell you where each individual prospect sits in the sales funnel, so your marketing messages reach them exactly where they are. It can also track the performance of your online marketing initiatives.

Forecasting and Sales

Customer Relationship Management applications exist because of the data that can now be collected. They monitor sales efforts, nurture leads, and work to improve customer engagement.

In-house and Operations

Data can track all manner of things in your production of goods or services, identifying where resources are being spent in each step of the process. Data can also be used in scheduling and pricing, although these tools can have human resource and customer relations implications that need to be carefully considered.

Planning and the Future

Technology is more than just something to run your business today. It can be a source of innovation for the future of the business, pushing it in new directions. You should be taking a proactive view of technology as a strategic tool for the long-term growth of the business. How can new technology help with in-house software development, infrastructure upgrades, digital transformation, and product innovation? Questions to ask in this context would be “can technology improve the delivery of products and services, or improve qualitatively the nature of the product or service itself?” As part of C-suite plans to stay competitive and thrive in the market, leadership needs to understand what new technologies are available for future innovation. However, that means you need technology support that is focussed on strategic planning; understanding new technologies that can move the business forward. For an SMB, Managed Service Provider can be the CIO/CTO that understands your business and helps plans for the future.

In summary, most SMBs are limited in how they can make use of technology in their strategic planning. As a result, this may compromise their capacity to remain competitive in the long-term. Consider using an MSP as a strategic partner in your long term planning.

/by

An MSP can help you prepare your business for tomorrow’s market

 

Many small businesses tend to view an MSP as the local fire truck. Available when an emergency happens, they rush in, put out whatever tech fires broke out, and then leave. This is also known as the “break-fix” approach to technical support. However, an MSP can bring many types of value to a small business. In particular, an MSP can function as a strategic partner for a small business. Technology needs to be part of your long-term strategic planning. MSPs have the ability to devote energy to understanding emerging trends that can help your organization develop a “technology roadmap.” This is a long-term strategy document that outlines how and what technology should be used going forward. The roadmap takes a proactive view of technology as a strategic tool for the long-term growth of the business. Individual parts of a technology road map will address specific aspects of the company’s “technology” such as software development, infrastructure upgrades, digital transformation, and product innovation. A technology roadmap that includes product innovation is especially important. Questions to ask in this context would be “can technology improve the delivery of products and services, or improve qualitatively the nature of the product or service itself?” The roadmap may also include research and development initiatives. As part of C-suite plans to stay competitive and thrive in the market, leadership needs to understand what new technologies are available for future innovation.

Here are just a few examples of how an MSP’s specialized staff with expertise can help.

Software Development – Strategic IT should be evaluating the present software applications and addressing improvements and re-designs that will address potential customer demands.

Infrastructure Upgrades as the Business Grows – There are many examples, but a simple one is redundancy. As a business grows, it becomes increasingly important to address redundancy. The larger the business, the more complex the infrastructure becomes. It is important that businesses look throughout the infrastructure and identify the single points of failure that need to be addressed and developing real-time work arounds and disaster recovery plans is an increasingly complex task that requires significant resources and attention.

Digital Transformation – Digital transformation refers to taking tasks and using digital tools to improve efficiency and response. This can mean anything from moving from in-house servers to the cloud, using SaaS, creating online portals for sales and marketing, to just about anything you can imagine. A new example is the use of AI, especially machine learning which can be used to develop more effective inventory planning and offer more precise marketing responses to individual prospects.

Security Roadmaps – A security roadmap is similar to a technology roadmap, but with a very tight focus. Ensuring your data remains safe from cybercriminals, internal error, and software or hardware breakdowns is the goal of a security roadmap. Your data is critical to your business. It is proprietary and it is also very vulnerable to theft. A data breach can be a real threat to the viability of your business. The legal and reputational consequences can take down a small business. A security roadmap can include:

  • Determining what regulations govern your data (HIPAA, GDPR, FERPA, etc.)
  • Developing access protocols
  • Training employees about human vulnerabilities to cybercrimes, such a phishing
  • Creating effective backup procedures, which are particularly important defense against ransomware attacks

Data Management: Everyone knows that data is valuable. The basic business model of some of the largest IT companies hinges partly on the value of data for advertising. But for even the smallest business, significant amounts of data can now be collected. An MSP can help an SMB use that data to tighten inventory, for example. Three ways data helps your business succeed.

Marketing – Data tells you who is interested, when they’re interested, and in what they are interested. Data can tell you where each individual prospect sits in the sales funnel, so your marketing messages reach them exactly where they are. It can also track the performance of your online marketing initiatives.

Forecasting and Sales – Customer Relationship Management applications exist because of the data that can now be collected. They monitor sales efforts, nurture leads, and work to improve customer engagement.

In-house and Operations – Data can track all manner of things in your production of goods or services, identifying where resources are being spent in each step of the process. Data can also be used in scheduling and pricing, although these tools can have human resource and customer relations implications that need to be carefully considered.

/by

Multi-Factor Authentication 101

,

You have probably already come across the term multi-factor authentication. The concept is not new, but has caught on really quick of late. In this post, we will discuss what multi-factor authentication is and why you should be adopting it.

What is multi-factor authentication?
Multi-factor authentication is basically the use of more than one credential to gain access to data. It is a combination of multiple access credential types. For example, instead of gaining access to an email account by just typing your username and password, you will be asked to further verify your identity by entering some other information, such as a pin or a one-time password (OTP) that was sent to the phone number linked with the email address you are trying to log into.

Why do you need multi-factor authentication?
Multi-factor authentication offers an additional layer of security. Simple access control measures such as logging in with user ID and password are increasingly being breached by cybercriminals because no matter how much we condition ourselves to follow good password hygiene, sometimes, we slip up. Have you ever been guilty of

  • Writing down your password so you don’t forget it
  • Sharing your password with someone just to get the work done faster
  • Used the same password for multiple accounts just because it is easier to remember
  • Creating a password that was obvious/easy to figure out. Examples include your date of birth, numbers or letters in sequence, your name, etc.,

Multi-factor authentication can help prevent cybercrimes that happen due to leaked/hacked passwords.

How does multi-factor authentication work?
The working of multi-factor authentication depends on a combination of the following 3 elements.

  • What you know
  • What you have
  • Who you are

The user has to prove their identity by answering the questions related to each of these 3 elements. User IDs, passwords, secret questions, date of birth, etc., fall in the first category (What you know), while OTPs sent to your smartphone, a physical token or an access card belong to the second category (What you have) and the third category (Who you are) includes biometric authentication such as retina scan, fingerprint or voice recognition.

Multi-factor authentication is no guarantee of data safety, but it certainly reinforces your data security. While there are tools available in the market that you can purchase and deploy, you could also connect with an MSP to help you implement multi-factor authentication across your network smoothly.

/by

Do your homework: 3 things to do when looking for an MSP

,

Thinking of hiring a Managed Service Provider, but not sure how to go about it? Here are a few things to do before you zero in on one.

Figure out what you have already

The first step in a good plan is to figure out where you stand currently. Before you talk to an MSP, conduct an audit of your IT infrastructure to decide what you have currently. List all your hardware and software. When performing this IT audit, don’t forget other technologies that you are using, such as biometric access systems, CCTV systems and even telephone systems. You may think they are irrelevant as they are not directly related to your IT infrastructure, but, in the near future you may want them all to be connected to one another, and so, including them in the audit and inventory right now is a good idea.

Figure out what you need

This is the next step. After you determine what you already have, the next step is to figure out what you need. What do you want to add on or remove from your existing IT infrastructure? Are your servers too slow? Do you want to switch to the Cloud instead of traditional services? Do you want a Unified Communications set up instead of your current PBX phone line? Do you want to shift to a work-from-home model and need the infrastructure to support that?

Do your research

Now that you are clear about what you have and what you need, start doing your research. If you have an in-house IT team, you can ask them to evaluate the various options that can help you reach your goal. If not, then there are plenty of resources available online for SMBs that help with tech questions. https://www.sba.gov/learning-center is one great resource and a Google search will get you more.

As a part of this research, you should also make a list of credible MSPs in your area and learn more about them. A Google search can help you with that, but it would be even better if you reach out to a couple of your peers requesting them to refer you to their MSPs, if they have one.

Hiring an MSP means trusting them with your IT infrastructure, so it is very important that you have a clear understanding of what you really want and need, so you can share your expectations with your new MSP. This transparency and clarity goes a long way in determining the success or failure of your relationship with the MSP.

/by