Category Archives for Blog

The Complicated Process Of Qualifying For Cybersecurity Insurance

Don’t assume you can buy coverage—insurance carriers may not want your money if your cybersecurity standards aren’t up to par. We will help you qualify for the cybersecurity insurance you need. 

During the past few years, as many of our client’s cybersecurity insurance came up for renewal, a clear trend has emerged.

Cybersecurity insurance carriers are requiring more sophisticated written cyber policies, tools, training, and disaster recovery systems before processing the renewal, and in many cases are also significantly increasing premiums for individual cybersecurity risk items that are not being addressed.  

This has nothing to do with whether there has been a claim or not in the past, and everything to do with what steps the applicant must now take to address cyber security risks. All the carriers now have additional forms filled with cybersecurity questions that must be answered accurately before the carrier will renew the policy. 

Furthermore, you can be sure that if a claim against the policy is ever submitted, the carrier will check the answers provided to determine if there is any way for them to deny coverage. This is why you have to ensure your cybersecurity is up to par; failing to do so can raise your premiums and put your coverage in jeopardy in the aftermath of an event. 

15 Questions Your Cybersecurity Insurance Carrier Is Going To Ask…

  1. Does your business have a policy against opening unverified email attachments?
  2. Does your business use an Endpoint Detection & Response (EDR) solution?
  3. Does your business test cybersecurity standards with regular vulnerability scans?
  4. How many users have local administrator rights enabled?
  5. Do you have a content filtering solution?
  6. Does your business monitor traffic into and out of the network?
  7. Do you have recent and tested backups of all mission-critical data, applications, and configurations?
  8. Are your offsite backups protected by an air-gap and separate authentication mechanism?
  9. Is your cloud data backed up?
  10. Can staff members access business email on their personal devices?
  11. Do you have an email encryption solution in place?
  12. Is your staff regularly tested and trained on phishing and other social engineering attack vectors? 
  13. Do you have a Security Incident and Event Management (SIEM) system in place?
  14. Do you have an update and patch management system in place?
  15. Do you work with a third-party IT company?

If you can’t answer these questions correctly (and prove your cybersecurity capabilities), be prepared to have your coverage denied or accept a significant premium increase. Regardless, it is abundantly clear that the days of the wild wild west in cybersecurity insurance are rapidly coming to an end.

3 Steps To Qualifying For Cybersecurity Insurance

Assess your infrastructure

The best way for you and your team to determine the kind of coverage that is best for your organization is to understand your IT infrastructure. By evaluating your systems from top-to-bottom, you’ll have a clear idea of all the different access points that could be leaving your network vulnerable to threats. 

Remediate your vulnerabilities and risks

Don’t forget to look into how investing in your cybersecurity could save you money on premiums. Open up a dialogue about it with your potential Cybersecurity Insurance provider and see what they suggest. 

Continually reassess

Next, it’s best practice to conduct a risk assessment and an impact analysis. Carefully review all your organizational assets—including financial data, customer information, and intellectual property.

Categorize assets according to risk and make considerations for the potential impacts that a data security event could have on all aspects of your business. 

It’s important to understand that the way you manage your cybersecurity can directly affect the coverage and premiums you qualify for. The more robust your cybersecurity posture is, the better you’ll do with carriers. Your investment can potentially return on lower insurance expenses.

How We Help Our Clients Qualify For Cybersecurity Insurance

Many of our clients attempt to fill out these questionnaires on their own, but more often than not, we have to make corrections before they’re submitted. The fact is that this sort of documentation can be very complicated for those who don’t have extensive experience with IT. 

We can manage the questionnaire on your behalf, identifying any areas that require changes in order to help you qualify for a policy or even a lower insurance premium.

We endeavor to make modifications and changes that cost as little as possible. In many cases, it’s simply a matter of developing the right documentation or changing settings in your systems to comply with your carrier’s cybersecurity standards. We also offer templates for cybersecurity management policies and statements of operations so that you don’t have to start from scratch. 

Need Help Qualifying For Cybersecurity Insurance?

Meeting the stipulations laid out by cybersecurity insurance providers may not be easy depending on the state of your cybersecurity posture. We can help you improve your approach to cybersecurity. 

Our team provides cybersecurity and technology services for businesses like yours—we are available to help you develop a robust cybersecurity defense. 

We can ensure you qualify for a policy and minimize the chance that you’ll have to make a claim on your cybersecurity insurance. 

Get in touch with our team to get started.

Continue reading

Why You Can’t Ignore Cybersecurity Insurance Any Longer

Cybersecurity insurance is becoming more complicated, more expensive, and more necessary. Are you putting off getting a policy? You shouldn’t wait any longer. 

The cybercrime landscape is getting more unpredictable and complex every day. Cybercriminals are finding more effective ways to infiltrate business networks and steal critical business data—but you already know all this. 

Cybercrime is a serious and expensive threat. The average cost of a data breach in the United States is currently $5M—can you afford that? 

That’s why so many businesses are considering investing in cybersecurity insurance, which is designed to help businesses cover the recovery costs associated with any kind of cybersecurity incident.

What You Should Know About Cybersecurity Insurance 

First of all, it’s not a trend that’s going to go away. Over the past few years it has rapidly grown as an industry:

Cybersecurity insurance is a relatively new type of protection designed specifically to help cover the potentially massive expenses associated with an unavoidable data breach. It can be a worthwhile investment, so long as you know how it works.

The somewhat inevitable nature of modern cybercrime has led businesses to consider cybersecurity insurance as a final layer of reassuring protection. In fact, it’s becoming more and more necessary, as many insurance providers have begun drawing a clear line between normally covered losses, and those incurred by cybercrime-related events. 

That means that if your cybersecurity doesn’t meet the standards of your insurance provider, you may not be as well covered as you think. 

Types of Cybersecurity Insurance

Breach and event response coverage

A very general and high-level form of coverage, this covers a range of costs likely to be incurred in the fallout of a cybercrime event, such as forensic and investigative services; breach notification services (which could include legal fees, call center, mailing of materials, etc.); identity and fraud monitoring expenses; public relations and event management.

Regulatory coverage

Given that a range of organizations has a hand in regulating aspects of cyber risk in specific industries, there are usually costs that come with defending an action by regulators.

This covers the costs associated with insufficient security or “human error” that may have led to a privacy breach. Examples may include an employee losing a laptop or e-mailing a sensitive document to the wrong person.

However, this type of coverage is not just limited to governmental and healthcare-based privacy breaches. It can also be useful for non-governmental regulations that intersect with the payment card industry and are subject to payment and financial regulatory standards. 

Liability coverage

This type of coverage protects the policyholder and any insured individuals from the risks of liabilities that are a result of lawsuits or similar claims. If the covered entity is sued for claims that come within the coverage of the insurance policy, then this type of coverage will protect them. 

There is a range of types of cybersecurity insurance liability coverage, which include:

Privacy liability

This applies to the costs of defense and liability when there has been a failure to stop unauthorized use/access of confidential information (which may also include the failure of others with whom the entity has entrusted data).

Coverage can also extend to include personally identifiable information and confidential information of a third party. 

Security liability

On a higher level, this type of coverage applies to the costs of defense and liability for the failure of system security to prevent or mitigate a computer-based cyber attack, which may include the propagation of a virus or a denial of service.

An important note — failure of system security also includes failure of written policies and procedures (or failure to write them in the first place) that address secure technology use.

Multimedia liability

This type of coverage applies to the defense and liability for a range of illegal activities taking place in an online publication, such as libel, disparagement, misappropriation of name or likeness, plagiarism, copyright infringement, or negligence in content.

This coverage extends to websites, e-mail, blogging, tweeting, and other similar media-based activities. 

Cyber extortion

This type of cybercrime event is generally a form of a ransomware attack, in which a cybercriminal keeps encrypted data inaccessible (or, alternatively, threatens to expose sensitive data) unless a ransom is paid.

Coverage of this type addresses the costs of consultants and ransoms, including cryptocurrencies, for threats related to interrupting systems and releasing private information. 

Will Cybersecurity Insurance Completely Protect Your Business Against Cybercrime?

A common misconception is that a cybersecurity insurance policy is a catch-all safety net, but that’s simply not the reality. Without a comprehensive cybersecurity strategy in place, a business may not qualify for a policy in the first place. 

Furthermore, in the event of a hack, a business may not qualify for full coverage if their cybersecurity standards have lapsed, or if they can be found to be responsible for the incident (whether due to negligence or otherwise). 

The core issue is that as cybercrime becomes more common and more damaging, insurers will become more aggressive in finding ways to deny coverage. It’s in the interest of their business to pay out as little as rarely as possible, which means the policies will tend to rely on a series of complicated clauses and requirements that covered parties have to comply with. 

A key example of this is when Mondelez International was denied coverage for the $100 million of damage they incurred from the NotPetya attack. Their insurer, Zurich Insurance, cited the obscure “war exclusion” clause, claiming that Mondelez was a victim of a cyberwar. 

This is not an isolated incident. As discovered by Mactavish, the cybersecurity insurance market is plagued with issues concerning actual coverage for cybercrime events:

  • Coverage is limited to attacks and fails to address human error
  • Claims are limited to losses that result directly from network interruption, and not the entire period of business disruption
  • Claims related to third-party contractors and outsourced service providers are almost always denied

All this goes to show why business owners need to look carefully at the fine print of their cybersecurity insurance policy and ensure their cybersecurity standards are up to par. No one should assume they’re covered in the event of a cybercrime attack—after all, for every $1 million paid in premiums, insurance companies only pay out $320,000 in claims

We’ll Manage Assist With Your Cybersecurity Insurance Needs

Need help assessing and improving your business’ cybersecurity before you sign up for an insurance policy?

Our team provides cybersecurity and technology services for organizations like yours—we are available to help you develop a robust cybersecurity defense. 

We can ensure you qualify for a policy and minimize the chance that you’ll have to make a claim on your cybersecurity insurance. Get in touch with our team to get started. 

 

Continue reading

Why You Need A Password Manager

If you’re not repeating passwords, then you won’t be vulnerable to further breaches when a hacker gets your info.

But that’s easier said than done, right? As we explored above, you have a lot of different accounts—so how can you be expected not to repeat a memorable password here or there? It may be nearly impossible to do on your own, which is why you should use a Password Manager. 

What Exactly Does A Password Manager Do?

A password manager generates, keeps track of and retrieves complex and long passwords for you to protect your vital online information. 

It also remembers your PINS, credit card numbers and three-digit CVV codes if you choose this option. Plus, it provides answers to security questions for you. All of this is done with strong encryption that makes it difficult for hackers to decipher. It also remembers your PINS, credit card numbers and three-digit CVV codes if you choose this option.

What Options Are There For Password Managers?

LastPass 

This password manager will help you keep track of passwords and what sites they’re intended for. LastPass uses a master password or your fingerprint to identify you. 

After logging in to LastPass, you can view and edit your passwords and their associated sites, as well as your usernames and the website you’re accessing. 

A premium membership for LastPass costs $24 a year ($2 a month) and includes password sharing with those you designate. This membership also provides priority technical support if you need assistance. 

Dashlane 

Dashlane is also free and provides many of the same benefits as LastPass. However, if you want to sync your passwords to a mobile device or use two-factor authentication, you must pay $39.99 for their Premium Plan. They also offer a Business Plan for $48 a year that includes everything in the Premium Plan plus:

  • Smart Spaces™ for unlimited work and personal password storage.
  • An Admin Console with Custom Policies.
  • Secure Password Sharing with Group Management.
  • Easy Account Administration (SAML, MSI, Active Directory).
  • Extra 2FA Options.
  • A Dedicated Account Manager (for accounts 50+).

1Password

1Password offers a free 30-day free trial. After this expires a personal account costs $2.99 a month, or $4.99 a month for a family with five members. They also offer a “lifetime license” for $65.00. 1Password is the only password manager that allows you to store passwords locally via their Local Vault rather than in the cloud. 1Password 6 for Windows does not currently support local vaults, but 1Password 7 for Windows does. If you’re worried about losing access to the Internet, you might consider this. 

How Do You Set Up A Password Manager?

Using a password manager is pretty simple. When using a password manager, you simply download and install the software. You must also download and install the extensions for the different browsers you use. 

If you want to use these password managers on your smartphone, you must download their mobile apps. None of this is complicated and should only take a few minutes. 

To set up an account, you must provide your email address, and you’ll also need to come up with a master password—a long, random, complicated one, along with at least one security question. Then you must provide information about your various accounts. 

You can either import passwords that you have stored in your browsers or let the password manager store your username and password when you log in to a website. Once you get started, the password manager will help you along the way.

Do You Really Need A Password Manager?

Not necessarily, depending on who you are. You do not need a Password Manager if you can do the following on your own:

  1. Create long, complex, unintuitive strings of characters, unique for each account you access on a regular basis
  2. Memorize each and every one of these passwords
  3. Update them on a regular basis

Let’s be honest, though—doing all of the above on your own is a lot of work, and you’re likely to make a mistake at some point. That’s why it’s easier to simply use a manager. 

Don’t Let A Weak Password Be The End Of Your Practice

In the end, managing a strict password policy, creating strong passwords, and using password managers can be frustrating, but it’s incredibly important.  If you’re unsure about implementing these procedures, you can get a little help from our team

Privacy and security are major concerns for personal users and businesses alike these days, and so you have to be sure that you aren’t making it easy for hackers to access you or your business’ private data.

Get in touch with our team to start enhancing your password security.

Continue reading

Are You Making One Of These 4 Password Mistakes?

When was the last time you double checked your passwords and any associated policies and best practices? After all, they are a key line of defense in your cybersecurity posture…

How Strong Do You Think Your Passwords Are? 

While you may not have had an account hacked into because of an easily guessed password yet, that’s not to say that you shouldn’t still consider your passwords carefully. Despite the fact that passwords are the most direct way to access a user’s private information, most passwords in use today are not considered to be strong or complex enough. 

Passwords protect email accounts, banking information, private documents, administrator rights and more—and yet, user after user and business after business continue to make critical errors when it comes to choosing and protecting their passwords.

We all know how frustrating it is when trying to pick a password for a new account you’re setting up and the site keeps telling you it doesn’t meet all the criteria:

  • It needs to have numbers.
  • It needs to have symbols.
  • It needs to be a certain length.
  • It can’t be the same as your last password.

And on and on. It feels like this never ends—and really, is all this fuss over passwords truly necessary?

Short answer? 

Yes—in fact, just last year a report showed that 86% of more than 2 million breached passwords were identical to passwords that had already been breached.

How is this possible, if everyone’s passwords are long, complex and unique? Hint—they’re not. 

The top 10 most common and repeatedly breached passwords in this report include:

  1. 123456
  2.  123456789
  3.  Qwerty
  4. password
  5.  111111
  6. 12345678
  7. abc123
  8. password1
  9.  1234567
  10. 12345

The question is—are any of the above one of your passwords? Even if they’re not, are you making a similar error with any of your passwords?

Are Making These Mistakes With Your Passwords? 

Find out for sure by considering these 4 common password mistakes:

Length and Complexity

Keep in mind that the easier it is for you to remember a password, the easier it’ll be for a hacker to figure it out. That’s why short and simple passwords are so common—users worry about forgetting them, so they make them too easy to remember, which presents an easy target for hackers. 

Numbers, Case, and Symbols

Another factor in the password’s complexity is whether or not it incorporates numbers, cases, and symbols. While it may be easier to remember a password that’s all lowercase letters, it’s important to mix in numbers, capitals, and symbols in order to increase the complexity.

Personal Information

Many users assume that information specific to them will be more secure—the thinking, for example, is that your birthday is one of 365 possible options in a calendar year, not to mention your birth year itself. The same methodology applies to your pet’s name, your mother’s maiden name, etc. 

However, given the ubiquity of social media, it’s not difficult for hackers to research a target through Facebook, LinkedIn, and other sites to determine when they were born, information about their family, personal interests, etc. 

Pattern and Sequences

Like the other common mistakes, many people use patterns as passwords in order to better remember them, but again, that makes the password really easy to guess. “abc123”, or the first row of letters on the keyboard, “qwerty”, etc., are extremely easy for hackers to guess. 

Ready To Put Your Passwords To The Test?

It’s one thing to skim over a list of common password mistakes and assume you’re probably still OK. 

Sure, maybe that one password is based on your pet’s name, or maybe that other password doesn’t have any capitals or numbers—what’s the big deal, really?

If you feel good about the security of your test let’s put it to the test.

Click here to test how secure your password is—take a few minutes and try a few. 

How’d you do?

Probably not as well as you’d hoped, right? The reality is that truly complex passwords can be difficult to come up with, and even more difficult to remember. 

That’s why a Password Manager is so useful…

What is a Password Manager?  

One of the best ways to maintain complex passwords is with a password manager. Password managers are the key to keeping your passwords secure. 

A password manager generates, keeps track of and retrieves complex and long passwords for you to protect your vital online information. It also remembers your PINS, credit card numbers and three-digit CVV codes if you choose this option. 

Plus, it provides answers to security questions for you. All of this is done with strong encryption that makes it difficult for hackers to decipher. Find out more about managers in our next blog post.

Don’t Let A Weak Password Put You At Risk

In the end, creating and using strong passwords can be frustrating, but it’s incredibly important. Privacy and security are major concerns for personal users and businesses alike these days, and so you have to be sure that you aren’t making it easy for hackers to access you or your business’ private data. Our team is always here to help and answer any additional questions you may have about the importance of strong passwords.

Continue reading

2 Ways To Simplify Your Meeting Scheduling

Meetings can be a big time sink for staff members that are otherwise trying to get their work done. While in our other blog this month, we explored how meetings themselves need to be justified and streamlined, the fact is that even if you have a good reason to book a meeting, that process alone can be time-consuming. 

Fortunately, there are a lot of tools available to help you take the work out of booking your next meeting. Make sure you harness these tools so you can spend less time emailing about potential meeting options, and more time focusing on your work. 

Streamline Your Scheduling Process

Emailing back and forth with your team members in a never-ending reply-all email is the worst way to go about scheduling your next meeting. Scheduling team meetings should be one of the easiest parts of your operational workflow, right? 

Unfortunately, so many businesses still find it to be one of the most frustrating daily tasks on their to-do lists. It means emailing back and forth, manually checking schedules, and eventually finding a time that works for everyone.

The good news is that there’s a simpler, more direct way to go about it—Microsoft’s Schedule Poll feature. With this Outlook tool, the organizer can set the details of a potential meeting, and then let Outlook review the attendees calendars to propose options. 

Once everyone has selected their preferred date and time, Outlook coordinates the best meeting time and generates an invite to be sent to all attendees. It really is that simple.

Here’s how it works:

  1. Create a new email or select an email to reply to. 
  2. List required attendees for the meeting in the To field and optional attendees in the CC field. 
  3. Select Scheduling poll in the Message tab. 
  4. Create a new meeting event or select an existing event to edit it.
  5. List required attendees in the Invite attendees field and click the optional button to add optional attendees. 
  6. Select Scheduling poll in the Event tab.
  7. Set the details of the meeting:
    • Timezone
    • Duration
    • Meeting hours
    • Date selection
  8. Select Create Poll

Simplify Your Meeting Request Email Process

Do your long email chains usually end up as a meeting? 

You’re not alone—it’s often the case that a long-running email thread will turn into a meeting eventually. Did you know that Microsoft Outlook has a feature designed to streamline this process for you?

Here’s how it works:

Microsoft Outlook Desktop App

  1. Open the email to which you want to reply with a meeting request
  2. Click “Reply with meeting” found on the top ribbon
  3. Set the details of the meeting
    • Whether or not it is a Microsoft Teams meeting
    • The date and time
    • Add or CC any additional email addresses as needed

Microsoft Outlook Web Browser Version

  1. Open the email to which you want to reply with a meeting request
  2. Click the “…” icon next to the reply and forward options at the top right of the email window
  3. Select “Other reply actions”
  4. Select “Reply all by meeting”
  5. Set the meeting details in the invite

By following this method, your meeting request will use the email subject line as the meeting topic and include the email thread in the meeting details, providing all the necessary info for your meeting’s agenda. 

Don’t Waste Company Time Scheduling A Meeting

Remember, it’s easy to spend too much time setting up a meeting. 

That’s why you have to be intentional and methodical with how you schedule and facilitate meetings. Doing so will ensure you’re only scheduling meetings that need to take place, and when you do, they’ll be effective and productive. 

Continue reading

New Study: Your Meetings Are Wasting Company Time

Do your meetings feel like a waste of time?

Based on a recent study by Asana, they might be. The report, based on a survey of nearly 10,000 participants, found that:

  • Work about work (i.e. meetings) takes up 58% of the workday
  • Skilled work takes up 33% of the work day
  • Strategic work takes up 9%

This suggests a key problem in the modern business world—managers are getting in the way of actual work being done. While an efficient and justified meeting can be an invaluable use of company time, it’s easy to take it too far. 

That’s why you should be thinking about what your meetings are for in the first place…

Are Meetings How You Communicate?

It’s often the case that owners, managers and supervisors call meetings in order to communicate with everyone on the team in one place all at once. While this is the most direct way to go about it, it still may not be the best use of everyone’s time.

This is why you should establish a policy for when and how communication should take place, and make sure that everyone follows it. This will help to ensure that everyone is kept up to date with what is happening.

Our advice is to develop a culture of communication that is both ubiquitous and brief. This has the two-pronged benefit of ensuring regular communication is encouraged, without wasting anyone’s time in the process of drafting long emails or sitting through long meetings. 

Consider the following benchmarks:

  • Direct messages should be as short as possible (one-word responses aren’t rude—they’re efficient).
  • Emails should be 2-3 sentences.
  • Phone calls should be <5 minutes.
  • Meetings should be as short as possible, so long as they cover the agenda and achieve their goal.

What Are Your Meetings Supposed To Accomplish?

Meetings are such an expected part of the modern business world that it can easily overlook their actual purpose. 

When things get out of control or interpersonal communication isn’t where you think it should be, it can be easy to assume the only course of action is to hold a meeting. But is that really the case?

Calling a meeting as a reflex action doesn’t mean it’ll be a worthwhile use of your and your team’s time. Remember, a meeting commands a lot of your business’ operating capital—as much as every present staff member’s hourly wage for as long as the meeting takes. 

That’s why you have to be intentional and methodical with how you schedule and facilitate meetings. Doing so will ensure you’re only scheduling meetings that need to take place, and when you do, they’ll be effective and productive. That’s exactly what the following five tips will help you achieve. 

5 Tips To Make Your Meetings Meaningful

Set A Cadence

If you don’t have a regular meeting cadence, set one. For example, an active team should meet regularly—we suggest once a week. This will allow you to group many of your conversations into one meeting.

Effective cadence will have the following five characteristics:

  1. Same day (of every week or every other week)
  2. Same time
  3. Same agenda
  4. Start at the same time
  5. End at the same time

No Politicking Or Tangents

Meetings need to stay on track. If someone starts a tangent or begins repeating themself (i.e. “politicking”), everyone should feel comfortable calling it out. 

This feedback doesn’t have to be rude or hostile; ensure your team can rely on one another to uphold the agenda and ensure the meeting is as brief and productive as possible. 

Be Accountable

Your meeting must be based on accountability. Yes, everyone should have to say “Done” or “Not Done.” Or “On Track” or “Off Track.” No room for excuses. Eventually, people will get the memo that things need to get done.

Manage Time

Late arrivals can cause meetings to get off on a rocky start. Get your people in the habit of showing up five minutes early and always end the meeting on time. Time flies when you’re having fun, but it drags by when everyone is bored silly. So, put together an interesting agenda for each meeting, and then start and end on time. 

Adjust meeting lengths so that you don’t have 20 minutes where nothing happens. Try to be flexible with meeting lengths. You may have a week where there’s lots to discuss and other times where there’s almost nothing to talk about. Don’t force people to sit for 30 minutes in a meeting when there’s really nothing to say or do. 

Don’t forget: getting out early always perks everyone up.

Get Everyone Involved

Many meeting goers just sit quietly during the whole time and say almost nothing. How can you get everyone involved so that the meeting is a big success? Make sure that those present actually have a purpose there. If they don’t, let them go and focus on their work.

Don’t Let Meetings Get In The Way Of Productivity

Putting together an effective meeting week in and week out can be challenging. The key is to not overthink or overdo it. 

When your meetings are justified, efficient and interesting, people will get involved and you’ll notice that the meetings are making a positive impact on everyone. Try to remind your employees that weekly meetings are meant to help them grow as people and as employees. 

If your company isn’t benefiting from weekly meetings, then they’re a waste of time and resources—don’t bother with them any longer. 

Continue reading

Everyone’s Adopting This New Secret To Stronger Cybersecurity…

You can’t afford to assume a simple cybersecurity defense will actually protect you from the many cybercrime threats out there. This is precisely why so many businesses are adopting a zero-trust cybersecurity model. 

Did you know that, on average, there’s a cyber attack every 39 seconds?

It could be a ransomware infection. It could be a phishing email. It could be one of the many other methods cybercriminals employ today. 

The point is that cybercriminals have an extensive arsenal of weapons to attack with—are you hoping your lone firewall will be enough to keep your business safe from all of them? That’s a dangerous gamble to make…

Stop Making Dangerous Assumptions

Sophisticated attackers have learned to play the long game, and sneak malware into a breached network and then lay dormant for weeks or months, ensuring their method of entry isn’t discovered right away. 

This gives them time to embed themselves, steal data, and more, all before they actually activate the ransomware and infect the systems. This is just one way in which cybercriminals are improving their tactics. 

Fortunately, both the solutions we use to protect ourselves, and their underlying theory and strategy are under constant development in order to stay ahead of emerging threats. 

Case in point: have you heard of “zero trust” security? According to Okta, adoption of this cybersecurity philosophy has doubled in recent years, and for good reason…

What Is Zero Trust?

The zero-trust approach to cybercrime assumes that every aspect is a potential vulnerability until it can be confirmed otherwise. That means instead of simply investing in a strong firewall and antivirus, and assuming you’re protected, every part of your IT environment and every user trying to access it is assessed for its security. 

According to NIST SP 800-207:

“Zero trust security models assume that an attacker is present in the environment and that an enterprise-owned environment is no different—or no more trustworthy—than any non enterprise-owned environment.”

This means that an organization following a zero trust security model cannot, even by default, offer any trust in any interaction in their protected systems. Risks must be continuously assessed and mitigated, and access must be continuously verified. 

It’s important for business owners to understand that every potential part of their network is a target. Given the overall connected nature of the systems, comprising one part can give the cybercriminals control over the entire environment. 

3 Basic Components Of Zero Trust Architecture

Verify And Validate

Network users are continuously validated and verified in real-time, even when they’re operating from within the network. This ensures that unattended machines, open ports, or misassigned administrator rights cannot be taken advantage of. 

Least-Privileged Access

The principle of “least privilege” is an important part of zero trust security. It ensures that every user is only given precisely the level of access they need to do their job. It’s like a cybersecurity equivalent of the intelligence concept, “need to know basis”.

Reduced Attack Surface

Organizations following a zero trust strategy must specify the most critical data and systems they use, and then defend them all together with a comprehensive approach to cybersecurity. This is far more effective than ad-hoc cybersecurity, composed of multiple separate defenses. 

The Core Principles Of Zero Trust 

As a way of thinking, zero trust is based on the following core principles and understandings:

Any source of data or computer source is a resource.

The bottom line is that any device or component that has access to data is a resource. These are assets that need to be secured, as any one of them can provide undue access to your data is breached. 

Communication must be secured no matter where the network is located.

Communication taking place within the network should not be assumed to be trustworthy. Ir must face the same authorization processes as external communication. 

Access to resources is authorized for each and every session

Just because a user was granted access for a previous session doesn’t mean they should have automatic access the next time (e.g. “staying logged in”). Furthermore, as mentioned above, any given task should only be completed with the least privileges necessary to do so. 

Authorization to access resources should be determined based on a dynamic policy. 

There is a wide range of attributes at play that can help properly authenticate a user requesting access to a given resource. Beyond simple username and password protection, a security system can also consider software versions, network location, time/date, as well as behavioral attributes like subject and device analytics, and deviations from pre-established user patterns.  

Assets need to be monitored for integrity and adherence to security posture

As mentioned above, zero trust means never assuming trust, even for assets. Managing their integrity and security posture involves monitoring them for performance, and applying patches and updates as soon as they become available.

Access is granted only after a dynamic and consistent authorization process is completed.

An appropriate zero trust authorization process should include Identity, Credential, and Access Management (ICAM), asset management systems, multi-factor authentication (MFA), as well as continual monitoring with possible re-authentication and reauthorization as needed. 

Extensive data must be gathered to maintain an informed security posture.

Organizations need to gather and analyze data on user behavior, asset performance, and all other aspects of their networks to ensure that monitoring processes are adequately informed.  

Are You Interested In How Zero Trust Cybersecurity Can Protect Your Organization?

Our team will take care of each and every factor of your cybersecurity so that you don’t have to worry about it. Our growing network of clients enjoys the confidence that comes with robust cybersecurity, as well as the freedom to focus on their work, instead of their technology

If you’re interested in discovering more about zero trust cybersecurity and what it has to offer your organization, get in touch with our team.

Continue reading

3 Ways Businesses Are Evolving Their Cybersecurity

Are you falling behind the current standard of business cybersecurity? Discover what your colleagues in the business world are using to keep their organizations secure. 

The absolute biggest mistake companies make about cybersecurity is to assume that they don’t need it and that they are not a target. Or even worse, they think they are already protected, without taking any steps to ensure they are.

Here’s the reality: no matter how big your business is, or what industry you operate in, you are a viable target for cybercriminals. 

You can’t afford to hope you’re protected. You have to make an effort to keep your defenses up to date and prepared to fend off the ever-evolving range of weapons in use by cybercriminals today. 

The Top 3 Cybersecurity Tools Businesses Are Rushing To Adopt

According to a recent study by Okta, tens of thousands of businesses worldwide demonstrate an ongoing commitment to enhancing their cybersecurity. They noted a few trends in the types of technologies being more commonly adopted, which include…

Endpoint Monitoring & Management

Basic cybersecurity technologies aren’t enough on their own any longer, which is why businesses are investing in more sophisticated solutions. Let’s consider consumer-level antivirus, to start. 

Antivirus is installed to protect at the user level, known as endpoint protection, and is designed to detect and block a virus or malware from taking root on a user’s computer, or worse, accessing a network to which the user is connected.

Because of antivirus’ limited capabilities, it’s unprepared to deal with a range of modern cybercrime threats:

Advanced Threats

An antivirus’ ability to spot threats is dependent on prior knowledge of those threats. As cybercriminals evolve their attack methods, they can easily circumvent basic antivirus defenses. 

Polymorphic Malware

Again, the signature-based tools that antivirus software relies on can be negated by employing malware that avoids known signatures. 

Malicious Documents

Antivirus programs can’t spot a threat when it’s disguised as a harmless document. 

Fileless Malware

By executing its processes in-memory, malware can avoid being spotted by antivirus programs that only scan files. 

Encrypted Traffic

Cybercriminals can also hide their activity in encrypted traffic, preventing your antivirus from ever noticing them. 

The point is that, on its own, antivirus software is not enough to defend you. The best way to improve your cyber defenses is with a comprehensive and reliable Endpoint Detection And Response (EDR) solution. EDR is an emerging technology that addresses the need for continuous monitoring and response to advanced threats.

This is a vital service that protects endpoints like laptops, desktops, smartphones, tablets, servers, and virtual environments. Endpoint protection may also include antivirus and antimalware, web filtering, and more.

Mobile Device Management

No matter what kind of cybersecurity you have in place at the office, it won’t extend to the mobile devices that have access to your data. 

This is a critical limitation of your cybersecurity software, and it’s obvious when you think about it—if your firewall is only installed on your work devices, but you let employees use personal devices and home workstations to access business data, then obviously you won’t be totally secure, and you’ll be left open to critical vulnerabilities that will only be more common in the coming years:

  • Lost or stolen devices can do major damage to you, leading to compromised data and lost work. 
  • Unsecured Wi-Fi hotspots and other vulnerabilities allow intruders inside your private network. 
  • Mobile devices are becoming bigger targets for cybercriminals, who use malware and other methods to attack smartphones and tablets.

This is why more and more businesses are implementing Mobile Device Management (MDM) policies and solutions. They dictate how your employees can use their personal devices for work purposes, dictating which security apps should be installed, and what best practices need to be followed. 

An effective MDM policy should also instill safe and secure practices for employees that use personal devices for business purposes. Key points include:

Dictate Mobile Device Use

Integrated into your internal network, these devices can be used to access, store, transmit, and receive business data.

You’ll need to have policies in place to regulate how employees use their devices to interact with sensitive data. Take the time to consider the risks associated with mobile device use, such as the potential for devices containing business data to be lost or stolen, infected with malware, or the potential for accidental disclosure of confidential information through sharing a device with a family member or connecting to an unsecured wireless network. 

Identify And Address Potential Threats

A risk analysis will help you identify vulnerabilities in your security infrastructure, and help you determine the safeguards, policies, and procedures you’ll need to have in place.
Whether the devices in question are personal devices or provided by your IT consulting, you will still need to have a clear idea of how they’re being used to communicate with your internal network and systems.

Assessments should be conducted periodically, especially after a new device is granted access, a device is lost or stolen, or a security breach is suspected.

Document Policies For Reference And Review

Policies that are designed for mobile devices will help you manage risks and vulnerabilities specific to these devices.

These policies should include processes for identifying all devices being used to access business data, routinely checking that all devices have the correct security and configuration settings in place, whether or not staff can use mobile devices to access internal systems, whether staff can take work devices home with them, and how you will go about deactivating or revoking the access of staff members who are no longer employed.

Set App-Based Restrictions

Maintaining mobile security isn’t just about having the right apps—it means following the right protocols, to eliminate unknown variables and maintain security redundancies:

  1. Review installed apps and remove any unused ones on a regular basis.

  2. Review app permissions when installing, and when updates are made.

  3. Enable Auto Update, so that identified security risks are eliminated as quickly as possible.

  4. Keep data backed up to the cloud or a secondary device (or both).

Make Your Staff A Part Of The Process

Everyone on your staff should be educated on how best to use mobile devices to avoid costly security errors. Your safeguards can’t protect you or your clients if your staff doesn’t understand your policies and procedures, and lacks a basic grasp of security best practices.

Your entire team should be taught how to secure their devices, how to protect business data, what the risks are, and how to avoid common security mistakes.

AI-Powered Cybersecurity

Security based on advanced algorithms that can adapt and learn creates a system that can become familiar with the normal patterns associated with each user and device, detecting anomalies in those patterns quickly.

Essentially, something known as a neural net can be used in cybersecurity efforts. Based on a robust algorithm, the neural net can “learn” to spot patterns of data associated with previously identified and classified spear phishing emails. 

By incorporating this technology into an email client’s spam filter, the filter will be able to spot fraudulent incoming emails and eliminate them before they reach the recipient. 

One of the best parts about neural nets is that they continue to learn and improve the more that they are used. With increasingly more data to draw from, this Artificial Intelligence will become more and more accurate in doing its job. Investing in Artificial Intelligence technology is critical, as machines can respond much more quickly to the way these attacks are adapting. 

Need Expert Cybersecurity Guidance?

Don’t let your cybersecurity suffer, and don’t assume you have to handle it all on your own. Our team can help you assess your cybersecurity and develop a plan to protect your data.

Continue reading

How Microsoft Teams Supports Your Business Culture

Need help enhancing your staff members’ productivity, job satisfaction and general engagement at work? Try these Microsoft Teams apps.

Microsoft Teams is an increasingly popular collaboration tool that can help improve staff engagement and satisfaction. It allows teams to communicate, collaborate, and manage projects all in one place.

While Microsoft Teams’ range of standard features is extremely useful in the workplace, they’re not the only tools you should be using. Did you know that Microsoft Teams offer a range of add-on apps as well?

These apps, when properly selected, deployed, and managed, can do a lot to enhance your company culture. All of this has to do with your staff’s engagement in their work…

Why Do You Need To Support Employee Engagement?

Employee engagement, or the level of involvement and enthusiasm an employee has in their job, is a key factor in any successful business. A strong engagement strategy will result in employees that feel valued, respected, and motivated to do their best work. 

It is well-documented that engagement levels directly affect productivity and quality. Studies have shown that engagement leads to higher job satisfaction, improved morale, and better customer service. Companies with higher engagement levels are more likely to be profitable, attract and retain top talent, reduce staff turnover rates and create a positive work environment. 

Engagement goes beyond simply providing good working conditions; it’s about creating an atmosphere where employees want to come to work every day. This involves cultivating a sense of purpose in every worker by connecting them with the company mission statement as well as maintaining open communication between management and employees. When staff members understand how their role fits into the bigger picture, they tend to become more invested in their tasks which leads to higher engagement levels. 

In addition to this, businesses should provide opportunities for professional growth through ongoing training programs or workshops that teach new skills and help staff develop within their roles while providing increased job satisfaction. Recognizing employee achievements through public commendations or rewards can also help boost engagement levels as it creates a feeling of accomplishment while motivating others at the same time. 

Finally, fostering a culture of fun within the workplace can be beneficial for engagement levels by boosting morale and improving job satisfaction among staff members. Organizing team building activities or special company events can go a long way in helping create a positive atmosphere for everyone involved; giving people something enjoyable to look forward to on top of just their everyday tasks will help them become more vested in their role at the company overall. 

All these combined strategies contribute towards creating an engaged workforce capable of delivering outstanding results for both customers and employers alike; ultimately making employee engagement one of the most important components of any business’ success today.

3 Ways Microsoft Teams Supports Your Business Culture

Gauge Team Engagement

The first step in enhancing engagement is understanding the current state of your company culture. You can’t expect to make any progress if you don’t know where you’re starting from. 

Microsoft Teams add-on apps like SurveyMonkey, Betterworks, and Insight HR can help you keep track of employees’ engagement, demeanor, and priorities. You can create surveys to gauge how your team is doing, track progress of key tasks, and better inform your check-in meetings and performance reviews. 

Engaging with staff members and ensuring they are enjoying their work is an important part of any successful company culture. It is important to check in with staff members periodically, whether it be through surveys, meetings, or other forms of engagement. By checking in with employees, managers can gain a better understanding of how individual team members are feeling about their jobs and the company culture as a whole. 

When asking staff about their job satisfaction, employers should provide multiple ways for employees to express themselves in order to get the most accurate feedback. This could include multiple-choice surveys or open-ended questions that allow employees to provide detailed answers. 

Additionally, employers should use engagement techniques that are tailored to each employee’s needs; for example, some may prefer face-to-face meetings while others may prefer online engagement such as polls or video conferences. 

Regular engagement and assessment of job satisfaction levels is essential in making sure that employees feel valued and appreciated by the organization. Doing this can help create an environment where employees feel empowered to do their best work and reach their full potential. Furthermore, it helps ensure that teams remain productive and motivated since team members who feel satisfied and engaged with their work tend to be more productive than those who don’t.

Foster Social Engagement

Even if part of your team is working remotely, you can still maintain the social aspect of your work environment by encouraging them to post status updates and share their insights with Microsoft Teams add-on apps like AgilePolly, Decisions, and ScrumGenius.

Employee engagement and job satisfaction are key components of successful company culture. But it is not enough for employees to be engaged in their work—they must also feel connected to each other. Socializing with coworkers fosters a sense of camaraderie and belonging, which can lead to higher engagement, loyalty, and productivity from staff. 

It has been proven that when people make meaningful connections with those around them at work, they are more likely to stay in their job for longer periods of time. When employees feel like they fit into the culture of an organization, they will be more likely to continue contributing engagement and enthusiasm to their roles. This can ultimately result in lower turnover rates, better performance outcomes, and greater collaboration among staff members. 

Socializing is also important because it can help boost morale. When colleagues get together outside of the office environment, they have an opportunity to relax and bond over shared interests or experiences. It gives them a chance to see each other as real people rather than just co-workers—fostering relationships that can last long after any one particular project is finished or a team member has moved on. 

Facilitate Creative Brainstorming Sessions

You can gather ideas from your team in free-form digital spaces and on virtual whiteboards with apps like Freehand, Miro, and MURAL.

Digital whiteboard apps provide an invaluable tool to support staff engagement, collaboration, and creativity. By providing employees with a virtual platform to hold brainstorming sessions, companies can benefit from the engagement and creativity of their team members. Brainstorming sessions held in digital whiteboards can be conducted from any device, allowing for remote engagement and collaboration.

Using digital whiteboards for brainstorming provides an effective way for teams to generate ideas quickly, whilst being able to easily store them for future reference. Having the ability to save these sessions digitally also makes it easier for those who weren’t present at a meeting to refer back to the notes taken during the session. 

Digital whiteboards are also visually engaging due to the ability to draw or write on the board, along with supporting images, controlling audio presentations and even providing live chat functions that enable engagement with multiple parties in real time. 

The benefits of using digital whiteboards go beyond just engagement and collaboration; they can have a positive effect on company culture too. For example, by having a virtual platform where everyone can come together in one place regardless of location or time zone, it allows people to feel connected which strengthens team spirit and corporate identity.  

This then leads to encouraging job satisfaction as staff feel like their opinions are valued and listened to, making them aware that their contributions are appreciated within their organization. In fact, the Freehand by Invision app is now fully integrated, allowing users to use a virtual whiteboard for note-taking and brainstorming during Microsoft Teams meetings. 

Don’t Let Your Staff Become Disengaged At Work

Engagement is one of the most critical components of your company culture. Make sure you fully harness the tools available to you to help with the process.

Need expert assistance? Our team has extensive experience with Microsoft Teams and can ensure you optimize the way you use it at your business. Book a meeting with us to get started. 

Continue reading

How To Build A Company Culture That Retains The Best Employees

So you’ve finally hired an experienced, capable new staff member. Are you sure you can convince them to stick around long-term?

Are you having trouble retaining your staff? To be blunt, the problem is undoubtedly company culture. 

The way your team feels at work every day, the way they’re managed and encouraged, and the people they work with directly influence their degree of satisfaction on the job. 

You’ll notice that I didn’t mention compensation—it may surprise you to learn that money is not the key determining factor in a given company’s culture or your staff’s job satisfaction. 

By developing the right social environment at your workplace, you can build real loyalty and engagement among your team members. I like to think our company has an effective culture, which we’re continuing to improve day by day.

Here are three key components to our process for doing so…

3 Building Blocks For A Winning Company Culture

Hire For Character Over Knowledge

A widespread effect of the pandemic is the mass retirement of older-generation professionals in the field. When faced with the prospect of pivoting to a fully virtual work environment, many of the experts that were only a few years from retirement decided to exit early. 

This has left us with a bit of a vacuum in terms of skills and experience. As novice professionals graduate from college and enter the industry, they won’t be able to directly take on the role of those who left with decades of experience. 

However, this isn’t as big of an issue as you might think. In fact, this is a great opportunity to think about the way you hire. Consider looking for new hires that have the right character, and match your culture. The rest can be managed through training and on-the-job experience.

Case in point: everyone knows you need smart people on your team to succeed, but it’s important to note that the intelligence trait is far more about EQ (emotional intelligence) than IQ (conventional intelligence), which is especially important in the IT industry, as well as every other field of work.

It’s so much easier to find someone with technical skills and education than it is to find someone that understands how to communicate effectively and empathize with others. That’s why we make such an effort when looking for a new hire to hold out for those that have just as high an EQ as they do IQ.

Make Sure Your Staff Is Motivated

Motivation is a vital part of a healthy workplace environment. Properly motivated people are healthier and happier across the board. They are more productive, and the work they get done is often of a higher quality than it would be otherwise. 

On the other hand, a lack of motivation can be absolutely crushing. It makes it more likely that you’ll procrastinate, waste time, and turn in a poor product at the end of it all. Unmotivated work can quickly lead to depression and worse.

That’s why it’s so important to think critically about the role motivation plays in your work and the work done by your coworkers or employees. If you can figure out what motivates you, you can ensure it’s a regular part of your daily life, helping to increase your workplace satisfaction and workplace culture as a whole. 

So, off the top of your head, what would you think is the number one workplace motivator? Social engagement? Business location? Money?

You might be surprised—TINYpulse recently anonymously surveyed 200,000 workers to find out what really motivates people in the modern workplace. The report, titled The 7 Key Trends Impacting Today’s Workplace, considered a number of different possible factors tied to and resulting from employee motivation, including employee engagement, retention, organizational culture, and more. 

Interestingly enough, the top five polled motivators for employees were:

  • Camaraderie and peer motivation (20%)

  • Intrinsic desire to do a good job (17%)

  • Feeling encouraged and recognized (13%)

  • Having a real impact (10%)

  • Growing professionally (8%)

It’s surprising, right? Expected motivators, like salary, or opportunity for promotion, didn’t even place in the top five. Instead, those polled showed that they are motivated primarily by the culture developed by themselves and their coworkers, as well as their innate desire to be good at what they do. 

It’s an extremely encouraging reality, especially compared to what most would assume. Rather than the ruthless and self-serving motivations you may expect from the majority of those in the working world, you find out that people actually usually have more heartfelt motivations.

Don’t Be Afraid To Invest In Your Staff

One challenge many managers have with corporate culture is the possible end effect of offering professional development. That is, if you invest in your employees so that they can grow and improve, won’t they just move on to another job that pays more, and benefits from your investment?

It’s a possibility—however, in the time that you have the employee, they’re likely to do better work than they would if you weren’t investing in them. I believe—and have found—that the opposite is true. 

The more you invest in your employees, the more valued they feel, and the more likely they’ll stay, as well as contribute to a high-quality service offering and an engaged workplace culture. That’s not to mention that I’m more afraid of not training my employees, and having them stick around. 

I may have saved a buck by not getting them that specific certification, but it’s not likely they’ll be contributing much to my business anyway. That’s what this is all about after all—I invest time and money in my employees, so they, in turn, invest their effort and loyalty into our company. Lastly, if you have a compelling enough corporate culture, that’s all the more reason for the employee to choose to stay with your business. 

Good Company Culture Is A Self-Fulfilling Prophecy

The best part of this process is that your work recedes over time. Once you get the ball rolling, the culture improves itself every time you hire another contributing team member. When you add people to your team that appreciate and benefit from your positive work culture, they, in turn, contribute to it, which only helps it to grow. 

This is opposed to hiring people who are just in it for the money, who won’t have anything positive to add to the workplace environment. With an enthusiastic and engaged staff, I then had the opportunity to get them involved with initiatives that would improve our culture.

Also, while I may not be able to directly assist with the development of your company culture, I wanted to let you know that I can help with your team’s on-the-job satisfaction, specifically when it comes to technology. If your team is fed up with apps and hardware that continually fail to meet their needs, it can slowly erode their sense of satisfaction at work, greatly affecting company culture. 

My team and I can help—we’ll optimize the tools your staff uses every day to ensure they make their lives easier, not harder. Book a meeting with us to get started.

Continue reading
1 2 3 11