Is The U.S. Government Planning A Special Tax On Paper Waste?

Do you use 800 million pounds of paper each year? That’s the latest estimate for the average professional – and nearly 20% ends up in landfills. Would your habits change if you were taxed on paper consumption?

Paper Waste

The use of paper to record thoughts, plans, transactions, agreements, or anything at all, is nothing new. Ancient Egyptians invented the earliest known type of “paper”, named papyrus from the plant which the material was created. The more modern forms of paper are likely created from a process similar to that invented by the Chinese, who remain the leading paper manufacturers today.

The ability to document everything from knowledge and information to financial transactions and taxes brought the foundation of the technological era – though not quite as we see it today. For the first time in history, accountability no longer relied on memory or spoken word, but the origin of the “paper trail” concept.

One of the earliest modern ways we’ve found to scale back paper use is the predecessor to the smartphone, the personal digital assistant (PDA), like the Palm Pilot. Migrating from paper planners to a handheld organizer enabled professionals to have easy calendar access, along with a variety of other resources like the Internet and telephone.

  • Would it surprise you to know that the first person to coin the phrase “PDA” was a former Apple CEO, John Sculley?

The intended purpose of technology is to improve our lives and simplify our tasks. For example, email was designed, in part, to expedite communication in a cost-efficient manner. Written communication that previously took more than a week to deliver via U.S. mail with the added cost of a postage stamp and envelope – also relying on the correct mailing address of the recipient – was now nearly free and instantaneous. The fax machine was intended to serve this same purpose of timely delivery, but still involved paper waste. In fact, fax machines created a unique problem: the sender had to have a print copy to scan and fax, and the recipient thus received a paper copy of the message. In the case of email, technology should decrease the use of paper, and successfully has.

The average professional has indeed cut back on paper use. Statistics vary, but no matter how you look at it, we consume far too much paper for the amount of technology we have at our disposal. Notice the word “consume”? The sad reality is that not all consumed paper is used. Have you ever visited a print station only to have to dig through sheets to find the printed document(s) you’re looking for? How many times do you see the same sheets that never get picked up?

  • Every year, organizations look to trim costs from their budget in unique ways, but rarely are paper costs fully considered. It’s estimated that U.S. companies spend $120 million annually on printed documents – a number that can, and should, easily be reduced.

Companies like Microsoft are trying to facilitate less paper consumption, and therefore, less waste. From online storage with Microsoft OneDrive or SharePoint, where users can store, share, and access files from anywhere without needing to produce paper copies, to collaborative software solutions like Microsoft Teams or Microsoft Project which help groups jointly communicate in real time, modern solutions are geared toward less paper consumption.

One industry where paper consumption has significantly decreased in recent years is the medical field. Patient charts used to be entirely paper, including test results, office visit notes, and full patient history. For large medical practices, this involves a lot of expensive real estate for a physical item that isn’t often used. The movement toward electronic health records is more efficient in every way: cost savings for less paper and less space taken, easy to share and access from anywhere, and less chance of a test result or document getting lost or damaged.

Banking is another industry to vie for the record of worst offender in terms of paper consumption. Between lending for auto purchases or mortgages and account statements, banks recognize the high-consumption of paper and have (slowly) been moving toward online signatures, email statements, and digital records.

Even major metropolitan areas are jumping on the “green” bandwagon. Bike lanes are being rolled out in cities across the country. Mass transit light rail systems are being installed and adopted for easy navigation and decreasing carbon footprints and toxic emissions. On the smaller scale, but no less important, it’s becoming more common for consumers to be emailed a receipt at a point of purchase, rather than have a paper receipt printed at the time of transaction. Most cities have designated locations to return printer ink cartridges for recycling to help cut down on waste.

  • Commonly purchased with large print workstations are service agreements to maintain the printer. Rather than a set cost, these agreements are based on use and consumption, with fees for black-and-white documents ranging from 5¢ to 12¢ on average, and color documents ranging from triple to more than five times the cost of black-and-white fees. By comparison, cloud storage costs are far more economical!

So, what can you do to help cut down on paper waste, thereby cutting costs for your company?

  • Evaluate who uses a printer at your organization and for what purposes.
  • Determine if your printer(s) are the most efficient available, and if they are maintained for efficiency.
  • Monitor overall usage, and then assess how usage can be decreased.

There are so many ways technology can help decrease print usage and costs, and here are a few to get started:

  • Cloud storage
    • This cannot be stated enough. Moving file storage to the cloud is a big leap, but can save you time and money.
    • No more file cabinets taking up real estate.
    • Documents are easier to find, access, and share from anywhere.
  • Reusable notebooks
    • Do you or your team still prefer to take handwritten notes? Using a smart notebook like the Rocketbook Wave propels your note-taking into the next century. Once captured, notes can be shared to the cloud using your smartphone. Once the notebook is full, a quick run in the microwave and it’s empty to use again!
  • Collaborative platforms
    • We mentioned Microsoft Teams already, but there are countless options available. From Slack to Basecamp, most offer users a similar feature base intended to encourage digital collaboration and eliminate paper waste.

It’s not unheard of to offer incentives to decrease waste, but the greatest incentive is decreasing costs for the organization resulting in increased revenue – and hopefully increased salaries! Decreased paper waste shouldn’t have to rely on staff incentives – and hopefully, it won’t come to taxation, but you never know…so let’s get ahead of the game and help ourselves while helping the planet. Saving two kinds of green – money and Mother Earth – with one effort!

Is Your Company Compliant with California’s “Shine the Light” Law?

Recently, several big class-action lawsuits have been filed in California over whether adequate notices are being given to consumers when their personal information is sold. With the major controversy surrounding Facebook and the use of its users’ personal information during the 2016 presidential campaign, the public has become more aware and informed about this topic.

California Shining the Light

A recent Newsweek article reports that data brokers typically try to stay below the radar so as not to draw attention to what they do for a living. This may be partly responsible for the fact that over half of all Canadians and Americans say that they do not know exactly what happens when they give their name, address, phone number and email address to a website or company.

Recent lawsuits use California’s Shine the Light Law (S.B.27) to object to how these marketing companies use all our data. The lawsuits allege:

“The company failed to properly identify a method for obtaining a disclosure as to how the company shares its customer’s personal information.”

With the publicity surrounding these lawsuits, other consumers are taking notice and filing their own suits, many of them class-action suits. Before deciding whether to file or not, it’s important to know exactly what S.B.27 is and how it works.

Overview of S.B. 27

According to S.B. 27, certain companies must disclose how they share their customer’s information each time a customer asks for it. Each time a company receives a request from a customer wanting to know how the company has shared their information with marketers, they must provide the information. This only covers the previous twelve months. In addition, S.B. 27 only allows consumers to make these requests in cases where the customer was not given access to the company’s privacy policies containing opt-out notices.

In order to be compliant with S.B.27, a company must create a privacy policy that includes opt-out rights, and provide that to their customers in an acceptable manner. It’s important for the consumer to fully understand the privacy notice and how they should proceed with opting out if desired. Many consumers are claiming that they were not notified about how their personal information is being used and who it is being sold to.

Who must comply?

Not all businesses must meet the terms of S.B. 27. Those affected will have these four things in common:

  1. 20 or more employees
  2. Business relationships with customers in California
  3. Have in the past, shared a customer’s personal info with other companies for the purpose of marketing
  4. The incident must have taken place within the previous calendar year

There are some businesses who are exempt from the bill’s requirements. These include:

  • Financial organizations subject to certain provisions of S.B. 1, the California Financial Information Privacy Act.
  • Those administering business-related disclosures to third parties. For instance, administrative or customer service personnel who do not use the information for their own direct marketing needs.

Rights of each individual under S.B. 27

Consumers have the right to be notified by the business using a designated contact method such as email, phone, and regular mail. In the notification, the company should outline how it shares the personal information of its customers with other businesses for the purposes of direct marketing.

Notifications can be completed in any one of several ways:

  • A customer service representative from the company may contact customers who request this and go over their full policy for sharing customer personal data with third-party marketers.
  • Customers may view the company’s privacy policy by visiting a store or branch and asking to see it.
  • Customers may be directed to view the privacy policy statement by visiting the company’s website. The website must clearly show a link to “Your Privacy Rights” or “Your California Privacy Rights”. The privacy notice can be posted on the company’s website or on another web page that includes all this information. The disclosure must include wording that clearly indicates that the information is being given at no cost and is updated regularly with any changes to the law.

Consumers also have the right to request the following information each year from any California company they do business with:

  • Customers can contact the company to find out whether they implement and comply with S.B. 27.
  • Customers can request information about how to opt-in or opt-out of information sharing. The company is then responsible to notify the customer free of charge and in writing about opting in or out of sharing personal information.
  • There are additional requirements for a business that does not provide their consumers with the opt-in and opt-out information. This information must also be provided free of charge in writing or by email.

Companies are required to go into some detail about exactly what customer information they are sharing. They must provide:

  • Names and addresses of all third parties that obtained personal information during the preceding year from the business for direct marketing purposes.
  • Exactly what information they shared, i.e., the customer’s name, address, phone number, birth date, etc.
  • They must ensure that the customer understands what type of business they’re private info has been sold to. For instance, in cases where an individual might not readily recognize the business name, the company must provide examples of the types of products and services the third party vendor sells.

For those who wish to contact one or more companies to ask about how their personal information is being used, the Privacy Rights Clearinghouse has drafted a letter that can be used to request this information from any company.

The Penalties for Failing to Comply

There are legal remedies provided under the law when S.B. 27 is not properly followed. If a company fails to respond to a disclosure request, the customer is entitled to recover a civil penalty of up to $500 per violation. If the court decides that the company was willful, reckless or intentional in not adhering to S.B. 27, those filing lawsuits may be able to get $3,000 per incident. In some cases, the plaintiff’s attorney fees are also included in the award. A suit should be filed within 90 days of learning that an individual’s personal information was bought or sold without the person’s knowledge.

A Lawyer’s Guide To Preventing Technology Headaches

Downtime, compromised data, security breaches, and slow-running technology cause big headaches for today’s attorneys. After all, time is money, especially if you work under a billable-hours system.

You can’t afford to sit idle when technology doesn’t work. If your competitors use today’s more efficient IT solutions, they’ll blow right past you and take your clients away. Or worse, your counterparts will win your cases, and your reputation will suffer.

Lawyer Technology Headaches

Technology helps you carry out essential tasks, exercise professional judgment, engage with and represent clients, provide advice and settle key commercial dealings. If you view technology as an opportunity rather than a threat, your firm will prosper, and reap the rewards from your efforts. If you don’t, you’ll fall behind the competition.

You use technology now more than ever – at least you should be doing so. Today’s technology is invaluable, and with time, it will become even more so. In the past, the legal profession lagged behind others with the adoption of new technology. They relied on law books and paper documents, but no longer.

Law offices like yours are now embracing new technology. Just like other businesses, you need to streamline services to save time and process information with technology like electronic case organization, electronic spreadsheets, databases, word processing, legal research software, presentation applications and e-billing software.

However, along with the benefits technology provides, come challenges.

Failed backups, slow running email, application problems and operating system crashes create headaches that set up barriers to your success.

Downtime is a threat. Downtime will result in a major loss of productivity. You can’t afford to be presented with server failures, poor system performance, accidental file deletion, a software application that crashes. Without the data access, you and your employees can do your jobs. Money goes out the window, and you can’t meet your deadlines.

Data security is an issue. Client confidentiality is your most important duty. But with hackers and outsiders who want to infiltrate your technology for their own legal purposes, your technology landscape will be like a minefield unless it’s properly protected. If your clients confidential is stolen, you’ll face penalties, fines, and possibly civil prosecution. You can’t take this chance.

THE ANSWER IS TO CONTRACT WITH THE RIGHT TECHNOLOGY SERVICES PROVIDER

To prevent IT headaches, you need the service and support from an IT Provider who knows about the Line of Business (LOB) applications you use. One who understands your billing systems, document management, PCLaw, Worldox and other technologies that ensure your efficient operations.

The right provider can ensure these seamlessly incorporate with other applications you use like Microsoft Office or Office 365. When you have the expertise from a Technology Solutions Provider (TSP) who truly understands your needs you can effectively leverage these powerful tools.

Look for a TSP who has been serving the needs of law firms and corporate legal departments for years. One who can cover a broad range of technology requirements through both professional services and managed IT services and that can grasp the complexities your law firm faces. They should be able to help you avoid IT headaches when automating routine legal transactions, sharing documents and work processes, deploying mobility solutions and capitalizing on tools like electronic data discovery.

Your law practice requires a complete technology management solution including data protection and proactive monitoring of all key functions on your network, servers, and workstations. Plus, you should insist upon a fixed-cost solution and predictable IT budgeting. Just as your attorneys are committed to your clients’ success, your TSP must be dedicated to making you successful and view themselves as partners, and an extension of your practice.

Your TSP should be adept at:

Cloud Technologies that improve your productivity, efficiencies, and security. With our cloud solutions you can eliminate the cost of paper, the hassle of sifting through files, store massive amounts of information (Big Data), share important files in real time, and secure your clients’ information offsite in our high-security data centers.

Case Management Software that brings your staff’s desktop calendars, contacts, filing system, and task-management solutions together in one package. This helps you and your employees better organize, manage deadlines, retrieve client information, and coordinate communications. In addition, case management software provides you the proactive advice you need to effectively manage your law practice and feedback on how you’re progressing.

Financial Management Software to help you manage your billable hours, design short- and long-term financial plans, and budget your expenses effectively. They should be able to train your employees on Financial Management Software specifically designed for law firms.

THE WORST HEADACHES RESULT FROM IT SECURITY BREACHES

Data breaches are increasing exponentially. Cyber mafias have set up in towns like yours and operating from legitimate-looking offices. Hackers are no longer kids in their parents’ basement working on a few computers. Cybercrime is an international and sophisticated business with cartels operating around the globe.

Your data is valuable, and your law firm is a target. You need the expertise of a TSP who stays up to date on the latest threats. It’s imperative that you protect client and case information. But IT security best practices change rapidly, and law firms often find themselves falling behind the IT security curve. If you do, your firm is at risk for viruses, network vulnerabilities, or data breaches. This results in more than a headache; now you’re looking at a migraine.

Criminals have many ways of stealing your data.

Internet Exploits

Your employees use connected devices to interact with, track, monitor, and simplify just about every area of their work and personal lives. However, these technologies also provide access to sensitive, confidential information, and present a wide variety of new security issues for attackers to exploit.

Third-Party Attacks

Cybercriminals have learned that contractors and other third-party providers aren’t as secure as large vendors, and lower security provides a pathway into otherwise-secured networks. Examine who can connect to your network and access confidential information, even if you believe appropriate security measures are in place.

Social Media Attacks

Social media presents two main security headaches:

  1. A website you visit or service you use can be infected with malware that spreads until your network is ripe for a data breach. Malicious social media content is expected to grow 400 percent, as attackers continue to distribute their malware and steal client data.
  2. A determined hacker or team can scrape social media sites to assemble a surprising amount of personal data very quickly. This data can be used to social engineer an attack.

Social Engineering Attacks

Human nature is easily the weakest link in any security chain. Was that really a utility company employee you held the door for this morning? Are your office painters propping open a secure door to make their task easier? Did your receptionist just give all of your and her passwords to someone who called, claiming to be from tech support on another floor? Will your colleague’s curiosity cause him to insert the USB key he “found” in the parking lot into his computer?

Mobile Malware Threats

Security experts have been warning us about mobile malware threats for a long time, and users have grown immune to these warnings. Mobile device use is increasing as is the sophistication of attacks. At the risk of being the boy who cried, “Wolf,” every year a major mobile malware attack is now more likely to occur. Attackers typically select the greatest number of potential victims. So, they will target mobile devices, specifically Android and jailbroken iOS devices.

Sophisticated DDoS Attacks

Distributed Denial-of-Service attacks don’t directly steal your information. Instead, they overwhelm your site or service with so much traffic that it prevents legitimate users from connecting. These attacks have evolved beyond simple flooding of traffic. They probe and then morph, based on the defenses in place on your network. Such advanced and sophisticated attacks can seriously impair your law firm’s operations.

TO PREVENT THESE SECURITY HEADACHES YOU NEED A SECURITY PLATFORM WITH REMOTE ACCESS MONITORING AND A RELIABLE BACKUP AND DISASTER-RECOVERY SOLUTION

Make sure your Technology Solution Provider implements innovative, up-to-date security measures to protect your law practice against intruders, malware threats, and disasters. And make sure they can do the following.

Ensure:

  • You comply with legal and confidentiality requirements when using technology.
  • You use appropriate technical means to minimize the risk of disclosure, discovery, or interception of communications.
  • Data and email are encrypted to protect your sensitive information.
  • You adopt management practices that offer protection against disclosure or discovery of electronically transmitted l messages.

Prevent:

  • Unauthorized access to your electronic data.
  • Computer viruses from damaging your data.
  • Natural or manmade disasters from affecting your IT operations.

Confirm:

  • Your files are reliably backed up and recoverable.
  • Both offsite and onsite data backups are maintained.
  • Data is restorable by performing ongoing testing.

Provide:

  • Systems Analysis
  • Mobile Device Management
  • Up-to-Date Security Solutions
  • User Support and Training

Your TSP should implement a security platform with multiple layers of protection, and 24/7 remote monitoring to detect infections and intrusions and block them before they and get in and steal or hold your data hostage. Many law firms are unaware that this goes on. Your TSP will keep you informed and train your staff to recognize threats, so you know what to do if one comes across your computer screen.

Your very most basic security solution should include barriers with virus and malware detection at the firewall level, and with DNS (Domain Name Server) controls to ensure your users don’t visit hijacked websites. Your employees should also practice two-factor authentication access to prevent criminals from getting into your network.

Nothing is more important than protecting the information on your network and the peace of mind that comes from knowing that you can fully recover if a disaster hits your firm. Your TSP must ensure your business continuity and disaster recovery solutions will meet your objectives and implement a robust backup and secure off-site replication solution.

While computer systems can easily be replaced, the intellectual property and sensitive information stored on those systems cannot. Computer hard drives can fail, laptops can be stolen or lost, and data can be erased due to human error or viruses. It’s important for your firm to have a backup system, to keep data safe and avoid data loss.

Ask your TSP if they employ system virtualization and a private cloud with a fully redundant system that can be replicated across multiple data centers. If your data is compromised or damaged, a new clone of your system and data can be spun up with a new fresh image in a manner of seconds.

Be sure your Technology Solutions Provider used an Intrusion Detection System. This will catch anything that may have bypassed your firewall. They can either be used to catch a break-in attempt in progress or to detect one after the fact. In the latter case, it’s too late to prevent any damage, but at least you’ll be aware of the problem.

If an intruder gets into your system, the first thing they typically do is install a “rootkit.” A rootkit is a script or set of scripts that can make changes to your IT system and hide in common system utilities. They function in the background without you knowing they are there. Criminals can easily obtain these on the Internet. This one reason why you must have reliable backups of your entire IT system. If rootkits are discovered, you’ll need to re-install your system and data and start from scratch.

Your mobile devices also need monitoring and management. If a phone or laptop is stolen, you must be able to remotely wipe your confidential data. Mobile Device Management also prevents disgruntled employees from leaving with your confidential or proprietary data.

Your TSP should also employ encryption to protect your confidential data. They should encrypt both your emails and data to ensure the security of information. Encryption can protect your data at rest, such as on laptops or portable servers, as well as data in motion, such as over wireless networks or the Internet.

One of the most overlooked security aspects in law firms is their archiving and retention policies regarding email and data. You are accountable for instituting

and employing a strategy that details the duration for which your client data and emails will be stored and deleted. Make sure your TSP can implement automated solutions to handle this for you.

IN CONCLUSION

You understand the unique challenges and technology demands your law firm faces. Whether your IT headaches come from the security risks of handling and storing confidential information, or the difficulties from keeping up with new, innovative Line of Business Solutions, you need a Technology Solutions Provider who can ease your struggles and your IT headaches.

Got Tricky Data? Try Excel Magic Tricks!

Got data? Then you’ve got needs – the need to make your data make sense. Microsoft Excel has amazing built-in magic tricks, and all it takes is just a few clicks!

Microsoft Excel

Information is important. Information is critical. Information is what keeps the world moving. Life can depend on having the right information – especially the life of a business. Information is the lifeline for the professional world.

If you think we’re overestimating the value of information, try not being able to access what you need when you need it. There is a reason data is such big business today. Data storage and protection of stored data have become a $30 billion industry, with several large players in the game, including Microsoft and Amazon. Growth is expected to explode in the next five years, to nearly $100 billion by 2022. Brands have embraced the flexibility of cloud data storage with its scalability and efficiency.

The growth of cloud storage is two-fold: brands are recognizing the ease of storing data off-site, and the cost efficiency of increasing storage needs over time due to their own growth. An invisible bonus is the decreased need for in-house redundancy, with data back-ups taking more space on servers and requiring staff to oversee these processes. What do we mean by “in-house redundancy”? We’re talking about how critical data is to the success of organizations, small and large. Think about your data – your information. If your data suddenly disappeared, how long would you be able to continue normal operations? Yes, you could revert to the most recent data back-up with minimal impact – hopefully – but there is also the question of how the data loss occurred. But these are considerations better left for your cybersecurity team.

Back to your data – your information. You need your data. Your data gives you great insights into your brand performance, your customer base, your revenue, and your operational details. But how do you make sense of your raw data? If your information is stored in a Customer Relationship Management (CRM) software solution, you likely already have custom reports established to give you the details you need. These CRM solutions are often expensive and require further customization to get the details you need in a way that is meaningful to you and your organization. Not very helpful, is it?

  • A Customer Relationship Management (CRM) software solution allows for the continual data analysis to improve customer relationships and provide the insights needed for customer retention and revenue growth.
  • A CRM often pulls data from multiple sources to compile reports, like a company’s website or site analytics account for traffic metrics, various marketing efforts like direct mail or email campaigns, or even inbound marketing campaigns to measure response rates, and even social media profiles. All of this may be incredibly helpful, or it may be presented in a way that doesn’t have the right information and meaning that you are looking for to gain particular insights.

Don’t overlook the basics!

Microsoft Excel is a fantastic tool for data references and building tables to find deeper meaning from your data. Microsoft Excel helps you take raw data and organize your information in a way that holds meaning for you. You want to manipulate your data so that you can get helpful insights from the information within. For example, you’d like to identify the group of customers that purchased or canceled with your business within a certain date range. You may be able to customize a report somehow from another platform, like a CRM, but if you either do not have one of these costly software solutions, or just need this information quickly and want to avoid the time it may take to set up a custom report for these details, Microsoft Excel is the perfect solution for this purpose.

Data presentation is rarely perfect for your needs – without that costly and time-consuming customized reporting solution we mentioned earlier. A couple of quick keystrokes can help you get what you need in Microsoft Excel. For example, if you need to quickly ascertain the number of customers who purchased or canceled service within a set month and year, you have multiple options in Microsoft Excel.

First, your raw data probably isn’t formatted how you need it to be. What can you do?

  • Text to columns feature:
    • In Microsoft Excel, users have the opportunity to import data in a comma separated values file, a CSV, and then use this feature to separate the information into clean column format.
    • If your data is somewhat clean and consistent, this is one option. Otherwise, this is going to be manual and laborious.
  • How are your VBA coding sills? Can you write a macro? This seems like overkill, but it’s one way to get your raw data into an organized format. If you’re going to put this kind of time into your data, you may as well consider the customized reporting features we discussed earlier.
  • Sort and count manually
    • This is the least desirable option, as it’s the most manual and will take you the longest – isn’t the goal of technology to improve our lives and increase efficiency and productivity?

So, let’s look at our realistic option:

The super handy formula bar in Microsoft Excel is your best friend here. Follow these steps to get the magic number you need using this “magic trick” in Microsoft Excel.

Step 1: Ensure the date column is formatted properly. Excel defaults to a standard presentation for dates: MM/DD/YY. If your dates vary in presentation, this is an easy step that will save you a headache in later steps!

Step 2: Sort, or don’t sort. This is the magic of Microsoft Excel!

Step 3: A wonderful tool called the COUNTIFS formula is our best friend here. Using this specific example, if we’re looking at a specified data column in B, rows B1 through B50, and the date range is the month of April 2018, we can use this formula:

=COUNTIFS(B1:B50, “>04/01/2018″,B1:B50,”<04/30/2018”)

What this formula does is tell the spreadsheet to return the total number – not the specific rows or cells, mind you – of rows that include customers that are within the date range at you are looking.

Users will either need to update the cell range for the total count (“B1:B50”) or the date range (“04/01/2018” and “04/30/2018”) to update the total count.

  • If users will need to reflect on this data more often than just once, we recommend users set up a separate tab or sheet within the file for each month, even if the full data is the same, to simplify the process. This will help users compare months at a quick glance.

There you have it.

Quick note: adding more rows, etc., and this count will update accordingly and automatically. Also, sorting won’t impact the formula, just the display.

Microsoft Excel has a huge number of neat little magic tricks designed to help users – and it just takes a bit of manipulation to make your data “talk” to you and tell you what you need to know.

How Outsourcing Your Technical Service & Support Can Reduce Your TCO

You may think that your technical support and service costs will increase as your organization grows in size and scope. But this doesn’t have to be the case. Most small and mid-sized businesses no longer need to employ dedicated techs or pay for the benefits and management costs that come along with employing them. Today’s Technology Solution Providers (TSP) have the expertise and tools required to provide technical service and support on a 24/7 basis. But when looking for a TSP, search for one that will act as a partner when it comes to your technology planning. A true partner considers the benefit-to-cost ratio and TCO when choosing what you need.

Total Cost of Ownership

Selecting the Right Technical Service, Support and Solutions Can Be a Balancing Act.

As your business relies more on technology for your daily operations, you can’t afford downtime that halts your productivity or the lost revenue that comes along with it. Because of this, you shouldn’t take shortcuts when it comes to choosing the quality and up-to-date technology solutions that you need to do your job. But just the same, you must consider your budgetary requirements when determining what to invest in. This is difficult to do on your own as technology is changing so rapidly. The answer is to find the right TSP –one who will get to know your business, help you decide what technology assets you require and determine if you will get a positive return from them.

This a fine balancing act. You must use the right solutions to handle your workload, but you must also stay within your budget. Only an experienced and knowledgeable Technology Solutions Provider can provide the strategic expertise required to find this balance. If they don’t know what you’re talking about when you recite TCO, then it’s time to find another provider. As you know, TCO refers to the total cost of ownership. A TSP who has experience in strategic planning can apply this principle when helping you select your IT assets and services.

TCO (Total Cost of Ownership)

Your IT environment is one of your most important business investments. It’s also one of the most expensive and unpredictable. This is where TCO for your technology becomes an important part of your budgetary planning. The total cost of ownership is a financial estimate that helps you determine the direct and indirect costs of a product or system.

TCO for your technology assets is calculated by dividing the cost avoidance and reduction that you realize over a specified period of time by the amount you invest over that same period of time. Total Cost of Ownership typically relates to four categories:

  1. Downtime
  2. Computing Costs
  3. Data Storage
  4. Business Administration

The Cost of Downtime

The cost of downtime is dependent on a number of areas. Monetary losses vary and are dependent on your revenue, industry, the actual duration of the outage, the number of people impacted, the time of day, and more. The cost of downtime is usually higher for businesses that rely on high-level data transactions, like banks and online retailers. And, if you experience an unplanned downtime during peak business hours, your costs will be higher. To keep it simple, calculate how much it costs your business when your employees can’t access the technology they need to do their jobs. This should include every dollar you’d lose to server downtime including hidden costs like clients leaving your business for another one, and the amount you have to pay employees when they can’t perform their duties due to downed technology.

Computing Costs

This isn’t so difficult to calculate. It’s the price you pay for things like:

  • Computers and servers,
  • Applications and Software as a Service (SaaS) subscriptions,
  • IT Maintenance,
  • Employee training on hardware, software, and IT security awareness,
  • Software and Hardware Upgrades,
  • Cyber Security solutions like antivirus and antimalware or Security as a Service (SecaaS),
  • Cloud Solutions,
  • Contracted technical support and service and more–Anything that’s related to computing.

Data Storage Costs

This would include your costs for network and storage infrastructure, server configuration and deployment, power and cooling costs for data centers, and administrative costs for data backup and recovery capabilities.

Business Administrative Costs

This would be anything that impacts your daily business functions including labor, vendor contracts, procurement processes, accounting costs, and other overhead costs related to your IT operations.

Re-Evaluate Your Current Approach to Technical Service and Support.

Small and mid-sized businesses (SMBs) are typically understaffed when it comes to technical service and support. They don’t have the money to hire in-house techs, nor can they find the talent they need. Many SMBs operate in a reactionary way rather than the preferred proactive technical service and support model because they fear that contracting to a TSP will cost too much money. This is just the opposite. If you simply calculate your TCO for your technology as we explained above, you’ll realize that you have a lot to protect. Downtime alone can cost you your business if it lasts more than a few days.

With the ever-changing technology landscape and sophisticated cyber mafias cropping up, your business is at an increased risk of downtime, breaches and data loss without the right approach to technology. Unfortunately, your CFO or CIO might tell you that the only solution is to hire more IT staff. This just isn’t the way to go for a variety of reasons:

  • IT talent is hard to find.
  • If you do find them, you have to ensure they are continually trained and certified on new platforms, security solutions, software, and hardware.
  • They cost more to hire and employ than outsourcing to a TSP.
  • You have to manage them. If you don’t have a CIO who understands everything they do, how are you going to know if they are doing what they should?
  • Turnover will be high because many techs use their employment at a small business as a stepping stone to a higher position.
  • The recruitment search and costs, along with the time you must invest to find new techs is unsustainable for small businesses.
  • If you don’t have the IT support you need, you’ll be dealing with increased downtime and IT failures.

Labor is the most expensive element when it comes to technical services and support. A break-fix model is labor intensive and increases your costs. This no longer is a factor when using a TSP who provides managed IT services. Your best move is to turn your IT management over to a TSP. By doing so, you can better gauge your technology needs while keeping costs down. Experienced Technology Service Professionals can help you use new tools that reduce costs by automating many labor-intensive tasks.

If you do some simple calculations, you’ll realize how much more expensive an in-house tech is than outsourcing to a TSP. An in-house network administrator can cost you upwards of $60,000 a year. Then you’ll have the added expense of employee benefits like Social Security contributions, workman’s compensation insurance, health insurance, vacation time and sick leave. In addition, there’s always the ongoing certifications you’ll have to pay for. Plus, you’ll have the costs associated with additional benefits like health insurance, social security contributions, vacation days and sick leave. Now, this one network administrator costs you more than $100,000 a year. Then there’s the required 3.5% raises that they’ll demand each year and the ever-increasing healthcare insurance costs. One network administrator can cost you more than $100k a year.

Here’s something else to add into your calculations. Recent studies have shown that close to 40% of all IT failures are caused by errors made by in-house IT staff and that they will spend up to 50% of their time detecting and remediating these errors. Once again, you’re looking at a reactive rather than proactive approach to technical service and support when you use onsite technicians. You can see how relying on them increases your TCO.

If your CFO suggests you use an outside tech service on an as-needed basis, you’re also looking at a poor TCO. The term for this is “break-fix,” and it can be an expensive proposition. Plus, it can take anywhere from 24 to 48 hours for one of these techs to visit your site. You won’t be high on their priority list because they’ll be serving their Managed Service clients first. Imagine going more than two days without your technology. This can set some businesses back for weeks, not to mention the angry customers they must deal with.

The Way to Lower Your TCO is to Outsource Your IT Management to a TSP.

The right Technology Solution Provider will put considerable effort into understanding your operational and

business needs. With this knowledge, they will develop and deliver a set of specific cost-effective services that align technology with your goals. This will increase your system reliability, your organization’s business continuity, staff productivity and, ultimately customer satisfaction.

The right TSP will align your technology with your organizational goals. They will ensure your technology provides a greater ROI (Return on Investment) and decreased TCO. They do this by streamlining costs, increasing your productivity and revenue, and avoiding expensive onsite IT fees for replacement or repairs.

When you outsource your technical service and support to a Technology Solutions Provider you’ll have:

  • Immediate access to a team of IT professionals who have a depth and breadth of knowledge and experience in the latest technology solutions. You could never afford this amount of expertise with in-house techs.
  • Around-the-clock technical support with remote monitoring of your network, so you can get your IT system up and running if there’s an issue. With remote monitoring, issues can be averted before they cause downtime.
  • A team of certified professionals with the knowledge that can save you time when implementing new projects.
  • Cyber Security experts who can mitigate security risks and compliance problems that result in penalties, liability and your credibility with customers. Plus, they have the expertise to conduct security awareness training for your employees, and they will know about the newest exploits to beware of.

TSPs offer an IT management model that saves you in labor costs and downtime. They do this with:

  • Remote Desktop Management and Support
  • Monitoring of Network/Operating System and Alerts
  • Updates for Anti-Virus Software
  • Backup and Disaster-Recovery Solutions
  • Application of critical Patches and Software Updates
  • Resource Availability of Best-In-Class IT Solutions scaled to your needs.
  • Audits of Computer/Network/Software
  • Enforcement of Network Cyber Security Policies
  • Mobile Data Management and Monitoring

One of the biggest advantages of outsourcing your IT services to a TSP is that they remove the unplanned costs that many small businesses deal with. Instead, they offer a fixed monthly fee for the services they provide. Plus, you and your staff can focus on your core responsibilities– You won’t be distracted by IT issues.

The technology nonprofit CompTIA surveyed 400 businesses that outsourced their IT needs to a Technology Services Provider. Of these businesses, 96% reported saving a substantial amount annually — 184 realized cost reductions of 25% or more, and 58 over 50% reduced costs.

Your TSP Can Save You Money and Increase Productivity and Security with Virtualization and Cloud Computing.

Be sure to ask your TSP for today’s “new” managed IT services–Virtualization and Cloud Computing. Other SMBs have found that new technology innovations like virtualization and the Cloud is the way to lower their TCO and save money.

With virtualization, your TSP creates virtual resources such as servers, operating systems, workstations, storage systems or networks. Virtualization is more cost-effective than using traditional methods. It also allows you to scale your services up or down as your company grows or decreases in size. Many seasonal businesses benefit from this as they don’t have to continue paying for services they don’t use.

Cloud computing provides services, such as software platforms, storage, and servers over the Internet. It provides SMBs storage and business processes that were previously only available to large enterprises. Information is available via a central web-based data center to anyone with a computing device and the proper login credentials. And, with cloud computing, you can sync your business data to your users’ connected devices in real time for enhanced productivity, collaboration and mobility.

Virtualization and cloud computing provide a lower TCO and a more cost-effective way of using technology. They also provide business continuity with increased data security, recoverability and the ability to access your IT environment from anywhere you have an Internet connection.

According to studies by VMWare (a cloud and virtualization software and services company), businesses that implement virtualization have reduced their total cost of ownership for IT operations by

up to 67%. The right Technology Service Provider can show you how to maximize your server resources, improve your overall IT performance, enhance your cyber security, do more with less, and, ultimately, save you money.

The following are some of the benefits of virtualization:

Virtualization will save you money. Virtualization lowers your technology and energy costs. You’ll need fewer servers, networking gear, racks, and hardware. Your maintenance, heating, cooling, and energy costs are all reduced. Plus, instead of purchasing new equipment, you simply add a new virtual server when you need more storage space for your data and IT solutions.

You’ll have more storage and faster application deployment. Server virtualization isolates applications, so you no longer need to worry about incompatibilities. You’ll realize improved application performance, with much faster provisioning. Virtualization also allows you to fully utilize your physical servers and set up virtual machines with the precise amount of memory and storage you require.

Your business continuity and disaster recovery will be improved. With virtualization, your data can be migrated to another server when you need to perform repairs or specific tasks. This way you don’t need to shut down servers, so downtime is no longer an issue. Your data is always available, even if a server is shut down — so business continuity is greatly enhanced. Virtualization’s single-system image also makes recovery painless.

You can easily transition to the Cloud. If you’re considering moving data to the cloud, the process is a lot less complex with virtualization. The data stored on virtualized servers is already free of hardware, so making the transition to a public or private cloud is simple.

You can do more with less. Virtualization allows you to virtualize your entire network or just specific aspects of it, so you can simplify business operations and promote efficiencies. You can do more with less because virtualization allows you to accomplish more with fewer servers.

Your cybersecurity will be improved. Virtualization can combine features with security functions to streamline your security operations. With automated provisioning and sharing across both virtual and physical security platforms, virtualization can enhance your cyber security without sacrificing performance.

As business owners and managers realize the cost-saving factors associated with cloud computing and virtualization, they are re-evaluating their IT strategy when allocating money for technical services and support. They’re now seeing that outsourcing to a TSP provides a greater return on investment and a reduced total cost of ownership.

Your Technology Solutions Provider can be a valued business partner who can offer the expertise you need to grow your business with the right IT solutions. However, no matter what approach you use for IT management, it’s important to conduct a cost-benefit review to make sure you’re getting the best ROI and lowest TCO from your technology investments.

The Newest Forms Of Ransomware & How To Protect Your Business From Them

The Situation

Ransomware is now one of the top security concerns for businesses and organizations of all sizes. The City of Atlanta was hit with a ransomware attack called SamSam in March, crippling some important departments like their court system, sewer infrastructure requests, and water billing department.

ransomware

The attackers who deploy SamSam are known for clever, high-yield approaches. This, combined with the City’s lack of preparedness, explains why the infection was so debilitating.

Experts are telling us that SamSam will strike again. Unlike many forms of ransomware that spread via phishing attacks where individuals inadvertently invite the attack, SamSam exploits IT system vulnerabilities and cracks weak passwords. These ransomware attackers have made $1 million in less than six months.

Keeping all your systems patched, storing data in enterprise-based cloud backups, and having a ransomware preparedness plan can offer real protections against SamSam and other ransomware infections.

Unfortunately, ransomware attacks are on the rise, and as hackers use more sophisticated encryption technology, the threat is constantly evolving. According to malware security firm Barkly, a company is hit with a ransomware attack every 40 seconds. They also identified ransomware as the most prevalent form of malware, with “4.3x new ransomware variants in Q1 2017 than in Q1 2016.”

This article details how dangerous ransomware is, how it could harm your business, and what you should do to protect your data.

Part 1

What is Ransomware?

Ransomware is a type of malicious software (malware) that blocks access to a computer that infects, locks or takes control of a system and demands a ransom to unlock it. It’s also referred to as a crypto-virus, crypto-Trojan or crypto-worm. It then threatens that your data will be gone forever if you don’t pay using a form of anonymous online currency such as Bitcoin.

Most forms of ransomware are spread via spam using unsolicited phishing email or an attachment. Phishing attacks use emails disguised to look like they’re from someone you know and are more likely to trust.

Some ransomware-based applications disguise themselves as police or a government agency, claiming that your system is being locked down for security reasons and that a fine or fee is required to reactivate it. Then it typically asks you to click on a link or attachment to perform a routine task such as updating records or account details. If you do this, a worm or malware is downloaded, infects your system and locks it by encrypting your files.

Ransomware, like SamSam, can also infect your IT system using vulnerabilities in your computer’s browser. It does this when you click on a malicious code hidden in online ads or free software.

Ransomware targets small to medium-sized businesses because they are particularly vulnerable due to limited IT resources. They are also more likely to pay the ransom in the hopes that they’ll get access to their data, although the FBI warns that this isn’t necessarily so.

“Paying a ransom doesn’t guarantee an organization that it will get its data back—we’ve seen cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cybercriminals to target more organizations, but it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.”

Paying the ransom only guarantees that the malicious actors receive your money, and possibly even banking information. Also, decrypting files does not mean the malware infection itself has been removed.

No one is immune.

  • Temporary or permanent loss of sensitive or proprietary information,
  • Disruption to regular operations,
  • Financial losses to restore systems and files, and
  • Potential harm to your organization’s reputation.

The lack of awareness and cybersecurity training is a leading cause of ransomware.

Part 2

Ransomware Comes in Many Forms.

Ransomware comes in many different forms, but essentially, it’s a type of malware that denies access to your computer devices unless you pay a ransom. The ransomware malware encrypts your data. Once it does this, it can travel throughout your network and encrypt other mapped and unmapped network drives. Because of this, it can bring your organization to a halt.

The ever-evolving nature of these threats makes ransomware very difficult to keep track of. (Ransomware-as-a-Service (RaaS) makes it easy for cybercriminals to set up a lucrative hacking scheme. It is provided as a vendor platform on the Dark Web. Unlawful vendors offer hackers and criminals a tool to use to lock down computer files, information or systems and hold them hostage.

Ransom32 is a type of “Ransomware-as-a-Service” that provides any cybercriminal, even those without technical knowledge, the ability to create their own form of ransomware. What makes Ransom32 so dangerous is that it uses JavaScript, and can be used on computers that run Windows, Mac OS X, and Linux.

Over 2,900 types of ransomware have been reported, and they’re growing. Here are just a few:

Bad Rabbit 

Bad Rabbit has infected organizations in Russia and Eastern Europe and is spreading throughout the world. It does this via a fake Adobe Flash update on compromised websites. When the ransomware infects a machine, users are directed to a payment page demanding .05 bitcoin (about $285).

Cerber

This ransomware encrypts your files using AES encryption and demands a ransom of 1.24 bitcoins (worth $500). It communicates via a text-to-speech voice message, a recording, a web page, or a plain text document. There’s no way to decrypt files that are encrypted by Cerber unless you pay the ransom.

Cryptolocker

CryptoLocker infects computers that run Microsoft Windows. Like other forms of ransomware, you must pay the hackers to decrypt and recover your files. CryptoLocker spreads via fake emails (phishing) designed to mimic legitimate businesses.

CryptoWall

This form of ransomware has been around since 2014, but new variants are still circulating, including CryptoBit, CryptoDefense, CryptoWall 2.0, and CryptoWall 3.0. Like CryptoLocker, CryptoWall is distributed by spam or exploit kits.

CryptXXX

CryptXXX used additional capabilities including network-share encryption. This means that even if you can decrypt your files, it can still cause significant downtime by encrypting files on your network shares.

FakeBsod

FakeBsod uses a malicious piece of JavaScript code to lock your web browser. It displays a fake warning message and tells you to go to a particular webpage (that contains the ransomware). The message says to “contact Microsoft technicians” about an “Error 333 Registry Failure of the operating system – Host: Blue screen Error 0x0000000CE.” When you call the phone number, you’ll be asked to pay a fee to fix the problem.

Lockscreen

This form of ransomware isn’t new and has been in use for quite a while. It attacks Android devices. However, now there’s a new version that is more powerful and much more resilient. It used to lock your screen using a hardcoded passcode, but with the right code, you could unlock your device. Today the new version is impossible to reverse-engineer the passcode since it uses pseudorandom passcodes. Because of this, you can’t unlock your device and must pay the ransom.

Locky

If your computers are infected by Locky, it will rename all of your important files and prevent you from opening them. It does this through encryption and using the file extension–locky. Now, only the cybercriminals have the decryption key, and you must purchase it from them to retrieve your files. To do this, you have to go to the Dark Web and pay $400+ in Bitcoin.

NotPetya

This is a strain of Petya and was first seen in 2016. Today, experts believe NotPetya’s sole purpose is to destroy data instead of obtaining a ransom.

Petya

Petya is especially dangerous because it encrypts entire computer systems, and overwrites the master boot record, so you can’t reboot your operating system.

Spider

Spreads via spam emails. It’s hidden in Microsoft Word documents and installs the ransomware on a computer when it’s downloaded. The Word document (typically disguised as a debt-collection notice) executes macros that encrypt your data.

TeslaCrypta

This uses an AES algorithm to encrypt files and is specifically designed to attack Adobe software vulnerabilities. TeslaCrypta installs itself in the Microsoft temp folder.

TorrentLocker

TorrentLocker spreads via spam email campaigns and targets specific geographic regions. It also uses the AES algorithm to encrypt files. It collects email addresses from your address book to spread malware to your business contacts, friends and family members.

WannaCry

WannaCry has hit over 125,000 organizations in over 150 countries. It currently affects Windows machines through a Microsoft exploit known as EternalBlue.

WannaCrypt

This computer attack began locking down data on May 12, 2017. It affects Microsoft Windows Operating systems. WannaCrypt encrypts all the data in on your computer and holds it hostage.

ZCryptor

This form of ransomware uses a worm-like tactic to self-propagate and encrypt files and external drives so that it can attack other computers.

Part 3

How Ransomware Infects Your Computers

Ransomware attacks are increasing, and so are the ransoms to recover your data.

You’ll know when ransomware infects your computer because the hackers display a message telling you how much to pay to unlock your files. These ransoms typically run in the $300-$500 range. But, some businesses are having to pay upwards of $1,000 per computer. If you have 25 computers that are infected, that’s $25,000.

Hackers primarily use the following attack vectors to infect computers:

Phishing Emails

This is the most common scenario. A realistic-looking email is sent to you with a link or attachment that contains the ransomware. Hackers will often send a number of these links or attachments to hide the one with the malware. Once it’s clicked the malicious software loads itself and the ransomware infection spreads throughout your files, locking them until you pay the ransom.

Drive-by-Downloads

If you unknowingly visit a realistic-looking website containing ransomware, it can load itself onto your computer. If you use an old browser, out-of-date software, or third-party applications, you’ll be most vulnerable. A hacker can detect a vulnerability and exploit it. When a software vendor discovers this, they’ll release a patch to repair the issue, but by this time the criminal has already done their dirty work. Examples include unpatched versions of Adobe Flash, a bug in Java or an old web browser, or an unpatched operating system.

Free Software

A lot of us download free versions of software. Some are legitimate, but others contain ransomware. They are especially prominent in broken versions of expensive games, free games, porn content, screensavers or bogus software. By convincing the user that they should download the software, they can get past firewalls and email filters. You might not even know that you’ve done this until the ransomware activates weeks later.

Unpatched Software

According to the U.S. Computer Readiness Team (CERT) using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware. Microsoft provides a guide to help you keep your software up to date. They recommend that you use feed update functionality to stay informed about new ransomware variants and what you should do to protect your data.

Part 4

What to Do If Your Files Get Encrypted.

Tell your employees to let you know if they experience the following:

  • They can’t open their files, or they get error messages saying a file is corrupted or contains the wrong extension.
  • A window pops up with a ransomware program that they can’t close. This window may contain a message about paying a ransom to unlock files.
  • A message says that a countdown has started for a ransom to decrypt files and that it will increase over time.
  • They see files in all directories with names like “How to decrypt files.txt or decreypt_instructions.html.”

Ransomware isn’t easy to find while it’s at work encrypting your files. So, you might not know that it’s happening until the hacker sends you a message. By this time, the infection has completed its job. The best thing you can do at this point is to contain the virus from spreading throughout your network.

Unplug the infected computer from your network. You may also need to turn off all network access for all your computers until you know the virus is contained. Set your Basic Input Output System (BIOS) time back if the ransomware has started a countdown. This will hopefully give you more time to recover your critical files and try to eliminate the malware. You can access your BIOS time through the BIOS Setup Utility on the computer.

Restore your files from your last backup. This is why it’s important to regularly backup your files to a safe, offsite cloud location. Just make sure your most recent backup wasn’t infected as well. If you use a Disaster Recovery as a Service (DRaaS) solution, you should be able to do this and quickly “spin up” the DR image on your computer. By spinning up the image in a self-contained virtual machine (VM), you can inspect the DR image without exposing it to your entire network.

Alert the FBI. Don’t pay the ransom. This is a mistake because you still may not get your files back and the criminal will continue to extort you for money.

Unfortunately, recovery from ransomware can be difficult as cybercriminals fine-tune their tactics and become more sophisticated.

Part 5

How to Protect Your Data From Ransomware

The good news is that there are best practices you can adopt to protect your business. The Small Business Administration has these 14 recommendations. Your Technology Solutions Provider can help you with these.

  1. Implement an awareness and training program. Because end users are targets, employees should be aware of the threat of ransomware and how it is delivered.
  2. Enable strong spam filters to prevent phishing emails (an attempt to obtain sensitive information electronically) from reaching employees and authenticate inbound email using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent email spoofing.
  3. Scan all incoming and outgoing emails to detect threats and filter executable files (used to perform computer functions) from reaching employees.
  4. Configure firewalls to block access to known malicious IP addresses.
  5. Patch operating systems, software, and firmware on devices. Consider using a centralized patch management system.
  6. Set anti-virus and anti-malware programs to conduct regular scans automatically.
  7. Manage the use of privileged accounts based on the principle of least privilege: no employees should be assigned administrative access unless absolutely needed and those with a need for administrator accounts should only use them when necessary.
  8. Configure access controls—including file, directory, and network share permissions— with least privilege in mind. If an employee only needs to read specific files, the employee should not have write access to those files, directories, or shares.
  9. Disable macro scripts (toolbar buttons and keyboard shortcut) from office files transmitted via email. Consider using Office Viewer software to open Microsoft Office files transmitted via email instead of full office suite applications.
  10. Implement Software Restriction Policies (SRP)s or other controls to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular Internet browsers or compression/decompression programs including the AppData/LocalAppData folder.
  11. Consider disabling Remote Desktop Protocol (RDP) if it is not being used.
  12. Use application whitelisting, which only allows systems to execute programs known and permitted by security policies.
  13. Execute operating system environments or specific programs in a virtualized environment.
  14. Categorize data based on organizational value and implement physical and logical separation of networks and data for different organization units.

In Conclusion

The increased incidence and rapid evolution of ransomware have raised concerns and stakes for both small and large businesses. Of everything we’ve discussed here, the two most important things to do to protect your business is to use a solid enterprise-grade cloud backup solution and to provide professional Cybersecurity Awareness Training for your employees. In both cases, your Technology Solutions Provider is your best friend. They’ll help you fight and prevent ransomware and cybercrime of all kinds. Don’t wait. Contact them today

The Sky Isn’t The Limit To Revenue With This Business Decision!

Moving to “the cloud” is good business sense – the cloud makes financial sense as opposed to the costly real estate involved with server expansion and never-ending data needs. But how can you protect yourself and your data in something you can’t see, touch, or control?

Cloud Computing

“Change is scary.”

It’s a phrase often uttered in response to big news that means change on the grand scale; something big is looming. The reference to change being “scary” really has to do with human nature and the fear of the unknown. But are we really afraid of the unknown? Or is this more to do with apprehension over something we don’t yet fully understand?

You’ll pay a small fortune to a therapist to get the answers to all of those questions, but the bottom line really is just that change makes us nervous for all of those reasons. When the discussion turns to the cloud, this intangible and invisible “thing” that is ever-evolving and so adaptable that it’s seemingly different for everyone, our collective guard is up.

The reality is that the cloud is only invisible to us – these storage servers do physically exist somewhere, using another entity’s real estate and power supply. Hired staff maintain and protect these servers on your behalf. The cloud is scalable based on your needs, meaning you can secure more or less storage space as your business needs change. Win-win-win, right?

Yes and no.

Myth: I’m paying someone else to store my data, so the burden of security is on them.

Fact: It’s your data being stored in the cloud, so you still need to think about security. You have a duty to protect the information of customers and clients, and if there is a data breach or other cybersecurity vulnerability, there is still a liability.

Myth: Cloud providers are super high-tech and impenetrable.

Fact: Your data is stored on third-party servers and accessed via an Internet connection. Any reputable cloud solution provider employs incredibly strict security measures and keeps abreast of the latest cybersecurity news – so you don’t have to. That doesn’t mean, though, that you don’t need to worry about secure access and taking every precaution you can to prevent unauthorized access through a breach on your end.

Myth: My cloud solution knows what they’re doing, so I don’t have to.

Fact: You are paying an expert to provide you a service, but that doesn’t mean you don’t need to be aware or your team doesn’t need to be knowledgeable. More importantly, why would you not want to know how your cloud provider is protecting you – and your data. Would you be concerned if servers were stored in an unlocked and unguarded facility? What about if your data was backed up on hard drives that sat exposed to the elements or accessible to anyone? Or worse – if your data wasn’t being backed up at all? That’s like letting your staff keep passwords to their network or cloud access on a notepad on their desktop for the world to see! Don’t let human error be responsible for a breach – keep informed.

  • Did you know that more than half of organizations, especially those classified as “small and medium businesses (SMBs)”, that experience a data loss, whether from cybersecurity breach or not – result in a catastrophic impact and aren’t able to recover? That means if there is a data breach, the odds aren’t in your favor to recover at all.

The most important thing to remember is that a 100% cybersecurity guarantee isn’t possible, but that every business can take steps to make sure they’re protected, and so is their cloud service access. How can you make sure your data is secure?

Establish a formal process with your team.

  • Does each member of your team understand their responsibility as it relates to security measures? Maybe – but the only way to make sure every team member is taking every precaution is to define what measures are in place and what steps need to be taken to protect the brand, the organization, and its data.
  • Ensure the formal process is part of the new team member onboarding so that all staff have the information and understand what is expected – including executives.

Follow the latest security best practices.

  • Is your network secure? If your IT staff is in-house, make sure there is a process for continuing education. If your organization outsources your managed processes, make sure your trusted partner is employing these same best practices and communicates needs with your organization timely and clearly.
  • Are passwords complex? Do passwords contain a mix of uppercase and lowercase letters, plus numbers and symbols? Are passwords routinely changed? Passwords shouldn’t be reused in multiple locations, either, and should be unique to users.
  • Is data backed up? As many as 20% of back-ups are incomplete or corrupt, and some systems are fundamentally flawed. If your organization backs-up your own data, even a fraction of your stored data, make sure it’s stored in a secured location with these same best practices above.
  • Are desktop workstations, mobile access machines, and remote technology all equipped with the latest in active antivirus software?

Proactivity and consistency.

  • This is probably the most important part of any cybersecurity process.
  • Does your organization provide ongoing training to team members to make sure security measures are kept updated and consistent? Operator error is the most common cause of a data breach!
  • “An ounce of prevention is worth a pound of cure.” Never are these words truer than in the case of data security! Protecting your data is essentially protecting yourself from cybercriminals who seek to access your data for illicit gain. Proactive protective safeguards, consistently deployed, really will go the farthest in terms of protecting your organization’s future.

Is the cloud right for you? You may not have a choice. Recent estimates show that costs and other factors will require organizations to use the cloud in some manner within the next five years and that the next decade will see a massive migration to the cloud to leverage the technology and the many benefits that cloud services can offer.

Are you considering a move to the cloud but aren’t sure if it’s right for you? Prepare now, and when the time comes for you to make the change, it won’t seem so scary. Is the sky the limit on potential? Nah – we say there’s no limit!

What You Don’t Know About Fortnite Battle Royale May Hurt Your Kids

As a parent, it can be difficult to keep up with the latest potential technology dangers facing our children. So, I was thankful to find the following information about one of today’s very popular Internet games – is your child playing Fortnite Battle Royale? Should you be worried? You might want to get up to speed on it.

Fortnite Battle Royale

More than 40 million children and adults play Fortnite Battle Royale, and it appears that many are obsessed with it. Fortnite was released last year (2017) by Epic Games. There are two different versions: Fortnite: Save the World and Fortnite: Battle Royale.

Fortnite: Battle Royale is the one that’s popular with children. It’s marketed as a free-to-play game on PS4, Xbox One, PC and iOS devices, but there are also paid versions. It’s one of the first games that let kids play together across numerous platforms. So, your child can be playing on an Xbox and compete with another person on their PC.

So, how popular is this internet game? The developer, Epic Games, rakes in over $1 million a day from Fortnite. And they are getting ready to release an Android version that they say could make $50 million by the end of the year.

What Is Fortnite Battle Royale?

It’s described as a mass online brawl. It begins with one hundred players leaping out of a plane onto an island where they are left fighting with one another, and they fight to the death. This doesn’t sound like something children should be playing does it?

The fighters run around the island looking for weapons like rifles, grenade launchers and crossbows that are hidden in buildings and amongst the landscape. They compete to find these armaments, so they can survive.

They also compete to collect items, so they can build structures to hide in or use for defense. As these resources are collected, the area they compete in is reduced, so the remaining players are forced to fight closer together. Essentially, if you kill everyone else, you win.

Fortnite Battle Royale is a multiplayer game, and in reality, kids are really competing against other kids (or adults). Players can chat with one another over text or headsets. Although Battle Royale is a violent game, humor is part of its appeal. Kids can dress their players in silly costumes and have them perform funny dance moves. They can team up with their friends’ players to fight in duo or squad modes. Up to 100 can play at a time, until one-by-one they’re eliminated and only one survives.

Is this game really for children? How does this prepare a young person to live in a civilized society? It doesn’t. Even though it doesn’t depict blood and gore, it’s simply too violent for children. This is a game for adults, disguised for kids.

Why Is It So Popular?

  • It’s free (unless you want to use one of the paid versions).
  • It’s silly and humorous, even though the intent is to kill everyone.
  • It uses bright, almost cartoon-like graphics and comes with loads of funny items and outfits like dinosaur costumes and space suits.
  • It has a cult appeal because it uses a variety of dance moves that are popular with kids.
  • New features, play modes and items are added to the game on a weekly basis. This keeps kids’ attention and wets their desire to try them out. They like to “show off” their new gear to other players.

It appeals to children’s desire to be socially connected with their peers because they can chat and play at the same time. Children are forming real Fortnite teams and spending time together after school playing the game together.

It’s also a huge hit with video game YouTubers. They broadcast videos of themselves playing the game. What this means is that you have adults playing the game with your children. This is another reason to question whether your child should be doing this.

What Should You Do?

Check out the game for yourself. Only you can decide if it’s appropriate for your children. If you decide it’s okay for them to play, consider limiting the time they do so. When they comply, tell them that you’ll allow them to play another game tomorrow. The reward system usually works with kids. The games can last longer than 20 minutes if they succeed in “staying alive,” so keep this in mind.

Also, keep in mind that this game can be very stressful for children. They’ll always be worried that their character is going to be killed. Sit nearby and watch as they play. When you see how stressful this really is, you may decide it’s not something they should be doing.

If they play on a game console, there are parental controls you can apply. You can turn off the chat settings for the game if you’re worried about who they’re talking to. You can also limit how much time they can play. It’s wise to do this before they get “hooked” on it.

If your kids are allowed to purchase the paid versions, talk to them about spending limits and make sure they ask you before making any in-app purchases.

Also, teach them that it’s dangerous for them to share personal information with other players they don’t know, or with strangers online.

As always, try to keep the lines of communication open with your children regarding the online games they play, and their internet habits.

What is Chromium?

Is Chromium, the next browser from Google, trying to take over for Chrome?

At a recent I/O developer conference, Google’s senior VP of products, Sundar Pichai, announced that Google Chrome now has over 1 billion active users. Though Microsoft has pushed their Edge browser hard, consumers simply like Chrome better. So, why mess with perfection?

Google Chomium

The Chromium browser project actually does not attempt to improve upon Chrome. It is an open-source browser that works more as a shell or window manager for the Internet instead of as a standard browser. The tabs work more as a title bar for desktop applications and are designed to manage groups of applications.

Chromium’s Quick Search Box simplifies the way people access the Internet, including their personal content. The Chromium OS combines these two common activities to make navigation faster and more intuitive.

How Chrome Differs from Chromium

Google has taken the basics of Chrome and added some important open-source bits that may attract those who love and use open source programs. A few of these include:

  • Adobe Flash (PPAPI). Chrome includes this Flash plug-in that gets automatically updated each time Chrome is updated. In order to experience the best in games and graphics, computers need the latest version of Flash. Their sandboxed Pepper API (PPAPI) plug-in can be installed on Chromium, but this is not done automatically.
  • Support for AAC, MP3, and H.264. Both browsers include the basic codecs, such as WAV, Opus, Vorbis, Theora, VP8, and VP9. Chrome provides licensed codecs giving users access to a wider range of media and content.
  • Extension Restrictions. These days, many extensions have been released that can actually harm your computer and zap resources. With Chrome, all extensions that are not found in the Chrome Web Store are automatically disabled. A recent investigation found that some rogue extensions can highjack your computer’s resources and use them to mine cryptocurrencies. This will cause your computer to slow way down and behave in unusual ways.
  • Updating Google regularly. Both Windows and Mac users have an app running in the background that keeps Chrome always up to date. Chromium lacks this convenient feature.
  • Security Sandbox. One of the best features of Chrome and Chromium is that these browsers have the security sandbox enabled by default. A few browsers, including some Linux programs, will disable Chromium’s security sandbox, which can cause random issues.

Why Build Another Web Browser?

Google’s developers designed Chromium in an effort to build a better, safer, more reliable way for users to surf the web. By allowing developers all over the world to work on the project, they felt that Google Chrome could be significantly improved upon. However, this hasn’t happened.

Chromium is still largely misunderstood by the masses and has not generated the global interest that other open source products have. For instance, the Linux operating system has become a very trustworthy program that is used today by about half of all Internet servers. It’s reliable and secure. A number of programmers and developers will always be fans of Linux no matter what. It remains freely distributable, allowing anyone to create a distribution for any purpose.

A large community of developers worldwide worked on Linux for many years and their hard work produced an amazing family of free, open-source operating systems. These programs are used in education, business, finance, video games, and supercomputers, among others. Linux set the bar high for open-source software collaborations.

Today, users can still get excellent support from these developers. Companies like Red Hat and SUSE still offer commercial support as well. The dream for Chromium was that global developers would continually improve upon the program until it far surpassed other browsers on the market.

Why Chrome is Preferred

Today, in spite of the many good browser choices available to users, Chrome is hard to beat. This may add to Chromium’s lackluster appeal. Below, are a few of the reasons why Chrome users say they will continue to use this browser over Chromium and others:

  • Extensions and apps are integrated seamlessly. Firefox takes months to add a new app or extension for new sites, programs, and content.
  • Ease of use and installation. It doesn’t take a rocket scientist to install and use Chrome. It has a very clean, organized design that takes away the confusion that new users may experience. That makes it perfect for groups like the elderly who need programs that work without much ado.
  • Bookmarks and favorites can be quickly transferred to a new computer, phone or tablet. Chromium and Firefox both use a more disorganized system of transferring your bookmarks that can be painfully inconsistent.
  • Lack of understanding is another hurdle for Chromium. Because it is not a standard web browser, users may get confused about exactly how to manage applications and programs.
  • Efficiency and speed. Today, people expect to assert almost no effort when using the computer. They want everything to work seamlessly without additional effort or education. The need to be user-friendly is a giant obstacle to overcome when creating new apps, computers, programs, etc.

Getting Started with Chromium

Chromium is still a good option for those who are looking for open-source software and who want to avoid closed-source bits. Linux distributions may incorporate Chromium instead of Firefox simply because it’s so much like Chrome, yet offers good open-source attributes. Of course, Chrome still offers a better Flash player and a few other good features. For instance, using Chrome on Linux, users can now stream Netflix videos, an attractive quality for those who love Netflix. Chromium does not offer support for HTML5 video content.

Despite its drawbacks, numerous users including developers are working on Chromium. Getting involved in this project is easy. New users might begin by visiting forums and developer discussion groups. There, you can meet some like-minded individuals and get up to speed. You can also get involved by volunteering to help with testing. Chromium developers are looking for reduced test cases that improve web compatibility.

There is always a wide range of issues from translation problems to file bugs that developers can help with. Submitting patches can be extremely helpful. In the end, Google’s hope is that Chromium will become a fast, responsive program that is secure and dependable. It remains to be seen whether this will happen or not. Though Google is a trusted brand globally speaking, the company does sometimes create an “Edsel” when it comes to new programs, software, products, and apps.

Why Do 4 Out Of 10 Companies Still Use Ransomware Friendly Anti-Virus?

If The Marketplace Distrusts and Has Moved Away From Legacy Anti-Virus and Switched To Next-Generation Endpoint Protection To Escape Ransomware Infection, Why Are You Keeping It?

Ransomware

All the way back in 2006, the word was getting out that Anti-Virus software must retire and make way for the Cloud, Next-Generation Endpoint Protection. AV served its purpose when systems were simpler. And hacking was a college prank, not a malicious attack for financial gain.

Ransomware, Malware, and non-Malware exploits were infants. Legacy AV could carry the load. But in this day and time, they’ve grown-up, and 53% of US organizations are blaming their tired, outdated Anti-Virus, as the cause for not preventing a Ransomware attack. Could your Legacy Anti-Virus be one of them?

It Takes A Cool Million to Plunk Down and Recover, From a Ransomware Attack.

$900.000 a year, is the average cost an individual company spends, on the Ransomware attack, paying the ransom monies, time used to respond, and productive labor time lost. In the US alone, the lost work time equals 44-man hours, responding to an attack, from attack to complete recovery.

44-man hours! That’s a little over a week’s work for one employee. The cost translates into paying that person’s salary, to do a job, you did not hire them to do. Is this good or wrong time management?

Do you know the percentages your Partners and Supply Chain suffered from your infestation?

Research recently provided by SentinelOne shows your affliction has a vast, direct and negative impact, on your Partners and third-party vendors. What happened to your company, magnified their loss and downtime, both in productivity and revenue, it’s the proverbial “domino-effect.”

Let’s look at those numbers SentinelOne provided:

  • 46% Downtime – Your Partners and third-party vendors suffered;
  • 35% Loss of productivity – Your Partners and third-party vendors suffered;
  • 20% Loss of revenue – Your Partners and third-party vendors suffered.

So, who’s to blame?

Worthless legacy antivirus software? Careless employees? Decision makers? Yes. All three have a hand in it. And we’ll explain how.

Let’s start with the legacy antivirus software.

According to Business Wire, a Berkshire Hathaway Company, Legacy vendors have failed to build solutions for new vectors – specifically, many legacy AVs still lack basic anti-exploit capabilities.” The key word here is “Exploit.” Exploiting is what a Ransomware programming-pirate knows and uses against you and your system.

Legacy anti-virus solutions are not able to keep up. Innovation is inadequate. The volume of attacks from:

  • DDoS Attacks
  • Malware Attacks
  • Ransomware Exploits
  • Viruses

Can not be charted. Hundreds of thousands of new strains appear daily. The best legacy anti-virus can’t keep up. It is overwhelmed. And here’s why.

AV infection solving depends on long-established signature-based identification methods to search for digital threats. What it struggles to overcome in today’s world, is the new strains. They are Signature-less and Fileless. The dangers go unchallenged and give a cyber-thief an easy way to access any unprotected enterprise networks.

The second culprit is the carelessness of employees.

According to Ponemon Institute’s 2017 State of SMB Cybersecurity report, sponsored by Keeper Security, The number one most significant cyber threat to your business is your employees. The cause of a breach was a whopping 54% from negligent employees.

But what makes them negligent? For starters device convenience. 50% of your data is accessible from a mobile phone. Not just a company-issued device. It could be a spouse or friend’s phone. A company, of any size, is a target. If your employee has 3 bars in the middle of the Sahara desert, your data can be accessed.

Secondly, your security and policies have gaps making it difficult to enforce your employees to follow proper protocols. According to the research, password policies lacked strict enforcement, 68% of the time. And 58% had no or unclear direction into password practices.

The third and final enabler.

I hate to be the one that says it, but the business owner or decision maker(s) prevent their protection from a Ransomware attack. They hang on to old beliefs. “It won’t happen to us.” Or “It costs too much to swap our legacy antivirus for endpoint solutions.”

45% in this group will pay the ransom, to get their files unlocked and returned, rather than the 55% that credit Cloud, Next Generation Endpoint protection. But those who spent to get their files back were targeted again and again and were attacked 73% of the time. The cyber-criminal sees that business as a bank atm. When they need some cash, it’s paid up or lose your files.

According to {company} Ransomware Specialists, “Cybercriminals will continually perfect their ransomware attacks. They will bypass your Legacy Anti-Virus. They will trick non-trained employees into infecting their organization. They will make you pay their ransom demands or sell your data to the highest bidder.”

Of the 70% who swapped from Legacy Anti-Virus over to Next Generation Endpoint protection, 96% are confident they will prevent future attacks.

To learn more about Next Generation Endpoint Protection and have 96% confidence you will prevent future Ransomware attacks give {company} a call at {phone} or email us {email} to speak to one of our Ransomware Prevention Specialists.