Must-Know SEO: Info Secrets to Maximizing Your Website’s Google Search Ranking

 

Google is the number-one search engine. It’s the one people go to when they have a question they need to be answered or are looking for a business to serve their particular needs. Google, like the terms Kleenex and Clorox, has become part of our daily vernacular. When you search for something online, you’re “Googling” it.

What is SEO (Search Engine Optimization)?

It’s the multi-discipline process of optimizing a website to rank high in organic search results.

Organic search results are those you don’t pay for.

Typically, when people search for companies or information on Google, the first few results they get are those that a business has paid for. If they say “Sponsored” or “Ad” that means someone has paid for them to be ranked at the top.

If you don’t pay for an ad, you must practice good SEO to be listed near the top of a Google search.

What constitutes good SEO?

This is difficult to pin down because It’s often-changing and always updating. Google updates their algorithms and the way that they rate and rank content hundreds of times a year. It’s impossible to keep track of every single change. However, practicing good SEO strategies, in general, will result in better search rankings.

Although it’s easy to understand, SEO is challenging to execute effectively. Here’s some information that should help.

On-Page Optimization

Optimize your entire website as a whole:

  • Increase the page speed and load times. Google will penalize your website if it loads slowly. Keep this in mind when purchasing web hosting. Make sure they have plenty of uptime, and you have enough bandwidth. If you don’t, Google will penalize you.
  • Ensure your site can be found using mobile devices. More people browse via mobile today than they do with desktop computers. Take this into account with every element of your website’s design. From your home page to your landing pages, to your contact page–Everything must be optimized for mobile searches. If your website looks great for desktop but isn’t accessible for mobile use, Google will penalize you in your search rankings.
  • Use HTTPS in your URL even if you’re not selling anything. Just having a secure website immediately gives you a boost in Google search rankings.
  • Include Social Sharing Links. Pick the social networks that are most relevant to your audience, like LinkedIn, Facebook and Twitter. Use the icons for the links on your webpage so people can find you easily and share your content. The more people share your content, the more Google finds you relevant, and the higher they will rank your business in their search results.
  • Use tools like Woorank, Yoast to test your overall website performance. These and other tools like them will scrub your page much like Google will, and tell you what your results are based on your current level of search optimization. If there are things you need to improve, these tools will let you know what they are, so you can up your search ranking.

Know your keywords and how to use them:

  • Make a list of topics relevant to your business and your intended audience. These are called Head Terms–words that are used in your industry or line of business.
  • Get specific and use Long-Tail Keywords. Think of this as the problem you want your customers to bring to you that you can solve. If you’re an attorney, this might be, “How can I save money on a divorce?” or “How do I fight a traffic ticket?” etc.
  • Do your own search for other keywords and observe user intent. See what problems people are having and which ones you can solve. The more you can solve, the better chances you’ll be a credible authority in their eyes and Google’s.
  • Scope out the competitor’s keywords. There are some paid tools you can use to do this. Or, do this on your own by visiting your competition’s website and looking at what they’re promoting, what media they use, the headlines they use, and the phrasing they publish. By doing a search for your competition, you can also see where they rank.
  • Use your keywords within the first 100 words of any of your web pages, including blog posts and videos. The first 100 words are used most heavily when Google scrubs information from your webpage. This is where you want to include your specific long-tail keywords.
  • Don’t keyword-stuff. You want to use your Long-Tail Keywords throughout the rest of your web pages, but don’t overdo it. Keep your language natural-sounding. If you keyword-stuff, Google will penalize you.

Use headers correctly:

  • H1 headers are for article or page titles. These are most important for SEO because this tells Google what your page is about. This is where you want to use those well-constructed Long-Tail Keywords.
  • H2 headers are for your sections. You should use Long-Tail Keywords here as well but be creative with your phrasing. Don’t repeat phrases over and over.
  • Include your keywords here but be creative with phrasing

Label your images correctly:

  • Include your keywords in your image file names. These will be your shorter keywords and Head Terms–terms that are broad in scope.
  • Include your keywords in your image alt text. Include your specific Long-Tail terms here as well.

Test it out.

The Right Content

Write for your audience:

  • Think of questions that your target audience would ask. Think of what people will be searching for. Think of the problems that they are looking to you to resolve.
  • Let your keywords be your guide. Phrase them as a question, then write the authoritative answer.

Go the distance whenever you can:

  • Word count matters. Aim for at least 1,000 words as often as possible. This may not always be possible for things like video descriptions or info-graphics. Don’t worry. Do the best you can.
  • Don’t sacrifice quality for word count. If you don’t have anything worthwhile to say, don’t just write a bunch of needless content. Google will pick this up and penalize you. Google wants quality content.
  • Some industries will need more quality content to compete online. If there’s a lot of competition for your service or product, you’ll need to step up your game to differentiate yourself from the others. You’ll need to come up with content that is better and more creative than what your competitors are posting.

Mix it up and keep it fresh:

  • Share more than just written articles. The broader your library, the more people you will appeal to. Blog posts are great but don’t neglect other options.

Repurpose your best old content:

  • Rework your old content that performed well into a new format like an infographic, video, e-book, and or blog. Take an e-book that was popular and write an article about it. Take an article and make a video from it, etc.

Don’t forget your Meta Descriptions:

  • Meta descriptions are the “flavor text” that shows beneath the link in a search result.
  • Google says that meta descriptions aren’t a ranking factor. However, the text that shows in SERPs can compel people to select your search result. If it gives you an edge, why not use it.
  • Write conversationally and aim to catch the viewer’s attention. Use 300 words max for your meta descriptions.
  • Use them on every page of your website.
  • Try plugins like Yoast if you are using WordPress for assistance writing great meta descriptions. It will rank the meta description and tell you whether or not it will be a positive influence.

Links and How to Use Them

Internal Linking:

  • Link to other pages, articles, or media within your own site. If you are the authority in your area of expertise, one article you write will surely have relevance to others on your site.
  • Try to get 2-3 internal links per page. This gives people a reason to stay on your site. It will give them a reason to stay on your page and click thru to other pages. This is important for good ranking results.

External Linking:

  • Link to authoritative, quality pages outside your website that have relevant information. Use links to news articles, Wikipedia, or other well-known websites. Be selective. Don’t link to blogs. Remember, anything you link to reflects the quality of your website. If you link to reputable sources, Google will consider your site reputable as well.
  • Be selective as the links you choose as this will reflect on the quality of your site.

Backlinks

  • These are the “Holy Grail” of links, and the most difficult to obtain. Backlinks are where you link to an outside page, and they link back to you. Here are some of the things you can try to get quality backlinks:
  • Write case studies on the products or services you use, especially if you’ve had spectacular results. Share these with your vendors and partners.
  • Write reviews for the companies and products you would recommend to others.
  • Build genuine relationships online and off.
  • Become a resource for the media.
  • Volunteer to speak to groups in your area.

How to Gain an Edge

Reviews, Reviews, Reviews:

  • Positive user reviews influence SEO ranking. Google Business and Yelp are the most popular and widely used.
  • Search for your business type in your location to see what other review sites are used by your target audience. Some of these might include Nextdoor, Angie’s List or TripAdvisor.
  • It’s okay to ask happy customers to leave a positive review, but don’t overdo it.

Location, Location, Location Reviews (and other ways to be relevant):

  • Don’t forget to include your location in your keywords if you serve local clients. If people are searching for businesses like yours in your location, Google will be able to find you and post your information in their search. Even if the person doesn’t include your city in their search, Google knows where they are and can find you to answer their query.
  • Consider other ways to signify that your information is relevant and current. Include the year in your title when relevant. If you’re talking about products, consider using a title like “The 20 Best Products in 2018.” People will see your post as relevant, and Google will see that your posts are current and give you a better ranking.

Be the Expert in One Area:

  • If you find a keyword that gets lots of search action without a lot of competition go deep with your strategy. Be the authority on it and use your internal links to your advantage. When doing your research on your keywords, if you find one that gets a lot of search activity, but there’s not much competition, use those keywords and write in-depth on the subject. You’ll rise the top of Google searches very quickly.

Optimize for Mobile:

  • This is worth repeating because the percentage of non-desktop searching is going to continue to increase. If your site isn’t easy to navigate on mobile devices, you’ll lose business.

Optimize for Voice Search:

  • The #1 thing that will set websites apart in the future is the ability to have your web properties appear in voice searches. We are using more Artificial Intelligence functions on our computer devices like Siri and Cortana.
  • Think of the questions people will ask via voice search and answer them. Again, if you serve local customers or businesses, make sure that you list your location in your keywords.

Use These Great SEO Tools:

  • The Google Search Console provides great insight into how your site is performing in Google searches. You do have to take some steps to enable access, but it’s very user-friendly. You can see which keyword searches on Google were used most often that lead to your site, and what your click-thru rate was of these listings. It will tell you what people are searching for, when your site came up in their search and how often they are clicking on your link as opposed to others. (It’s free)
  • SpyFu spies on your competitors. Use this to see what keywords they are using and how well their site performs.
  • SEMrush provides valuable insight into the world of search. It will show your competitors’ best keywords, help you find competitors you didn’t know about, and reveal how much money your competitors are spending on search advertising. It’s one of the best resources for this.

Utilize Great Resources:

  • Neil Patel (neilpatel.com) provides great daily information on SEO and search in general.
  • MOZ (moz.com) has a wealth of great information for businesses that want more from their SEO.
  • Search Engine Journal (searchenginejournal.com) is loaded with great free SEO resources.

Advanced SEO

Schema.org:

  • Schema –The semantic web, is the next frontier for SEO. Schema.org defines the best-used terms to use for keywords. This is a definite list of codes that should be used for best practices. If Google sees you using old codes, this will hurt your ranking.
  • Rankings reviews, ratings, product descriptions, and schedules are now starting to influence rankings.
  • Speak with your website developer or SEO company to ensure schema.org elements are part of your website.

Rich Snippets:

  • Rich Snippets are search results that include ratings, reviews, images, video content, and more.
  • They stand out from all other search results because the search engine has more data about the site. It uses images, ratings, and reviews that can be pulled into the search results.
  • Setup using structured data found in the Google Search Console.

People Also Ask:

  • This is often featured with popular search terms. If Google gets the same requests over and over again, they post additional sites with information. The more expert advice you provide for frequently asked questions, and your content answers these very specifically, Google will consider adding your site you to their “People Also Ask” prompt. So, again, think of the questions most people will ask about your product or service and answer these in your website content.
  • Searches can get immediate answers here and may never visit your site.
  • It reinforces the need to ensure your website and content solves people’s problems, answers, questions, and offers advice.

Social Media:

  • Social media does play a role in SEO, and social content will affect your ranking.
  • The more shares or “social indicators” found, the more relevant Google will consider your content. When someone shares an article from your website, this is called a social indicator. This tells Google where the poster found this information and how many times it’s been shared. The more you get shares, the more Google will find your website valid and increase your rankings.
  • Reviews from social sites matter.
  • Social media channels are their own search engines.
  • Extended reading: “Social is the New SEO” by Neil Patel. This will tell you more about SEO and how important it is in Google rankings.

In Conclusion

The Most Important “Take Aways”

  • The days of a long list of your services are over. Optimize your page and your content for today’s audience.
  • Solve people’s challenges
  • Answer their questions. Use keywords intelligently and accurately, so you’re answering people’s question.
  • Become a valuable resource online and off.
  • Become more social.
  • Find a great web marketer who can help.

Questions? Send an email to us!

Make All Your Dreams Come True In One Easy Step!

Believe it or not, the primary purpose of technology is to improve our lives. Making your tech work to increase productivity and efficiency is the ultimate goal of every CEO – so take your first step today!

Technology can be fantastic! With the push of a button, the average person can:

  • Make a single cup of coffee
  • Toast bread or warm something in a microwave
  • Wash an entire load of dishes in a dishwasher
  • Adjust the temperature in a room or a car
  • Call someone on the telephone
  • Power a television on or off, and the list just goes on.

The push of a button can turn on a computer or smartphone, and the push of mouse or trackpad button can open an Internet browser or desktop application. You get the idea.

Microsoft wants to help and has pushed boundaries in technology over the last few decades. Today’s Microsoft is a far cry from the company that “started in a garage” in 1975. Based on the idea that technology could make using technology easier, Microsoft designed the predecessor to current-day operating systems. Since then, Microsoft has brought us the Microsoft Office Suite and a myriad of productivity software applications, as well as numerous desktop and laptop computers, tablet and smartphone devices, and gaming platforms for the consumer market – but you already know this. Today’s Microsoft is responsible for revolutionizing the workspace and mobilizing workforces around the globe. So long as we can connect to the Internet, we can connect with each other and communicate. Professional continuity is now 24/7, and productivity doesn’t stop.

From Word to Excel to Outlook, the staples of global professionals, Microsoft has brought us software applications that offer a promise of improving our lives with technology. The word processor replaced the typewriter, and the spreadsheet replaced the adding machine. Fast forward to Microsoft Office 365, the subscription-based service that supports absolute continuity with access to files from anywhere, unlocking professionals from their physical workspace or office-with-a-desk and opening up endless possibilities.

Enter OneDrive, SharePoint, Teams, Flow, and the variety of other applications that Microsoft has introduced in the last decade or so, and we think you’ll agree that Microsoft’s position has truly solidified into simplifying our lives with technology.

Have you tried OneNote?

Microsoft OneNote is a handy app that caters to the crowd that makes scribbles on little slips of paper or the corners of sheets in a notepad during meetings or while on calls. If your desk, wall, or any flat surface is covered with sticky notes, Microsoft OneNote was designed just for you. The simplistic nature of the app is deceptive – the app is designed to function in one way: collect your notes in one place for organized and cohesive thought collection. But what’s really cool is the open environment which Microsoft encourages! There are about 100 add-ins that OneNote users can access, or users can create their own add-in.

One of the developers over at Microsoft, in his spare time, created a cool add-in called Onetastic. Onetastic is a free add-on for Microsoft OneNote that extends – or adds – functionality for users in OneNote. What we now call add-ins would be considered hacks just a few years ago, but because they are designed with usefulness in mind, rather than malice, add-ins are a welcome addition to an application.

In the case of Onetastic, the add-in was designed by a Microsoft developer as a side project outside of the Microsoft realm. To get the Onetastic add-in, follow these steps:

  • Check for the most recent update of OneNote 2010 or OneNote 2013
    • You must be using the PC desktop version
  • Verify which version of Office you’re running:
    • Click “File” -> “Account” -> “About OneNote”
    • The first line of text, at the far right, will indicate 32-bit or 64-bit
  • Visit https://getonetastic.com/ and download the corresponding version of Onetastic
    • Documentation for this application add-in is currently available in about ten languages to support global productivity
  • Once the add-in has fully downloaded, restart OneNote
  • Users will see the add-in in the upper right of the ribbon

If you’re interested in Onetastic, there are several features that are favorites highlighted throughout the Onetastic portal. From calendars and quick tools to macros and shortcuts, here are a handful of features we think you’ll like best.

OneCalendar

The Onetastic add-in scans all of your Notes and organizes them for you in chronological order, and in a calendar view. Users can hover over each entry, and a modal will pop up with additional information and details about each Note.

This is an especially handy feature if you’re trying to remember a specific Note but can’t recall the exact date of the Note. Yes, you can search for the Note, but if you don’t have the search string to help you hunt the Note down, this is another way to discover it.

Pin to the Desktop

Ah, Pinterest – the innovative invention that digitized the concept of “pinning”. In OneNote, with Onetastic, users can pin a Note to the desktop or a Favorites list.

Custom Styles

OneNote doesn’t have the out-of-the-box built-in functionality of Styles or customization. Users have one set of Styles for headings and page titles, etc., but with Onetastic, users can create Styles very simply:

  • Select text
  • Save as “Custom Style”
    • Name the Style
    • Choose the attributes and formatting you’d like applied with the Style

Universal Adjustments

One item of caution with universal adjustments is that users will get a pop-up message with an alert that you won’t be able to undo a universal change or edit across multiple Notebooks. Universal adjustments will only apply to open Notebooks, and the user can select which Notebooks for these universal adjustments to apply.

  • One cool trick of Onetastic is the ability to slightly increase or decrease every font size on the page at one time. This is helpful and saves time given a user’s only other option is to select each section of text, one at a time, to increase or decrease the font size.
  • Users can search and highlight or replace text across pages or Notebooks.

Images

Microsoft gives users lots of tools and options for images in Word and Outlook, but extremely limited functionality in OneNote for images. Onetastic helps users with manipulation options.

  • Users can re-size an image by a percentage
  • Right-clicking on an image gives the user more options
  • A cool feature for users is the ability to select text from an image, copy just the text, and paste the text – for other documents, emails, etc.

Macros

What is a macro? A snippet of code or programming that takes adds on to an existing application by taking existing functionality or a series of existing functionalities within an application and perform these tasks very quickly.

“Super” users – users of any application that are very experienced with advanced tools – love macros. Users in OneNote have likely experimented with tables and other advanced functionalities, but the macro options that users have with the Onetastic add-in offer an entirely new universe of options.

  • Click the “Download Macros” button
  • Users are taken to a part of the Onetastic website called Macroland
  • Search and discover pre-made macros

Popular macros include:

  • Insert Monthly Calendar – create a quick calendar with a table in OneNote that adds a 7-column table with just a few options and the macro inserts a perfect calendar. Users can customize the physical size of the calendar.
  • Add a Table of Contents in the current Notebook, and your tabbed screen will have links to each page so you can quickly click from one OneNote to another using hotlinks for every tab in the Notebook
  • A macro called “Where Am I?” adds breadcrumbs, which are helpful in large Notebooks

Microsoft certainly tries to make all our dreams come true by simplifying our lives with technology, but where they leave gaps there are add-ins to help out. Check out the free tier of Onetastic today and try the features we list – and discover your new favorite ways to use OneNote!

MIcrosoft OneNote

Another Day, Another Major Data Breach – 20 Tips to Protect Your Business in 2018

Over Easter weekend, hackers stole 5 million credit and debit card numbers that were used at Saks Fifth Avenue, Saks Off Fifth, Lord & Taylor, and Canada-based Hudson’s Bay Company. The personal information of customers who shopped at these stores is now compromised.

Saks Hacking

Most of the stolen card data — which goes all the way back to May 17 — was obtained from these stores in the New York City metro area, and other stores in the Northeast U.S. It appears that these stores weren’t using a secure credit card payment system. Security firm Gemini Advisory reported:

“The attack is amongst the biggest and most damaging to ever hit retail companies...Credit card data was obtained for sales dating back to May 2017. The breach likely impacted more than 130 Saks and Lord & Taylor locations across the country, but the majority of stolen credit cards were obtained from New York and New Jersey locations.”

Gemini Advisory says that the hacking group JokerStash/Fin7 boasted about their success on the Dark Web and that the data is now for sale. The name of their “product” is BIGBADABOOM-2. Gemini Advisory’s co-founder and chief technology officer said that this group previously targeted major hotel and restaurant chains. They were also responsible for other data breaches like the ones that affected companies including Whole Foods, Chipotle, Omni Hotels & Resorts and Trump Hotels.

The hackers typically use phishing emails to gain confidential information. They send the emails to company employees including managers and supervisors who are key decision makers. They disguise themselves as an entity these people would recognize as legitimate. The email contains an invoice and asks them to pay it via a link provided. Once clicked, their IT system is infected.

No store is immune from this type of breach. However, you can protect your business from phishing attacks by educating your employees.

Cybersecurity training is a must for all businesses today. You can have all the right security technology in place, but if one of your employees unknowingly clicks a malicious link, or visits a counterfeit website, your business can be ruined.

Phishing is when a scammer uses fraudulent emails, texts, or copycat websites to get you to click a link so that they can steal your confidential information like Social Security numbers, account numbers, login IDs, and passwords. They use this information to rob you of your money and your identity.

The majority of account takeovers come from simple phishing attacks where you or someone in your organization gets tricked into releasing private credentials and information.

Scammers also use phishing emails to get access to your computer or network, so they can install programs like ransomware that lock you out of your important files unless you pay a ransom.

Spoofing

Phishing scammers try to lure you or your employees into a false sense of security by pretending to be a trusted source like a legitimate company, the IRS, a colleague, vendor, or even a friend or family member.

Phishers create a sense of urgency, making it seem like they require your information right away or something terrible will happen to you. They may threaten to hold back a tax refund or close your bank account. Essentially, they lie to get your information.

Here are things that you and your employees should do to protect your business.

Be cautious about opening attachments and clicking links in emails.

Files and links may contain malware that can infect and weaken your computer’s security.

Type in URLs and email addresses.

If a company or organization you know sends you a link or phone number, don’t click the link or call the number. Go to your search engine and type in the correct URL for the company’s site and find the legitimate phone number.

Call the source. Don’t respond to emails that request confidential or financial information. Phishers use strategies that prey on fear. If you think the contact in the email needs this information, refer to the phone number in your address book, not the one posted in the email, and call them to verify the request.

Use TwoFactor Authentication. For accounts that support this, two-factor authentication is an extra step to ensure the security of your information. It requires both your password and an additional piece of information to log in to your account. The second piece might be a code the company sends to your phone or a random number generated by an application or token. Two-factor authentication protects your account even if your password is compromised.

 Update your applications and Operating System. Use a good security software you trust, and make sure you set it to update automatically. Also, make sure you update all your applications and your Operating System when you receive patches from the manufacturer. Don’t delay, as there are good reasons for these updates, and they will protect your information from the latest threats.

Back up your files to an external hard drive and enterprise-based cloud storage. Back up your files regularly to ensure you have a duplicate of all your files and applications if your network is compromised.

Google conducted a study between March 2016 and March 2017 in conjunction with researchers from the University of California, Berkeley. The results revealed that phishing is far riskier for users than data breaches because of the additional information phishers collect.

Use a unique email address.

Spammers send out millions of messages to name combinations hoping to find a valid email address. If you use a common name like Joe, you’ll receive more spam than with a name like Wwmj4itvi. It’s harder to remember an unusual name like this. Try using an acronym like: “We were married June 4 in the Virgin Isles (Wwmj4itvi).

Use an email filter.

If your email account provides a solution that filters out potential spam or will channel it into a bulk email folder, opt for this. If they don’t, you might want to consider another Internet Service Provider.

Use more than one email address.

Consider using a disposable email address service that forwards messages to your permanent account. If the disposable address receives a lot of spam, you can shut it off without affecting your permanent address.

Limit your exposure.

Don’t share your email address in public. This includes blog posts, chat rooms, social networking sites, or in online membership directories. Spammers use the web to obtain email addresses.

Check privacy policies and uncheck boxes.

Before submitting your email address to a website, determine if they can sell your email to others. Don’t provide your address to sites that won’t protect it.

Be wary of messages that:

  • Try to solicit your curiosity or trust.
  • Contain a link that you must “check out now”.
  • Contain a downloadable file like a photo, music, document or pdf.

Don’t believe messages that contain an urgent call to action:

  • With an immediate need to address a problem that requires you to verify information.
  • Urgently asks for your help.
  • Asks you to donate to a charitable cause.
  • Indicates you are a “Winner” in a lottery or other contest, or that you’ve inherited money from a deceased relative.

Watch for messages that:

  • Respond to a question you never asked.
  • Create distrust.
  • Try to start a conflict.

Watch for flags like:

  • Misspellings
  • Typos

 Always Use Secure Passwords.

  • Use Two-Factor Authentication if it’s available.
  • Never use words found in the dictionary or your family name.
  • Never reuse passwords across your various accounts.
  • Consider using a Password Manager (e.g., LastPass or 1Password).
  • Use complex passwords.
  • Create a unique password for work.
  • Change passwords on at least a quarterly basis.
  • Use passwords with 9+ characters.

Keep Your Passwords Secure.

  • Don’t tell anyone your passwords.
  • Don’t write them down or email them.
  • Never include a password in a non-encrypted stored document.
  • Don’t speak your password over the phone.
  • Don’t hint at the format of your password.
  • Don’t use “Remember Password” feature of application programs such as Internet Explorer, Portfolio Center or others.
  • Don’t use your corporate or network password on an account over the Internet that doesn’t have a secure login starting with https://. If the web address begins with https:// your computer is talking to the website in a secure code that no one can access. There should be a small lock next to the address. If not, don’t type in your password.

If you believe your password may have been compromised, you should change it.

Regularly Backup Your Data Both Onsite and Remotely.

  • Maintain at least three copies of everything.
  • Store all data on at least two types of media.
  • Keep a copy of your data in an alternate location.

If you haven’t backed up your data and you’re attacked, it’s gone forever.

Ask Your IT support to Conduct Testing and Security Awareness Training for Your Employees.

  • Give a social engineering test.
  • Share the results with your staff.
  • Debrief and train your users.
  • Test again each year.

 Report Phishing Emails and Texts to the Federal Trade Commission.

Forward phishing emails to the Federal Trade Commission at spam@uce.gov – as well as the organization that was impersonated in the phishing email. Include the full email header if it’s available.

File a report with the Federal Trade Commission at FTC.gov/complaint.

Visit Identitytheft.gov. Victims of phishing could become victims of identity theft; there are steps you can take to minimize your risk.

You can also report phishing emails to reportphishing@apwg.org. The Anti-Phishing Working Group which includes Internet Service Providers, security vendors, financial institutions and law enforcement agencies uses these reports to fight phishing.

Easy Ways to Make Outlook 2016 Work Better for You

The new Outlook 2016 has incorporated some cool features, designed to be helpful and make your work day a little smoother. It can look a bit different depending on what version of Outlook you’re using and how your admin sets it up.

What’s New in Outlook 2016?

When you open Outlook, you’ll see six areas. Across the top is that familiar ribbon we’ve all become used to seeing. Above the ribbon, you’ll find the Title Bar which has the File tab, Home tab, Send/Receive, Folder, and View. Across the main section, you’ll find four wide panes of varying widths. Across the bottom is the newest addition to Outlook, the navigation bar.

While on the home tab, you can take a closer look at the four panes or main sections. The narrowest one located on the left contains your inbox, sent, deleted and other items pertaining to your mail folders. The second column contains your messages. Here, you can get a closer look at the items in your inbox. It shows the names and dates of each email. The widest pane shows the contents of the actual email. This section is called the reading pane. If you click on a specific email, you can read it and reply or forward it. The fourth smaller pane to the right contains your calendar and do-to list.

At the bottom, you’ll see the newly added navigation bar. Hover over each item there for a closer look. This is handy because you can access frequently used features or people very quickly here. The dots, which represent “more”, open up a “navigation options” dialog box. There you can change a number of things pertaining to the way your email client is laid out. You can also choose navigation options > compact navigation. This will make the navigation bar smaller. Little icons replace the larger words that were used. The icons can run horizontally across the bottom or vertically along the side.

Reading Pane Too Small?

You may not always need your calendar to stay open. It’s easy to close. Simply click on the arrow at the top to close it. You can also close the folders section located on the far left the same way. By closing these two sections, you’ll now have a much wider email viewing pane. This can be helpful if you have a long or important email to read. If you need to take a quick look at the folders, simply click on the words “All Folders” (far left side, vertically written) and a handy pop-out appears. This pop-out will stay there until you click on “All Folders” again. The navigation pane appears vertically written as well and this configuration can give you the greatest amount of space to work on emails.

In addition, you have the option of manually dragging the borders for each section. This is a quick and easy way to increase or decrease the width of a pane so that your Outlook email works best for your situation.

The New Navigation Pane

In the 2016 version, a navigation pane was added to the bottom. It has links that go out to:

  • Mail
  • Calendar
  • People
  • Tasks
  • More – More is represented by small dots in most programs now.

You can hover over each one to learn more about it or access that particular feature. For instance, hover over “People” to see all those listed in your contact list. You can also hover over a specific person to get more information about this person. For each of your contacts, you’ll see small icons along the bottom so you can email, call or video chat with that person. The same is true for each item in the Navigation Pane. Simply hover over your calendar for a quick look at your day, week or month. The calendar in your Navigation Bar performs the same tasks as the actual calendar portion of your Home Page. For that reason, you may find it handy to just leave that Calendar closed and use the one in the Navigation Bar. This will give you more room for emails and other tasks you do on the Home Page.

Taking a Deeper Look at The Ribbon

The Ribbon has been around since Word 2007 and most users are fairly knowledgeable about how to use it. If it’s in the way and you’d like to temporarily remove it, click on the small triangle on the far right side of the page. This collapses the Ribbon. When you want it back, click on the same triangle and it reappears. This works for all Microsoft Office programs, including Word, Excel, and Access.

Of course, there are shortcuts for just about all the actions found on the Ribbon. Many users find it helpful to learn those shortcut keys and use them instead of navigating through the tabs/items on the Ribbon. You can also hide or view the Ribbon by clicking on the View tab. Outlook 2016 is all about making your email tasks much simpler.

Dealing with Emails

Once you get your work area set up so that it’s most efficient for you, it’s time to read and answer a few emails. At the top of each one, you have inline options to reply, reply all, forward or IM. Click on reply and you can just start typing your message. You can also right-click in this area for a list of other options like changing the font and color of your typing. Right-clicking in various areas of the page will always call up a list of other helpful options and this can often prevent you having to reopen the Ribbon to accomplish a task.

When an email has attachments, you can click on the attachment to view it there in the Outlook program. This is true for PDF docs, Word docs, and Excel. This saves you the trouble of having to open Word, Excel or Adobe and this can be a real time-saver. If you do want to open up the specific program and view the document there, simply double click on the attachment.

Show As Conversation

Another helpful feature when dealing with lots of emails from different people on the same topic is the “Show as Conversation” feature found on the View tab. By clicking on “Show as Conversation” you can group all the emails about a specific topic so that they make sense. This prevents you from having to sort through dozens of emails to find all those related to a topic. Once these emails are grouped together, it’s easy to click on one to read or respond to it.

The Clean Up Tool

Like many users, you may have a dozen emails on one specific topic and yet only five of them are actually important and contain good information. The Cleanup Tool can be used to remove those emails that only say something inconsequential like, “I agree” or “Thanks” or contain redundant information. The Cleanup Tool is found on the home page and hovering over it will show three options:

  1. Clean up conversation
  2. Clean up folder
  3. Clean up folders and subfolders

Before the messages are cleaned up, you will get a warning box that asks if you’re sure. Many users find it helpful to clean up messages and folders on a regular weekly basis. This can prevent you from maxing out your Outlook storage limit. Simply run the Clean Up tool each week on folders and emails to keep redundant items from clogging up the works.

These are just a few of the many ways to make Outlook 2016 work more efficiently. By learning these tips and tricks you can save valuable time throughout your day and reduce stress.

Are We Learning Anything From All These Cyber Attacks?

So many big, expensive cyber attacks have taken place in the last few years that it’s hard to remember them all – when will we learn our lesson?

Cyber Attacks

Cyber attacks are common ground these days. There was the Chase Bank breach of 2014, which exposed the financial information of 76 million Chase customers. This attack was set to target 10 major financial institutions in total, but only one other company reported that data had been stolen. This company was Fidelity Investments. Though the attack caused serious repercussions for Chase Bank, the damage could have been much worse. Four hackers (two from Israel) were eventually arrested.

Hacking Isn’t Just About Stealing Data

In the Sony Pictures data breach of 2014, over 100 terabytes of data was stolen by North Korea. This attack was about more than just getting the personal information of consumers. The attack occurred because of a movie that Sony Pictures was set to release called “The Interview”.

The movie, starring Seth Rogen and James Franco, was a fictional story about two journalists who go to North Korea to interview Kim Jung Un. The two men actually work for the CIA and are planning to assassinate the very well-known but unpopular leader. It was believed that North Korea’s leader ordered the cyber attack on Sony Pictures to show his displeasure and disapproval of the film. In addition to the personal information of Sony executives and other employees, hundreds of photos and emails were released to the public. These highly personal items caused a massive amount of embarrassment to Sony’s top executives.

No One Is Safe from Hackers

Proving that no one is immune from cyber hackers, Equifax, one of the nation’s largest credit reporting agencies, was infiltrated by hackers in mid-2017. The company estimated that approximately 143 Americans were affected. In addition, an unknown number of consumers from Canada and the UK were affected by this breach.  Were there any signs that an enormous data breach like this might occur?

A report issued in October of 2017 by Motherboard, found that Equifax had certain vulnerabilities due to an online portal created for employees. Researchers discovered that the Equifax website was highly susceptible to a basic forced browsing bug. A researcher from Motherboard said that he didn’t even have to do anything special to infiltrate the system. It was far too easy to get in.

“All you had to do was put in a search term and get millions of results, just instantly—in cleartext, through a web app,” the researcher said.

In spite of this information being available to Equifax, it took them six months to close the portal and shut down these vulnerabilities. In this day and age, it’s unthinkable that organizations as sophisticated as Equifax might be so lax in their data security.

The Final Cost of Cyber Breaches

Target Stores lost millions of dollars when they had to reimburse customers for their losses after their 2013 data breach. In addition to that, a class action lawsuit was settled for roughly $10 million. As if that wasn’t enough, 20-30 percent of Target shoppers said they were worried about shopping online at Target stores after the breach.

Are We More Vulnerable Than We Believe?

Many data security experts believe that cyber weaknesses like this are far more common than the public believes. In an era when everyone should be fully aware and taking every precaution to prevent a data breach, numerous large corporations remain at risk.

After all is said and done, most people would expect any organization that has experienced a cyber theft to drastically improve their cybersecurity. Large, expensive data breaches leave an organization open to legal action, plus they’re embarrassing. Consumers say that they are less likely to do business with any company that has been a victim of a cyber breach.

But has that really happened? A new study performed by CyberArk reveals that 46 percent of all companies who have experienced a cyber breach have not substantially updated their security policies.

This failure to learn from past mistakes has the public truly baffled. In some cases, IT professionals have been interviewed and asked why they haven’t greatly improved their cybersecurity. Over 30 percent of these pros said that they did not believe it was possible to prevent all cyber-attacks. This indicates that even security experts aren’t sure what to do to stop future attacks from occurring. But, should we simply make the decision not do anything at all?

New Report Sheds Light on the Problem

A 2018 report from CyberArk called, “Global Advanced Threat Landscape Report”, indicates that at least half of all businesses and organizations have only taken the basic security measures required by law. Though their public relations department may say they are taking every precaution to protect customer data, this is probably not true. In addition, 36 percent of respondents in the report said that administrative credentials were currently being stored in Excel or Word docs. These documents would be easy to obtain by any hacker with average skills.

The Global Advanced Threat Landscape Report also reveals that the number of users with administrative privileges has jumped from 62 percent to 87 percent over the past few years. This points to the fact that many companies are opting for employee convenience over data security best practices. This is an alarming statistic given the soaring cost of cyber breaches.

Moving Into the Future with Better Cyber Security

The new AT&T Global State of Cybersecurity highlights many of the critical gaps that remain in our cybersecurity strategies. IT infrastructure and critical data must be fully protected, including credentials and security answer keys. In most organizations, those in higher positions are given greater access and authority to online data and this equates to heightened risks of a cyber breach.

According to Alex Thurber, Senior Vice President and General Manager of Mobility Solutions, “If 2017 has taught us anything, it is that every device needs to be secured because any vulnerability will be found and exploited”.

The company is set to sign a deal with Punkt Tronics to install better security on smartphones, Blackberry devices, and other electronic devices. With consumers spending more and more time browsing on their cell phones, all mobile carriers are searching for ways to better protect their customers from hacking.

What Consumers Can Do

A great increase in the sale of anti-virus software and password managers demonstrates a strong resolve by consumers to incorporate stronger security measures into their everyday lives. Innovative technology is producing a new generation of security software that combines threat defense techniques and other more conventional means of cybersecurity. Though some of these techniques are having an impact, experts believe there’s much more to be done.

As our society becomes more aware and more prepared, even stronger security for IT systems will be developed. Until then, security experts urge the public to be more cautious about clicking on links. Employees at any company need regularly scheduled security meetings where they are educated and reminded to utilize best practices when using smartphones and computers. All programs should be updated regularly with software updates and fixes to known bugs. Create difficult passwords and change them every 90 days. These are just a few of the ways that consumers can stay safe while surfing on the internet.

ALERT: Iranian Hackers Infiltrated 144 Universities in the U.S. Stealing $3.4 Billion. Is Your Data Safe?

According to Attorney General Rod Rosenstein, Iranians connected to the Islamic Revolutionary Guard Corps (IRGC) were recently charged with conducting a massive cyber theft campaign on American and foreign universities, businesses and government agencies.

Iranian Hackers

AG Rosenstein states:

The stolen information was used by the IRGC or sold for profit in Iran. They hacked the computer systems of approximately 320 universities in 22 countries. 144 of the victims are American universities. The defendants stole research that cost the universities approximately $3.4 billion to procure and maintain.

They also attacked computer systems of the U.S. Labor Department, Federal Energy Regulatory Commission, United Nations, and the states of Hawaii and Indiana.

When hackers gain unlawful access to computers, it can take only a few minutes to steal discoveries produced by many years of work and many millions of dollars of investment.

For many decades, the United States has lead the world in science, technology, research, and development.

Academic institutions are prime targets for foreign cybercriminals. Universities can thrive as marketplaces of ideas and engines of research and development only if their work is protected from theft.

The events described in this indictment highlight the need for universities and other organizations to emphasize cybersecurity, increase threat awareness, and harden their computer networks.

Every sector of our economy is a target of malicious cyber activity. Everyone who owns a computer needs to be vigilant to prevent attacks.

This type of criminal activity does not just cause economic harm. It also threatens our national security. Identifying and prosecuting computer hackers is a priority for the Department of Justice.

Hostile individuals, organizations, and nation-states have taken note of our success. They increasingly attempt to profit from American’s ingenuity by infiltrating our computer systems, stealing our intellectual property, and evading our controls on technology exports.

The FBI Considers These Individuals State-Sponsored Hackers

FBI Deputy Director David Bowdich reports:

“During a more than four-year campaign, these state-sponsored hackers compromised approximately 144 U.S.-based universities and 176 foreign universities in 21 countries… When the FBI learned of the attacks we notified the victims, so they could take action to minimize the impact. And then we took action to find and stop these hackers.”

The special agent from the FBI’s New York Division who investigated the case tells us:

“Their primary goal was to obtain usernames and passwords for the accounts of professors, so they could gain unauthorized access and steal whatever kind of proprietary academic information they could get their hands on. That information included access to library databases, white papers, journals, research, and electronic books. All that information and intellectual property was provided to the Iranian government.”

Is Your Data at Risk?

The Small Business Administration believes it is. Here’s what they recommend you do:

  1. Protect against viruses, spyware, and other malicious code. Make sure each of your business’s computers is equipped with antivirus software and antispyware and updated regularly. Such software is readily available online from a variety of vendors. All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. Configure all software to install updates automatically.
  2. Secure your networks.
    Safeguard your Internet connection by using a firewall and encrypting information. If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router.
  3. Establish security practices and policies to protect sensitive information.
    Establish policies on how employees should handle and protect personally identifiable information and other sensitive data. Clearly outline the consequences of violating your business’s cybersecurity policies.
  4. Educate employees about cyber threats and hold them accountable. 
    Educate your employees about online threats and how to protect your business’s data, including safe use of social networking sites. Depending on the nature of your business, employees might be introducing competitors to sensitive details about your firm’s internal business. Employees should be informed about how to post online in a way that does not reveal any trade secrets to the public or competing businesses. Hold employees accountable to the business’s Internet security policies and procedures.
  5. Require employees to use strong passwords and to change them often. 
    Consider implementing multifactor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account.
  6. Employ best practices on payment cards 
    Work with your banks or card processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations related to agreements with your bank or processor. Isolate payment systems from other, less secure programs and do not use the same computer to process payments and surf the Internet.
  7. Make backup copies of important business data and information
    Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly, and store the copies either offsite or on the cloud.
  8. Control physical access to computers and network components
    Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel.
  9. Create a mobile device action plan.
    Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment.

Protect all pages on your public-facing websites, not just the checkout and sign-up pages.

Protect information, computers, and networks from cyberattacks. Keep clean machines: having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Set antivirus software to run a scan after each update. Install other key software updates as soon as they are available.

Provide firewall security for your Internet connection. A firewall is a set of related programs that prevent outsiders from accessing data on a private network. Make sure the operating system’s firewall is enabled or install free firewall software available online. If employees work from home, ensure that their home system(s) are protected by a firewall.

Create a mobile device action plan. Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment.

Control physical access to your computers and create user accounts for each employee. Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel.

Limit employee access to data and information, and limit authority to install software. Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs and should not be able to install any software without permission.

The increased frequency of cybercrime of cybercrime incidents has raised concerns and stakes for both small and large businesses. Your IT Managed Services Provider will help you fight and prevent cybercrime of all kinds. They will be your best friend in this regard. Don’t wait to contact them.

Are You Playing The Internet’s Latest Game Of Cops And Robbers?

Make no mistake – if you show the slightest bit of weakness around a bully, they will pounce. The Internet is no different, with hackers just waiting for a cybersecurity vulnerability to seize their opportunity.

Internet Crime

 The latest form of cyberterrorism to take root and have explosive growth is incredibly dangerous. Forget about Trojan horse viruses and identity theft — well, not really, those are still a threat — but the hot topic today is cryptocurrency mining. This phrase is used in reports and articles all over the Internet, but what it means can vary.

  • Cryptocurrency is an alternative currency in a digital format that is uncontrolled by a financial authority where the authority determines the supply and value. The most widely-known type of cryptocurrency is bitcoin. The decentralized nature of cryptocurrencies is what makes them so appealing to cybercriminals, but also what makes the industry minimally regulated.

Have you ever had a virus on your computer or smartphone? We know that pain. They range from annoying to debilitating and are time-consuming to eradicate. What’s worse is when we connect our smartphones via charging cable to a computer, and we allow access to our smartphone, we run the risk of inadvertently allowing the virus to transfer. Can we ever win?

  • In 2017, a version of malware for cryptocurrency mining targeting Android devices was discovered and proved its effectiveness of physically damage a mobile device.

Why are we talking about cryptocurrencies and viruses at the same time? Because you’d be amazed at what lengths cybercriminals — hackers — will go to accomplish their goal. Have you ever heard of ransomware? It’s a type of malicious software, “malware”, and sometimes more advanced malware is involved where the victim’s files are encrypted using code deployed by the hacker, called cryptoviral extortion. These all function the same as a basic virus, where an executable program is planted on a user’s computer with the intention of restricting user access in some way. With ransomware, to remove this restriction and regain access, the user is prompted to pay whatever fee the hacker demands — their “ransom” — otherwise the user’s data is blocked entirely and permanently. This type of extortion is being used more commonly in cryptocurrency mining.

  • Cryptocurrency mining uses specialized software programs to automate the process of solving complex math problems in exchange for a small amount of cryptocurrency.

How is this possible? We mentioned that the beauty of cryptocurrency mining is in automation. A cybercriminal gains access to a computer — without the knowledge or permission of the computer’s owner — and installs the software that runs the mining file(s). Has this ever happened to you? But…would you even realize it?

How do cybercriminals access a computer to fulfill their devious plan? Through dark and devious means in a dimly-lit basement at a desk filled with candy wrappers and empty cans of energy drinks? This isn’t a Hollywood film – it’s much more likely the cybercriminal is at a coffee shop or somewhere benign. They could be next door, across town, or around the globe from the computer that they’re hacking. While proximity isn’t meaningless, it’s far less necessary than it once was. The Internet has made consumers that much more vulnerable, and that much more valuable to a hacker. The sad reality is that the devices most consumers use to access the Internet — either wireless routers or networks lacking sophisticated means of protection — are the most common culprit. Most consumers don’t realize how important it is to established layered levels of cybersecurity protection at their home, nor do they understand how to go about protecting themselves adequately. This is something best left to the experts – especially if you need to establish this protection in your office, and it’s your business!

Still wondering why a hacker targets a personal computer for cryptocurrency mining? The answer is money. We can look at this from a few different perspectives.

  • Using someone else’s computer, a hacker doesn’t need to worry about overhead, like:
    • Reliable power and resulting power bill.
    • The purchase and maintenance of the expensive hardware needed to process the thousands of complex problems that generate the cryptocurrency, though fractional portions with each solution.
  • Hacking into many computers offers the chance to increase the amount of cryptocurrency generated in the same time frame from multiple sources.
    • When one option is eliminated, another option replaces it quickly, so a hacker avoids “downtime”.
  • The goal of any hacker varies, but when it comes to cryptocurrency mining, the goal is to make money. The next step in a natural progressing — one born of greed — is to hold the hacked device hostage for ransom.

The terms “cyberterrorism” and “cyberespionage” are just fancy ways of redefining a hacking situation that is getting uglier each year. The more sophisticated any cybersecurity network is, personal or professional, the more sophisticated hackers need to become in response. Adversely, the more vulnerable a network is, the more attractive the victim is to a hacker, and the more expensive the situation the victim is likely to find themselves in – repeatedly.

The value of cryptocurrencies keeps increasing, as well. Bitcoin is valued around $9,000, meaning that the cost to buy one Bitcoin is $9,000. A newer cryptocurrency, Monero, has increased exponentially in its first year. The value of Monero is lower than that of Bitcoin, closer to $250, but its newness also makes it more discreet. There is also value in mining early. Consider the price of an ounce of gold; the weight does not change, but the value of an ounce does, so buying one ounce for $500 and keeping that ounce until the value of an ounce reaches $1,000 gives a greater return on investment It’s ironic to be reading about legal investments in the same spot as cryptoviral extortion – but it helps law-abiding citizens understand the mindset of the cybercriminal. More importantly, the process to mine these isn’t the point: where there is money to be made by little effort, those with a serious lack of ethics seize the moment. Cybercriminals are evolving with cryptocurrency paradigm shifts, including fileless miners.

  • Fileless cryptocurrency-mining malware is a newer mining method and involves deploying code into the victim’s system memory. This code is what activates the computer’s mining processes.

Yes, cybercriminals can now use wireless networks to access your computer and use your computer to mine cryptocurrencies without files. If a hacker can take over your computer entirely and require you to pay them real money to get your computer — and everything on that computer — back, how can you protect yourself?

Cybersecurity and protecting yourself isn’t just a case of setting a “really strong” password anymore. Some programs and platforms encourage — or even require — two-step verification processes for each login. The greatest advantage you can give yourself is teaming with the best cybersecurity partner and making all staff members aware of the risks. Let your trusted partner do what they do best — cybersecurity — and you can focus on what you do best: running your day-to-day operations.

My IT is Compliant, So I Guess That Means It’s Secure, Right?

Short answer? No. Despite what you may have been led to believe, there’s a big difference between compliance and security.

Compliance and Regulations

IT compliance and security are not the same. IT Security refers to the best practices and IT solutions used to protect your technology assets, information, and data. It’s the process of implementing specific measures and systems that are designed to protect and safeguard your information. The right IT Security Plan utilizes various forms of technology based on your business’ unique needs to store and exchange data while preventing unauthorized access or improper disclosure.

Compliance refers to regulations imposed by a government, industry or regulatory entity to protect users’ confidential, private information. Examples of these standards include HIPAA, PCI, FINRA, and SOX.

Your IT can be compliant but not secure. “Why is this?” Compliance is a point-in-time snapshot assessment of your technology proving that you meet a minimum standard of security. You can be compliant one day, and not the next (although, you wouldn’t want this to happen).

Plus, IT compliance standards change predictably and slowly over time. These standards provide minimum guidelines for the amount and type of data protection required. IT security, on the other hand, is in a constant state of flux due to the ever-evolving, and more sophisticated cyber threats that appear on the IT landscape. Hackers are innovative and skilled at developing ways to steal your data. What happens is that compliance regulations don’t always keep up with these threats. Some require security protections and others don’t.

The main difference between compliance and security is that IT compliance is measured against prescribed controls, where IT security is defined by the ability to respond to and protect against cyber threats. IT security measures and techniques protect your data, users, networks, and assets from cybercriminals, hackers or other malicious threats.

Unfortunately, some businesses function with the bare minimum of IT security solutions they need to remain compliant. They check to make sure they meet the specific IT compliance requirements and think their data is secure when it’s not. This is a recipe for disaster. Cybercrime is growing at an explosive pace. If you restrict your defenses to only what you need to be compliant, your data and business could be at risk. To ensure IT security, your business needs a comprehensive approach to protection. The good news is that if your IT is secure, you’ll likely be compliant.

“How do I ensure IT Security?” It’s always best to consult with an IT Managed Services Provider who can assess your unique requirements and establish an IT Security Plan with a holistic, layered approach. Make sure that your provider includes the following in your IT Security Plan:

24/7 Remote IT Management and Monitoring to detect threats and block them before they affect your security posture. This includes applying patches via the cloud in real time.  

A Firewall Solution that continuously mitigates cyber-threat intrusions. This will filter the data in transit (data that comes in and leaves your network) by checking packets of information for malicious threats like Trojan viruses and worms, and other forms of malware that can steal or lock up your data. It’s best to use GEO IP Filtering whenever possible, and use a next-generation firewall with perimeter malware protection.

An Up-to-Date Antivirus Solution. Even though firewalls are an excellent source of protection from viruses, they can’t do everything. You also need an antivirus solution that constantly scans your computers to detect suspicious files, isolate and delete them before they infect your system.

A Data Encryption Solution that obfuscates data that’s stored or in transit to prevent others from accessing or reading it. The proliferation of cyber espionage has led to the need for encryption to protect your sensitive data and intellectual property from prying eyes.

A Web-Filtering Solution. This routes web traffic and applies security-filtering policies to protect your computers, laptops, and tablets from malware, botnets, and phishing.

Regular Backups Make sure you always have reliable backups of your data both onsite in a device you can unplug and take with you in case of a disaster, and offsite in a secure cloud so you can retrieve your data remotely if necessary.

Ensure Your Mobile Devices Are Secure. With the proliferation of Bring Your Own Device (BYOD) policies, your business requires secure mobile device solutions that protect your data whether it’s deployed across multiple mobile service providers or on a variety of mobile operating systems. Mobile Device Management provides for remote wiping of data if your mobile devices are lost or stolen.

Security Awareness Training for Your Employees. This should be a formalized training on the latest threats and how to mitigate them. Security Awareness Training for your employees will reduce the risk to your organization’s data and IT systems and limit the chance of a data breach. Some compliance regulations specify the need for Security Awareness Training including HIPAA, PCI DSS, SOX, and FISMA.

Vulnerability Audits to identify security gaps in your computers, network, or communications infrastructure and develop appropriate mitigation countermeasures to protect them.

Penetration Testing. This is an analysis that focuses on where security resources are needed most. When accompanied with Vulnerability Audits they locate the weakest links in your network, identify and document weaknesses in your security, and remove them. Independent Penetration Testing and Vulnerability Audits will help you meet regulatory compliance standards like HIPAA, FINRA and PCI DSS.

Ongoing Updates to your Operating Systems and Software. Whenever there’s an opportunity to update, it’s important to do so. Rather than worrying about this yourself, your IT Managed Services Provider can include this responsibility in your overall IT Security Plan. This will safeguard your system from debilitating cyber attacks and keep your IT system running at peak performance.

There will always be overlaps between compliance and security guidelines but remember that IT security provides a more extensive assurance than IT compliance alone. For help with the unique IT security requirements your business faces, contact a certified IT Managed Service Provider in your area and ask for an assessment of your entire IT network.

Will The (Cloud) Storage Wars Draw Blood?

Modern professional relationships require digital processes, like email, collaborative software, and file sharing. The cloud has opened up incredible possibilities beyond imagination a mere decade ago, but which is the right choice?

Cloud Storage

The competition is seriously fierce in cloud storage. The Internet of Things has fueled a data addiction for which traditional storage can’t physically support. We love our devices – I mean, we are straight-up addicted to our smartphones, our iPads, our Kindle Fire tablets, all of them. And there’s a reason we back up our smartphone content: we’d be absolutely lost if we lost it. Our contacts, our notes, our apps, our calendars, and everything we depend on for day-to-day use is on that tiny computer. Where do you back up your data? It’s probably safe to assume there is a cloud location you connect to that saves your backed-up data. It’s safe to assume because we would overwhelm traditional storage options.

Traditional storage hasn’t been able to meet expectations and needs for performance, availability, management, or the cost impact in comparison to growing demand. Everyone has an opinion on who their favorite cloud storage solution is, and it’s usually one of the Big Three players in the cloud game: Dropbox, OneDrive, or Google Drive – and not in that order.

Technically speaking, the first cloud storage solutions launched well before today’s modern providers. Consumers had access in the early 1980’s through CompuServe, and AT&T launched a platform in the 1990’s to support small business solutions. Amazon Web Services introduced AWS S3, their cloud storage offering, in 2006 and functions as the storage provider for Dropbox, Pinterest, and many other large digital enterprises. The only thing that has changed is file size, file type – but mainly adoption.

Cloud storage is increasing in adoption for every professional environment – and is the only solution for distributed workforces! Managing resources for storage needs to be agile, and limited solutions also limit agility. The cloud is merely an accessible extension of your data storage center. Review your full data storage needs, and consider the advantages the cloud offers your business and daily operations.

When reviewing your cloud storage priorities, there are many issues that deserve a deeper consideration. Here is the “Top Ten” List we suggest using as a checklist, and in no particular order:

  • Cost
    • The financial impact of cloud storage is usually the first factor any business considers, but we disagree with this position. While your bottom line is critical to your overall operational budget, there is a multitude of factors that could have a greater impact on your day-to-day needs.
    • It’s surprising just how many decision-makers are surprised – and unprepared for – the expenses required to utilize cloud providers.
  • Sync Simplicity
    • If storing or backing up your data to a cloud solution is cumbersome, the likelihood of full adoption by your staff – and your clients, if applicable – will be a struggle, and result in decreased productivity and decreased reliability. You don’t have time for that!
  • Sync Speed
    • Just as with simplicity, speed is a factor with the ability to sync data quickly. As with any downtime, no one can afford reduced productivity due to Internet connection issues, and it’s an even larger issue if it’s due to your cloud storage provider.
  • Location
    • As they say in real estate, “Location, location, location”! Anyone who thinks it doesn’t matter where your data is stored physically is wrong. Wrong! Though there are too many reasons this matters to list, here are just a few:
    • Data stored in the U.S. is both protected by and susceptible to U.S. laws, like the Patriot Act and the Cyber Intelligence Sharing and Protection Act. Data stored in – or containing the information of – European Union nations are subject to protection by legislation passed by European Parliament enacting strict consumer data protection rules.
    • Facilities that physically house servers for cloud storage providers are just as open to impacts of weather and natural disasters as any other structure in that locale – and accessing your data will be subject to these conditions.
    • Is the physical security of the location a concern under any other circumstances?
  • Reliability and Access
    • Is the vendor reliable? The key players in the cloud storage game tend to be the best for valid reasons, but appropriate considerations, in this case, would be hardware failures, power disruptions, or even vendor disputes. Crazier things have happened.
  • Storage Capacity
    • How much data do you anticipate storing in the cloud? This is like trying to choose your favorite song. The answer changes on a regular basis, and most of the time there is no one singular answer. Obviously, you’ll want to choose a provider that is capable of offering you more storage than you think you’ll ever need, but you also don’t want to pay for storage you’re not using nor will you ever. It’s a delicate balance, and many providers allow for variable usage.
  • File Sharing
    • How many times have you attached a document to an email message, and tried to send it only to get the dreaded error message “File exceeds the maximum size of 25MB. Try removing an attachment and send again”? You are then faced with trying to reduce the file size (Word document into a PDF, etc.) or uploading the file into a cloud solution like Dropbox, Google Drive, or OneNote, and sharing the access URL instead.
  • Application Integrations
    • The number one request made by anyone accessing cloud storage and utilizing an application is to offer an intuitive user experience. Statistics show half of all users that abandon a cloud app do so due to integration issues, citing missed deadlines.
  • Support
    • If any issues arise, it’s critical that users achieve the needed help immediately from an adequately trained member of support team equipped with the right knowledge to resolve the situation.
  • Data Security
    • The cloud and data stored in cloud environments face risks, just like any other professional endeavor. A cloud storage provider that can guarantee against cybersecurity vulnerability and takes the greatest care in safeguarding your data is an excellent vendor and partner.

We’ve talked about what you need – now let’s talk about who can help you. Here is a fantastic detailed resource when comparing many of the cloud vendors at once, but let’s talk about the Big Three. The key players in the Cloud Storage Wars are Dropbox, Google Drive, and OneNote – and any one of these providers would valiantly battle to the bloody end for your business! There is a reason that these three are the best in the biz: they’ve earned their reputation with quality service, support, and every other item in the checklist.

  • Dropbox
    • Offers a free basic storage plan (2GB)
    • Paid plans and features cater to business customers
  • Google Drive
    • Offers a free basic storage plan: clarification, Google users have 15GB of free cloud storage – shared between Gmail, Google Photos, and Google Drive. If you get a ton of emails and don’t clean out your inbox often, that eats up your 15GB
    • Paid plans and features cater to business customers
  • OneNote
    • Offers a free basic storage plan (5GB)
    • Paid plans and features cater to business customers: Here is where it truly pays to use OneNote and be an Office 365 customer, as the paid plans are included with Office 365 subscriptions, either Personal or Home.

The ability to sync, share files and speed are all a focus of these teams, and the competition is pretty ruthless. In fact, Dropbox and Microsoft have formed a partnership to allow easier integration by making Office Online available to Dropbox users at no cost. Keep your friends close, and your enemies closer!

So, which provider is right for you? Only you can make that decision. Armed with this information and reviewing our checklist will hopefully help you make the right choice!