About Mark Bochkis

This author has not yet filled in any details.
So far Mark Bochkis has created 17 blog entries.

Adjusting Your Business for a Digital Transformation

Change and uncertainty have been constant themes for nearly every business since the start of 2020. It’s hard to find an industry or sector that has not had to navigate at least some small-scale transitions due to the impact of the COVID-19 pandemic. Many business were prepared for a pivot to an online-heavy operational model. But, many more were not.

There’s no shame in the realization that your enterprise may not have been immediately ready to adopt a more digitally oriented business model. It’s hard to predict a once-in-a-century global crisis. But, now that you’re in the thick of it, what can you do to ensure that your operation is optimized for the new economic reality we are all experiencing?

Let’s discuss some keys for a successful ramp up to digital business operations.

digital transformationThe Ongoing Digital Transformation

The coronavirus had definitely provided the impetus for a digital transformation in many industries. But, the truth is, the transformation has been going on for a while now. Around 70% of businesses were expanding their digital capabilities in one way or another when the pandemic struck.

Not everyone was hitting their transitions out of the park, however. In fact, a full-scale digital transformation is hardly assured of success. According to research by the consulting heavyweight McKinsey & Company, less than one-third of organizations undertaking a large-scale technological upgrade succeeded in improving performance over a meaningful period of time.

There is good news for small business owners, however. Businesses with fewer than 100 employees were 2.7 more likely to report a successful transition compared with organizations with 50,000 employees or more.

So, what can you do to maximize the success of your business’ digital transformation? Our friends at McKinsey offer these five suggestions:

  1. Provide capable, digital-savvy leadership
  2. Build for a workforce of the future
  3. Empower and encourage your team to work in new ways
  4. Upgrade to digital tools for day-to-day business operations
  5. Communicate frequently via traditional and digital channels

Let’s explore these in more detail.

Digital-Savvy Leadership

If you are running a successful small business, you obviously have a capable leadership team in place already. That said, if you’re looking to improve your digital infrastructure, you’ll likely need some help with the “digital-savvy” part of leadership. This probably means looking outside of your organization for help.

You can go about it in one of two ways. You could create a “chief digital officer” position and hire an experienced manager for the role. The other options is to engage a knowledgeable and trustworthy IT firm to help you through the transition.

Either way, you’ll need to empower and smooth the way for your C-suite hire or the IT team you contract. Which means consistent communication to support their efforts. More on this later.

workforce of the futureBuilding a Workforce for the Future

An investment into new technology is great. But, it won’t make a difference on its own. You’ve got to have employees who know how to use and make the most of your new digital tools.

Getting your team to explore and utilize new tools is easier when you have a few employees who can act as integrators and early adopters. Look for members of your team who know the technical aspect of your business and understand the potential impact of the tools and technologies you are looking to add.

Empowering Your Employees

Change is difficult. Period. It’s human nature to keep on doing things the same way we always have. To grease the wheels of change, you need buy-in from your team.

One way to get a positive reaction from your charges is to solicit input about specific ways that new digital tools can help support their work. This sets the right tone during the planning part.

Once new processes and tools are put in place, it is imperative to reinforce the new behaviors. One way to do that is by providing continuing education opportunities. Another one is to encourage employees to explore, take risks and fail with their new tools.

Adding the Right Digital Tools for Day-to-Day Operations

Through their research, McKinsey identified three important considerations when adding new digital tools:

  • the application should make information accessible throughout the entire organization,
  • the application should empower your employees and your business partners to easily reach data-driven insights,
  • standard procedures should be revised to include the new digital tool

loud speakerCommunicate, Communicate, Communicate

As said before, internalizing new ways of working is not easy. But, if your employees understand the impetus for the changes being made, and the direction in which these changes are taking the company, they are more likely to successfully adopt their new digital tools and procedures.

To that end, it’s important to get your team together in-person to discuss your digital optimization plan before it gets going. As the changes are rolled out, continued check-in conversation between employees and their managers can help to keep implementation on track. Periodic communication from management via email or remote company town halls (via Zoom, Slack, etc) providing updates throughout the process will keep your team up to date on developments and help them keep track of progress.

Priorities for a Digital Transformation

Now that you understand the keys to a successful digital transformation, how should you proceed? We asked our team of IT experts for advice. Here’s what they said.

Make a Plan

This sounds obvious. But, how many businesses had to scramble to get business operations online when shutdown orders came down in mid-March? This reaction wasn’t unusual. IT needs often get de-prioritized unless something major goes wrong.

The rush in March, necessitated by COVID-19, made resources and equipment scarce. It’s can still be difficult to track down needed equipment, like laptops and servers.

For a smooth transition, make a plan before the need arises.

Decentralize Your Network

Cloud computing and applications are a smart and financially manageable way for small businesses to move their operations online. There are other advantages to decentralizing your business network. For one, you minimize the risk of your network going down from a single point of failure. For example, if your on-site servers go down, a cloud backup can keep your network operational while the problem is addressed.

Boost Security

Whenever you add points of access to your protected network, be it from cloud applications or from your workforce working remotely, you provide more avenues for cyber attacks to reach you. That doesn’t mean you should hunker down and shut out the digital world. It does mean that you should take the necessary security precautions.

Increase Bandwidth

Logic dictates that if you’re going to be relying on more digital processes, you’ll need to bolster your digital resources. This includes everything from ordering more laptops for your remote employees and upping your internet connection to implementing a more robust firewall and increasing your network monitoring capabilities.

Beacon Knows Digital Transformation

Need a reliable partner to help you through your digital transformation? The BITS team is here for you. Get in touch today to discuss your digital operations goals.

By | 2020-05-20T08:50:41+00:00 May 20th, 2020|BITS Team, IT Services|

Document Storage Solutions for the Work-From-Home Era

working from homeLast month, as many businesses were amending their operations to function in a global pandemic, we wrote about managing the transition to remote work and what small businesses needed to do to make the new arrangement possible. If there’s one positive arising from the COVID-19 crisis, it’s that many of us have been forced to learn the skills necessary to function in the 21st century economy. In the last several weeks, tens of millions of employees have become intimately familiar with video conferencing, VPNs, online collaboration tools, cloud-based document storage and more.

We’re more than a month now into our new normal. Hopefully, your transition to remote work was a seamless one. More likely, your team probably hit a few hiccups along the way. You don’t just unveil a whole new way of doing business without some speed bumps.

One major hurdle for the newly initiated remote-work businesses has been how to store, share and manage sensitive records and information via the web. The big concern is how to do all those things while maintaining tight security protocols. Strangely appropriate, April also happens to be the National Records and Information Management month. So, this topic arises at just the right time on the calendar.

Rising Cyberthreats During COVID-19

cyber criminalYour business’ transition to remote work isn’t happening in a vacuum. In the digital environment there are always threats. And, as we’ve covered in previous posts, criminal activity online is growing every year. The COVID-19 pandemic that’s driving more and more businesses to operate on the web is simultaneously presenting more targets for hackers to exploit.

Cybercrime reports have spiked four-fold in the wake of the global spread of coronavirus, according to the FBI.

“There was this brief shining moment when we hoped that, you know, ‘gosh cyber criminals are human beings too,’ and maybe they would think that targeting or taking advantage of this pandemic for personal profit might be beyond the pale,” stated FBI Deputy Assistant Director Tonya Ugoretz  on a recent online panel hosted by the Aspen Institute. “Sadly that has not been the case.”

Cybercriminals have used COVID-19 themes to go after everything from hospitals and health care systems to wind farm operators. They’ve crashed private – but, unsecured – Zoom calls (Zoombombing) and targeted private email addresses with phishing schemes.

As a result, it’s not surprising that 7 out of 10 organizations reported in a mid-March survey by Adobe that they expected to increase their investment in cybersecurity solutions.

So, what should you, as a small business, be doing to secure your digital environment?

Work-From-Home Solutions

There are a few basic things your business needs in order for your work force to be able to work from home with any efficiency. For starters, your team will need access to and the ability to collaborate on company documents. You will also need to back up the work your employees complete on their company-issued equipment at home. And, of course, you’ll need to protect all of these cloud-based interactions from anyone who might have less than pure intentions.

Secure shared drive

So, let’s start with the company’s shared drive – the library of all your essential documents, from client work and purchase orders to business expenses and marketing materials. Many businesses rely on on-premise servers to house their company shared drive. But, with a network of employees working from their home offices, there is less need to have your document storage on site.

And, there are advantages to a cloud-based solution that’s tailored for remote collaboration. A cloud storage platform, like Microsoft’s OneDrive, allows a team of employees to work on the same document, simultaneously, while maintaining the same working version of the file. The file is also protected through encryption, both while it is being worked on and when transmitting to the cloud. And, there are additional helpful features like data loss prevention, file restore and intelligent discovery.

Beacon, itself, has recently transitioned to a cloud-based shared drive to help our team of employees working from home.

Data Backup

It’s easy enough to backup the data on your employee workstations when they’re in office. It doesn’t have to be difficult to back up your remote employees’ machines when they’re not physically connected to your network. A great solution for centrally enabled data backup is Veeam Backup & Replication. This is another resource we’ve deployed in-house.

cloud securityCloud security

Most cloud applications are created with security features built-in. Still, it’s important to implement protocols and promote habits that further protect your enterprise.

Cybersecurity best practices call for the use of VPNs (virtual private network) for all employees working from home. With cyber attacks on the rise during the COVID-19 pandemic, it is advised that businesses make sure they are updated to the latest versions of their VPNs and all patches are applied.

Multifactor authentication is another helpful security measure. Password protecting your company workstations and all remote applications ensures that your company resources stay safe, even if a phishing attack compromises an employee’s credentials.

Lastly, training your remote employees on how to spot phishing attacks and other security exploits can further reduce the risk of a successful cyber attack.

Beacon Knows Remote Work

Roughing your way through a transition to remote work? The BITS team can help you smooth the way. Give us a call, we’re here to help.

By | 2020-04-23T12:48:54+00:00 April 23rd, 2020|System Administration, BITS Team, IT Services|

Work From Home: Transitioning to the New Reality

As little as two months ago, working from home was considered a job perk. Or, maybe even a recruiting tactic for prized new hires. Despite telecommuting becoming more and more accepted in office parks around the country, the custom was certainly not a taken-for-granted benefit.

A lot has changed since the COVID-19 pandemic has erupted and caused worldwide disruptions to everyday life and work. As more shelter-in-place orders come down from governor’s mansions, working from home has become a mandated reality for millions of people all across the world.

For the immediate future, telecommuting is no longer a job perk… it’s a job necessity.

If you’re a business that embraced working from home long before the spread of coronavirus became an international crisis, kudos — way to stay ahead of the game. Hopefully, your transition to a telecommuting workforce has gone smoothly and easily.

That said, before the onset of the pandemic, accommodating telecommuting for employees never registered as a top-level concern or need for many small and medium-sized businesses. With the new, social distancing reality setting in, you might be finding yourself scrambling to take your business virtual.

What do you needed to successfully complete this abrupt transition? Let’s discuss a few essentials.

Hardware

First and foremost, you’ll need the right equipment if you want to enable your team to manage their work responsibilities remotely. That means laptops.

Why laptops? Because it’s impractical to expect your employees to unplug their desktop setups and transport them to their makeshift home offices. It may also be inadvisable to allow your employees to utilize their own personal computers for work purposes.

Unless you have every employee’s personal computer checked out by an IT professional, you have no way of knowing how secure their machines are. As such, you could be leaving your businesses exposed to unacceptable levels of risk.

So, company laptops — set up and secured by knowledgeable IT staff — are the first items you’ll need to procure.

The bad news here is, many businesses are rushing to stock up on laptops, for the same reasons you are. Some suppliers are running three-week backlogs on orders. A lot of laptop manufacturing capacity resides in China — the first country to be hit with the pandemic. Production has slowed to a crawl across almost every industry.

The good news? China now appears to be heading for a slow recovery. The Chinese government is allowing manufacturing facilities to re-open and resume their production. Provided there are no big setbacks, the laptop backlog may be easing in the near future.

In addition to laptops, the other hardware your employees will need are phones and reliable internet connections. There isn’t much you can do about internet service at your employees homes. However, you can make sure their phones are secure and properly configured to handle sensitive company correspondence and information by having your IT team provide assistance.

VPN

So, now that your employees have their laptops, phones and reliable internet connections, you’ll need to enable your team to access company resources — email, databases, shared drives, etc.. And, you’ll also need to protect your business from potential breaches by digital criminals.

The best way to do that is via a Virtual Private Network (VPN). A VPN enables secure and private transmission of data over the internet. It’s like a private tunnel on a busy road, to which only you and your employees have access.

You’ll need to purchase a VPN license for every remote employee on your team. There are many VPN providers out there. For help selecting the right VPN service for your business, check out this guide from Digital Trends.

Remote Desktop

Another resource you may need to enable for your remote employees is a remote desktop connection. This allows your team to access their workstations from their home computers/laptops.

It’s a good bet that there are resources and information on your employee workstations that they may need to access in order to manage their day-to-day duties. In addition to documents and databases, your team can also access applications loaded on their workstations from home. This is helpful if you rushed deliveries of your newly purchased laptops to your employee homes. The laptops are

Secondly, remote desktop works both ways. Not only can your team access their workstations from home, your IT team can also access your employees’ computers remotely when they require help. This provides “hands on” assistance for any troubleshooting issues when your employees can’t simply hand their machine off to an IT staffer.

Guidelines and Best Practices

Transitioning your business to remote work can be a jarring process for you and your team. There’s no doubt that there are new routines and protocols to adjust to. And, not everyone has experience utilizing the new tools they’ll be asked to use.

To assist the transition to the new reality, it’s helpful to have a common set of guidelines and best practices for your employees to follow. To that end, it’s important to undergo a comprehensive assessment of your business processes and go through all the new steps you’ll be asking your employees to take. This exercise will help uncover problem spots before you begin your work from home program, and make the transition smoother and easier.

Beacon Knows Remote Work

Coronavirus has forced many businesses into new dynamics. If you need advice to assist with your transition to remote work, we are here to help. Get in touch with our team today.

By | 2020-03-25T14:00:21+00:00 March 25th, 2020|BITS Team, IT Services|

Groundhog Day: 5 Re-occurring Issues Plaguing IT Pros

The jobs of IT professionals are hard enough.

Forget for a moment that they operate in an industry where the rate of change is accelerating exponentially – Moore’s Law states that computing capacity doubles every two years. Put aside the fact that the threat environment which they are paid to counteract increases in complexity every year, also exponentially. Nevermind that such a breakneck pace of innovation requires a continuous learning and updating of best practices and organizational policies.

These are not the most difficult issues IT workers face. The thing that makes a career in IT the most challenging is… us – the end user.

experiencing IT problemsDespite all the hard work and effort that goes into keeping the digital infrastructure of a business, government or non-profit organization secure and operating at peak performance, almost any user can bring down a network (knowingly, or unknowingly) in nearly no time. Worse, when something does go wrong, the assumption tends to be that it’s the IT guy’s fault if an email account won’t refresh or the internet connection becomes inaccessible.

Now, to be fair, it is perfectly legitimate to feel frustration if an indispensable work tool ceases to function. What isn’t fair is ignoring the fact that our own actions and work habits often contribute to the technology problems we experience.

What are some of the most frequent sources of frustration for IT folks? Let’s take a look.

The Groundhog Day IT Issues

We talked to our IT team leaders to learn more about the issues they run into most often. Here are a few of the repeated behaviors they tend to observe:

Minimizing the scope of a computer problem

If, for some reason, a program on your computer shuts down unexpectedly, it’s not a huge deal – provided you can easily recover the work you were doing. Still, a check-in with your IT team is the prudent course of action.

But, if your machine begins a pattern of unusual behavior – like, slower than usual running speed, or a series of unprompted re-starts – ignoring the issue could lead to much bigger problems.

All of our schedules are busy, and none of us have enough time in the day for the work that needs to be done. So, the rush to get past an immediate computer issue is understandable… but, it’s still the absolute wrong mindset.

There’s no telling what the root cause of your problem could be without investigating.  It could be as simple as a failed update. Or, it could be as nefarious as someone attempting to hijack control of your company-issued laptop.

You won’t know. But, your IT team will. Reporting the problem ensures that you’ll have the best possible user experience with your laptop and it also protects your organization from potential hacker exploits.

Non-IT/unqualified personnel troubleshooting problems

The only thing worse than not reporting a computer problem is trying to fix it yourself when you don’t know what you’re doing. Even if you fancy yourself a computer expert, you don’t necessarily know all the programs, systems and protocols in place on your company computer. If a problem requires more than a simple re-boot, your IT team is in the best possible position to resolve the issue promptly and properly.

Ignoring updates/restart prompts

Updates are needed to keep your computer up to date with all the latest security patches. But, too many of us hit the “Cancel” or “Ignore” button when the restart prompt pops up.

Yeah, it’s annoying and mildly inconvenient to have to stop what you’re doing in order to accommodate an update you didn’t know you needed. But, the upside is often an improved user experience. And, you get to avoid the downside – your machine being an open vulnerability for hackers.

phishing Success of phishing scams and other social engineering exploits

Unfortunately, people are always the weakest link in any digital security setup. We don’t mean to be, or want to be, for that matter. But, that doesn’t stop the immense volume of social engineering exploits hackers deploy each and every day.

Phishing or spoofing scams – where bad actors trick you into providing login access or personal information – work all too well. And, it’s not just the least experienced computer users who fall for these tricks. These types of hacks can be extremely sophisticated and difficult to spot.

Under-investing in needed equipment

This behavior has less to do with everyday employees and more with the managed approach to maintaining an organization’s digital infrastructure. Too often, investment into the required equipment lacks a systematic process.

A business may upgrade its servers or network switches one or two at a time, whenever they find a good deal or a sale. Or, an organization might make a new purchase when something breaks or exceeds its warranty. However, such a piecemeal approach results in network components of different quality, age and capability. And that’s not a great recipe for reliability or peak performance.

handsHow to Help Your IT Team

So, what can we do to make their lives just a tad easier? Following the below suggestions can help you win a few more friends in the IT department.

Treat company hardware/software as a business asset

Remember, there’s a lot of work that goes into keeping your work computer functioning as it should. Plus, there’s a difference in technical requirements between your workstation and your personal laptop. So, you can’t treat your work computer just like you would your personal one.

Don’t troubleshoot above your pay grade

You might be tempted to go down a rabbit hole and figure out a solution to your computer problem on your own. But, why? That’s not the best use of your time. And, you might end up making things worse. Let the professionals handle it.

Follow prescribed policies and protocols

Your IT team spends time developing and maintaining policies and protocols that keep your business infrastructure safe and your workstations operating efficiently. Trust your team and follow their advice.

Training & vigilance

Security training is a great way to increase your ability to spot phishing and spoofing attacks. Take advantage of your security training program, if your office has one. And, if it doesn’t, ask your IT team how to best get up to speed on the latest threats.

IT equipmentInvest in needed equipment proactively, not reactively 

If you ask, we bet your IT team has a vision for how to best maintain and procure the equipment it needs to support the organization’s digital infrastructure. Get that vision formalized into an official plan. This will provide a long-range investment and procurement strategy and ensure that your network will perform as needed now and in the future.

Beacon Knows IT

Want to know how well your digital network is adapted to the demands of your business? Find out by requesting a free audit by the IT experts at BITS.

By | 2020-02-20T10:48:18+00:00 February 20th, 2020|BITS Team, IT Services|

Windows 7 End of Life: Managing the OS transition

Windows 7 logoFirst, let us begin by paying our respects to a hard-working piece of software. The Windows 7 operating system first became available to consumers in October 2009. Since that time, the OS has supported millions of business and personal computers, offering Microsoft users an alternative to the less-popular and more-problematic Windows Vista.

But, every beginning must have an end. And, that end came to pass just recently. On January 14, 2020, Microsoft ended its standard support of Windows 7, opting instead to focus its service around the next generation OS – Windows 10.

What does that mean for users who still rely on Windows 7? Let’s find out.

Impact of Windows 7 End of Life

Microsoft has been notifying users of the Windows 7 expiration date for a while. But, that doesn’t mean everyone has taken notice. And, even if they have, not everyone has taken steps to upgrade their operating system in time.

That’s not completely surprising. For a business, an OS upgrade requires effort and planning to service every single workstation. There’s both an expense and a potentially significant time commitment. So, it’s completely understandable if some small or medium-size business owners have pushed the task down their priority list.

After all, it’s not like your computers will just suddenly stop working.

That said, delaying an upgrade can have significant consequences. Consider the fact that in the modern age cyber security threats are growing at an increasingly alarming rate. Even with the latest security tools, there’s no guarantee that you’ll escape someone’s attempt to penetrate your network and hijack your data.

Chances of repelling an attack are even lower when you’re using out-of-date or unsupported software. Cyber criminals are not dumb – they tend to go after the easiest targets. And, post-January 14, 2020, that includes users of the Windows 7 operating system.

If You’re Sticking with Windows 7…

woman thinking in front of a laptopDespite the warnings, some of you may decide the push your luck and continue on with Windows 7. The good news is, you’re not out there entirely on your own. You can still purchase extended support from Microsoft.

However, that support is going to cost you. And, that cost is going to more than double the following year. Microsoft is consciously implementing an aggressive cost structure for Windows 7 extended support in order to motivate customers to ditch the old system and upgrade. Eventually, though, that support is going to end, too.

So, while you’re mulling your upgrade options, here are few suggestions for keeping your business network protected:

Update to the latest Windows 7 service pack

If you’re going to run unsupported software, you might as well have the latest version with the latest security patches. That should keep you in relatively good shape for the very immediate future.

Encrypt your internet traffic

This requires purchasing a VPN (virtual private network) service. What is a VPN? Simply put, a VPN connects your network traffic to another secure server somewhere else in the world, and routes your traffic using that server’s internet connection. Here’s a good article that goes into more detail.

Delete unknown/unused software

You really should do this anyway. But, it’s even more important if you already have an existing weak link. Removing unknown or unused software limits the potential avenues of attack for intruders.

Activate two-factor authentication

Again, something to consider as a best practice. Two-factor authentication requires users to go through two stages of secure entry into a network, database or application. This doesn’t have to be two passwords. There are a number of authenticating factors. You can learn more about them here.

cyber securityUse a password manager

Most users create passwords they can easily remember. In many cases, these passwords are easier to crack for hackers using sophisticated password-cracking scripts. A password manager can help mitigate this problem. Not only will it track all of your login information, it will also generate passwords that are harder to crack.

Educate yourself and your employees about ransomware

Knowledge is key to success, right? The more educated you are about common cyber attack tactics, the more securely you can operate your business. But, you’re also only as strong as your weakest link. That means that your employees have to know as much about cyber security as you do.

Beacon Knows Operating Systems

Whether you’re considering an OS update, or you’re hanging on with Windows 7 for a little while longer, Beacon can help you keep your business infrastructure secure and operating at peak potential. For help assessing your network security, request an audit from our dependable team of IT professionals.

By | 2020-01-30T10:15:46+00:00 January 30th, 2020|Computer Related, IT Services|

What to Give Your IT Team for the Holidays

IT professionals are tasked with a very important job: protecting their companies’ digital infrastructure and digital assets from all threats and intrusions. It’s a big job. And, often, it’s a thankless one. After all, in many cases, the only interactions co-workers have with IT staff is when something is wrong.

Internet down? Call the IT guy, pronto.

Restarting your laptop for the fourth time this week for some generic updates? Ugh, the IT department is so overbearing.

An application isn’t functioning properly on your desktop? Must be the IT guy’s fault. What’s so hard about keeping dozens of workstations working in perfect condition, anyway?

Cartoon man frustrated by a malfunctioning computerIn our hyper-busy work culture, interruptions to our daily routines are often received less than enthusiastically. But, in reality, it isn’t the IT guys fault if a network cable goes bad and temporarily shuts off your internet access; or, if the app you’re using wasn’t coded for your off-brand browser. And the IT department certainly can’t be blamed when you ignore a prompt to run software updates on your machine for the gazillionth time in the last month and your laptop freaks out and literally won’t let you log on.

At root of the problem is a simple difference in understanding of the technology we all use on a daily basis. While it’s the IT professionals’ job to know the ins and outs of the high-tech tools we all rely on, the rest of us are merely equipped with just enough knowledge to use these tools effectively.

Let’s face it, we’re not going to solve the disconnect between your rank-and-file employees and your IT team any time soon. But, what smart business owners and executives can do is equip the IT team to minimize avoidable problems and reduce their exposure to the wrath of the rest of your staff.

So, with this being the holiday season, and in the spirit of giving, here are a few suggestions of what to get your IT team to help make their jobs just a bit easier.

IT Guy’s Holiday Wish List 

Tiny shopping cart with two presents resting on a laptop keyboardKeep in mind that these gifts are not just for the IT team. The below recommendations won’t just make their jobs easier. They can help to make your business more secure, efficient and effective.

Unified Threat Management (UTM) Solutions

If you’re looking for a way to optimize your IT department’s capabilities, a do-it-all device or virtual service that combines antivirus, anti-malware, firewall, intrusion prevention, virtual private networking (VPN), web filtering and data loss protection can go a long way. For small businesses with small IT teams, UTM makes a ton of sense, as it simplifies the management of all digital security elements.

UTM solutions offer great protection from coordinated attacks that target different aspects of your network simultaneously. They are also attractive for businesses that operate in highly regulated industries, like healthcare or law, as they are designed to be compliant with legal requirements such as HIPAA, CIPA and GLBA.

To be fair, there’s a downside to UTM’s greatest appeal. Concentrating all of your security operations in one place makes your UTM device/service a potential single point of failure. When you put all your security eggs in one basket, hackers just need to bypass that one basket in order to breach your system.

That said, simplicity is a valuable commodity.

Security Training

Want to make your IT team really happy? Teach your employees to better recognize phishing attempts, spoofing exploits and other hacks that can potentially expose your business network to bad actors.

There is strength in numbers. If everyone on your team understands the digital security threat landscape, everyone can participate in keeping your digital assets safe.

Remember, it’s the human element that’s the weakest link in a secure network, not the technology. Practice and repetition can reduce the chances that one of your employees is fooled by a social engineering exploit.

network cables

New Hardware

Running your network on old equipment makes your IT team’s job harder. It’s slower, requires more maintenance and, in many cases, is less secure than the newer generation of security tech. Take stock of your current setup and identify the oldest, weakest link. Better yet, consult with the head of your IT team and see what he or she recommends.

New servers, storage equipment and network gear are all great investments for your digital infrastructure. Besides, new toys make everyone happy.

Beacon Knows the Holidays

From all of us at Beacon, to all of you out there, we wish you the happiest of holiday seasons. And, if you need a little more help rounding out your network security in the new year, we are certainly here to help. Give us a call.

By | 2019-12-12T13:24:43+00:00 December 12th, 2019|BITS Team, IT Services|

Cybersecurity: Small Business Solution to an International Problem

“Cyber intrusions and attacks — many of them originating overseas — are targeting our businesses, stealing trade secrets, and costing American jobs. Iranian hackers have targeted American banks. The North Korean cyber attack on Sony Pictures destroyed data and disabled thousands of computers. In other recent breaches that have made headlines, more than 100 million Americans had their personal data compromised, including credit card and medical information.”

This commentary doesn’t belong to a cybersecurity expert working for big business. And they’re not an assessment by a member of the intelligence community.

No, these words were published in an April 1, 2015 op-ed in Medium (a popular online journal) by none other than the 44th President of the United States, Barack Obama. They speak to the enormity and seriousness of the problem that cyberattacks initiated in foreign countries present to American businesses and citizens.

These concerns have not dissipated in the interceding years. In fact, the threat continues to grow.

Cybersecurity vulnerability isn’t just an American problem. It is a truly global concern. That recognition has driven international cooperation among the world’s governments, best exemplified by early agreements like the Budapest Convention on Cybercrime, and supported by more recent measures, like the Obama Administration’s Executive Order promoting the sharing of private sector cybersecurity information.

These efforts aim to protect consumers and businesses in developed nations, by building up capabilities and shoring up vulnerabilities in both developed and developing countries. After all, cybercriminals often operate more freely in less-regulated, emerging economies.

But, not all international initiatives succeed. In fact, nations like China, Russia and India have bristled at the terms of agreements like the Budapest Convention, preferring to keep their policies, capabilities and vulnerabilities closer to the vest.

So, while some global efforts are succeeding in identifying and bridging cybersecurity gaps – this paper by the non-profit Third Way captures the latest success and challenges – American businesses still face a digital environment fraught with danger.

As a business owner, you can appreciate the gains made by global cybersecurity cooperation. But, at the same time, you must also do everything you can on your own to secure your digital assets.

Protecting Your Business From International Cybercrime

There are a number of things you can do to minimize the chance of being victimized by international cybercriminals. This article from The SSL Store outlines a detailed, robust 9-step guide for cybercrime prevention:

  1. Follow industry best practices (GDPR, NIST, HIPPA, PCI SSC)
  2. Implement digital and physical security measures (antivirus, firewalls, etc)
  3. Keep up with asset lists, patches and software updates
  4. Manage SSL/TLS certifications and keys for your domain
  5. Train employees to identify threats and take appropriate and immediate action
  6. Implement email security solutions and run your employees through phishing simulations
  7. Monitor traffic and access to increase transparency
  8. Test and assess your systems regularly
  9. Develop, implement and enforce new security policies often

This a great, comprehensive list. The only problem is, it’s impossible to implement all of these recommendations for most small businesses. If you have the budget for a robust IT team, yeah, you can handle most of this in-house. But, most small businesses run a shoestring IT operation with one, maybe two, people.

So, What Can Small Businesses Do To Prevent International Cybercrime?

If you’re a small business, a more reasonable technical solution may be to simply wall yourself off from countries known to host a large number of cybercriminals. If you don’t do business in places like Russia, China, Brazil, or any other country from which a large number of cyberattacks are known to originate, then there’s no reason to leave yourself exposed to bad actors in those locales.

One solution we’d recommend is the SonicWall Geo-IP Filter. Configuring the filter is relatively straight-forward and easy. If you don’t do

any international business at all, you can simply block all international traffic and call it a day. If, on the other hand, you have a few international markets where you’re active, you can set up the filter to allow connection from just those countries.

But, what if you have a substantial number of customers in some of those less-regulated countries? For this scenario, you can create a “white list” of IP addresses that belong to your clients and you know are safe, and still block traffic from everyone else.

One word of caution: the Geo-IP Filter may not protect your network from VPN connections. VPNs are used to route internet traffic through one or several servers located in different parts of the world, masking the true origin of the user.

Beacon Knows Cybersecurity

Want some expert help setting up the Geo-IP Filter, or implementing any other cybersecurity measure? BITS is here to help. Give us a call today.

By | 2019-11-19T14:24:15+00:00 November 19th, 2019|IT Services|

The Scary Interwebs: Top Cyber Security Threats in 2019

Big plans for Halloween this year?

The October 31st holiday is an annual pilgrimage to the Altar of the Sweet Tooth for the kids. For adults, on the other hand, the celebration is closer to a fetishization of all things horrifyingly scary.

If you’re a small business owner, or an executive tasked with keeping your company’s digital infrastructure and business data safe, however, you might be forgiven for wanting to skip the terror-fest this year. Why? Because the number and variety of cyber threats just keeps increasing exponentially, year after year, making every day Halloween.

A few obligatory frightful statistics to ponder:

  • A hacker attack on an internet-connected computer or device occurs every 39 seconds.
  • Depending on who you ask, anywhere between 43% and 50% of cyber attacks target small businesses specifically. Oh, and small business typically invest less than $500 on cyber security.
  • Despite the prevalence of cyber crimes and the attention they receive, only about 10% are actually reported – meaning that the statistics above and below may represent the low end of the possible threat spectrum.
  • Some off-the-shelf hacking tool kits are available for purchase for as little as $1.
  • Roughly three out of four organizations lack even a basic cyber security incident response plan.
  • A data breach can often go nearly six months before being detected – and this is true for your financial institutions (Capital One), credit monitoring agencies (Equifax) and even the big boys in tech (Facebook).

What new and potentially devastating cyber threat trends emerged in 2019? Let’s take a look.

Cloud Computing Infrastructure Exploitation

Over the last several years, cloud data storage has become big business, and a popular method of managing your company data. However, non-secure sign-up processes, ease of use and low costs make cloud providers targets for all sorts of nefarious actors.

“Hackers have been found using cloud services to mask their identities while carrying out attacks. We have seen hackers exploiting and abusing popular cloud-based services such as Google Cloud Platform, Microsoft Azure, Asus Cloud, Google Drive, Dropbox, and others to fool their victims. Hackers may use these services to spread malicious code or distribute macro-laden documents and spreadsheets or use them as command and control servers. Hackers were also found using cheap cloud services to host their entire DDoS and brute force infrastructure, and then targeting users and other cloud providers.” – TechGenix

Mobile Fraud

As more and more financial transactions are being initiated on mobile devices, cybercriminals have shifted their exploits to the apps supporting e-commerce.

“Today, mobile fraud is outpacing web fraud. More than 60% of fraud originates from mobile devices. It used to be mobile browsers that were fraud heavy, but now 80% of mobile fraud comes from mobile apps.” – RSA White Paper

Blockchain Privacy Poisoning

Just last year, blockchain technology was being hailed as the most secure method of encryption. How quickly things change.

Hackers have found a way to turn legislation aimed at protecting online consumers – GDPR – into an exploitation through what’s now being called “privacy poisoning.”

“The term […] refers to the insertion of personal data into a public blockchain, thereby making that blockchain non-compliant under the European General Data Protection Regulation (GDPR). According to the GDPR, all individuals have ‘the right to be forgotten,’ so you can immediately see why blockchain technology represents such a problem: by their very nature, blockchains are meant to be completely unchangeable and immutable. So this naturally creates a paradox for organizations: you have personal data ‘on chain’ that cannot be altered, and you simultaneously have the right of individuals to change, alter or delete their data at any time. Personal information cannot be deleted without compromising the chain.” – CPO Magazine

Software Supply Chain Attacks

Not only are hackers targeting cloud networks and mobile banking apps, they’re also going after the source code via software supply chain attacks.

“Attackers hunt for unsecure network protocols, unprotected server infrastructures, and unsafe coding practices. They break in, change source codes, and hide malware in build and update processes.

Because software is built and released by trusted vendors, these apps and updates are signed and certified. In software supply chain attacks, vendors are likely unaware that their apps or updates are infected with malicious code when they’re released to the public. The malicious code then runs with the same trust and permissions as the app.” – Microsoft 

DDoS

Distributed denial of service (DDoS) attacks – flooding a targeted website with an overwhelming amount of traffic – are nothing new. In fact, it’s one of the oldest methods of carrying out cyber warfare.

DDoS attacks were on the decline as recently as 2018. But that trend appears to be over, as Kaspersky Lab notes:

“Last year the number of DDoS attacks was constantly falling, leading Kaspersky Lab experts to assume that cybercriminals who had been conducting DDoS attacks for financial gain had shifted their attention to other sources of income (such as crypto-mining). However, statistics for Q1 2019 contradict this trend and show that the number of DDoS attacks blocked by Kaspersky DDoS Protection has actually grown by a staggering 84%, when compared to Q4 2018. This figure could indicate that such attacks were still in demand, despite being inaccessible when popular DDoS marketplaces were taken down. Once new DDoS-for-Hire websites launched, the number of attacks grew exponentially as a result.”

Beacon Knows Cyber Security

Want to make sure your business is protected from the latest hacker exploits? Beacon is here to help. Give us a call today.

By | 2019-10-24T08:43:03+00:00 October 24th, 2019|Computer Related, IT Services|

Client Spotlight: RSVP Communications, Inc.

At Beacon, our success hinges on how well we know our clients. That’s what empowers us to anticipate their needs and deliver the right solution to the right problem at the right time.

That doesn’t just happen by accident. It happens with a purposeful effort to get to know and understand our clients, their business needs and future goals. And, as with any successful relationship, it all starts with asking questions.

Every once in a while, we wrangle one of our clients for an honest conversation about what we’re doing well and how we can improve. After all, you’ll never know if you don’t ask.

This month, we had the privilege of chatting up Ken Dobbins, Vice President and General Manager of RSVP Communications, Inc.

Conversation with Ken

Beacon: How does BITS help you be successful? 

Ken Dobbins: You play a huge role for us. When we joined up with Beacon we ended up getting a lot of brains and a lot of different perspectives on how things can be done. You get all these smart people in a room that come up with great solutions. We’ve had great success with you guys.

B: What separates BITS from other IT services/providers? 

KD: Your performance is really a cut above. If there’s an issue, you can get somebody over here pretty quick. Your monitoring capabilities are outstanding. And, you guys are reading, developing and understanding what the market is doing every day. That’s your job.

B: What’s the best part of working with BITS?

KD: Your understanding of the industry. The flexibility that you have. And, your customer service – Beacon has got a great team, top to bottom.

Contact Center Upgrade

On top of the core IT services Beacon provides to RSVP, we’ve also had the chance to help out with a couple of special projects. One such opportunity was the expansion of the RSVP contact center.

KD: Here’s what’s amazing. With the help of you guys and three other companies, we were able to rip out the entire Contact Center – all the work stations, all the carpet, all the wiring, all the electrical – and come in and run new electric with drop downs from the ceiling, instead of in the floor. We were able to – in a three-day period – come in, rip it all out, put it all back in, and on Monday morning, the agents were able to come in and go right to their work stations and go to work.

Warehouse Expansion

In addition to upgrading the Contact Center, Ken also oversaw the expansion of the RSVP Communications warehouse from 79,000 sq. ft to 109,000 sq ft.:

KD: You guys were instrumental in coming in and making very good recommendations on what equipment we should have, what equipment we shouldn’t have, and monitoring the guys who were doing the actual install – pulling the wire, putting the equipment in – monitoring all that to make sure that they’re putting in the right stuff.

At the end of the day, there were some issues that you identified that we were able to get fixed along the way.

It’s not that anyone was doing a bad job. It’s just that you guys were just doing a great job to ensure that it was being done right. That was extremely successful, and the new facility is up and running flawlessly pretty much.

About RSVP Communications

The company delivers a number of services, helping clients market, sell and deliver their products to their customers. These services require a broad set of competencies – from web developers creating custom CRM applications and friendly customer service representatives managing customer questions and orders, to a robust warehouse operation ensuring that the right products are shipped on time and where they need to go.

That’s quite a complicated operation. But all the complexity is skillfully managed with strong infrastructure, experienced people, proven systems and reliable technology.

Client Profile

Name: RSVP Communications, Inc.

Size: 80+

Industry: Product Fulfillment, Call Center Services, Marketing

Location: Greensboro, NC

BITS Services: end-user support (managed IT), server support, IT consultative services, expansion support

By | 2019-09-26T05:40:26+00:00 September 25th, 2019|System Administration, BITS News, IT Services|

Small Medical Offices: How to Stay on the Right Side of Data Security

In the last decade, the healthcare industry has undergone a dramatic evolution in the way that medical records are managed. If you work in the medical field, whether as a doctor, nurse, technician or administrator, you could not escape the implication of the “big switch” to EMR (electronic medical records).

The change from paper to electronic record-keeping was a needed step forward. EMR saves time, money and all those trees, in addition to improving actual patient care. But, while considerable efforts were expended to convince everyone – from the largest healthcare systems to individual medical practices – to adopt this more tech-forward approach, not as much attention was paid to the vulnerabilities of a healthcare system so reliant on tech.

Let’s be clear, EMRs did not cause the astronomic spike in cybercrimes of recent years. But, in the rush to adopt a better system, it’s possible that not enough was done to protect that system from people who’d want to exploit it.

As a result, it’s not uncommon to find headlines like these:

The Verge’s Nicole Wetsman provides a succinct summation:

“Despite the rising threat, the vast majority of hospitals and physicians are unprepared to handle cybersecurity threats, even though they pose a major public health problem.”

But, Is Cybersecurity a Problem for the Little Guys?

The short answer… yes. One of the biggest hurdles to creating a safe and secure IT network for your small medical or dental practice is thinking that you’re too small a fish for anyone to bother with.

“Most small businesses, including medical practices, think they’re too small to be a target to hackers. Unfortunately, medical data is a prize most hackers want to get their hands on and they will specifically target small medical practices expecting to find little to no cybersecurity in place.” – myitsupport.com, 4/13/2017

Don’t let the size of your business fool you into thinking that you’re immune to being targeted by cyber criminals. The cybercrime epidemic is not slowing down. But, if you’re one of those small medical practices, there is good news: it just might be easier to protect a small office from hacking than a complex, sprawling healthcare system.

Cybersecurity & HIPAA Compliance

While it isn’t a silver bullet, the U.S. government does provide guidelines and standards for setting up secure networks to store and maintain private health data. These instructions are included with a host of other requirements  governing the management of personal medical information. However, they are not easy to parse, especially for medical practices lacking experienced IT staff.

That said, the requirements for small medical practices with just one or two locations are considerably less than for large healthcare systems with numerous locations and thousands of patients. Even so, compliance is not always a snap, and the penalties for coming up short can be severe (up to $50,000 per HIPAA violation).

How to Protect Your Medical Practice From Cybercriminals & Stay HIPAA Compliant

So, what do you need most to keep your electronic records and IT network secure? It helps to have a trusted partner who can combine expert knowledge in IT and data security with specialized knowledge of HIPAA.

Step 1: The Audit

Before you can fix a vulnerability, you have to be aware that a vulnerability exists in the first place. To that end, it helps to conduct a thorough audit of your existing network setup and see what’s what. The results should then be compared to the requirements spelled out by HIPAA.

While the audit could be conducted by your internal IT staff (if you have it), it’s best to let an outside consultant perform the assessment. That approach typically leads to better, more accurate results.

The audit results should then by reviewed for compliance with HIPAA regulations. At BITS, we rely on our partner, Total Medical Compliance (TMC), for this type of analysis.

Step 2: Results & Recommendations

After your HIPAA experts complete the analysis and present the results, your IT vendor should outline a list of issues that need to be addressed and deliver a set of solutions for your consideration.

Some of these may require an investment into newer or better equipment, including servers or security devices. More often, recommendations will call for updating to more stringent internal user policies, including unique logins for all employees and stronger password protection protocols.

Step 3: Implement the Recommended Solutions 

If you’ve decided that it’s important enough to know about your digital vulnerabilities, you’ll want to finish the job and address found concerns. You just don’t want to be oversold on something you don’t need.

Be sure to ask for explicit explanations of every recommendation presented to you. At BITS, we discuss and review every suggested solution with our clients, so there is no question why we make the recommendations that we do.

Beacon Knows Medical Data Security

Does your medical office need to reassess data security and HIPAA compliance? BITS can help. Reach out to our team today.

By | 2019-08-28T10:28:26+00:00 August 28th, 2019|System Administration, IT Services|
Load More Posts