Category: Tuesday Tech Bytes Group 2

Internal IT vs. Outsourcing IT: The Value of Outsourcing to an MSP

The question of whether to outsource or rely on an internal IT team is common. Services that were once considered ‘nice to have’ are now necessities. They include machine learning, artificial intelligence, and cloud computing. While they add a lot of value to your business, they can be difficult to manage if you don’t have a reliable team of IT experts.

Why Outsourcing To An MSP Make Sense

While having an in-house team presents unique benefits, the value of outsourcing is unrivaled. Some of the reasons why it may be a better choice include the following:

1. Optimized Uptime and Consistency

Having an in-house team is a good idea, but how do you deal with issues after their working hours? Your in-house team has specific working hours. They may need to be away from work because of sickness or personal emergencies. Even the slightest problem could cost you days or hours of work. Outsourcing takes care of that problem. You can enjoy consistent and comprehensive IT support. Your MSP can handle issues as soon as they occur. They are available 24/7 and don’t need to take breaks. Your provider offers regular maintenance to promote peak efficiency.

With cybersecurity, consistency is critical. You cannot afford to snooze. Most ransomware attacks happen outside regular working hours. If you rely on your internal team, you need to wait until the next business day to address them. MSPs, on the other hand, can keep your business safe while you are away.

2. Specialized IT Support

Your in-house IT experts may do their best, but they are unlikely to deliver the expertise you need to take advantage of modern technologies. As your business evolves, you may need to train them or hire a new team. However, the right MSP can cater to the needs of your business as it grows. With their help, your business can take advantage of the latest technologies.

3. A Variety of IT Skillsets for Your Company

Your MSP can provide you with a range of skillsets that are essential for successful network management. They may provide you with IT strategy and planning, cybersecurity, and cloud and mobile expertise. Finding members of an in-house team that have all of these skillsets is difficult, especially if you have a limited budget. The most realistic way to take advantage of all the competencies is by working with an MSP.

4. Maximizing Productivity

Outsourcing is a smart way to free up some time for your team. They can focus on the core purpose of your business while your MSP focuses on IT matters. Your MSP handles issues that your in-house employees would otherwise waste a lot of time trying to resolve.

5. Safeguarding Your Institutional Knowledge

If you choose to work with an in-house team, you may need to spend a lot of time and money training them. When they leave your company, they take all your institutional knowledge with them. The IT industry is competitive, and your former employees are likely to share what they learned from you with their new organizations. With an MSP, you don’t need to go through the trouble of hiring, training, and rehiring staff members. They are a long-term partner that gets you through all the stages of growth.

6. Saving Money

Working with an MSP may be cheaper than hiring an in-house team. It cuts out the cost of training and hiring employees. With MSPs, your business can have less downtime and improved productivity.

The benefits of outsourcing IT services outweigh the advantages of working with an in-house team. The most outstanding ones include safeguarding your institutional knowledge, improving your productivity, 24/7 support, and specialized IT support.

Office Workers Rejoice: Microsoft is Finally Subduing the Dreaded’ Reply All’

Do never-ending reply-all threads emails put a damper on your business chewing up precious time and resources? The good news is, Microsoft rolled out Reply-All-Storm Protection to all Microsoft Office 365 users, an update announced in 2019 that seeks to ease the email disruption to business continuity. Microsoft is finally subduing the dreaded Reply-All function. Your office workers can now rejoice! Last year, at the Microsoft Ignite conference, Microsoft announced it would work on a feature that would help prevent Reply-All email storms on Microsoft 365 Exchange email servers. Microsoft says the “Reply-All-Storm Protection” feature will block all email threads with more than 5,000 recipients that have generated more than 10 Reply-All sequences within the last 60 minutes.

The Flow On Effect of Reply-All Email Storms

When a Reply-All mail storm happens in your organization, it can easily disrupt business continuity. In worst-case scenarios, it can throttle the rest of your organization’s email for a significant period. Emails already drain 5 hours of worker’s time every day without having email servers slowing down or crashing. What happens if the number of recipients in an email chain is large when multiple employees hit the Reply-All button, then the ensuing event generates massive amounts of traffic that will either slow down or crash email servers. Events like this happen almost all the time sometimes because a few employees participating and amplifying Reply-All storms are using this as a prank. Microsoft itself has also fallen victim to Reply-All email storms on at least two occasions, the first in January 2019, and a second in March 2020. The Microsoft Reply-All email storms included more than 52,000 employees, who ended up clogging the company’s internal communications for hours.

How Reply-All Storm Protection Works

Reply-All Storm Protection in some ways sounds pretty simple, but there’s some pretty cool stuff going on in the cloud, that makes this possible: When Microsoft detects what looks like it might become a Reply-All storm, anyone who subsequently attempts to reply to everyone will get a Non-Delivery-Receipt (NDR) message back instead. This basically tells them to stop trying to Reply-All to the thread. Once the feature gets triggered, Exchange Online will block all replies in the email thread for the next four hours, preventing email servers from crashing or slowing down. This feature allows servers to prioritize actual emails and shut down the Reply-All storm.

Further Updates Expected

Over time, as Microsoft gathers usage telemetry and customer feedback, they expect to tweak, fine-tune, and enhance the Reply-All Storm Protection feature to make it even more valuable to a broader range of Microsoft 365 customers. Microsoft said future updates are expected as they will continue working on the functionality going forward, promising to add controls for Exchange admins so they can set their own storm detection limits. Other planned features also include Reply-All storm reports and real-time notifications to alert administrators of an ongoing email storm so that they can keep an eye on the email server’s status for possible slowdowns or crashes. “Humans still behave like humans no matter which company they work for,” the Exchange team said. “We’re already seeing the first version of the feature successfully reduce the impact of reply all storms within Microsoft.”

Everything You Need to Know About Operating and Using FindTime

Scheduling meetings seems like it should be an easy task. However, anyone who does business knows with everyone’s busy schedules how difficult it can be to find a time that works for everyone who needs to attend. FindTime is an Outlook add-in that can help companies manage the task of organizing meetings that fits into everyone’s schedule. The following is everything you should know about FindTime.

 

1. What is FindTime?

FindTime is an add-in from Microsoft’s Outlook that is used to simplify the process of scheduling meetings. FindTime was first introduced in 2015. A few years later it was changed and renamed Find a Time. In 2017 FindTime was back again. With FindTime a business can eliminate wasted time playing email tag just to schedule a meeting. Microsoft made sure FindTime was as secure as possible by encrypting personal information such as email addresses. In fact, everything including email subject, the email body, and the attendees the information is sent to is encrypted.

2. How Does it Operate?

Invitations to vote on meeting times can be sent to a variety of email addresses. These include Yahoo, Gmail, and other providers. With the data provided by users, FindTime can quickly figure which days and times will work best. The program can find openings in each person’s schedule that will work for meetings. The individual sending out invitations can then propose several selected times for the meeting. The attendees that have received invitations will all vote on the time they want. After a meeting time is chosen, FindTime sends out a notice to each attendee.

3. Who Can Use It?

To use FindTime, it’s necessary for the individual or business organizing the meeting to have Microsoft 365 Apps for Business. It can also be used with an Enterprise account that has Exchange Online. It’s important to know that the recipients of meetings scheduled using FindTime do not need to have the add-in installed. If a person is sent a request by someone that has FindTime, this person can still vote on meeting times without actually having the app. In fact, they don’t even need Office 365. It’s only necessary to have an email to be a recipient.

4. How Does Installation Work?

Installation is incredibly easy. All a person needs is Microsoft 365 Apps for Business. It can also be installed on Exchange Online through an Enterprise account. According to Microsoft support, it’s necessary to take the following steps to install FindTime from Outlook for the web.

• Open Outlook
• Select New Message
• Select the Ellipses Button
• Select Get Add-ins
• Select FindTime

It’s also possible to install FindTime in Outlook Desktop and from the FindTime site.

5. Why Does Your Company Need FindTime?

FindTime is easy to implement and can be used by any type of employee. Saving time and squeezing more productivity into the same 24 hours is something every organization is striving for. TechRepublic states several good reasons why a company would want to use FindTime.

• FindTime is easy to use.
• FindTime is necessary only for the individual scheduling the meeting.
• FindTime ends the hassle of back-and-forth between those trying to schedule a meeting.
• FindTime sets up the meeting and informs each person who is invited.
• FindTime is part of Microsoft 365, which many people already have.

FindTime is an add-in that nearly any type of business, large or small, will find useful. Spending more time trying to schedule a meeting instead of actually attending the meeting will be a thing of the past with FindTime.

How to Protect Your Business From the Surge in Phishing Websites

Look at the spike in phishing websites during the coronavirus. Learn how cybercriminals are leveraging the pandemic. Find out how to protect your business.  

As the entire world is worrying about the coronavirus, cybercriminals are taking advantage of the global crisis to line their pockets. Google reports that there has been a 350% increase in phishing websites in the last two months alone. This threat is genuine, and you need to take steps to protect yourself, your business, and your data.

What Is a Phishing Website?

Phishing websites are designed to steal your information, but they can work in a variety of different ways. For instance, a cybercriminal may make a website that looks like your bank site. You think the site is real so you enter your username and password, and then, the criminals have everything they need to access your account.

Similarly, a phishing website may look like it’s for a charity helping people with the coronavirus. Still, in fact, it’s just a scam designed to steal money and credit card information. In some cases, phishing websites download malicious files to your computer when you visit them — once executed, these files may encrypt your data until you pay a ransom, copy all your keystrokes, or steal information from your computer in other ways.

Rise in Phishing Websites During the Coronavirus

In January, Google reported that it knew of 149,000 active phishing websites. By February, the number almost doubled to 293,000. As the virus began to take hold in the United States in March, the number increased to 522,000. That’s a 350% increase since January.

During the coronavirus, the most significant increases in phishing sites have happened during the most stressful times. The most significant day-over-day increase occurred on March 21st, the day after New York, Illinois, and Connecticut told their residents to shelter in place. The second-biggest increase? March 11th, the day the World Health Organization declared the virus as a pandemic. Both of these days saw about a threefold increase.

Unfortunately, no one is immune — one survey indicates that 22% of Americans say they have been targeted by cybercrime related to COVID-19.

Critical Strategies for Protecting Yourself From Phishing Websites

To protect yourself and your business from phishing websites, you need to take a multi-pronged approach. Keep these essential practices in mind:

1. Educate your employees about the risks of phishing websites. Send out a newsletter, set up a training session over videoconferencing, or find another way to talk with your employees about how to protect your business from phishing attacks.
2. Don’t click on links in emails from unknown senders. A lot of cybercriminals use phishing emails to direct users to their sites. If the email appears to be from someone you know, double-check the sender, and consider reaching out to them directly before clicking on any links.
3. Invest in quality cybersecurity tools that block malicious websites, prevent your computers from executing approved applications, or protect your network in other ways.
4. Be aware of the signs of a phishing website. These may include misspelled names of companies or charity organizations or forms that ask for information you usually don’t provide. For instance, a phishing website trying to steal your bank details may ask for your username, password, and PIN, while your bank’s actual website only requests your username and password.
5. Advise your team to be selective about the websites they visit. Ideally, if they are searching for information on the virus or trying to donate, they should go to sites that they know and trust, rather than going to unknown websites.
6. Work with a cybersecurity specialist. They can help you safeguard your network, which ultimately protects your money, your data, your business, and your reputation.

To stay as safe as possible from cybercrime during the coronavirus, you need to be aware of the heightened risks. If your team is working remotely, your network is likely to be even more vulnerable than usual.

To get help, reach out to a cybersecurity expert. In essence, they can guide you toward the right products, scan your network for vulnerabilities, and take other measures to ensure you are as protected as possible.

Zoom Scrambles to Address Cybersecurity Issues in Meeting Platform

As the usage of Zoom has skyrocketed during the coronavirus outbreak, the company has had to respond quickly to security flaws and potential phishing attacks  

As Zoom usage skyrockets around the world, so too do the opportunities to exploit users unfamiliar with the tool.

The Zoom platform has increasingly has been the target of hackers exploiting the vast numbers of users working from home. For context, the company noted that as of December 2019, the most significant amount of daily users was 10 million. In March, that number ballooned to 200 million.

How Are Hackers Exploiting the Zoom Platform?

For many exploits, it starts with a website.

According to Check Point, more than 1,700 domains had been registered using the word zoom in the first three months of 2020. Many of those domains point to an email server, which can indicate the site is part of a phishing scheme.

Remote workers may receive seemingly official meeting notices using the Zoom platform. Hackers ask recipients to head to a login page and enter their corporate credentials.

It’s a perfect storm that’s playing into the hands of hackers. It also means companies need to be vigilant in helping users understand how to access and use the platform and other tools used in this paradigm shift of how work is done.

“Zoom users should be aware that links to our platform will only ever have a zoom.us or zoom.com domain name,” a spokesman noted. “Prior to clicking on a link, they should carefully review the URL, being mindful of lookalike domain names and spelling errors.”

What Is Zoom Doing to Protect Users?

Zoom has had to take several steps recently to address security concerns related to its dramatic usage growth. The company has increased its training sessions and reduced customer service wait times. Here are several of the other issues that Zoom has addressed:

• Zoombombing. Multiple incidents of zoombombing have arisen in recent weeks. Uninvited visitors to online sessions have gained access and harassed participants by playing music loudly, displaying pornography and disrupted sessions. That’s led to more explanations of passwords, muting controls and sharing settings
• Windows 10. The company has addressed an issue that affected those using Zoom’s Windows 10 client group chat tool. If chatters used the tool to share links, the Windows network credentials of anyone who clicks on a link were exposed
• Facebook Interface for Apple Devices. Zoom removed Facebook’s software developer kit from its iOS client to prevent it from collecting users’ device information
• Privacy Issues. The company removed features, including the LinkedIn Sales Navigator app and attendee attention tracker, to address privacy concerns. It also issued updates to its privacy policy

The company announced it was freezing all feature enhancements to redeploy software engineers to focus on what it calls “our biggest trust, safety, and privacy issues.”

How Can You Protect Zoom Users from Cyberattacks?

Here are some tips to ensure that Zoom users are protected:

• Use password features to require meeting attendees to log in before being allowed access
• Update the software. Users should be alerted that upon finishing a meeting, the software will check to see if an update is necessary
• Encourage managers to use the Manage Participants section features, which can control the use of users’ microphones and cameras. Sharing restrictions are also a good practice
• Be careful about recording meetings. The recording sits in a file, either online or the host’s computer and could be stolen

Cybersecurity is a sad reality in these turbulent times. However, a focus on prevention and detection are important deterrents to cybercriminals and can reduce the risks to your business.

How to Create a Work-From-Home Team Quickly As Your Business Deals With the Coronavirus

Stay productive and secure your tech network as you deal with the coronavirus. Get support for at-home employees. Learn how to switch from an in-office to a remote team.  

In the midst of the coronavirus, business owners are facing a host of new challenges. To slow the spread of the virus, you may have been asked to suspend services or allow your employees to work from home. At the same time, however, you also need to continue to bring in revenue, stay productive, and focus on growth as much as possible.

Making the shift from an in-office to a remote team quickly, especially at a time when everyone is dealing with untold stresses, can be difficult, and the right approach is essential. Check out these tips.

1. Decide What You Need to Stay Productive

Creating a remote team isn’t as easy as handing your workers a laptop and telling them to check in once in a while. If you don’t have a current work-at-home policy, you need to create one from scratch, and you may need to adjust workflows, find new tools, and create new security policies. As you try to facilitate this shift, keep these types of questions in mind:

• What can my employees accomplish from home?
• Can they handle core business activities from home?
• Even if my business is deemed essential, can I send some employees home?
• What types of projects do I want to prioritize during this time?
• What applications do I need to facilitate workflows and keep everyone connected?
• How can my employees work from home without compromising the security of our network?
• What can I do to make this new arrangement as productive and comfortable as possible for myself and my team?

2. Consider Providing Employee With Devices

Don’t necessarily encourage your employees to use their own devices when working from home. Their home computers and tablets have all kinds of music, videos, images, and other downloads that may be infected with malware, and their devices are usually not equipped with the same level of antivirus or malware software you use in your office.

To reduce the threat of cyberattacks, consider providing your team with company-approved and secured devices. However, if you already have a bring-your-own-device (BYOD) policy for your office, you may want to continue having employees use their own devices because in this situation, you’ve already taken steps to secure those devices.

3. Help Your Workers Secure Their WiFi Access Points

As a general rule of thumb, your employees home WiFi networks are probably less secure than the WiFi you use in your office. To secure these access points, instruct your team to do the following:

• Use stronger encryption
• Create more complex passwords
• Hide your network names
• Use firewalls

To help your employees with these steps, you may want to create detailed tutorials or contact an IT managed services provider to help you.

4. Route Traffic Through a Two-Factor Authentication VPN

To secure your tech environment as much as possible, consider having your employees access your network through a virtual private network (VPN). A VPN encrypts all the information passing from your employees’ computers to your network. Even if a hacker gets onto your employee’s WiFi network, they cannot see keystrokes or any of the data being transmitted.

If you don’t already have a VPN, look into services such as GoToMyPC or Zoho. Also, try to choose a VPN that supports dual-factor authentication. Then, your employees have to enter a username and a password, but they also have to use a second authenticator such as a code texted to their phone number or email address. This layer of security provides extra defense against cyber criminals.

5. Consult With an IT Managed Services Provider

Returning to business as normal may not be possible for a while, and a managed IT services provider can help identify the tools and processes you need to support your new working environment, while also taking steps to ensure your network is as secure as possible.

In difficult times, you want your business to survive, but if possible, you should try to thrive. Our managed IT services can help you adapt to this quickly changing environment. We can help you choose the tools, the processes, and the resources you need to stay as productive as possible.