Month: July 2022

60% of small and mid-sized Senior Living communities that have a data breach end up closing their doors within six months because they can’t afford the costs. The costs of falling victim to a cyberattack can include loss of business, downtime/productivity losses, reparation costs for customers that have had data stolen, and more.

The global damage of cybercrime has risen to an average of $11 million USD per minute, which is a cost of $190,000 each second.

You may think that this means investing more in cybersecurity, and it is true that you need to have appropriate IT security safeguards in place (anti-malware, firewall, etc.). However, many of the most damaging breaches are due to common cybersecurity mistakes that Senior Living communities and their employees make.

The 2021 Sophos Threat Report, which looked at thousands of global data breaches, found that what it termed “everyday threats” were some of the most dangerous. The report stated, “A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks we’ve investigated.”

Is your organization making a dangerous cybersecurity mistake that is leaving you at high risk for a data breach, cloud account takeover, or ransomware infection?

Here are several of the most common missteps when it comes to basic IT security best practices.

Not Implementing Muti-Factor Authentication (MFA)

Credential theft has become the top cause of data breaches around the world, according to IBM Security. Login credentials hold the key to multiple types of attacks on community networks.

Not protecting your user logins with multi-factor authentication is a common mistake and one that leaves communities at a much higher risk of falling victim to a breach.

MFA reduces fraudulent sign-in attempts by a staggering 99.9%.

Ignoring the Use of Shadow IT

Shadow IT is the use of cloud applications by employees for business data that haven’t been approved and may not even be known about by a company.

Shadow IT use leaves companies at risk for several reasons:

Data may be used in a non-secure application
Data isn’t included in company backup strategies
If the employee leaves, the data could be lost
The app being used might not meet company compliance requirements

Employees often begin using apps on their own because they’re trying to fill a gap in their workflow and are unaware of the risks involved with using an app that hasn’t been vetted by their company’s IT team.

It’s important to have cloud use policies in place that spell out for employees the applications that can and cannot be used for work.

Thinking You’re Fine With Only an Antivirus Application

No matter how small your community is, a simple antivirus application is not enough to keep you protected. In fact, many of today’s threats don’t use a malicious file at all.

Phishing emails will contain commands sent to legitimate PC systems that aren’t flagged as a virus or malware. Phishing also overwhelmingly uses links these days rather than file attachments to send users to malicious sites. Those links won’t get caught by simple antivirus solutions.

You need to have a multi-layered strategy in place that includes things like:

Next-gen anti-malware (uses AI and machine learning)
Next-gen firewall
Email filtering
DNS filtering
Automated application and cloud security policies
Cloud access monitoring

Not Having Device Management In Place

A majority of companies around the world have had at least some employees working remotely from home since the pandemic, and they’re planning to keep it that way. However, device management for those remote employee devices as well as smartphones used for business hasn’t always been put in place.

If you’re not managing security or data access for all the endpoints (company and employee-owned) in your business, you’re at a higher risk of a data breach.

If you don’t have one already, it’s time to put a device management application in place, like Intune in Microsoft 365.

Not Providing Adequate Training to Employees

An astonishing 95% of cybersecurity breaches are caused by human error. Too many companies don’t take the time to continually train their employees, and thus users haven’t developed the skills needed for a culture of good cybersecurity.

Employee IT security awareness training should be done throughout the year, not just annually or during an onboarding process. The more you keep IT security front and center, the better equipped your team will be to identify phishing attacks and follow proper data handling procedures.

Some ways to infuse cybersecurity training into your community culture include:

Short training videos
IT security posters
Webinars
Team training sessions
Cybersecurity tips in community newsletters

When Did You Last Have a
Cybersecurity Checkup?

Don’t stay in the dark about your IT security vulnerabilities. Schedule a cybersecurity audit to uncover vulnerabilities so they can be fortified to reduce your risk.

Cyber, Attack, Encryption, Smartphone, Mobile, Finger

What You Need to Know About the Rise in Supply Chain Cyberattacks

By David Littrell

On July 5, 2022

In Cybersecurity

Any cyberattack is dangerous, but the particularly devastating ones are those on supply chain companies. These can be any supplier – digital or non-digital – of goods and services.

We’ve seen several attacks on the supply chain occur in 2021 that had wide-reaching consequences. These are “one-to-many” attacks where victims can go far beyond the company that was initially breached.

Some recent high-profile examples of supply chain attacks include:

Colonial Pipeline: A ransomware attack caused this major gas pipeline to be shut down for nearly a week.

JBS: The world’s largest supplier of beef and pork products was hit with ransomware that caused plants in at least three countries to shut down for several days.

Kaseya: This software company had its code infected with ransomware, which quickly spread to IT businesses that used its products and to roughly 1,500 of their small business customers.

Why do you need to be worried about supply chain attacks even more so than in the past? Because they’ve been growing and are expected to continue this trajectory.

Supply chain attacks rose by 42% during the first quarter of 2021. A surprising 97% of companies have been impacted by a breach in their supply chain, and 93% suffered a direct breach as a result of a supply chain security vulnerability.

If you’re not properly prepared, then you can be impacted by a breach of software you use or have a vital service or goods supplier go down for several days due to a cyberattack.

As part of any good business continuity and disaster recovery strategy, you should look at supply chain risks in light of the current increase in attacks and formulate a plan.

How Can You Mitigate Your Risk of Losses Due to an Attack on Your Supply Chain?

Identify Your Supplier Risk

You can’t fix what you don’t know is wrong. So, you need to begin by shedding some light on your risk should one of your vendors get hit with ransomware (the current attack of choice on the supply chain) or another type of breach.

Make a list of all your vendors and suppliers, both for goods and services. This includes everything from the cloud services you use to the company that supplies your office products or any raw materials you may use in a product you sell.

Review these vendors to identify their cybersecurity risks. This is something you may need some help with from your IT partner. We can work with you to review vendor security or send them a survey to find out where they stand as to their cybersecurity, and then determine how much that may leave you at risk as one of their customers.

Create Minimum Security Requirements for Digital Vendors

Come up with some minimum security requirements that you can use as a benchmark with your vendors. One way to make this easier is to use an existing data privacy standard as your requirement.

For example, if a vendor is GDPR compliant, then you know they’ve adopted several important cybersecurity standards that protect their business, and yours, from an attack.

Do an IT Security Assessment to Learn Where You’re Vulnerable

If the software you use had a vulnerability that was exploited by hackers to take over a system, how much does that leave your systems at risk? Do you have a regular patch application strategy in place to ensure any software updates are applied right away?

You should have an IT security assessment done if you haven’t done one in over a year. This will help you identify how strong your systems would be at preventing a breach or ransomware infection that was coming from a digital supply chain vendor.

Put Backup Vendors in Place Where Possible

If you sell widgets and have a single supplier for one specific part needed for that widget, you’re at a much higher risk of downtime than if you had two suppliers of that part.

If a key vendor of yours is attacked and can’t fill orders or provide services for a week or more, how will that impact your business? This is what you want to consider when setting up backup vendors.

For example, most companies would consider themselves down and not able to operate without their internet. Having a backup internet service provider can help you avoid lengthy downtime should your main ISP go down.

Look at putting this type of safety net in place for all vendors that you can.

Ensure All Data Kept in Cloud Services is Backed Up in a 3^rd Party Tool

Microsoft recommends in its Services Agreement that customers back up their cloud data that is kept in its services (such as Microsoft 365). The policy states, “We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.”

You should have a backup (in a separate platform) of all data that you store in cloud services, so you’ll be protected in case of a ransomware infection or other data loss or service loss incident.

Schedule A Supply Chain Security Assessment

Don’t be in the dark about your risk. Schedule a supply chain security assessment to learn where you could be impacted in the case of a cyberattack on a supplier.

—
Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

Microsoft Teams Plan Comparison: Free vs M365 Business vs Teams Essentials

By David Littrell

On July 1, 2022

In Microsoft

The shift to remote work over the last two years has caused companies to realign their digital tools. Now, many meetings default to being via video conference rather than in person, and working from home has become commonplace.

Seventy-seven percent of remote workers say they’re more productive working from home (a big reason is fewer distractions). Plus 85% of surveyed managers expect that having teams with remote workers will be the new normal.

But for remote working to work without employees feeling disconnected and customers feeling you’re hard to reach, you need to use cloud communication tools. One of the most popular, which has skyrocketed in popularity, is Microsoft Teams.

Between April 2020 and April 2021, the Microsoft Teams daily active users count rose from 75 million to 145 million.

Teams is an all-in-one communication platform, providing more than just video conferencing or chat. It combines several capabilities into an online work hub for collaboration and communication.

Some of the key features of MS Teams include:

Video and audio calls
Webinar registration & attendance reporting
Channeled team chat
File storage and sharing
In-app collaboration in Word, Excel, PPT, and more
In-app collaboration in 3^rd party applications
Tabs that allow teams to link apps and websites inside a channel
Status notification and alerts
Use on all devices

MS Teams Evolution

Originally, Microsoft Teams was available only through a Microsoft 365 Business subscription. Then, to improve the popularity of Teams and compete with video conferencing platforms like Zoom, Microsoft brought out a free version with fewer features in 2018.

This helped the service increase its user base, however, there was a wide gap between the capabilities of the paid version with a Microsoft 365 subscription and the free version. Such as much less support, fewer features, etc.

Microsoft noted that it was missing a vital audience, the small business. Small business owners had a more difficult time fitting into either the free model, with very limited group meeting timing, or the paid model, which required a full M365 subscription.

So, in December of 2021, it brought out the third plan for MS Teams that it is hoping is “just right” for smaller companies that need the same collaboration and communication tools as everyone else. This plan is called Teams Essentials, and you don’t need to sign up for Microsoft 365 to get it.

Comparison of Teams Essentials vs Teams Free vs Teams with an M365 Business Plan

Next, we’ll go through the differences between these three MS Teams plans so you can identify the one that may make the most sense for your company.

Microsoft Teams Free Version

The free version of MS Teams was really brought out to reach the residential and home user crowd. An audience that had been completely missing from the Teams userbase up to that point.

This plan has the following capabilities:

Unlimited group meetings for up to 60 minutes
Up to 100 participants per meeting
5GB of cloud storage per user
Unlimited chat
File sharing, tasks, and polling
Data encryption for calls, files, meetings, chats
Co-authoring capabilities
Ability to add tabs inside group channels

The biggest drawback of using the free version for your business is the 60-minute limit on group video meetings. The 5GB cloud storage also can be limiting for business use of Teams.

Microsoft Teams Essentials

Teams Essentials is $4/user/month and was designed specifically for small businesses that may not want to subscribe to M365, but still need a good cloud collaboration tool to keep their team connected and productive.

This plan has the following capabilities:

Everything in the free version, plus:
Unlimited group meetings for up to 30 hours
Up to 300 participants per meeting
10GB of cloud storage per user
Anytime phone and web support

The additional group meeting time (up to 30 hours) is more than enough to fill any type of meeting need, even those that go on all day. Additionally, users get double the cloud storage space, and the phone and web support ensure your staff has help using the app when needed.

Teams with Microsoft 365

The version of Teams with Microsoft 365 is available with any business plan. The lowest cost plan is $6.00/user/month ($2 more than Essentials). However, the Basic package does not come with downloadable Office apps (Word, Excel, etc.), only the web versions.

The next step up would be M365 Business Standard at $12.50/user/month, which is quite a bit more than the price for Teams Essentials. This one does include the downloadable Office apps.

These plans have the following capabilities:

Everything in the Essentials version, plus:
Office applications (either web or web & downloadable)
All the many M365 cloud apps (OneDrive, Forms, SharePoint, OneNote, and many others)
1TB of cloud storage per user
Webinar hosting
Customer appointment management
Premium security features

If you are planning to use Microsoft Office software and other applications, then it makes sense to get Teams along with an M365 subscription. However, if your business already owns the offline version of the Office suite or does not need it, then Teams Essentials offers a lot of capabilities with a lower price tag.

Need Help Getting MS Teams or Other Cloud Tools Set Up?

Today’s hybrid offices and remote teams need robust collaboration tools to compete. Contact us if you need help getting started with MS Teams or another cloud tool. We’ll be happy to facilitate a custom setup to ensure your staff can hit the ground running.