Category: Uncategorized

Small business growth is a challenge of keeping up with success without crumbling under commercial weight.

Many improvements needed to reach the next stage of success can be prohibitively expensive, leading to debt and risky gambles that could fail from random chance even if you’re doing everything right.

Tech growth opportunities are becoming more affordable every day. Here are a few details to help you understand how tech outsourcing can improve your business growth.

Reduce Utility Costs

How much power does it take to run a server? What about a room of desktops?

Do you think that equipping everyone with a smartphone or tablet will solve your electrical problems? Not if they still need a server to manage files or run a website.

What about your network equipment? If your business is growing and has heavy network needs, you’re still paying for routers, switches, and hubs. What is the electrical load on those devices?

The answer to those questions is different for every business, but they’re still a cost that can be observed. Every minute of every connected device means more ticks added to your company’s electrical meter, and that adds up over time.

Not every business can operate as a lean, agile tech dream that swipes its way through the cloud. Many businesses still need desktop computers or all-in-one solutions for heavy-duty computing tasks.

Servers are still necessary for any business, whether it’s to share bulk files through the business, host a global customer-facing website, or render complex graphics. All of these tasks generate heat, which means more electricity used in cooling from air conditioning systems.

This could be a good time to discuss the best way to cool a server room. Discussions about central air versus directed pipes, water cooling for high-performance graphic design or scientific research computer may be necessary.

You could build a data center for your growing, small business. You could also struggle through a swamp of growth, making it harder to break that plateau between a small business and a powerful enterprise.

Or you could make it someone else’s problem.

Cloud Computing Turns Tech Needs Into Simple Services

Outsourcing IT services such as web servers, file hosting servers, backup systems, or even workstations is easier than ever. There may be a lot going on in the background, but for you, it’s simple: power up, log on, and access your cloud services.

Almost anything digital can operate across cloud computing. Your business could use a standard internet connection to log into outsourced servers that hold your business files and work with virtual computers that do a lot more than the standard desktop or laptop.

Virtualization allows you to spend less money on powerful workstations. Basic, reliable workstations can be installed to log in, and as long as they can handle a few basic office tasks, they can log into a virtual server.

This server and its virtual workstations are carved from massive cloud computing resources to fit the mold of what you need. Virtual machines can be erased and rebuilt quickly, and can be configured to fit greater needs as long as you give virtualization engineers a reliable set of requirements.

It all comes together to an easier to understand, consistent, and probably lower bill for your tech assets. Your business can grow on the cloud, and you can perform estimates to figure out when—if ever—you need to split off to your own IT infrastructure.

Keep in mind that great businesses still use these services as they grow to behemoths that control global commerce. Just because they can afford to build their own systems doesn’t mean it’s efficient, and it can be more cost-effective to seek outsourced IT partnerships for specific projects.

Do you have high-security data that can’t be compromised? By all means, protect what needs protecting and outsource anything else.

That said, be sure to bring up your security requirements with a system engineer. You may discover that their security standards are higher than your own, or you could enter an agreement to modernize your security.

By working with outsourced IT professionals, you’re not just buying a single service and ignoring them for everything else. If your partnered professionals lack the skills or resources for a specific task, they know where to find someone who fits the job.

Reduce Staffing Overhead

How much does the average IT professional cost? It’s more than just their salary.

When hiring a technician or engineer for a necessary, meaningful position, they need to work at peak efficiency. Just like the hardware and software they manage, a technician needs maintenance, updates, and continued relevance in the business.

A good technician can handle the task at hand. A great technician grows into new challenges, searches for other tasks that leaders may not have noticed, and innovates.

To create a great environment for IT professionals, a business needs to provide training and encourage participation in multiple industry events. They need to have their finger on the pulse of your business ventures and know their own tech potential, which often means reaching into other industries.

While doing all of this, IT professionals need to do the job that you give them. They also need to sleep. They probably need a personal life, but the work-life balance is always a touchy subject.

The question is simple: can you afford that kind of technician?

If your business isn’t creating a bleeding-edge engineer as an incubator of industry progress, neither you nor that technician is reaching their greatest potential. You’re paying them for a specific set of tasks, and in order to grow, that technician will need to reach outside of the business for their growth.

If they reach too far, you may lose that technician and the few growth opportunities you were able to pay forward. Instead, create a partnership with a business that deals in technician growth.

Outsourced IT solutions from managed IT businesses will give you access to trained technicians who are ready to handle your challenges. You are the task, the goal, and the client. You are not, however, responsible for building an entire technician.

Education And Training A Benefit, Not A Cost

Your business is still part of that growth and still provides benefits. Like any profession, experience is a steady march forward through workplaces, job sites, and challenges. Someone else is helping that technician grow, and that’s okay.

Unless your business is centered on IT education—or if you’re an engineer who really likes taking other engineers under your wing—this is a better deal for everyone involved. Tasks can be spread out across multiple technicians who can handle the same projects, but you’re quoted for the service that you purchase.

You’re not responsible for posting job applications on Indeed or CareerBuilder. You’re not responsible for sending technicians to expensive seminars with questionable benefits.

While there’s nothing wrong with taking interest in an outsourced technician’s training or even suggesting a path, the distinction is important: your business won’t sink or swim if you’re not paying for their classroom and self-study growth.

Contact an IT support professional to discuss other ways to enhance your business growth.

Financial service firms: beware. Your data is a target. A new report out of the United Kingdom (UK) cannot underscore enough the severity of the issue. But it is nothing new. The FBI has put the alarms on since 2011, from threats of account takeovers to third-party payment processor breaches to securities and market trading exploitation to mobile banking exploitation and even supply chain infiltration, among other ways. Hackers are more advanced and more prevalent than ever. What is shocking about the new statistics from the Financial Conduct Authority (FCA) is the sheer increase of breaches after the implementation of the General Data Protection Regulation (GDPR). Here’s what to know and what to do.

Alarming Statistics from the FCA

The numbers are alarming and demonstrate a real concern among financial institutions and the protection of their assets and data. The total number of breaches reported by UK financial services firms to the FCA was 145 in 2018, which was up from 25 in 2017. That makes it an increase of 480%.

The breakdown of the 145 reported breaches is shown in the below chart (as provided by the FCA) with the last three years also included — this demonstrates the stark increase in reported breaches over the course of four years.

Sector	2018	2017	2016	2015
General Insurance & Protection	33	7	1	3
Pension Savings & Retirement Income	9
Retail Banking & Payments	25	1	1	1
Retail Investments	11		1
Retail Lending	21	4	1
Wholesale Financial Markets	34	3
Investment Management	12	10	3

Why was there a dramatic increase in breaches in 2018?

There are a number of theories why financial services firms in the UK reported 480% more data breaches in 2018 than the previous year. The percentage alone is enough to send warning alarms throughout the work, but do the reasons justify the urgency?

• First, the financial services sector offers a lot of what hackers want: data and money.
• Second, much of the financial services sector has not been using the most advanced technology and artificial intelligence (AI) to protect their information and data, according to a report conducted by Accenture and released in 2018, Cost of Cybercrime: Financial Services. In fact, “only 26% have deployed AI-based security technologies and 31% advanced analytics.”
• Third, hackers themselves are becoming more numerous, bolder, and more sophisticated — alongside the advancement of technology.
• Fourth, the GDPR came into effect in 2018, which requires reporting breaches within 72 hours of discovery — so the increase in the statistics may be — in part — due to a legal requirement to report the breaches.

Thus, the combination of all these things: the financial services’ data, the desire of hackers to obtain that data, the limited protections financial services firms have had in place until recently, and the new requirement to report all play a role in the dramatic increase in reported breaches. So, not all is as bad as it seems. The increase can be in part attributed to the new requirement to report the breaches as opposed to earlier years when such a requirement was not present, and such reporting could be damaging to the reputation of the financial institution — thus, an incentive not to report until it became required.

What can financial services firms do to protect themselves better from hackers and data breaches?

Whether you are in the UK or the United States or elsewhere, financial services firms can protect themselves. It all involves a well-crafted IT plan-of-action that can include any of the below options according to the firm’s needs, wants, and specifications.

Implement and Education & Training Strategy

First thing’s first, you need to educate yourself and your firm on cybersecurity and cyber attacks. You need to know how hackers are hacking into your systems. You need to know what the latest technology is to counter hackers, including AI. You need to be informed on data management and data destruction and disposal. And you need to inform all staff and employees. The problem in data breaches is not only related to hackers hiding in a dark space using malware and other devices and software to obtain access to confidential information, but they use tricks via email and other means to gain access from, for example, unsuspecting and uninformed employees who open emails without thinking twice and who use poor passwords without consideration for how easy they are to be hacked.

An informed company and an informed staff are your first line of business. An internal team can conduct education awareness and training or else a third-party vendor can be hired to do so. It comes down to how large your firm is and what your resources are to manage it.

Assess Your Current Technology & Identify What You Need

You need to assess the current status of your technology, challenges, and vulnerabilities so that you can recognize what you need and where you need it. There are different ways or approaches a firm can take to assess its technology needs, but in general, it should include:

• Gathering information on company and employee needs, considering functional needs, software requirements, technical requirements, and security needs (i.e., natural threats from environmental conditions, intentional human threats (e.g., hackers and disgruntled employees), and unintentional threats (e.g., poor password creation or unintentional leaks).
• Reviewing the information gathered and prioritizing identified needs.
• Document the results from your findings so that you have the information in one accessible location from which you can build a plan.

Acquire the Technology You Need & Implement It

Once you have the information you need, design a multi-layered system that is:

1. Adaptive;
2. Responsive; and
3. Preventative.

Financial services firms can no longer stand to be reactive; too much is at stake. Once you know and prioritize what you need, acquire it and implement it. Research to ensure you purchase the best in technology and/or hire the best third-party vendor (e.g., a managed services firm). The goal here is to bring those statistics back down, or in the least, maintain them.

No matter how good technology gets, technical issues are still and will continue to be a major cause of lost productivity for individuals and companies. Problems with slow or crashed computers, loss of internet service, printers not working, dropped telephone calls, and other annoying little gremlins are costing companies millions of dollars a year, including yours. Whenever your tech isn’t working the way it should, you’re losing revenue and it quickly adds up.

A Sobering Statistic

To get an idea of just how costly all those little glitches are, consider the results of a recent survey by Robert Half Technology. The study found that, on average, workers spend about 22 minutes each day dealing with some type of IT issue. That adds up to an eye-opening 91 hours annually or two weeks of downtime for each employee in your organization.

So think about what that equals in loss of revenue. Some people generate more than others of course. But if you have a professional who’s billing by the hour, for example, or a salesperson who is bringing in say $10,000 per week, and they’re out of commission for two weeks each year, that soon starts to add up to some serious money.

IT issues will always be a fact of life for modern companies to one degree or the other but there is a proven way to keep them to a minimum and reduce their impact on your business operations. It all depends on how well your managed services provider, or your in-house team, addresses your needs and resources.

A Matter Of Strategy And Priorities

A good provider will devote time and resources to two key priorities:

• Optimizing your technology resources, regularly monitoring and testing your system to make sure it’s functioning at its optimal performance, and preventing problems from occurring in the first place, not just reacting when an emergency happens.
• Devising a strategy that implements the type of technology that will best serve your company’s unique and specific needs.

If you have systems and equipment in place that you don’t necessarily need, that’s a drain on your resources and budget and creates more complexity, and thus more opportunities for things to go wrong. If, on the other hand, you don’t have the capabilities you need, efficiency and productivity will be hampered.

An experienced and professional managed services provider will ensure that your organization has the right balance, providing you with the optimum in performance. They will also monitor your system in real time to spot potential problem areas, and to be able to react quickly when they do happen.

Your technology partner should be willing to work with you on a personal basis to devise a plan that will best fit your needs, and they should always be available. If you have a question or an issue, you don’t want to reach an answering machine or service.

It’s easy for a business to get used to minor tech issues and become complacent about them. But the fact is that they’re costing you more money than you know. Finding a good IT partner could be one of the best business decisions you’ll make.

Less than a year ago, the European Union instituted the General Data Protection Regulation (GDPR) to protect customer rights to data privacy.

The regulation created quite a stir in May 2018 when it was enacted, and has recently created even more of a stir because the first fines for non-compliance have been levied. While the EU granted a short amnesty period to allow organizations to comply with the regulation, the fines definitely send a clear signal that the amnesty period is indeed over.

Companies are responsible for implementing GDPR-compliant data policies; complacency about the regulation will surely not win the day. No excuses — comply or be fined; the EU has definitely made good on its promise to staunchly defend citizen rights to privacy.

Thus far, there have been three notable penalties. One of the most visible is, of course, Google, which received a €50 million fine in France, courtesy of French data regulator CNIL (Commission Nationale de L’informatique). Google’s fault according to CNIL is the lack of transparency and unclear consent regarding advertisements.

In particular, Google did not have one clear source of information regarding how data is collected. Instead, the information was interspersed into various documents and websites, creating a nearly impossible task for the end user to be aware of how their personal data is actually being used.

The bottom line is that users must be able to make an informed choice about whether (or not) to consent to Google’s use of their data. The other important factor in the Google fine is that CNIL clearly sent a signal that Google can and will be regulated by every data privacy authority (DPA) within the European Union regarding the GDPR rules. Companies that were just focusing on the data privacy rules in their own country have definitely taken notice.

Google will inevitably appeal CNIL’s decision and organizations around the world are anxiously awaiting said outcome. If CNIL’s decision stands firm, companies will have to make changes in how they conduct similar online platforms. Simply said, the outcome could possibly create a profound change in the relationship between consumer and advertiser.

In Germany, a similar social media platform was fined €20,000 for a breach that compromised personal information like passwords and email addresses from more than 300,000 users. While this fine could have been much worse for the company, many industry experts state that the company was given a much lower penalty for how they handled the breach. The company’s saving grace was a proactive notification of both customers and the German GDPR data protection authorities.

This last example of a GDPR-levied fine definitely brings home the message of the lengths the EU will go to protect their citizens. In this case, an Austrian businessman was fined for placing a camera outside his business. The camera was not clearly identified as a CCTV camera, yet it was recording a public space outside his business.

Since GDPR began, the EU has received nearly 100,000 data privacy complaints from its citizens and over 40,000 data breach notifications from companies. Experts say these numbers are low because they are based on voluntary contributions from only 21 of the 28 EU member countries. The numbers therefore are actually much higher.

So far, the GDPR has reported levying 91 fines, with 60 of those fines levied by the German DPA alone. GDPR definitely changes the compliance risk for organizations across the world. Heftier and more numerous fines are expected to be handed out in 2019 as the EU moves into GDPR with full steam.

The United States was once the trailblazer of the world when it enacted the mandatory data breach notification laws and punishment sanctions for non-compliant businesses. Now, the U.S. Congress is closely following GDPR and may soon enact similar privacy considerations to rein in companies like Google, Facebook and others who offer free products and services at the expense of a user’s personal information. Congress understands that what a consumer discloses today can have far-reaching implications years later, and they are definitely watching the implementation of GDPR as Europe nears its first anniversary of enacting the law.

 

When you think about it, it makes sense that hackers might target managed services providers (MSPs) — those organizations that are responsible for protecting the data and technology systems for hundreds or even thousands of other organizations. The Department of Homeland Security recently alerted MSPs to the potential activity from hostile actors who were targeting large organizations in a new way. These nation-state hackers were using managed service providers who provide outsourced website management and cloud functions to infiltrate a variety of companies. While any organization can potentially be vulnerable, MSPs often maintain an increased state of alert to ensure that any infiltrations are quickly discovered and remediated before the threat can expand.

How Cybercriminals Are Targeting Their Attacks

Managed service providers often maintain direct and unfettered access to client information, making them a key target for hackers. While perhaps not a daily occurrence, security breaches happen to organizations of all sizes — much more often than business leaders would like to admit. Attacks against a well-defended organization such as a managed services provider take an exceptional level of coordination, often perpetrated by high-powered, international hackers. These organizations often attempt to gain access to an MSP by using malware to steal administrative credentials before tunneling deeper into the infrastructure to gain access to additional machines and software. This business information is then packed out of the platforms, allowing hostile foreign actors to gain access to sensitive personal, financial and business information.

Are Managed Services Providers Safe?

Maintaining a secure infrastructure for your business is core for MSPs, as they have the dedicated and knowledgeable staff focused on protecting client and business information. While a compromise within a service provider can spread quickly if it is unnoticed, the active reporting and review by security professionals is likely to catch any infiltration before it becomes widespread. One of the key ways that managed services providers are being attacked is through APTs, or Advanced Persistent Threat malware. These sneaky programs are designed to gain deep access before they are noticed, but managed service providers have programs that trigger alerts for review by human security professionals to maintain a high level of security for your business at all times.

Maintaining adequate security measures as well as advanced backup and recovery mechanisms is one of the best ways to thwart these hackers before they are able to negatively impact your business or your customers. Local and cloud-based backup procedures, as well as proactive and quick recovery strategies, can mean the difference between losing access to your information for days or even weeks and being able to quickly restore full operations to your business.

In 2018, Dropbox announced it was shifting away from cloud-based services in favor of managing some of its data storage and application hosting itself. The company noted that while Amazon Web Services (AWS) initially allowed Dropbox to delay the purchase and maintenance of its own infrastructure, there were limitations and obstacles that prompted the switch.

In its IPO filing, Dropbox noted that the company has no operational control or access to the AWS or other cloud facilities that host its content. If there were to be an issue with that data, Dropbox, which hosts information for its customers worldwide, would have little control of the situation.

Why is it that Dropbox and other companies are moving away from the cloud, which is touted as a service that alleviates the burden of monitoring, maintenance and upgrading what’s stored there? Are there times when it makes more sense to move away from the public cloud?

How Many Companies Are Moving Out of the Public Cloud?

In 2018, IDC reported that 81 percent of companies surveyed reported migrating applications or data that had been stored in the public cloud to a different environment, including a private cloud host, a hybrid cloud and local solution or a complete on-premises infrastructure. The companies that repatriated data and apps reported doing so the following solutions:

• Hosted private cloud (41 percent)
• On-premises private cloud (38 percent)
• On-premises non-cloud (22 percent)

The survey also reported that 85 percent planned to migrate services in 2019.

Why? The most-cited reasons were:

• Security (19 percent)
• Performance (14 percent)
• Cost (12 percent)
• Control (12 percent)
• Desire to centralize or reduce shadow IT (11 percent)

What’s Behind the Cloud Repatriation Push?

Munish Manrao of Belmont, California-based ePC Solutions noted that there can be many factors that influence a decision to move to the cloud or move back.

“Every IT decision should be based on a combination of factors: security, cost, compliance, stability, productivity, and compatibility,” Manrao said. “In some instances, a company may move an application to the cloud and then decide to pull that application out of the cloud and return it to an on-premises data center. Although this can be disruptive, any one or more of the reasons listed above could be the determining factor.”

Jason Simons of Houston IT solutions company, ICS, agreed, noting that control, performance and regulatory mandates are often the key factors to move away from the public cloud. He cited specific issues that may prompt, or force, the decision for businesses:

• Poor performance of the application once it was virtualized in the cloud
• A desire for ultimate control of the software or data, including upgrade management, outage scheduling and access management. Because the public cloud is a shared resource, there are often limitations and restrictions on what a company can do and when.
• Concerns about regulation. If a company finds out that its cloud provider is no longer certified to meet the security standards of regulatory agencies, the business is responsible. Companies take on great financial risk for non-compliance.
• The wrong provider. Companies may choose a smaller provider initially that cannot meet their business needs. Instead of moving to a larger provider, some businesses prefer to bring apps and data back in-house.

Speed is a frequent reason for moving away from the public cloud.

“Businesses that rely on public cloud servers often run into trouble if local bandwidth is unreliable, or if internet access is lost resulting in downtime or data loss,” noted Andrew Schira with Oklahoma City IT service provider, Easton Technology.

Another is the cost.

“On-premise servers are generally a one-time purchase,” Schira continued. “Moving applications can reduce operating costs and result in improved security.”

Those insights echo the reasons cited in an IDC survey of multi-cloud infrastructure among European businesses. The top data-management priorities were:

• Managing and controlling cost (42 percent)
• Regulatory compliance (34 percent)
• Provisioning and management capabilities (32 percent)
• Data portability and workload seamlessness (32 percent)
• Retrieving data if a provider goes out of business (27 percent)

Over the next 12-18 months, 49 percent of those businesses listed data protection, including backup and recovery, replication archiving and business continuity, as a key data challenge. Another 43 percent cited security and compliance.

What Applications Are Most Likely to Move Away from the Public Cloud?

Manrao noted that there are certain applications that are prime suspects for repatriation if they have one of the following characteristics:

• Database applications that require high I/O speeds (the rate at which data is transferred between the hard disk drive and RAM)
• Graphics-intensive applications
• Applications that should be accessed outside the network
• Applications that are not cost-effective to host
• Applications that are necessary to control local access
• Applications that cannot be dependent on ISP speeds

“Applications that are candidates for repatriation to a business’s on-premise servers are mature, highly integrated, mission-critical applications where concerns about exponential growth are not an issue,” Schira said.

Regulatory concerns are a growing concern, too. Companies face complex and mounting data management requirements due to the passage of GDPR for European Union residents, growing U.S. state-specific privacy mandates, and the continuing presence of requirements for HIPAA, PCI and other legislative obligations.

What Are the Benefits to Rolling Back from the Public Cloud?

Companies that switch from the public cloud will see many benefits, including:

• No risk of providers changing terms or costs
• No threat of potential deletion of data by a provider with little or no warning
• One-time server expenses
• Full company control of its own data, including its use and its storage

How Can I Prepare for a Switch?

Manrao recommends that whenever an application is moved to the cloud, there should be a roll-back procedure in place. Companies should keep their local infrastructure in place for a while in case the decision is made to roll back the application to internal hosting.

These procedures should ensure the company has complete access to the database and user accounts. The cloud host should be able to export all the data in a format that’s usable to the business. These procedures also should be tested often.

And if you decide to roll back data, Simons has some advice.

“The best way to do this with minimal downtime is with proper backups and pre-planning and testing,” Simons said. The key steps are:

• Pre-install the application at your facility and thoroughly test
• Complete a backup or screenshot of the cloud application and load it into your on-premises version
• Continue running the application on the cloud server until the backup is restored to on-site equipment
• Shift users seamlessly to the on-site server
• Make another backup of the changes that occurred in the cloud while doing the migration
• Restore these interim changes to your on-site server

Cloud solutions continue to be valuable for many companies, especially those with small or understaffed IT staffs. However, as with many new technologies, some businesses are finding that the public cloud is not the ideal solution for their unique needs.

There’s no better means of promoting a professional business today than the use of online reviews. Positive third-party online reviews can take your law firm to the next level. Personal referrals and word of mouth have their place in drumming up new business, but they will never come close to the exposure you can receive through online reviews. Positive online reviews across multiple platforms and search engines could very well be the key to the success of your legal firm.

How Important are Reviews for Attorneys?

When consumers are looking for an attorney to represent their interests in a legal matter, where do they turn to first? Modern technology has made the Internet the number one source of information for just about any business inquiry consumers may have. This makes it essential for law firms to have a strong online presence in order to compete. Your online presence should include a fair amount of positive online reviews.

Positive online reviews can help establish your law firm as experts in the legal field. Studies show that in 2017 alone, over 97% of consumers turned to online reviews to help them choose a company to do business with. Approximately 85% of consumers acknowledged they trusted online reviews more than a referral from family or friends.

When it came to searching for an attorney, 75% of consumers indicated they used online resources to find the lawyer they needed. Approximately 65% of these said their decision to hire a certain attorney was influenced by online reviews. If perfect strangers can have such a major impact on people’s decision to hire an attorney, imagine the potential you have of increasing your customer base by petitioning your clients for reviews.

Effects of Online Reviews on a Law Firm

Positive online reviews can give your law firm greater standing in your local community as they reveal what fellow residents have to say about their experience with your firm. Positive reviews from former customers can put your name on the top of the list when people need an attorney to handle their legal affairs.

With so many people resorting to online reviews to help them find an attorney, it’s to your advantage to make reviews readily available to your online target audience. The more positive reviews your firm has, the greater your chances of being selected over your competition.

Naturally, you want to avoid having bad reviews posted online. But few or no reviews could be just as detrimental to your cause as it gives consumers the impression that your law firm is inexperienced in its field.

The goal is to encourage former clients to write positive reviews that make a good impression on individuals who are in the process of selecting an attorney to represent their legal interests. With so much competition among law firms today, people aren’t willing to settle for just an “ok” attorney- they want an attorney who stands out in his field. They’re even willing to travel to the next town to hire an attorney with excellent reviews.

Review Count and Scores

In a recent survey regarding the use of online reviews for hiring attorneys, 264 people out of the 316 interviewed indicated they would only hire law firms that received, on average, a 4- or 5-star rating on their reviews. This shows how much consumers value reviews in selecting a lawyer. If your firm’s rating falls short of these expectations, you could very well be losing clientele. Poor reviews obviously have a negative impact on people looking for the services of an attorney. To get top reviews, your law firm needs to provide top services to your current clientele.

Keep in mind that third-party reviews across various platforms will carry more weight than reviews placed on your website. Consumers expect you to post positive reviews on your site. Third-party reviews, however, generate greater validation and trust.

In addition to good ratings, consumers want to see a fair amount of reviews from former customers as this gives them a more accurate picture of how people view the services you provide. The combination of review count and review score influence consumers in selecting an attorney.

Where Should You Collect Reviews?

Quite frankly – everywhere you can! By collecting reviews across multiple platforms, you’ll reach a greater audience. You could also narrow your prospects to the most effective platforms, i.e. Google and Facebook, as these two sites are where the majority of people wind up when doing business searches.

Google reviews carry a lot of weight when consumers search for law firms due to the company’s reputation for providing relevant content. Google is well aware of the influence ratings have on consumers searching for an attorney online. For this reason, Google prioritizes law firms that have a substantial amount of positive reviews in their search results.

How to Increase Your Firm’s Reviews

Knowing the influence that positive reviews can have on your law firm should motivate you to solicit as many reviews as possible from former clients. If you’ve provided exceptional services to your customers, positive reviews shouldn’t be so difficult to obtain. Most consumers are happy to comply. In fact, the best time to request a review is immediately after services have been rendered, assuming your customers are happy with the services they received.

Once you start receiving reviews, take time to monitor what people are saying about your firm. This gives you a better idea of how you’re doing, from the perspective of your valued customers. Make an effort to respond to as many reviews as you can – positive and negative – to show you’re interested in what your clients have to say.

Never ask employees for reviews and never pay or offer incentives for reviews, as this goes against Google’s policy.

How to Handle Negative Reviews

When you ask for reviews, there’s always the chance of getting negative reviews along with the positive ones. Although negative reviews can lower your overall rating, they can also provide you with opportunities to see where you need to improve. A few negative reviews here and there can even make your law firm appear authentic.

By handling negative reviews in a positive manner, you can earn customers’ trust. Always make an effort to address issues brought up in negative reviews. Apologize to your client to wipe the slate clean. If you can rectify the problem, do so, even if it’s at your own expense. Your sincere efforts to make things right can convert an unhappy client into a satisfied client who will let others know what you have done.

In Summary

The success of your law firm depends on providing exemplary services to your current clients and drawing in more clients who are in need of legal help. Positive Google reviews will play a key role in accomplishing this goal.

In late February 2019, Toyota Australia was hit by a major cyber attack that knocked out its online presence and email systems. For days, the automaker had its ability to connect with customers significantly compromised.

The Toyota incident is yet the latest reminder of the disastrous impact of cyber attacks and why companies of all sizes and in all industry sectors need to be vigilant. Systems, users and devices all need constant monitoring and robust security measures in place to prevent such incidents from having significant consequences.

What happened at Toyota?

On 21 February, it was reported that Toyota Australia had suffered from a cyber attack. The company issued a statement that confirmed the attack, which reports indicate Toyota first learned about the day before. The statement noted that the initial analysis showed that no private customer or employee data had been accessed.

The company’s IT teams were working with “international cybersecurity experts to get systems up and running again,” according to the statement.

Four days later, the company’s website continued to display a stark message detailing its effort to recover from the attack. The company created an emergency call centre to address inquiries from customers.

The company has reported it has “no further details about the origin of the attack.”

What impact is the disruption having on Toyota customers?

The web message made note of several important issues affecting its customers. The company reports having only “limited capabilities to respond” to customers. The Toyota VIN Checker function is down, for example.

Of more significant concern is the impact on two important recent recalls facing Toyota customers. One recall, begun in 2018, affects airbags inflators in Corolla and Avensis models. As the airbags age, high temperatures and humidity can cause the airbag to activate with an explosive force that could send metal fragments towards car passengers, leading to serious injury or death.

In December, the company also recalled 2,640 Corollas, this time to replace a transmission assembly that could detach, resulting in a loss of power.

How big a problem are cyber attacks in Australia?

Cyber attacks cost the Australian economy $1 billion annually. Here are some other statistics on the effect on Australian businesses (2017 numbers unless indicated otherwise):

• 516,380 small businesses were victims of a cybercrime
• The average payment was $4,677 for a small- or medium-sized business to recover their data after a ransomware attack
• One in four enterprises suffered 25 hours or more of downtime after being hit by a cyber attack
• Only one in three small- and medium-sized businesses have continuous system backup practices in place
• It cost medium-sized companies $1.9 million to recover from a cyber attack.

In the first six weeks after enacting the Notifiable Data Breaches scheme in February 2018, the Office of the Information Commissioner received 63 notifications. Those numbers have grown steadily, with 242, 245 and 262 breaches reported in the last three quarters of 2018, respectively.

Malicious or criminal attacks accounted for the largest number of data breaches reported in the fourth quarter – 64 percent of all reported incidents. Of those malicious or criminal attacks, 68 percent involved cyber incidents, including:

• Phishing (43 percent)
• Compromised or stolen credentials (24 percent)
• Ransomware (10 percent)
• Brute-force attacks (8 percent)
• Hacking (8 percent)
• Malware (7 percent)

A closer look at the fourth-quarter statistics gives a clearer picture of the sources of attacks, types of attacks, data affected and sectors being targeted (with percentages):

Source of attacks

• Malicious or criminal attacks (64 percent)
• Human error (33)
• System faults (3)

Information disclosed due to human error

• Personal information sent to wrong recipient-email (27.1 percent)
• Unauthorised disclosure via unintended release or publication (17.6)
• Loss of paperwork or data storage device (14.1)
• Personal information sent to wrong recipient-mail (11.8)
• Failure to use BCC when sending email (10.6)
• Unauthorised disclosure-failure to redact (9.4)
• Personal information sent to the wrong recipient (3.5)

Type of data affected

• Contact information (85 percent)
• Financial details (47)
• Identity information (36)
• Health information (27)
• Tax file number (18)
• Other sensitive information (9)

Top industries attacked

• Health services (21 percent)
• Finance (15)
• Legal, accounting and management (9)
• Private education (8)
• Mining and manufacturing (5)

What companies can do to protect themselves?

The Reserve Bank of Australia warned in October 2018 that Australian businesses were vulnerable to cyber attacks and the catastrophic losses that could ensue.

The Cisco 2018 Asia Pacific Security Capabilities Benchmark study noted that Australia was most under attack of the 11 countries evaluated. The numbers are stunning. Ninety percent of Australian businesses report facing up to 5,000 threats daily. Of those companies, a third face between 100,000 and 150,000 daily attacks and 7 percent see more than 500,000 attacks per day.

What can Australian companies do? Here are some of the most critical areas of need.

Comprehensive protection

Companies need to invest in a multilayered approach to protection of hardware, software, systems, networks, access points, devices and users. As seen in the data above, the attacks can come from a deliberate attack by an outside source, but often come from simple human error.

A comprehensive approach includes sound policies, technology and awareness. Together, these tools give your business the right protection to combat attacks.

Firewalls

A next-generation firewall protects your computer network. Firewalls help detect, contain and eradicate unwanted intrusions before serious harm can come to your systems. They also can be used to inspect information sent to and from the company and block access to and from risky URLs.

Anti-virus software

To protect users from spam, phishing attempts, viruses and malware, your devices need installed software that automatically scans and quarantines suspicious emails and activity. These tools should be automatically updated in the background to ensure continuous protection from threats new and established.

Monitoring

Tools can be deployed that continuously monitor networks, devices, access and usage, using pre-established rules about what is and is not allowed. Automated monitoring tools can detect and detain threats while issuing alerts to key personnel about identified issues.

Business continuity and disaster recovery

Companies need to develop the policies and procedures that will allow for little to no interruptions should a natural disaster or cyberattack occur. These guidelines establish chains of command, protocols and roles (which may be different from typical job responsibilities) during a crisis. These plans should be tested to ensure all components work smoothly and plans should be modified as needed.

Employee awareness and training

It is important that companies invest in their employees to further an understanding of what cyber attacks are, what damage they can do and how workers can prevent them. Showing employees examples of suspicious emails, making sure they understand data privacy policies and testing their responses builds resilience and understanding.

The Toyota Australia incident will not be the last high-profile example of cyberattacks to hit businesses. But preparation can go a long way to reducing the number and impact of such attacks.