Category: Uncategorized

Advanced Data Governance (or ADG) is a tool from Microsoft. Available to be used within Office 365, this tool assists businesses in meeting compliance requirements and managing risk. Most of all, it helps organize the massive amounts of data that companies are now dealing with.

 

Each quarter, the data owned by a given business grows by exponential rates. Over time, organizations are met with the challenge of organizing this unstructured data. Moreover, they are challenged to be able to find pertinent data, retain sensitive and important data, and safely destroy or archive obsolete or otherwise useless data. These are the pain points that Advanced Data Governance aims to handle.

According to Microsoft, the goal of ADG is to help companies:

• Assess their current compliance status
• Protect their current and future data
• Respond to requests

Other goals include:

• Reducing costs across the board
• Maintaining business continuity

What is the Advanced Data Governance dashboard?

The dashboard of ADG is where most of the magic happens. Here, companies can clearly see a visualization of their data, along with helpful widgets, which explain key features about data status. This is useful as it can help companies decide what data or cross-sections of data to keep and which to discard.

How does ADG help companies meet compliance?

A particularly useful element of ADG is that cloud intelligence assists in recommending policies. All companies have their own rules and regulations to comply with. For EU businesses, for example, GDPR rules need to be observed. According to whatever rules and regulations a business must comply with, Advanced Data Governance is able to quickly filter through everything in order to detect the appropriate data. In doing so, any policies set up by the company can be applied to the pertinent data in one easy action.

Applying a given policy may mean retaining all data that meets that policy’s criteria, or it may mean automatic removal of a given set of data. When detecting data via a policy, any type of criteria can be used. Most of the time, keywords are used to search and sift through data; however, some companies may choose to use financial, healthcare, or PII related information to conduct searches.

An added feature of ADG is its ability to apply policies to all Microsoft Office 365 services, including Exchange, OneDrive, and SharePoint. This streamlines all enforcement of policies.

What are ADG labels and event tags?

Labels can be created and applied easily in ADG. Each label denotes specific data retention actions. For example, you may create a label that retains all employee record data for a select period of time. You can choose to apply these label policies to all Microsoft services or only to select services.

Event tags allow companies to start certain policies on specific dates as it’s not uncommon for policies to only need compliance during certain periods of time (during specific employment periods, mergers, events, and more).

How Can Advanced Data Governance Help Your Company?

Allow Microsoft’s Advanced Data Governance to help your company regulate and meet compliance, manage risk, improve data organization and understanding, operate more efficiently, and increase revenue. It’s an excellent tool for businesses who are noticing an upsurge in data volume and structural issues.

If you own or manage a company and are considering outsourcing your IT services, you’re on your way to markedly reduced expenditures and greatly improved cybersecurity and technology.

Still wondering about the benefits of outsourcing IT? Not sure how to go about hiring a managed IT service provider?

We’ve got you covered. Let’s start with what IT services are and why you need them.

What are IT services?

When it comes to virtually any type of business in the world, technology is a critical part of operations.

First, you must be online with a top-quality website and a consistent social media presence. Next, you need technology for your employees and daily operations: computers, printers, copiers, adequate data storage and backup, unique software programs, and more. Finally, everything must be protected with excellent cybersecurity.

All of these things encompass your business’s IT services or information technology services.

Why should you outsource IT?

Most businessmen and women start their businesses with the mind that they can do anything they set their mind to.

While this is an excellent mentality to have and provides the necessary motivation to start a booming business, it’s also important to know when to ask for help. Nowhere is this more pertinent than with information technology, or IT.

Unless you are specifically in the business of providing information technology yourself, this means you’ll have to have a strong team of IT specialists on your side.

In-house IT departments are generally only a viable option for expansive businesses who will have enough work for the IT staff to do on a daily basis. Therefore, the better solution for most companies is to hire a managed service provider or MSP.

These companies provide all different levels of IT support to their customers (businesses and organizations like yours). Their main goals are to make your life easier and to help your business grow and thrive.

What are the benefits of outsourcing IT?

1. You’ll have access to the best talent pool and technology.

Professional IT companies handle technology all day. All specialists working at MSPs are trained in their specific area of tech, and they stay updated on the latest in cybersecurity, technological hardware and software advances, updates to data cabling practices, and more. Moreover, whenever you need updated software or hardware, MSPs know the most effective and affordable options.

2. You can choose your level of service.

Most MSPs offer different tiers of service. You choose your level of service and pay a flat, monthly, quarterly, or yearly fee for them to provide whatever services are in that tier. Sometimes, businesses simply hire MSPs to be “on-call” when they need them. MSPs cater to you.

Because of this, you can basically pay for exactly what your business needs. If you own a large business and constantly need IT service assistance, choose a more hands-on level of service. If you only occasionally need help with an IT problem and generally just need someone to help you hook up new computers, networks, or equipment from time to time, choose a lower tier of service. You can also change levels of service, based on your changing needs.

3. You’ll reduce costs across the board.

MSPs only work when you need them, so you’re paying for what you need and not for downtime.

It can be expensive to hire, train, and consistently employ an in-house IT team. Moreover, in small and mid-sized businesses, these staff members generally have a lot of downtime. Hiring an MSP makes more fiscal sense in the long run, and you’ll undoubtedly get better service.

4. You won’t have to micro-manage an IT team.

MSPs take care of you; that’s their job. Unfortunately, in many cases involving an in-house IT department, it’s the manager or director who is taking care of the tech team and micro-managing their day-to-day tasks. This leaves little time to actually run the business.

The whole point of hiring an MSP is to lessen your workload and anxiety. You should be able to hand over the “tech reigns” to an MSP and let them keep your business in a continuous flow of utility, without hitch or interruption. This is what they’re trained to do without your involvement.

5. You’ll improve your compliance.

Meeting compliance is a major pain point in many industries. Government rules and other regulations are complicated and always changing. An MSP can take on this burden for you and set you up with the software you’ll need for perfect compliance and greatly improved risk management.

6. You can stop worrying about security risks.

A large part of an MSP’s role is to be aware of current cybersecurity threats. With many businesses and organizations, personal and private data is being stored. In the event of a security breach, this data could be stolen, destroyed, held for ransom, or otherwise tampered with.

If it is employee data, a breach like this could mean loss of faith in the company and even lawsuits. The same goes for loss of client and customer data — or patient data in the case of health care providers. In these situations, whole businesses can collapse.

Fortunately, cybersecurity is best handled by professional MSPs. These experts know the current strategies hackers are using to obtain login information and sensitive data. They will construct a thick barrier between you and any potential threats. Moreover, they’ll be monitoring your security 24/7, so if something does happen, they can nip it in the bud as soon as possible.

Should you simply manage IT yourself?

We don’t recommend that. Again, entrepreneurs and leaders in business are unique creatures in that they genuinely feel that they can accomplish anything they set their minds to. We’ve already covered why this is absolutely excellent for getting great business ideas, bringing them to fruition, and creating businesses that thrive and grow. But at certain times, it is critical that you release the mentality that you should handle it all.

As an owner or manager, you simply don’t have time, and your talents and abilities should be put to better use than managing IT. While we will assert time and again that information technology is absolutely essential to your business, it is crucial that you find the best-managed service provider to assist you in handling your IT. Do what you’re best at and leave the IT to MSPs.

How do you find an IT services company?

There are high-end, professional managed service providers all over the nation, so simply search for MSPs in your area. Many urban areas will have a long list of MSPs, but they’ll cover a big swath of rural towns in their service area. Once you find a few MSPs that you like the look of, set up appointments with each one to find an MSP that meets your unique needs.

When people go to their doctors, they assume their information is protected. They freely and willingly provide personal information, like social security numbers. Their primary concern is their health and so they literally trust their lives in the hands of medical professionals and providers. This assumption that patient data is protected may be derived from the assumption that medical facilities are all aligned and in compliance with Health Insurance Portability and Accountability (HIPAA). Everyone signs the HIPAA forms and so everyone assumes — even without thinking it — that they are protected and that the medical facility and/or medical providers are in compliance. Indeed, medical providers may believe they are in compliance and their patient data is protected until it happens: the data breach. Instantly, hundreds and thousands and even millions of patients’ information is compromised. Not to mention: the medical entity where the breach occurred may be held liable for it.

Breach of Patient Data Already Making Waves in 2019: The Example of Valley Hope Association

Just recently, a data breach was investigated and confirmed at Valley Hope Association. It’s a Kansas-based nonprofit organization that treats patients with drug and alcohol addictions. They have 16 facilities located in seven states:

1. Arizona
2. Colorado
3. Kansas
4. Missouri
5. Nebraska
6. Oklahoma
7. Texas.

Patients number in the thousands across these seven states. As of the last week of January 2019, the organization has been notifying these patients — former and current — that there was a data breach and their information may have been accessed.

It all started in October 2018. An employee’s email account had suspicious activity. The investigation commenced with this employee’s email account. On November 23, 2018, it was confirmed: a cybercriminal hacked into the employee’s email account, and from there, was able to access patient information. The information compromised includes:

• Social security numbers
• Dates of birth
• Financial account information
• Patient claim or billing information
• Driver’s license or state identification card numbers
• Health insurance
• Medical records
• Medications, and
• More.

These kinds of breaches are the beginning of identity theft. When it happens in medical facilities, it is all the more stressful because these are patients dealing with health issues. Identity theft is not a matter they want to deal with on top of their health issues. Following the breach, Valley Hope has taken two steps:

1. It has provided its patients with free credit monitoring and identity protection services; and
2. It has added additional security measures designed to secure patient data.

Unfortunately, the Valley Hope Association’s breach of patient data is not an isolated event. Many other medical facilities across the country have experienced data breaches. Examples of patient data breaches that occurred in 2018 include:

• Catawba Valley patient records were breached by three phishing hacks.
• Centers for Medicare & Medicaid Services (CMS) confirmed 75,000 people were affected by a data breach in the ACA portal.
• Minnesota Department of Human Services was the victim of two phishing attacks affecting 21,000 patient records.
• Fetal Diagnostic Institute in Hawaii was the victim of ransomware attacks resulting in data breaches of 40,800 patient records.
• Legacy Health, an Oregon-based health system, experienced phishing attacks that led to 38,000 patient record breaches.
• Augusta University Health confirmed in 2018 that 417,000 patient records had been breached.
• UnityPoint Health experienced two large data breaches in 2018, exposing 1.4 million patient accounts to hackers.
• LabCorp confirmed millions of records have been compromised and are at risk due to the hacking that forced a network shutdown.
• A Missouri-based Blue Spring Family Care facility was the victim of ransomware malware, which put 45,000 patient records at risk.
• Banner Health breach in Arizona compromised around 3.7 million patient records.

These are just a few of the many security breaches of patient data that occurred in 2018. As can be understood from these examples, healthcare is a lucrative target for hackers, and as technology advances, so do the hackers’ capabilities. That’s why it is imperative that medical facilities, providers, and professionals take steps to ensure their outsourced IT services providers offer all the latest technology to secure patient information.

What does HIPAA say about patient data protection, responsibility, and consequences?

The HIPAA Privacy Rule sets out to protect “individually identifiable health information” in the possession of a covered entity or its business association regardless if this health information is in electronic or paper form or transmitted orally. Covered entities include:

• Health plans
• Health care clearinghouses
• Health care providers “who electronically transmit any health information in connection with transactions for which the [U.S. Department of Health and Human Services (HHS)] has adopted standards.”

The individually identifiable health information is known as protected health information or PHI. According to HHS, PHI includes demographic information relating to:

• “an individual’s past, present, or future physical or mental health or condition
• the provision of health care to the individual, or
• the past, present, or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe can be used to identify the individual. Protected health information includes many common identifiers (e.g., name, address, birth date, Social Security Number) when they can be associated with the health information listed above.”

Covered entities must take measures to protect PHI. Traditionally, a covered entity breached HIPAA regulations when PHI was accessed by an unauthorized person due to unsecured PHI. When this happens, the covered entity is responsible for a breach in HIPAA regulations. But this responsibility is not as straightforward when the breach is made by ransomware or other malware activity. If the covered entity is found to be in violation of HIPAA due to these data breaches, then heavy financial fines may be imposed along with other required corrective action. Depending on the size of the entity and the amount of the fine and other imposed penalties, a data breach could be detrimental not only to the patients whose information was compromised but to the survival and existence of the facility, provider, or professional.

What can medical facilities do to safeguard their patient data?

Medical facilities or any covered entity and their business associates have options when safeguarding their patient data. These options should be interpreted into a plan of action.

• First and foremost, these facilities must comply with HIPAA regulations.
• Second, they must comply with HIPAA regulations by ensuring they are using the most advanced technologies to safeguard patient data. New technologies develop on a regular basis. You should hire an IT team or outsource your IT needs to an IT services provider who regularly keeps up to date with advancements in technology and consistently implements the technology into their services. If you hire such a team, you can rest assured that data is being protected to the best of technologies’ capabilities.
• Third, covered entities and their business associates must thoroughly vet their IT Team and/or third-party IT services provider. There have been cases in 2018 where breaches were made by tech vendors and other third-party IT services providers, e.g., the case of MedCall Advisors in North Carolina.
• Fourth, policies and procedures should be in place to ensure that on an ongoing basis, best practices are honored to safeguard PHI. These policies and procedures should apply to all staff, employees, medical professionals, and the IT team — even if IT services are outsourced.

Ultimately the responsibility comes down to the party in possession of the patient data and covered by HIPAA regulations. Don’t let what happened to Valley Hope Association happen to you. Start the new year off right: make sure your PHI is secure and safe.

Ransomware. Ransomware. You have heard the word and know it involves a cyberattack. You assume from news reports that it only happens to large companies like Target, Equifax, and Marriott Hotels for example, and that cybercriminals will not want to bother with your small or medium-sized business (SMB). Unfortunately, that assumption is wrong.

The Federal Trade Commission (FTC) notes that ransomware is a major concern of small business owners across the country. Another report notes that since nearly 50 percent of SMBs have no employee security and awareness training, they are particularly vulnerable to cyberattacks, including ransomware.

The U.S. Department of Justice (DOJ) reports that since January 1, 2016, more than 4,000 ransomware attacks have occurred every single day. Business owners suffer the temporary or permanent loss of their proprietary information, disruption of their daily business operations, and the extreme expense of restoring files, if that is even possible. Their reputation in their community may also be damaged.

What is Ransomware?

Ransomware is a type of malware, a software program intended to damage computer files. It quietly invades your computer, encrypting as many files as it can locate on your local and network drives. The encryption is done by using a complex mathematical algorithm. When the encryption is complete, your files become unreadable unless you have the key to unlock them.

The only one with the key is the cybercriminal who demands you pay a ransom in order to regain access to your files. Your data has been kidnapped. A simple virus scan cannot undo the encryption. Your data is being held hostage by the cybercriminal.

In many cases, there is a time limit for payment. A count-down clock may even appear on your screen telling you that you must pay the ransom within a certain period of time or forever lose access to the files.

How Ransomware Gets into Your System

Ransomware enters your computer most often by a “phishing” approach. This happens when an innocent user receives an email that appears to be from a friend, co-worker, or reputable company. It includes an attachment. When the user clicks on the attachment, it is downloaded and, voila, ransomware invades that device and all other devices connected to the network.

Some websites have malware lurking in the background. It only takes one keystroke and the malicious software will now infect all the files it can access. The intent is to cause as much damage as possible to your network so that it shuts down and you can no longer access any of your files.

Should you Pay the Ransom?

The DOJ does not advise SMBs to pay the ransom. But, it does note that victims of ransomware have tough decisions to make when considering whether or not to pay. It recommends ransomware victims consider the following factors before paying the ransom:

• How to best protect employees, customers, and shareholders.
• Paying the ransom does not guarantee that the cybercriminal will provide the key to decryption.
• Some victims who paid the ransom and did get the decryption key were again targeted by other cybercrminals.

The DOJ encourages businesses who have been invaded by ransomware to report it to law enforcement. There is a chance that they can use legal tools, including working with international law enforcement, to locate the encrypted data.

How to Prevent Ransomware from Invading Your Network

The most important step of preventing ransomware from invading your network is education. Your employees need to understand how ransomware works, and they need to be constantly aware of the importance of not clicking on any attachment no matter how legitimate the sender appears to be. The attachment must first be scanned for malware.

Every file needs to be backed up so it is accessible off of the network so that if there is a ransomware attack, your business is not crippled beyond repair. If an attack is discovered on one device, immediately shut down all devices connected to the network.

Cybercriminals are getting smarter and learning how to circumvent cybersecurity that is installed to prevent the ransomware and other malware attacks. There are Managed Service Providers (MSPs) who can provide a robust cybersecurity system that can withstand the threats. They should also be able to ward off a threat before it can cause any harm.

On January 22, 2019, The U.S. Department of Homeland Security, DHS, Cybersecurity and Infrastructure Security Agency, CISA, issued an emergency directive. This emergency directive was put into place to address ongoing problems and issues associated with global Domain Name System, or DNS, infrastructure tampering. As a business owner or executive in charge of a business, you may have many questions about this and how it can affect your business. Here is what you need to know about DNS infrastructure tampering.

What is DNS Infrastructure Tampering?

DNS infrastructure tampering involves techniques that allows an attacker access to your DNS. They are able to compromise a users’ credentials, allowing them to make changes to DNS records. Once the records are changed and altered, it allows an attacker the ability to access and intercept many things related to the network, including but not limited to your web address, your mail traffic and web traffic. An attacker can take that information and redirect incoming traffic to an unsafe website that may contain viruses or may collect information about your customer or business. When the attacker accesses your DNS, they also have access to encryption certificates, which allows certain information to be decrypted. And unfortunately, since the certificate is valid, your users will receive no error warnings that the certificate is outdated, so they may feel safe putting in personal information.

How Can DNS Infrastructure Tampering Affect Your Business?

When an attacker tampers with your DNS infrastructure, they basically hi-jack your website. They can control incoming traffic, control where that traffic goes, and see personal information, such as names and credit card numbers. Unfortunately, if your page is hijacked, you have to tell your customers that their personal information may have been compromised, which reflects poorly on you. Your customers and clients expect you to keep your page safe for them, and if you fail to do so, it can be detrimental to your business.

How Can You Protect Your Business From DNS Infrastructure Tampering?

It can be difficult to determine if your DNS infrastructure has been tampered with unless you take the time to carefully review your DNS certificates. It is recommended that you take the time to audit your DNS records, change your DNS account passwords to more complex passwords and add multi-factor authentication to all of your DNS accounts. This should be done within 10 days, as the threat level for DNS infrastructure tampering is so high. This should also routinely be done in the future to ensure your DNS certificates have not been tampered with.

DNS infrastructure tampering can create a security threat to your business. It can negatively affect your business website, and any websites that those within your business frequently visit and interact with. Fortunately, there are steps you can take to help decrease the risk of DNS infrastructure tampering and protect your business. Having the right IT team in place and learning about security threats is imperative to keeping your business safe from threats at all times.

What are the Proposed Changes to NC’s Data Breach Laws?

North Carolina’s lawmakers will consider legislation first introduced by the Attorney General Josh Stein and Representative Jason Saine. The proposed law would redefine the term “data breach” and give companies 30 days to report breaches to consumers.

For healthcare providers, this reduces the HIPAA timeframe, which states that breach notifications must go out within 60 days. According to the proposal, this gives consumers additional time to freeze their credit and take steps to prevent identity theft.

The law extends the definition of a breach to include ransomware attacks – a big change for healthcare providers, who have been targeted by recent hackers.

How Do the Proposed Changes Give Consumers Greater Control?

Consumers gain a number of protections, including the following.

• Quicker notification. Receiving notification within 30 days, instead of 60, gives consumers a heads up so that they can take action to protect their credit and identity.
• Credit freeze. Consumers can place a temporary freeze on their credit reports to prevent hackers and thieves from opening unauthorized credit cards in their name.
• Credit monitoring. If a credit reporting company, such as Equifax, is breached, they have to provide four years of free credit reporting to impacted consumers. Other organizations that are breached have to provide two years of free credit reporting.
• Clarifies penalties. Businesses that fail to report breaches within 30 days will be in violation of the Unfair and Deceptive Trade Practices Act.

What Does This Mean for Consumers?

The bill expands consumers’ right to information about the breached data, as follows.

• Consent. A company seeking access to a person’s credit information would need that person to express their permission. The reason for the request has to be provided in writing.
• Right to request information. North Carolinians can ask the consumer reporting agency to give them a list of credit-related and non-credit information, its source, and the entity or person that received it.

Why is the State Considering the New Rules?

North Carolina hosts the headquarters of many credit card companies and financial institutions and the legislation follows a dramatic rise in breaches throughout the state. According to Health IT Security, 1.9 million North Carolina residents were compromised in 1,047 breaches in 2018. This was a 3.4 percent increase over 2017.

This is the second attempt to tighten privacy laws in the state. If this bill passes, North Carolina would join several other states that have passed similar laws to combat digital thieves. For example, Colorado passed legislation to shorten their breach notification to 30 days in 2017, and Iowa is proposing a 45-day deadline to notify consumers.

Is This Just Happening in North Carolina?

On the national front, lobbyists and some Congress members are also calling for more protection for consumers whose data has been compromised. For instance, the Information Technology and Innovation Fund has suggested scrapping the hodge-podge of privacy regulations, such as HIPAA, in favor of more unified federal privacy laws.

A major FaceTime bug discovered recently has left Apple device users skittish about yet another privacy concern and forced the tech giant to scramble for a fix for the issue.

For users of Macs or iPhones, understanding the FaceTime flaw and knowing how to disable the function are important steps until the issue is fully resolved.

What is the FaceTime Flaw?

The FaceTime flaw affects iPhone users running iOS 12.1 or later. Here’s how it works. Someone calls your number using the FaceTime feature. Before you pick up, the caller swipes up and adds their own number (or any number), creating a Group FaceTime interface.

At that point, the caller can hear all audio coming through your microphone — even if you never answered the call.

News of the glitch spread like wildfire over social media. Others discovered that taking further simple actions could give the caller access to video, too.

What Is Apple Doing About the Issue?

Within hours of broad disclosure of the issue, Apple disabled the servers controlling the Group FaceTime function. As of January 29, Apple’s system status page states that “Group FaceTime is temporarily unavailable.” The company has stated that a fix is likely in a few days.

The company had first introduced Group FaceTime in late 2018 for both Macs and iPhones.

What Should I Do About FaceTime on My Device?

Users may want to disable FaceTime on their iPhones or Mac computers. It’s a simple process for either device type.

For iPhones

1. Go to Settings .

2. Scroll to FaceTime. This feature is in the fifth section of settings along with other built-in apps like Phone, Messages and Maps. If you’re having trouble finding it, go to the top of the Settings screen and type FaceTime in the search bar.

3. Click on the FaceTime bar.

4. At the very top of the FaceTime settings, there’s a label marked FaceTime with a slider. If the green light is lit, FaceTime is activated on your phone. Slide the slider to the left to turn FaceTime off.

Note: When Apple releases an iOS update, install the update, go back to the FaceTime settings and slide the slider to the right to reactivate the feature.

For Macs

1. Launch the FaceTime App.

2. Select the FaceTime menu bar from the top-of-the-screen navigation.

3. Select Turn FaceTime Off. Command-K also turns the feature off.

Note: Once Apple releases a fix, turn the feature back on by launching the app and clicking the Turn On feature.

How Did This Happen?

It’s unclear how this flaw was included in the Group FaceTime release. However, the New York Times reported that a 14-year-old Arizona boy discovered the glitch on January 19, 2019, 9 days before it became widespread on January 28.

On January 20, the boy’s mother sent a video of the flaw to Apple, warning of a “major security flaw.” She heard nothing from Apple Support and began using other channels to try to get the company’s attention. She emailed and faxed information to the Apple security team. She posted alerts to both Twitter and Facebook. Five days later, on January 25, Apple’s product security team suggested she create a developer account and submit a formal bug report.

It appears that the company didn’t react until three days later when a developer reported the flaw and a 9to5mac.com article went viral.

Apple faced criticism for its brief and limited response, which stated the company “identified a fix that will be released in a software update later this week.” In an ironic twist, the bug went viral on January 28, which is international Data Privacy Day.

Two subscription-based software programs available from Microsoft are Office 365 and Microsoft 365, both developed for small to medium-sized businesses and even larger companies. There are some similarities and differences between the two to help you decide which one you need for your organization. For even larger organizations there is Microsoft Enterprise that may have some security features that smaller companies should consider.

Office 365 is a cloud service platform that offers familiar Microsoft products like Word, Excel, PowerPoint, and other services either online or on-premises through a subscription plan.

Microsoft 365 is an all-in-one bundle that includes the Office 365 Suite, Windows 10 Pro and Enterprise Mobility+Security for a complete, interconnected experience.

Office 365 Business: This is a subscription-based version of Microsoft Office and is designed for organizations with 300 users or less and includes, 1TB of storage, basic data and app security and device management capabilities using Microsoft Intune and the Office 365 Suite, that includes the following:

• Microsoft Outlook: Outlook is Microsoft’s personal information manager used mainly for email management. The program also includes a calendar task manager, contact manager, journal, note taking and web browsing.
• Microsoft Word: Word is Microsoft’s word-processing program designed for creating documents like letters and questionnaires, as well as basic desktop publishing for creating brochures, flyers, posters postcards, and more. Word includes many features that make it easy to create professional looking documents and archive them.
• Microsoft Excel: Excel is Microsoft’s spreadsheet program that allows users to organize, format and calculate data using formulas. It also features graphing tools and pivot tables. Excel uses a collection of “cells” arranged into rows and columns in order to organize and analyze data that can be displayed as charts, line graphs or histograms.
• Microsoft PowerPoint: PowerPoint is a presentation program where users can design multimedia slide presentations. PowerPoint allows the user to attractively arrange photos, images and other graphics.
• Microsoft Access: Access is a database management system that allows users to enter, organize and run reports on a large scale. It is used by larger teams and corporations with large amounts of data. Note: Access is only available for PCs, not Apple products.
• Microsoft Publisher: Publisher is an easy to use, basic desktop publishing program with extensive tools needed to produce layouts using images, typography and other graphics. Publisher is perfect for creating business cards, promotional flyers, invitations, greeting cards, calendars, and newsletters, to name a few. Note: Publisher is only available for PCs, not Apple products.
• Microsoft OneNote: OneNote is a program for taking notes, whether handwritten or typed, drawings, screen clippings and audio and sharing them with other OneNote users. It is meant as a free-form, collaborative program.

There are three tiers of Office 365 Business that include: Business, Business Premium and Business Essentials. Business is the basic level that offers desktop versions of all the office applications, file storage and sharing with one TB of OneDrive Storage. Business Premium and Business Essentials offer other services to not only organize your office but to nurture relationships, connect teams, and manage all aspects of your business. The subscription ranges from $8.25 per month per user for basic to $12.50 per month per user for premium.

Now moving on to Office 365 and what makes it different. Office 365 is an upgraded version of Office 365 Business that offers even more, especially in security. The main difference is all of the security features that are not available on Office 365 Business Premium. The following are Office 365’s security features:

• Provides business protection from unsafe attachments, suspicious links, attachment checking and scanning
• Provides information protection policies to help control and manage how information is accessed
• Provides controls to protect company data on personal mobile devices
• Provides archiving capabilities, data preservation and continuous data backup that is accessible from anywhere 24/7

Device management is another upgrade that is not available on Office 365 Business Premium. Subscribers will get upgraded to Windows 10 Pro from Windows 7, Windows 8 or Windows 8.1 Pro. There are also simplified controls to easily manage Windows 10 Pro PCs, self-service PC deployment with Windows AutoPilot and secure management for iOS, Android, Windows and MacOS devices.

The subscription fee is $20 per user (up to 300 users) per month.

Small-to-medium-sized businesses looking to transition to Office 365 need to buy Windows 10 Pro and then subscribe to a security service individually as well as making sure all of their users are properly connected and covered under the security subscription.

On the other hand, when transitioning to Microsoft 365 everything is integrated from the start. This makes it easier from a buying perspective and easier for end users to navigate. Deciding to subscribe to the entire Microsoft ecosystem from the beginning provides businesses the opportunity to have all the tools they need to successfully run their businesses.

There are many things to consider before deciding what is right for your organization. If you can answer, “yes” to the following questions, then Microsoft 365 Business may be for you:

• Are you a small to medium-sized business with under 300 users?
• Are the majority of your PCs not running Windows 10?
• Is your business behind in security and device management?

It is important to note that some of the Microsoft Enterprise E3 security features (the price is the same as Business Premium) may be right for your business needs.

Microsoft 365 has many features to offer businesses that haven’t transitioned to Microsoft Office 365 and need to get set up quickly. Microsoft 365 Business should be especially popular among new small to medium organizations that require a collaborative environment. For more information and guidance to research, compare and decide what is best for your business by referring to the following websites:

• Office 365 Business: http://products.office.com
• Microsoft 365 (includes video and guided tour): https://www.microsoft.com/en-US/microsoft-365/business#pmg-cmp-desktop
• Office 365 Enterprise: http://products.office.com/en-us/business/compare-more-office-365-for-business-plans
• Additional Questions: Email: {email}.