Is Facebook Spying for the Government?

Social media is big business and has the potential to drive millions of visitors to websites, engage directly with customers on a public platform, and solve – or create – problems in real time. What is the future of “social business”?

Facebook Spying

Twenty years ago, marketing and promotions were simple and straightforward. The majority of efforts were focused on print: newspaper and magazine advertising, The Yellow Pages, direct mail, billboards, and perhaps flyers. Email marketing was in its infancy, and digital marketing wasn’t quite yet an industry – though there are firms that argue this time frame. Metrics were relatively predictable, and results were in the form of sales and revenue.

  • Yes, The Yellow Pages telephone directories still offer printed books. Publishers of “phone books”, as they’re often referred to, reduced paper usage by half before 2013, and major efforts are in place to ensure unused or outdated materials are recycled.

This is not the case today! There are so many facets to “digital marketing” that it’s safe to say the industry is constantly evolving. Yes, constantly. The rules change just as often, and the de facto rule-maker is Google. Google has the famous “Google algorithm”, by which all search parameters are defined. If a business or brand doesn’t meet Google’s search preferences, they’ve wasted their time and won’t make the first page of a user’s search results – and when was the last time you clicked past the first page of results in an average Google search?

There are ads within emails and ads on websites, and even “sponsored results” in an Internet search. Consumers have ads coming at them from every angle of the Internet, so why would social media – including the King of Social Media, Facebook – be any different? It’s not. In fact, a Facebook user is valued even more highly than a search user. The Facebook user is already engaged with a website, and it’s one where the content that loads is customized and personalized for each user. Google tries to do this with search results, but there’s only so much Google can do with a string of words and no context. Both Google and Facebook have the user’s history of cookies, but Facebook has the incredibly valuable position of knowing a user’s friends, families, what content a user likes – literally “likes” by clicking the blue-and-white thumbs-up symbol – and what news stories, photos, and content a user clicks on and engages with. In this context, Google’s metric is the click in terms of the value of a visitor, whereas Facebook’s value of a click is a highly-engaged user already on the website and opting to give more of their time and attention. The ultimate competition comes down to the value of a visitor versus the value of a click.

After evolving from a social platform into a platform that can be highly monetized, Facebook turned the digital marketing industry upside down with the newly-invented notion of advertising right in front of Facebook users. Any organization or brand that has ever paid for advertising on Facebook is used to Facebook changing things up by now – after all, Facebook changes their approach on a regular basis. After seizing the lead and maintaining this very profitable position for years – and years – the brain trust recently announced a bold decision to simplify their overall approach – after long being the primary innovator in social media and marketing and carving the path which others follow today.

Facebook Advertisers Are Users, Too

Facebook users fondly recall a time when privacy settings at the user level resembled a “stealth” mode when users had the ability to set their account information, including their names and other details, as completely private and would not show in other Facebook user searches. The added bonus was the implied guarantee that photos, posts, and other user content had this same level of protection. Sometime around 2009, Facebook implemented a pretty major privacy settings overhaul and many users who long enjoyed stealth status were suddenly thrust into the spotlight – and was no longer “invisible”. In all fairness, Facebook gave plenty of advance notice this change was coming. Their public reason was that Facebook is a social media platform, not a private website where a user could have total control – and this is a fair position. Facebook is a free website for users, but it’s not a nonprofit organization. Ever evolving, their approach has tweaked and allowed users to choose various privacy settings for posts, images, etc., which are highly customizable if the user chooses to take the time.

In 2017, Facebook recognized a growing dissatisfaction from its users and tried to pinpoint the cause. After much speculation, Facebook realized the greatest impact to the user experience is the allowance of brands to intermingle with users in their feeds, detracting from the social purpose of the channel. Thus, more major changes were in store. Facebook announced a desire to go “back to basics” and return the focus of a user’s feed to posts shared by friends and family members and make it harder for brands to get their content seen (unless advertisers were willing to pay). The result was that post reach – the number of people that see a post in their feed – plummeted. The plan was for average Facebook users to see fewer news stories, cat videos, political posts, or branded content, but rather see more photos shared by friends of birthday parties, graduations, and other significant events entirely unrelated to corporate messaging.

Privacy, Redefined

The change to the Facebook feed was a welcome change to users and required a major adjustment to social media marketing efforts for companies. Details of how the changes rolled out and the reasons for these changes trickled into news stories until major news broke that Facebook sold private user information on more than 87 million Facebook accounts to an organization involved in the political arena in 2016. Users worldwide felt violated that a trusted entity would share such private details – a harsh reminder that Facebook is a for-profit entity and users need to read the “fine print” and not just agree to Terms and Conditions without reading. Your digital life is not your own when using a website owned by someone other than yourself.

So, what can Facebook users do to protect themselves? Without deleting your Facebook account, it’s wise to do a once-over on user privacy settings every few months to verify what might have changed and safeguard your information.

  • Check your privacy settings
  • Facebook offers a variety of user settings allowing for a spectrum of privacy, though most remain a mystery to users. Under “Settings”, click “Privacy” and control how visible information like posts, account information like phone numbers and email addresses, and friend requests and more are.
  • Keep friends close
  • Friends’ activity can impact others. If a user allows tagging in a friend’s activity, this is then affected by their privacy settings and is subject to sharing or visibility by others.
  • Beware third-party apps
  • At first, it seemed benign to click “accept” when a third-party app or quiz intrigued a user enough to click content, with the innocent warning that the app would thus be granted access to a user’s profile and list of friends. That list of friends became an incredibly valuable commodity in an environment where privacy settings were controlled by a user – a tricky little workaround.
  • Users can adjust these settings quickly and easily but often didn’t go back to limit access.
  • Review security alerts
  • Users can opt for security alerts when Facebook detects a new login from a different device or browser. Two-factor authentication is also an option. To enable, access the same “Settings” menu, and click “Security and Login” from the left navigation and choose “Setting Up Extra Security”.

Security considerations impact all Facebook users, regardless if a user is also an advertiser. Before abandoning Facebook entirely, employ additional efforts to protect user data and your privacy. This type of “social security” has nothing to do with the government-issued card Americans carry, and a few additional steps will help secure user information and improve the Facebook user experience.

Hey You – STOP Giving Your Time Away For Free!

Technology has made it possible for you to get more done in less time. Are efficiency and productivity always a good thing?


Technology and telecommute: Two fabulous words that start with the same letter, and one is very much dependent on the other. The “tele” in “telecommute” certainly isn’t short for “telepathy” – though imagine how telepathy would impact professional relationships! On second thought, don’t.

The professional world changes and evolves, of that, there is no question. No longer is physical presence a requirement for staff, as more organizations migrate to a distributed workforce. What has become clear in the last decade is the location is no longer as important as the output. The focus on productivity is essentially a focus on the individual and catering to the needs of the one for the benefit of the whole. This individual-centric mentality seems counterproductive, but it’s quite the opposite. It would be impossible to cater one office building or workplace to the needs of many individuals for whom environmental factors differ. One requires silence for concentration, while another works better with loud music playing. Does one wear headphones? This is one option, but if this method stifles even one professional, the sacrifice may not justify the means.

One practice that more Americans are embracing is freelancing: individuals contract themselves with a person or organization to offer their time, skills and expertise in exchange for money. The person remains an independent contractor, and the organization is released from any legal obligations, like payroll taxes or insurance benefits. This is a cost-effective way for a business to meet their needs without taking on the full responsibility of onboarding.

There are estimates that more than a third of Americans participate in independent contract agreements. In fact, according to the Internal Revenue Service, over 10 million Americans rely on freelancing for more than half of their total income stream. That translates into more than 10 million Americans essentially being their own brand, running their own organization, and being a one-person operation while managing all sales, marketing, and accounting tasks. By the way, “accounting” also means handling their own payroll and other practices a business would otherwise task a Human Resources department to oversee. These freelancers operate like sole proprietors and CEOs of a business and take on great responsibilities to manage their time efficiently.

In juggling these processes, are freelancers losing time due to inefficiency? Lost time directly results in lost earnings. The best thing a freelancer can do to protect their time is finding the right combination of technology to help maximize productivity and minimize downtime. The great news is, with the incredible technological advancements in recent years, there is a huge variety of productivity apps available for this exact purpose.

Running your own business can be time-consuming, and you don’t have time to waste! Here are apps to help.

Apps to Get Paid

You have a multitude of options for processing payments now. From to to to, small business owners have a variety of apps catering to simplified payment processes, whether the purpose is sending or accepting a payment.

  • Due is a free problem solver when it comes to the need to process payments online. With a simple user interface, Due boasts encryption for secure data and transactions.
  • You’ve seen Square, the little white square box that plugs into a tablet or smartphone and uses a data connection to process a transaction. Square is limited to the transaction process, but they also offer Square Register for a point-of-sale system.
  • Start a Wave! Wave is like an all-in-one solution for tracking sales and expenses, processing payments, keeping track of payroll and customer invoices, you name it. The app is free to download, but like with any other transaction-based solution, there are fees for credit card processing.
  • FreshBooks has a name much like its well-known competitor but approaches payment processing with a “Fresh” outlook. Freshbooks acts much like a basic accounting platform with built-in functionality for transactions, but the invoicing and customizable reporting are a nice feature, too.

Apps to Get Organized

If only one app could do it all for you: email, scheduling meetings, maintaining files, the list goes on. Actually, the way you need to look at an app isn’t if the app can do it all for you, but if it can do it well! Sometimes, all you need is a little integration – and more apps are recognizing this need.

  • Basecamp has long been an industry darling for businesses: Collaborating, setting up projects, connecting team members, and offering a centralized location to chat about the projects but also a one-on-one privatized chat option for less public matters. Email communication and built-in customizable notifications are a great feature, too!
  • Slack is a far more economical option than Basecamp, but keep in mind that you get what you pay for. High on communication and organization, Slack is what most newer platforms were designed after. Slack is idolized by techies and creatives alike, but for freelancers and small business owners that have another focus, Slack may not be the best solution.
  • Asana is right there with Slack, offering the lower entry price point for a collaborative option, and even integrates with Slack if there is ever the need for both.

Apps for Communication

We already mentioned Basecamp and Slack, which offer exemplary communication tools in a collaborative workspace, but there are other apps to increase productivity with a focus on communication for freelancers and small business owners.

  • For small teams or large groups, Fuze offers real-time communications with voice, messaging, and perhaps its strongest offering, high-definition video conferencing.
  • The famous G Suite: The go-to suite of apps for productivity for professionals everywhere. From email to document storage, from calendars to shared documents, and integrated with Hangouts, the video conferencing solution, Google’s G Suite has earned its reputation. With the lowest entry price point around, seamless integration with Microsoft’s Office 365, and the simple user interface everyone has already been using for years now, what else is there to say?

Apps for Automation

Find ways to automate processes and require less of your hands-on attention.

  • If you use Gmail or Outlook for email and scheduling meetings, to is a fantastic free solution for arranging meetings in a single email. No more back-and-forth emails on what times work on which days – install the extension and grant access to your calendar!
  • Microsoft Flow is an amazing automation tool that lets a user automate processes using connectors for integrated apps. Establish your parameters, and voila!
  • Zapier is a simplified Microsoft Flow and has a cult following that sings its praises. Zapier follows much of the same practices as Microsoft Flow, so check both out and see which works better for your needs.

Who doesn’t love a little extra help? There’s always room for more when you’re running the show on your own. While the ideal answer is to clone yourself, the reality is there’s only one you. Try a few of the apps here to give yourself a hand. Spend less time on the workflow and more time on the work you’re getting paid for – in billable hours!

Let’s Play “Tech Truth Or Dare”!

Your cybersecurity practices shouldn’t be treated like a game of chance unless you are 300% certain you’re going to win. What can you do to make sure your business isn’t the ultimate loser?

Cyber Security

Is technology today the endless cycle of cat-and-mouse, with the bad guys always one step ahead? A quick search for “cybersecurity best practices” will yield millions of results, all with their ideas of what you can do – but does any of it make sense? Someone busy running a company faces a complex dichotomy: Being too busy running their company to worry about something that won’t directly generate revenue, but not giving enough time and attention to something that could directly impact revenue. Those are two very distinct and different thoughts, but still closely related.

Not only is cybersecurity a critical focus of business today, but it’s also the easiest way to fail. Cybercriminals – hackers – are usually one step ahead of us good guys, but that’s the “cat and mouse” game to them. We respond to cybersecurity breaches that make the news with preventive measures to avoid the same fate and do our best to have enough safeguards in place to protect every element we can.

Hackers seek a cybersecurity vulnerability to exploit to their advantage. Their reasons don’t matter – it’s the result that affects their victims. Why do we still have vulnerabilities when we know better?

Myth: Half of small businesses think they’re “too small” for a hacker to target.

Truth: Small businesses make easier targets for many reasons. They often don’t have the tech budgets that the Fortune 500 companies do in order to take every precautionary measure to avoid being hacked.

Smartphones are major targets of hackers now, given more than half of all web traffic is reported to take place via mobile devices. Smartphones don’t have the same level of protection, making them easy targets, and therefore easy points of entry to a cybersecurity vulnerability. Imagine pressing a thumbtack into a hairline fracture on a porcelain plate – this one weak spot has the potential for this singular action to shatter the plate into thousands of pieces. Now, imagine this plate is your proprietary data, and this thumbtack is a hacker. Can you see the potential damage?

Myth: Employees of small businesses know more about the company and are more invested in its success, therefore take the time to safeguard their actions.

Truth: The dedication of staff to their employer has nothing to do with cybersecurity.

Modern cybercriminals are targeting critical data: consumer information, accounts with intellectual property, financial information about both the company and consumers. Three out of every four small businesses have no formal cybersecurity policies or protocols in place for staff, nor training to discuss the latest threats and how to thwart them. Hackers know this – oh, yes, they know – and they also know the small business is less protected than those Fortune 500 companies. This is a lethal combination.

  • Nearly two-thirds of small businesses have yet to address security regarding mobile devices or enact formal policies for mobile device use as it pertains to professional operations.

Myth: Small businesses can bounce back faster after a breach.

Truth: Half of all small businesses don’t have a disaster preparedness plan in place for recovery should they be impacted by a cybersecurity threat, a “data breach”.

It’s reported that less than half of all small businesses back up their data weekly. Let that sink in. The data loss in the event of a hack could have catastrophic results for as many as half of all small businesses. In the event of a breach, companies of any size consider the data loss and downtime to have the greatest impact, followed by the revenue loss – but most of the time, the impact to a company’s reputation isn’t considered until already in clean-up mode.

If you’re ready to win at “Tech Truth or Dare”, here are the new rules of the game:

Do you know what needs to be protected?

What data do you store? How is your data stored? What protective measures and security protocols are in place? Where are the “holes”? This last question is the most important, and it’s a smart decision to hire an expert to help you with this one.

What formal policies need to be updated – or put in place?

Every business needs an official cybersecurity policy. This policy should also be updated annually, at the minimum. Formalizing a policy can make sure everyone that has access to your data follows the same procedures and the strongest safeguards are in place.

This should include:

  • Password protocols
    • Passwords should be unique, complex, and changed regularly
  • System updates
    • Check for the latest updates to all applications and security releases
  • Privacy settings
    • Verify that users have the most secure privacy settings on their desktop and laptop computers, and smartphones and mobile devices

What is your plan for how to handle a disaster?

Perhaps an extension of the previous question, but no less important is how to handle a hack or breach should one occur. You’ve taken all the necessary steps and precautions, but you still had a disaster – now what? Best practices include daily back-up of your critical resources – which you’ll need to identify – and then test the process to ensure it’s sufficient, just in case.

Talk to experts.

You are an authority in what you do, and your sales pitch to your customers focuses on your expertise. Why wouldn’t you hire experts to protect your business?

Is your training sufficient?

Make sure your staff is aware of the steps needed for Internet safety, email security, network threats, and how to detect and protect in the event of each. Equally important is what need to be done if something happens and they suspect a threat.

Prevent your business from becoming a victim of a hacker this year and win the game!

Make 2018 the year you have an ironclad cybersecurity program, for your home and your office!

Calling All Architects

Do You Want to Save Time, Money and Beat Out the Competition? We Have Some Important Information to Share

Architects Computers

As you know, your architecture company is under constant pressure from economic shifts, a shrinking talent pool, and a fiercely competitive marketplace. When it comes to information technology you need solutions that don’t cost a fortune and can really make a difference.

One such solution is 3D modeling software. You can easily develop 3D designs with automatic features and without a lot of experience. There’s software for beginners, as well as more sophisticated solutions for experienced architects.

3D modeling software enables you to produce detailed and realistic results, and it’s the best solution to help you save time, money and efficiently modify your models as needed.

Are you looking for better collaboration with your team? Some forms of 3D modeling software use the cloud. They allow you and your coworkers to work on a computer model at the same time.

When IT solutions like 3D modeling are used wisely, they can provide a strategic advantage for your architectural firm. You can win bids, manage projects efficiently, and complete them without cost overruns.

The following are some 3D CAD modeling software solutions you might want to consider:

ArchiCAD is architectural CAD software that uses BIM (Building Information Modeling) that allows you to produce both 3D and 2D drafting, visualization, and modeling. It enables you to complete your building designs via the high-quality photorealistic renderings of both interiors and exteriors.

Revit is a BIM solution that allows you to collaboratively design buildings and infrastructures with your team. Authorized users can access centrally shared models to work together on designs and save time.

AutoCAD Architecture is a complete and practical tool that allows you to do both 2D design and 3D modeling, so you can better visualize your project. With it, you can create realistic-looking models with a blend of solid, surface and mesh modeling tools. AutoCAD Architecture is also useful for 2D drafting and drawing. Plus, it allows you to communicate and collaborate with others on the same project.

AutoCAD Civil 3D provides all the benefits of the solutions above but is better suited for civil engineering and construction professionals. You can produce civil designs, connect to AutoCAD Civil 3D to Revit, and rework and complete your designs with structural modeling.

3D Studio Max (3DS Max) although mainly used by those in the video games industry, is great for by architects who require previsualization. Training is available online if you want to give it a try.

Chief Architect is a CAD software for 2D and 3D rendering. It’s very easy to use, and you don’t need to have 3D modeling skills. The interface is intuitive, includes smart building tools, and lets you easily create a 3D structure. You can also export 360° panorama renderings that you can share with your clients.

SketchUp is also easy to use. It will help you save time and can be used for 3D modeling. You can create walkthroughs and flyovers to present your work to clients. It can also be scaled for accurate 2D drawings.

Rhino 3D is mainly used for industrial design and architecture. It provides great accuracy for models. It can be used along with Grasshopper, a graphical algorithm editor created by Rhino’s developers and made for 3D geometry and visual language. It’s designed for structural engineering, architecture, and fabrication.

CATIA is used in various sectors such as aerospace, automotive, high tech, and architecture. This software allows you to create complex and very accurate models. It has a practical collaborative environment as well.

Solidworks is a 3D modeling software mainly used by engineers. It can be a great solution if you want to create a quick design. You won’t be able to perform complex renderings, but it’s capable of designing a building and to obtain overviews of your architectural projects.

When using any 3D software programs, don’t forget about your IT security.

In this age of rapidly expanding IT networks and Internet economies, data and network security are of increasing importance. For architectural firms, managing your reputation and providing optimal customer service is of primary importance.

Data breaches are now commonplace. Imagine turning on your computer and finding that ransomware has locked down all your designs. Every minute that you can’t retrieve them means lost time and money and potentially lost clients. It’s essential that you protect your firm’s IT assets from malware, viruses and other forms of cyber attacks. To do this, you must adopt the following best practices for IT security.

Data Encryption

Stored data and across-the-wire transfers must always be encrypted. Architectural firms benefit from data encryption and user authentication tools to maintain the confidentiality of product designs, test-market results, and patent applications. Encryption is essential to protecting this sensitive data, as well as preventing data theft.

Disaster Recovery and Business Continuity

We live in a digital age where technology is used for most business operations. Disaster recovery and business continuity planning can prevent the catastrophic effects of data loss. Architectural firms must retain project documents for legal purposes, for future alterations, and historical documentation. If this data gets lost or stolen, a backup and disaster recovery plan prevents total loss of important documents.


It’s important for architectural firms to regularly conduct IT audits to monitor, identify, alert, and block the flow of data into and out of a network. In addition, auditing can help locate and correct errors in business processes.

Anti-Spam Software

In order for an architectural firm to utilize their design software, computers and electronic devices must be up and running properly at all times. For any anti-spam software to be successful, it must be kept up-to-date. Keep in mind that anti-virus software isn’t enough; architecture firms must also use a comprehensive endpoint security solution, including anti-virus, personal firewall, and intrusion detection.

Security Awareness Training

Educating your users is the most important non-hardware, non-software solution available. Informed users behave more responsibility and take fewer risks with valuable company data.

Just like you design quality architectures, your IT provider will design a secure architecture for your network that keeps your data safe. So, before you invest in CAD software, set up a consultation with your local IT Managed Service Provider.

Hold on to Your Credit Cards… Alexa’s On a Shopping Spree!

I love my Alexa. I don’t know what I’d do without it. Last year I decided to set it up for voice shopping. That way, when I come home from work, I can start cooking dinner, get the kids going on their homework, and tell Alexa what I want to buy.

Alexa Shopping Spree

Evidently, other moms and dads are doing this too. Research shows that people are spending about $2 billion a year using voice shopping with their Echos and Alexas.

And, it’s predicted that this amount will increase rapidly over the next few years to a whopping $40 billion by 2022! According to the company that provided these statistics:

“Voice commerce represents the next major disruption in the retail industry, and just as e-commerce and mobile commerce changed the retail landscape, shopping through smart speakers promises to do the same…The speed with which consumers are adopting smart speakers will translate into a number of opportunities and even more challenges for traditional retailers and consumer products companies.”

It seems that Amazon is the preferred vendor with 85% of people choosing the products Amazon suggests. For those like me who purchase groceries online, 45% of online grocery orders are made through Amazon Fresh.

Here are some more interesting statistics:

  • Right now, only 13% of homes have one of these devices, but by 2022 this is supposed to grow to 55%.
  • Amazon Echo is the most used of any U.S. virtual assistant. Google Home is the next at 4%, followed by Microsoft’s Cortana at 2%.
  • Those of us who have an Amazon smart speaker spend 66% more on Amazon than other people do.
  • Amazon Alexa owners spend on average $1,700 a year at Amazon, while members of the Amazon Prime program spend around $1,300 a year at Amazon.

Well, what can I say? It’s so much easier to just speak into my Echo and tell Alexa to reorder what I did last week from Amazon Fresh. When I’m making dinner, I don’t have the time to sit down and type away on a keyboard. The Voice Purchasing function of Amazon’s Alexa and Echo is so convenient. I can order practically anything from Amazon without using my computer. It’s great!

It seems that the smart speaker market is still in its infancy (unlike my precious children), and it’s still not clear if the Google and Microsoft smart speakers will be able to catch up to Amazon in the future.

Speaking of children…

Because Amazon doesn’t ask me to confirm my purchases with a “yes,” I’ve found some items in my orders that I didn’t place – but that my “precious” children did! Sugary cereal, microwave popcorn, chips, cookies, etc. Boy, was I mad when I found out they did this. You can be sure these purchases will come out of their allowance!

When I complained to Amazon, they told me to increase the security on my Alexa. They said there are two ways I can secure the Echo speaker from the kids or others. I can disable the Voice Purchasing feature or simply create a four-digit PIN (a secret one of course!).

Here’s how to disable Voice Purchasing.

By disabling Voice Purchasing, you can still shop with your Alexa and add items to your cart. However, you’ll have complete your checkout from the Amazon website or app.

  • Sign on to open the Alexa app on your iOS or Android device).
  • Go to Settings.
  • Select Voice Purchasing.
  • Toggle off the Purchase by voice to disable Voice Purchasing.

They also suggest the I use a confirmation code.

Doing this lets me keep Voice Purchasing enabled without allowing others to purchase things with my Amazon account. I have to speak my confirmation code aloud to complete my order. So, I make sure to do this when the kids or others aren’t around! 

  • Sign on to open the Alexa app on your iOS or Android device).
  • Go to Settings.
  • Scroll down and choose Voice Purchasing.
  • If it isn’t enabled choose “Purchase by Voice” to enable it.
  • In the text field beside Require confirmation code, enter a (secret) four-digit PIN.
  • Save.

Why do I love my Alexa for shopping? Because it’s so convenient! If I’m running out of paper towels or toilet paper, rather than jotting this down on a shopping list, I just ask my Echo to tell Alexa to order what I did last month. They arrive at my house in just two days! No more going to the store, putting them in a cart, jamming them into my car, taking them out of my car, etc. (you get the idea). They magically appear on my doorstep with minimal effort on my part.

And, if I happen to order something that requires a return, I don’t have to pay for shipping. Come to think of it, I should have returned the kids’ chips, cereal, etc.!

If you haven’t shopped with Alexa, you should give it a try. I know, it can be a little scary the first time. But once you see how easy it is, you’ll be “hooked” like me.

Here’s how to set up Alexa for shopping.

First, you need to set up an Amazon Prime account, provide a U.S. shipping address, billing address and a U.S.-based payment method. Set your Amazon Prime account for 1-Click shopping.

Check the settings in your Alexa to make sure Voice Purchasing is enabled. You can go to Settings -> Voice Purchasing in the Alexa app, and enable it. You can also manage your 1-Click settings here and set a 4-digit PIN to make sure the kids don’t order stuff!

Now, you can order anything that’s Amazon Prime-eligible:

Order new products: If it’s something you’ve never ordered before, Alexa will suggest an “Amazon Choice” product that meets your description. If you’re not sure about what you want to buy, you can add it to your cart and cancel it right away if you change your mind.

Reordering: Alexa will look at your past orders, so if you ordered a particular brand of paper towels, you can easily reorder them with a “reorder _____” command. Alexa will ask you to confirm the order, and if you say yes, you’re all done.

Tracking: You can always track what you’ve ordered by asking Alexa. Just say, “Alexa, where’s my stuff?” She’ll let you know when your order will arrive.

So, you can see why I love my Alexa and why I can’t do without “her.” She’s my newest best friend!

The Hottest New Self-Awareness Craze That You Need To Try

Sure, yoga teaches the flexibility that is key to adapting to your surroundings. But in practicing daily self-awareness, the saying “A team is only as good as its weakest player” is rarely truer than in the world of cybersecurity. How does your team stack up?

Cyber Attacks

Target knows. Sony knows. Ashley Madison definitely knows. That’s the bad thing – an organization may only realize how strong — or weak — their cybersecurity position is once there is a successful cyberattack. The nature of the attack doesn’t matter, nor does the overall effect. The damage is done, and the organization goes into clean-up mode. In the days immediately following, the phrase heard most is “How did this happen” when the real question should be “How can we prevent this from happening again”?

Subtlety isn’t the goal of a hacker, nor is it their strongest attribute. The modus operandi of any hacker is singular: find a cybersecurity vulnerability and exploit to their advantage. The rest doesn’t matter. You likely disagree, but we think you’ll realize this is exactly the case. After all, we want to help you beef up your security and prevent a vulnerability rather than shift into defensive mode upon clean-up from an attack. The latter is going to shift your focus for up to a year of reactivity, while a little extra focus now will prolong your proactive position. An ounce of prevention is worth a pound of cure, especially in this type of situation.

At the most basic level, your organization’s cybersecurity is based on your team’s awareness level – which can easily be assessed and addressed in training. Data breaches caused by hackers are one thing, but the simplest way for a hacker to gain access is by finding a weak link – a human operator – and using sneaky tricks to exploit weakness from that angle. A hacker can use pretty low-tech approaches in this way, like phishing.

Does your cybersecurity awareness training still include exercises and tips on old-fashioned tricks like phishing? It’s amazing the simple tactics some of these hackers will resort to – but the reason is that these tricks still work on us. A 2017 study by Google reported that phishing was still one of the most effective tactics used for hacking a user account.

  • Phishing is the practice of sending emails pretending to be from a reputable company, like Google or Apple, to get recipients to reveal personal information like passwords to the sender.

Perhaps it’s because we don’t see ourselves as targets anymore, thinking hackers only target the “big fish” for the bigger reward – a unique tactic called “whaling” – but the reality is that everyone is a target There are no exceptions. Any computer user can be an access point for a cyberattacker because any computer can serve a greater purpose for a cybercriminal.

  • Why does phishing still work? Because we let it. We start to shift our focus to the newer or more sophisticated methods hackers use, and we don’t maintain vigilance on the basic approaches in cybersecurity awareness training.

One click is sometimes all it takes to turn a user into a victim – and for a hacker to wreak havoc on a network. One click can lead to a malware installation, identity theft, or worse, ransomware. That click could cost an organization into the millions of dollars.

  • Ransomware is like a virus, where a hacker accesses a computer or network and places a file or code that blocks user access, and requires the user to pay money – a ransom – to the cyberattacker to regain access to the computer or network.

Remember when we said all it takes is one click? It’s true. In 2017, hackers sent emails to staff at Chipotle and managed to trick someone into one click, compromising the point-of-sale (POS) machines at locations that enabled the hackers to gain access to the credit card data of millions of customers. The worst part is that even end users who are in the tech industry have been tricked; Google and Facebook have both been affected to the tune of $100 million each because of successful phishing attempts.

  • Did you know that some companies hire former (“rehabilitated”) cybercriminals as cybersecurity specialists – true experts – to help mold technology teams in charge of cybersecurity and oversee cybersecurity awareness training programs? These are probably among the most solid and effective programs in existence!

One way organizations have used to test the awareness of their team is by executing an internal phishing campaign. This is a campaign where the company has total control of the phishing attempt but tests the staff to see where the weaknesses are. The results only help improve overall training and cybersecurity.

This approach is wildly successful in getting an accurate picture of your team’s awareness. Who fails the test? How far will some employees allow a hacker to get before realizing they are being phished? Where does your training lack focus that the attempt was successful?

A few things to keep in mind with this approach:

  • While internal phishing campaigns are helpful, don’t shift your training focus to only weaknesses discovered in this process.
  • Be careful not to call out any one particular team member or access point; the goal isn’t to embarrass team members but to improve your team’s awareness overall.
  • Don’t aim for only those team members you consider to be the weakest when it comes to cybersecurity knowledge; you’d be surprised at where an organization may discover vulnerabilities
    • On this note, it’s helpful to provide one-on-one level training catering to these team members, but you can still do so as a company by offering exercises aimed at specific weaknesses without placing blame.
  • Keep the phishing exercise as realistic as possible, so the teachable moments that result are valid and credible

When your exercises and training give you enough insight to update your training, keep the training outline simple with a few target areas that are comprehensive enough to be thorough but straightforward enough to be digestible:

  • Form a baseline for where your team is currently, regarding cybersecurity awareness.
  • Devise goals for where your team should be, and target dates to achieve these goals.
  • Outline a plan to meet these deadlines.
  • Develop a maintenance process for ongoing support.

Organizations can also take steps to protect themselves internally, too. Limit access to all computer equipment to authorized personnel only, install up-to-date antivirus software at each workstation and update all programs on a regular basis – especially security updates. Having a contingency plan in place for any vulnerabilities might seem like overkill, but it never hurts to be prepared.

Self-awareness is just the first step in achieving the ultimate level of cybersecurity protection – don’t wait until an attack happens before you start defending yourself and your organization!

Semper Fi: Never Negotiate With Cyberterrorists

A recent report by the U.S. Marine Corps indicates an unintended data disclosure, the result of a single accidental keystroke. Never backing down from a fight, learn from Jarheads how to best defend yourself from a data breach and strengthen your position!

US Marines Data Disclosure

Have you ever thought twice about clicking “send” after drafting an email? We’re sure you have; everyone has. The most common reasons involve editing the text for clarity, context, or tone. Sometimes you verify the email addresses for the “to” field. These are all great measures that everyone can — and should — take before sending an email, especially one with sensitive data enclosed.

Yet, accidents happen. A recent accidental keystroke shared an email to an incorrect distribution list, which included the unencrypted personal data of more than 20,000 U.S. Marines, their families, and civilians. Social security numbers, bank details, credit card information, home and mailing addresses, and emergency contact information were all disclosed. Does this fall under the label of “data breach” if the disclosure was part of an “oops” and not a cyber attack?

Marine Forces Reserve spokesperson Andrew Aranda has said the Marines’ IT staff is reviewing cybersecurity and information assurance processes to update their overall guidelines and to better train team members at every level. More importantly, this was an accident without malicious intent, and a cybersecurity vulnerability was not the cause. Additionally, the United States Armed Forces branches fully understand the great responsibility to protect highly-confidential personally identifiable information (PII) stored in their records and a lengthy history of excellence in this arena.

More than 20,000 individuals will now need to diligently check their credit report on a regular basis to ensure this disclosure doesn’t leave them open to identity theft. Add to this number the family members potentially impacted, and the full amount affected could double or triple. This is a story too well-known by millions of Americans in recent years. Customers of Anthem, Target, eBay, and The Home Depot are just a few examples of organizations whose customers have been impacted by data breaches. Cybercriminals and cyberterrorists — hackers — are just waiting for a weakness to exploit. This introduces two key questions:

  • How effective are an organization’s cybersecurity protocols and training?
  • What can consumers do to protect themselves if they’ve been impacted by a data breach?

How aware are the individuals behind this incident of security protocols and risks? The basic information assurance training from as recent as a year ago isn’t current for today’s needs as a means of self-awareness and protection.

  • What is information assurance? When information is processed, stored, or transmitted (data) involving systems, there are risks. Information assurance is the effort a group takes to protect this data and these systems to ensure the security of the data and minimize risks involved.

The focus of information assurance is on the security of data. While “protection of data” may not be the first concept that comes to mind when you think of the United States armed forces, the protection of its people is an inherent byproduct of its very nature. The military does not operate in the same ways as Corporate America, with many factors contributing to the differences. One thing is certain: the military takes its duty to serve and protect American citizens very seriously and is dedicated to assisting those impacted.

How can consumers protect themselves?

Credit Reports

As we already mentioned, check credit reports regularly. Once a cybercriminal has a name, address, and a few pieces of personal information, this data can be used to misrepresent an identity online.

  • Consumers are entitled to one free credit report each year, at
  • Anyone can add a fraud alert to their credit report with each credit reporting agency for added protection. This will prompt a two-step verification process for any attempt to open a new account in someone’s name, and is a very helpful feature to protect someone’s identity from being used by other parties.


Aside from checking credit reports, we strongly suggest changing all passwords. Most importantly, start with changing passwords for online banking, credit cards, email, and social media accounts. After these, move on to seemingly innocuous accounts like the United States Post Office and those for magazines or local newspapers, with active subscriptions.

  • It’s worth it to keep a list of all locations with usernames and passwords. Imagine how helpful this list might be in this situation, cutting response time drastically and potentially reducing the overall impact. Just don’t store the list somewhere online, like email. If that is the first thing a hacker can access, they have access to everything after discovering this data goldmine!
  • Make sure new passwords created are complex, using a combination of capital and lowercase letters, numbers, and symbols like ?!@#$%.
  • Change passwords on desktop systems to prevent a sophisticated hacker from accessing further personal data, or giving them the smallest access point to plant a virus or ransomware, or even mine cryptocurrency.
    • Running the most recent updates and install these packages immediately will help close any security gaps discovered by operating system manufacturers and application developers.

Credit Cards

In this case, credit card numbers were included in the disclosed data. It’s a huge pain, but it’s worth it in the long run for protection to report the accounts as compromised and have new card numbers issued.

Every day brings a story of new ways hackers use to access PII of consumers and how this information is used to their advantage – and to the detriment of the consumers affected. Consumers need to regularly assess their risk and do their best to eliminate the unknown, where possible by taking these measures to protect themselves. Maintaining a realistic perspective on this risk will be instrumental as “an ounce of prevention” here.

In modern days of digital communication, we can never be too careful as hackers are becoming far more sophisticated and staying one step ahead of consumers. Imagine if cybercriminals used their power for good!

Don’t let one mistake cause years of hassles and headaches – talk to an expert if you think you’ve been compromised in this or any other data breach, and protect yourself.

Microsoft Is Calling Every Single User For Feedback

Are you an expert at using Microsoft products? Microsoft wants to hear from you — and wants to make your feedback part of an update — but first, they need to know what you think. How can they find out?

Microsoft Feedback

How often do you use a Microsoft product? Are you a daily Microsoft Word user? Is your primary email client Microsoft Outlook? What about SharePoint? The list goes on (Teams, Flow, you get the idea). And those are just the software products! Maybe you have a Surface Book, too? Or a Surface Book 2?!

One of the great things about Microsoft is they love user feedback. Software updates are often based entirely on suggestions from users on what features they’d like to see, what improvements can be made, and how to make daily use easier for users in general. The main goal is to increase efficiency with the Microsoft product while increasing productivity at the end user perspective. This is a win-win-(win). That last “win” was in parentheses because it’s silent – Microsoft sees increased dependence and therefore long-term customer loyalty, which translates into an ongoing revenue stream. That’s understandable.

What’s often less clear is how Microsoft tries to collect user feedback. No, they don’t really call users at home. Well, actually, they might – but in this case, the most effective way to communicate a suggested feature is through the Microsoft Excel Community, a forum of over 16,000 members in which to communicate about all things Microsoft Excel. If you’re in search of a feature, this is the place to peruse. Formula got you flummoxed? Need help with a pesky pivot table? Is a macro making you crazy? You’re most likely to find your answers here. The best part is that this community has super users, and we don’t mean users who wear capes. One such super user has over 400 posts, and these users can be found under “Experts” – a clear indicator they know what they’re talking about in Microsoft Excel!

There is also an active Blog, where Microsoft posts content about Excel. Content ranges from posts aimed at beginners, like how to use general features for newbies, to content focusing on new features released to satisfy the needs of super users (“experts”). These Blog posts are great for deeper insights and step-by-step instructional processes, but the forums are the better space for finding tips and suggestions for specific needs.

Microsoft loves to hear from users about what’s working and what can be improved and encourages engagement through a custom portal on their Community page. Roughly halfway down this page, on the right-hand side, users will see a vivid green box — the green will be instantly recognizable as “Excel” green — with “Submit your ideas”. Clicking on this will open a dialogue menu for users to submit as a digital version of a suggestion box.

Trust us when we say, Microsoft listens. This is their way around getting you on the phone for a personal interview. Recent updates have been made that actually result from feedback in this manner. Users can submit ideas, and other users can “vote up” suggestions. The recent features that have been added to Microsoft Excel have gotten anywhere between 200 to over 1,000 votes from users supporting the suggestion. This is one of the most effective ways to communicate directly with Microsoft – because they’re watching this forum closely.

Stalker Level: Microsoft

Based on user feedback, Microsoft recently updated Excel to include features expanding the use of foreign languages. Before the update, users would attempt to import a CSV file that included text strips that did not contain traditional Latin characters, like Arabic. Users would then get an error message that this information would be lost in the text encoding process upon opening the file. Users affected by situations like this need no longer worry as CSV UTF-8 file formatting is now permitted.

  • This error dialogue used to pop up all the time in situations like this, no matter how many times a user followed the same process. Excel now allows you to select “Don’t Show Again” to disable this warning for the same user. But even if a user only accidentally clicks the “Don’t Show Again” option, this can be toggled on again. Microsoft is trying to allow users to cater their Excel experience to their custom preferences, and it’s starting to show.

Another feature that came into existence through user feedback via the Community is the improved pivot table experience. Users can now alter pivot table settings and then establish these as the default settings for pivot tables at the user level. No more re-formatting pivot tables with each file! Users can even create a pivot table in a new worksheet and import the settings from the existing table data, to save time. Microsoft realized how big of a time saver this would be, and jumped at the opportunity to satisfy a huge community user base with this update.

A cool feature Microsoft just released for Excel Online is an improved search experience. Remember when you would open the “Find” dialogue box, enter your search parameter, and then Excel would show you the next location? And then to find the next location, you had to repeat the process? Well – good news! The search window no longer disappears with each search query. BONUS: users can search within the pivot experience, as well! These filters work on Excel Online just like in the desktop version.

When Microsoft makes an update to any of their products, the goal is to improve efficiency and productivity, as already stated. That’s why they began including the Quick Access icons in the toolbar at the top of the application window several versions of Microsoft Office ago.

  • Did you know the Quick Access toolbar is customizable? Users can change the icons that live in this section, at the very top of the document window. This is where your magical “undo” button is, by default. If you select the drop-down arrow just to the right of the last icon, there is a short list of actions you can include, and an option for “More” under these. Imagine the possibilities!

Microsoft also likes to share lesser-known features with users to make sure they are getting the most out of their Microsoft products. One of their recently-highlighted features was the Document Location Information, where users can toggle on the ability to see the full address for the location of a file, should the user need to access the file, perhaps for sharing.

  • One cool workaround for file sharing is that you can click on the icon next to the file name at the very top of the window on the desktop version and use a drag-and-drop feature this way to attach a file to an email or to cloud storage platforms.

Visit the Community to check out all the top features that are packed into Microsoft Excel to see how to simplify your day-to-day tasks, automate reporting processes, and improve overall efficiency. And remember – if you think of something else, tell Microsoft. You never know, the next Microsoft Excel feature that gets announced may be your suggestion!

Problems with Two-Factor Authentication in Office 365?

We noticed that some people are having problems using Microsoft Office 365 with two-factor authentication (2FA) (also known as multi-factor authentication).

Office 365 Two Factor Authentication


We have a few tips for you here.

First: It’s important to know that when your admin sets up 2FA for your Office 365 users, they must enable Modern Authentication (MA) for Exchange Online if users are accessing Exchange using Outlook 2016. (The versions of Microsoft Outlook before 2013 don’t support Modern Authentication.)  For details on how to enable MA for Exchange Online tenants, see Enable Modern Authentication in Exchange Online.

Second: You shouldn’t have any problem using 2FA with Microsoft’s mobile Office apps, Outlook Groups, Office 2016 desktop apps, and OneDrive for Business in Windows 10. However, other applications may be incompatible, so make sure you test all the apps in your organization before enabling 2FA.

How to Connect to Office 365 Security & Compliance Center PowerShell Using 2FA.

If you set up 2FA for tenant administrator accounts, they can’t sign in to Office 365 using PowerShell. Instead, you must set up a specialized account for administrators. To do this, you must install the Exchange Online Remote PowerShell Module and use the Connect-IPPSSession cmdlet to connect to Security & Compliance Center PowerShell.

Important note from Microsoft: You can’t use the Exchange Online Remote PowerShell Module to connect to Exchange Online PowerShell and Security & Compliance Center PowerShell in the same session (window). You need to use separate sessions of the Exchange Online Remote PowerShell Module.

This is what Microsoft recommends you do:

  1. Open the Exchange admin center (EAC) for your Exchange Online. See Exchange admin center in Exchange Online.
  2. In the EAC, go to HybridSetup and click the appropriate Configure button to download the Exchange Online Remote PowerShell Module for multi-factor authentication.
  3. In the Application Install window that opens, click Install.

Windows Remote Management (WinRM) on your computer should allow authentication by default. If basic authentication is disabled, you’ll get an error message. Now you should be able to sign into the Security & Compliance Center PowerShell by using 2FA.

After you sign in, the Security & Compliance Center cmdlets will be imported into your Exchange Online Remote PowerShell Module session and tracked by a progress bar. If you don’t receive any errors, you’ve done this successfully.

If not, and you receive errors, check the following requirements:

  • Limit your open remote PowerShell connections to three. This prevents denial-of-service (DoS) attacks.
  • Make sure the account you connect to the Security & Compliance Center is enabled for remote PowerShell. For more information, see Enable or disable access to Exchange Online PowerShell.
  • The TCP port 80 traffic must be open between your local computer and Office 365. It may not be if your organization has a restrictive Internet access policy.

How to Enable 2FA in the Office 365 Admin Portal

Two-factor authentication (multi-factor authentication) can be enabled for individual users or in bulk. Before continuing, be sure to install Microsoft Authenticator on your user’s mobile devices, (not Authenticator, a similar app from Microsoft but without support for push notifications).  Here’s what Microsoft says to do to enable 2FA one user at a time:

  • Log in to the Office 365 admin portal using an administrator account.
  • In the menu on the left of the portal, expand Users and Active users.
  • In the list of users, click the user for which you want to enable 2FA. Note that only licensed users can use 2FA.
  • In the user’s pane, click Manage multi-factor authentication under More settings.
  • On the multi-factor authentication screen, select the user account to enable, and then click Enable under quick steps on the right.
  • In the About enabling multi-factor auth dialog box, click enable multi-factor auth.

The MULTI-FACTOR AUTH STATUS should change to Enabled. Close the browser window and sign out of the admin portal.  

How to Enroll an Account for 2FA

Once the feature is enabled, the user must now enroll for 2FA, and sign into Office 365 with their username and password, and then click Set it up now on the sign in screen and follow Microsoft’s instructions below:

  • On the Additional security verification screen, select Mobile app
  • Select Receive notifications for verification
  • Click Set up
  • Open the Microsoft Authenticator app on your phone and click Scan Barcode.
  • Use the camera on your phone to scan the barcode in the Configure mobile app You’ll then need to wait a couple of seconds while the app activates the new account.
  • Click Finished in the browser window.
  • Back on the Additional security verification screen, click Contact me.

The user will receive a notification on their phone. They should open it, and they’ll be taken to the Microsoft Authenticator app.

  • Click Verify to complete the sign-in process.
  • Click Close in the Microsoft Authentication app.
  • In the browser window, they must enter a number to receive verification codes in case they lose access to the Microsoft Authenticator app and click Next.

Web-based and mobile apps can use Microsoft Authenticator app verifications for 2FA logins, but Office desktop apps require an app password.

This final step provides the user with an app password for these apps.

  • They should copy the app password by clicking the copy icon to the right of the password and paste it somewhere safe. Click Finished.
  • They’ll be prompted to sign in again, this time by verifying the login using the Microsoft Authenticator app.

Important note from Microsoft:  If you want to use only Multi-Factor Authentication for Office 365, don’t create a Multi-Factor Authentication provider in the Azure Management Portal and link it to a directory. Doing so will take you from Multi-Factor Authentication for Office 365 to the paid version of Multi-Factor Authentication.

We hope this helps. It can be complicated to implement the proper settings for two-factor authentication in Microsoft Office 365.  If you have any problems doing this, feel free to contact our Microsoft Experts.

Hiring an IT Company? Make Sure You Ask These 25 Essential Questions!

Selecting a company to maintain your technology is one of the most important decisions you can make for your business. You must find the most competent and reliable IT support provider in your area.

Hiring an IT Company

How do you know if the IT company you’re considering is right for your business?

Some technology companies call themselves the best, but they haven’t kept up their certifications. This is important because the latest certifications validate the skills that their techs learned in their training. With all the cyber threats and new IT solutions today, it’s critical that your IT provider is up to date on their skills.

Don’t just pick a company off the Internet because they’re the closest one to you. Do your research to find out if they are truly qualified to protect your data and meet your organization’s unique IT needs.

The following are some key questions that you should ask any IT provider you’re considering for your business.

  • What are your staff’s qualifications and certifications?
    The right IT company should be able to provide you with information regarding the certifications held by their staff and relay how these will meet your needs.
  • How long have you been providing technology services? They should have a minimum of three years of experience in the service, support, and solutions you require.
  • What Partner Certifications and Technical Specialties do you hold? Ask, for example, if they are certified on Apple devices and Microsoft solutions. Also, ask if they can provide you the latest hardware and software products at the best price.
  • Do you require continuous training of your IT techs? This is the only way to ensure technicians have the most recent certifications.
  • What industries have you worked in?
    Find out if they’ve worked in industries similar to yours. If not, determine if the work they’ve performed for others aligns with your needs.
  • How well do you understand the business applications we use?
    Your business may have specially-built applications to handle needed workflows. Your IT provider should understand how your business technology works and be able to support it.
  • How large is your IT company?
    If they are a small company, you’re more likely to be high on their priority list. However, larger IT companies typically offer a broad knowledge base and capabilities. Plus, their available resources may be more expansive. You must weigh the benefits of each and decide which is best for your business.
  • What kind of customer service can we expect? Do they offer 24/7 service with a live person on the other end of your call, chat or email? Is their help desk staff qualified to address your issues immediately?  If they can’t resolve your problems over the phone or online, how long will it take for a tech to visit your business?
  • Is your onsite service response time backed by a written Service Level Agreement (SLA)? A certified, professional IT company will put what they offer in writing. They should offer managed services with service-level guarantees. What is their “on-time” guarantee? Their SLA should include this as well as information about how you’ll be compensated if they continually show up late, or if they don’t meet the standards detailed in the SLA.
  • What is and isn’t covered by your service contract?In addition to what they do provide, find out what they don’t.  Do they provide fixed-fee services? Are there extra costs, and if so, what are they? Avoid using IT companies that are only interested in fixing what breaks and selling you equipment.  You deserve an IT partner who will work diligently to give you and your employees an IT infrastructure that is secure, reliable, and enhances productivity.
  • Do you offer outsourced CIO Services? Having an Outsourced CIO means your technology will meet your business needs now and into the future. Their CIO should be able to:
  • Develop an understanding of your business and technology infrastructure.
  • Provide recommendations for IT solutions that will promote your success and grow with your business.
  • Construct a Strategic Plan that aligns with your budget.
  • Conduct ongoing evaluations and provide IT performance metrics on a monthly basis.
  • Will you monitor our IT system around the clock? This prevents downtime because they will detect problems early before anything fails.
  • What security services do you offer? How will you protect my interests?Cybercrime is on the rise, and your data must be safeguarded. They must provide up-to-date cybersecurity solutions to protect your computers and network from unauthorized access, malware, phishing, viruses and other forms of cybercrime.
  • Can you monitor our network for cyber intrusions and threats? With all the security incidents today, 24/7 security monitoring is essential.
  • Do you provide Mobile Device Management? When you or your employees use your laptops, tablets or smartphones for business outside of your workplace, they are vulnerable to theft and malware from public Wi-Fi and more. You need the assurance that your data can be remotely wiped from any device if necessary.
  • Do you perform Risk Analyses and Vulnerability Assessments? Your business may require this to stay compliant with government or industry regulations. Plus, this will detect any “holes” in your computer and network security that hackers can take advantage of.
  • Do you provide Backup and Recovery Solutions? You need both an onsite removable backup solution and an offsite one (in the Cloud) to ensure you will have access to your data if it’s stolen, corrupted, accidentally deleted, or damaged due to a flood, fire or another emergency.
  • What’s included in your Disaster Recovery Plan?
    This is extremely important. Be sure to ask about site visits and audits to estimate the recovery time and the impact of a potential failure. Do they have a reliable process in place? How often do they test the disaster recovery plan? Is their staff knowledgeable and ready to react under the worst possible conditions? Also, make sure they can regularly provide the results of disaster recovery tests.
  • Will you provide ongoing Security Awareness Training for our employees? Cybercriminals are constantly developing new techniques to trick your users into downloading malware or releasing confidential information and credentials. It’s critical to conduct recurring and updated security training to ensure your employees recognize these threats and know what to do to prevent exposing your data.
  • Will your IT professionals communicate with our staff in “plain English?” They should be able to relay information in a way you and your employees can comprehend.
  • How do you stay informed about evolving technologies? Do they attend industry events to update their skillsets?
  • Will you migrate us to the Cloud and help us understand how to use cloud solutions? Make sure your IT provider can help you and your employees understand the Cloud, it’s benefits and risks. They should be able to help you find the right cloud services for your unique business needs.
  • Can you offer us different types of cloud solutions? Do they provide:
    • A Public Cloud, so you can securely share space with other clients?
    • A Private Cloud that is dedicated only to your use?
    • A Hybrid Cloud which is a combination of a private and public cloud?
  • How much will cloud migration cost? Migrating your workflows and data to the cloud can provide many benefits, including cost savings, and increased productivity. However, you should ask how much cloud migration will cost, including associated expenses such as maintenance and support.
  • Do you have any case studies or testimonials from existing clients that I can read? Can I contact them? Would you hire a new employee without checking their references? Of course not. So, you should do so with your IT provider. Contact some of their existing clients to find out what you need to know.