On May 8th, 2024, Ascension, one of the titanic healthcare institutions in the United States, found itself in the grip of a sophisticated ransomware attack.

A worker inside the organization downloaded a malicious file they thought was legitimate. That one mistake plunged their network into chaos, endangering the privacy of countless patients. The attackers encrypted the company’s data, demanding a ransom for access, and threatened to expose millions of patients’ and employees’ sensitive information unless paid within 48 hours.

Over a month, from May 8th to June 14th, the attack disrupted Ascension’s normal operations, forcing some of its hospitals and clinics to postpone or cancel appointments, surgeries, and other services. The company also had to shut down its online portal and phone lines, leaving many patients and staff in the dark about their health records and schedules.

How could this happen to Ascension?

This raises the question, how could a cyberattack penetrate a well-defended organization like Ascension and hold it hostage? It’s necessary to consider both the sophistication of the attackers and potential vulnerabilities within the organization’s cybersecurity framework. Even with robust security measures, hackers continuously evolve their methods, exploiting the slightest oversight or weakness. Phishing campaigns, for instance, have become increasingly more intelligent, often tailored to deceive even the most vigilant employees. These can serve as a gateway for attackers to infiltrate an organization’s network, planting ransomware that gradually encrypts data until it seizes control over critical systems.

Moreover, the complexity of IT environments, especially in large institutions with thousands of servers and endpoints, creates innumerable points of potential failure. Regular maintenance, updates, and patches are required to safeguard against vulnerabilities; however, the sheer scale can lead to lapses, providing attackers with a window to exploit. Once inside the network, attackers can move laterally, escalating their access rights undetected due to insufficient segmentation of networks or inadequate monitoring of internal traffic. This blend of ingenuity by attackers and inevitable gaps in an organization’s security posture allows such devastating cyberattacks to take root and exert a stranglehold on vital operations, underscoring the relentless arms race between cybersecurity defenses and cybercriminal tactics.

What was the impact of the attack?

Evidence from their cybersecurity investigations indicated that the attackers were able to take files from seven of the approximately 25,000 servers they have across their network. These files contained Protected Health Information and Personally Identifiable Information.

Ascension’s reputation, financial situation, and legal standing were all under scrutiny following the attack. The company dealt with a public backlash from its customers, who felt betrayed and vulnerable because of the breach. Because of this, they face potential lawsuits from the victims of the attack, who could claim damages for the exposure of their confidential information and the disruption of their medical care. They even encountered regulatory scrutiny from the authorities, who could impose fines and sanctions for the violation of HIPAA and other laws that protect the privacy and security of health data.

Downtime is expensive, and though Ascension had disruption protocols and procedures in place, patient care delivery and clinical operations suffered as multiple systems were shut down. The approximate cost of downtime for larger organizations is roughly $16,000 per minute ($1 million per hour).

Additionally, delays stretched well beyond the one-month timeframe after the Electronic Health Record (EHR) came back online because there was extensive backlogged data entry from that period that needed to be completed.

What can we learn from this incident?

The attack on Ascension was a wake-up call for the healthcare industry. It serves as a good reminder that no organization is immune to cyberattacks and that the consequences can be devastating and far-reaching. It’s also a critical reminder that prevention is better than a cure and emphasizes the role end-users play in your organization’s safety.

Here are some best practices that can help organizations protect themselves from cyberattacks:

• Prioritize regular staff training about cyber threats and best practices to avoid them, such as using strong passwords, avoiding phishing emails, and reporting any suspicious activities.
• Continuously foster a culture of security. Encourage employees to take ownership of their role in maintaining organizational security and to report suspicious activities without fear of reprisal.
• Conduct regular risk assessments and audits of your IT systems and networks, and identify and address any vulnerabilities or gaps.
• Consistently monitor and analyze your network traffic. Continuous monitoring can detect unusual activities that may indicate an ongoing attack, allowing for swift action.
• Implement robust backup and recovery plans and test them frequently to ensure that the data can be restored in case of an attack.
• To prevent unauthorized access and tampering with data, use strong encryption and authentication methods and limit the access and privileges of users and devices.
• Update and patch software and hardware regularly, and use the latest security tools and solutions to prevent the exploitation of any known or unknown vulnerabilities.
• Implement multifactor authentication (MFA). Requiring more than one form of verification to access sensitive systems and data greatly enhances organizational security.

The unfortunate incident involving Ascension serves as a poignant reminder of the vulnerabilities that exist. While this event was undoubtedly traumatic and had significant repercussions for the organization, it also provided a valuable learning opportunity for the rest of us.

By analyzing and understanding the breach at Ascension, we can all emerge better prepared and more robustly protected for the future.

Feeling uneasy about your security?

In the wake of such advanced cyber threats, it’s clear that maintaining robust security measures is not just recommended; it’s essential. At CCB Technology, we understand the complexities and evolving nature of cyber threats. Our suite of services, including comprehensive Phishing Awareness Training, round-the-clock monitoring, and expert breach remediation, are designed to fortify your defenses and restore your confidence in your digital security posture.

Partner with us and take a proactive step towards safeguarding your organization against the unpredictable challenges of cybersecurity. Let’s work together to build a resilient and secure future.

Contact us today and learn how we can tailor our solutions to meet your unique security needs.

The post A Single Click: Lessons from Ascension’s Ransomware Attack appeared first on CCB Technology.

But printers… not so much.

Is network printer security really a thing?

Companies have been maintaining tight control of physically printed documents for as long as there have been printers. That’s important and necessary, but many companies don’t realize that they may be wide open to attack because of poor network printer security measures.

If you’re like I was at first, you might think there’s not a lot that could go wrong with printing other than paper jams or forgetting how to replace ink cartridges, but network printers are just as vulnerable to malware and hackers as PCs.

According to InfoTrends, there are almost 30 million printers and multifunction devices in offices and homes throughout the U.S. and Western Europe that are connected to a network. If malware is installed on a printer, hackers can do all sorts of nasty things, including:

• Get access to confidential or sensitive information
• Launch denial-of-service (DoS) attacks
• Access saved copies of documents
• Send unauthorized print jobs

According to HP, in a survey of 300 IT and security pros, just 16 percent of respondents think that printers are at high risk for a security breach. Yet there are hundreds of millions of business printers in the world and less than 2 percent of them are secure. Yikes!

It’s not too late to implement network printer security measures. Here are four things you can do to protect your printers and your business from attacks.

1. Assess what printers are networked

Do all printers need to be connected to your network or only certain ones? Having an unsecured printer connected to your network is like an unlocked back door to your business. One thing you can do, at least until you get proper security measures in place, is unplug from your network. If there is no physical or wireless connection, hackers can’t compromise your network.

2. Pay attention to the basics

Since most networked printers can be accessed remotely with a password, the simplest thing you can do to secure a printer is to change the default password when you set it up. If you haven’t done this – stop reading now, get up, and GO CHANGE IT! And throw in a few unexpected characters to make it more difficult to break. You may thank me later.

You also want to keep the printer firmware updated. Printer manufacturers send out firmware updates as new threats are uncovered so check for them regularly and then USE ‘EM! If you’re as easily distracted as I am (Look! Squirrel!), set up a recurring reminder on your calendar. It’s not difficult to do and it’s another layer of protection.

3. Use encryption

If you’re printing any sensitive information – employee files, confidential company information, or customer invoices – don’t trust that sort of data to an unencrypted network!

When you send a print job over a secured network using encryption, your information will be converted into undecipherable code to hackers. It just makes sense to use encryption so the print job can’t be intercepted, or at least interpreted, on its way to the printer.

Many multifunction printers, copiers, and scanners also have hard drives that store the documents, faxes, images, etc. that are going to be or have been printed. Make sure those drives are also encrypted so that if you are attacked that information is not compromised either.

When you retire a printer, make sure you wipe the drives. In 2010, Affinity Health Plan, a managed care plan company in New York State, returned multiple photocopiers to their leasing agent without wiping the information on the drives. Confidential data for almost 350,000 individuals were found on the drives. That HIPAA violation cost them 1.2 million dollars. Ouch!

4. Purchase secure printers

Okay, I don’t mean to be a shill for any particular printer company, but HP printer security is a standout among secure printing solutions.

HP network printers offer unique technologies designed to thwart attackers’ efforts and then fix themselves. These features automatically trigger a reboot any time they detect an attack or other anomalies.

Every time the printer is started, HP Sure Start checks the integrity of the BIOS code and defaults to a safe copy if it is compromised. It then checks the firmware to be sure it is a known code digitally signed by HP. If not, it reboots. Then it checks the security settings and fixes them if needed. Finally, it monitors the printing process in real-time and reboots if it detects an attack. Pretty cool stuff.

Other printer manufacturers have network printer security features as well. Take advantage of them and keep yourself secure!

Who knew that just a lowly printer could leave a company vulnerable to malicious attacks? Now you do!

Need to beef up printer security?

I hope I didn’t scare you too much, but network printer security is no joke! CCB Services can help you replace or secure your printers to make sure hackers can’t get in. Before you print… contact CCB to protect your business from network printer vulnerabilities.

The post Network Printer Security: 4 Ways to Stay Protected appeared first on CCB Technology.

In this blog, I’ll answer these questions and show you the value with four concrete ways Azure can be used by your business and the real benefits you can gain today.

What is Azure?

At its core, Azure is a public cloud computing platform—with solutions including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) that can be used for services such as analytics, virtual computing, storage, networking, and much more. It can be used to replace or supplement your on-premise servers.

Here are some quick facts about Azure.

Azure is a fast, flexible, and affordable platform, and its pricing and capabilities make it the best public cloud offering on the market. Now let’s take a look at how to put it to work for you.

1. Enhance and Implement Backup and Disaster Recovery

Azure is a backup and disaster recovery dream tool. Why? Because of its flexibility, advanced site recovery, and built-in integration.

As a cloud-based solution, Azure is innately flexible – it can back up your data in almost any language, on any OS, and from any location. Plus, you define the frequency and extent of your backup schedule (daily, weekly, monthly, etc.).

Tape backup has a time and place, but it has limited abilities as a stand-alone backup and disaster recovery solution. Azure site recovery can enhance your tape backup with offsite replication, minimal onsite maintenance, up to ninety-nine years of data retention, minimal or no capital investment, and minimal operational costs. Azure backup stores three copies of your data in three different locations in the data center, and then another three copies in a remote Azure data center, so you never have to worry about losing data.

If you’re in a Windows virtual environment, Azure’s built-in integration for additional backup will be a quick and painless solution. Azure site recovery integrates with System Center and HyperV architectures, creating a robust and seamless cohesion between Azure, System Center, and HyperV.

2. Host and Develop Web and Mobile Apps

Whether you’re looking for a platform for hosting, developing, or managing a web or mobile app, Azure makes those apps autonomous and adaptive with patch management, AutoScale, and integration for on-premise apps.

With Automatic patch management for your virtual machines, you can spend less time managing your infrastructure and focus on improving your apps. Azure also comes with continuous deployment support, which allows you to streamline ongoing code updates.

AutoScale is a feature built into Azure Web Apps that adjusts your resources automatically based on customer web traffic so you have the resources you need when traffic is high, and save money when you’re not in peak times.

Through Azure, you can seamlessly link your web app to an on-premise app. Connecting apps in both locations lets both employees and partners securely access resources inside your firewall—resources that would otherwise be difficult to access externally.

3. Distribute and Supplement Active Directory

Azure can integrate with your Active Directory to supplement your identity and access capabilities—this gives your DNS a global reach, centralized management, and robust security.

With Azure, you can globally distribute an Active Directory environment that is direct connect enabled. No other cloud provider has the ability to extend the reach of your domain controller and consolidate AD management like Azure.

If you have multiple locations or use on-premise apps or cloud apps like Microsoft 365, Active Directory integration with Azure will be the central tool for managing and maintaining access to all of these tools.

Azure also enables you to utilize multi-factor authentication, adding a new layer of security to your data and applications with zero hassle for your users. You can also easily implement single sign-on for Windows, Mac, Android, and iOS cloud apps.

4. Innovate with IoT Industry Solutions

The scalability, flexibility, and security of Microsoft Azure makes it the perfect resource for companies moving toward IoT solutions. You can connect your devices to the cloud using solutions that integrate with your existing infrastructure and start collecting new data about your company.

Within the Azure IoT Hub, you can monitor and manage billions of devices and gain insights to help you make better business decisions, improve customer experiences, reduce complexity, lower costs, and speed up development.

The enhanced security of Azure is a huge asset for IoT solutions, which traditionally have security gaps that hackers can take advantage of. Other benefits include remote monitoring and predictive maintenance and analytics.

Getting started is easy with Azure IoT solution accelerators, preconfigured templates that are customizable to your needs.

How will you use Azure?

These four services are just a glimpse of what Azure can do for your environment. Besides Microsoft’s defined services, it is full of cloud-computing potential that you can utilize in almost any way imaginable.

If you’re ready to try out one of these services, you can get your feet wet with a trial and $200 in Azure credits. You can also get an idea of cost by using the pricing calculator. If you have questions about other ways you could use Azure or need help implementing a service, talk to one of our sales engineers and we’ll help you plan and implement the right tools to meet your needs.

The post Microsoft Azure Explained: What It Is and Why It Matters appeared first on CCB Technology.

The most logical next step might be to see if the user has OneDrive installed locally on their machine, allowing for synchronization between their machine and Microsoft 365. However, you see that has not yet been set up since the organization is still new to Microsoft 365 and the user was most likely unaware they could do that.

So, with no on-premises copy of the document available, you turn to the 24×7 Microsoft 365 Microsoft support that is a part of your subscription. While working with Microsoft, you discover that the document was deleted more than 30 days ago. Unfortunately, that means that even though you changed the default for Recoverable Items > Deletions within your Microsoft 365 tenant from 14 days to the maximum of 30 days, Microsoft has no way to retrieve it since the document was deleted more than 30 days ago. This document is gone. Period.

This scenario happens more often than people realize – showing estimates close to 32% of organizations experiencing a data loss similar to this, with 75% of those losses due to people deleting content, most often accidentally.

What does this mean? EVERY organization should consider an Microsoft 365 backup strategy for data stored in the cloud. Here are some tips for finding the best Microsoft 365 backup solution to meet your needs as well as some possible solutions and how they compare to what Microsoft offers natively.

Evaluate your needs

Start by taking an honest assessment of your organizational needs because a good fit depends upon your organization’s requirements. With so many good solutions available, it will be overwhelming if you don’t do this evaluation first. Here are a few questions – by no means exhaustive – to ask as you go through the evaluation process:

Are you looking for a turnkey solution or something more robust?

We often find that turnkey solutions might not provide the flexibility and functionality organizations need. However, for organizations with minimal IT staff or with a need to simply get their data backed up, a turnkey solution can be the right fit.

Do you have compliance regulations that you need to meet?

Many organizations have compliance requirements, such as HIPAA, that they need to accommodate. Be sure the solutions that you are considering enable you to meet and maintain those requirements.

Do you need some data stored on premises?

Some organizations require that if your primary services, such as email, are running in the cloud that data must also be stored locally. There are solutions that automatically pull data down onto a local repository.

Do you need any additional services?

Consolidating multiple services can be a huge advantage for IT staff by offering ease of implementation and ongoing management. If your organization could benefit from archiving, data loss prevention, encryption, or SPAM protection along with a backup solution, then consider offerings that can be managed from a single pane of glass.

Are you planning to have someone else manage the solution?

If you are currently working with a managed service provider (MSP), include them in these discussions to ensure that they can support whatever solution you are considering. Don’t invest in a backup solution that you want to have managed without first consulting your partner. Your MSP should be a resource for advice and guidance on potential solutions that meet your requirements and can also be managed by them.

Compare Microsoft 365 backup solutions

Now that you know the priorities for your organization, you can start your search for the best Microsoft 365 backup solution. To help you get started, let’s look at what Microsoft offers compared to what a few of our top backup partners offer.

Microsoft’s backup solution

If a user accidentally deletes data and discovers it within 30 days, Microsoft is a great solution. However, if the incident exceeds 30 days, Microsoft’s resolution will depend on whether it involves data for which you’ve set up compliance policies.

Microsoft 365 contains features to help retain data longer but strongly recommends that for data governance, retention policies be used because a retention policy is the only feature that can both retain and delete content across the platform. However, many of these offerings are only available in the Microsoft 365 E3 Plan or higher.

Synology Microsoft 365 backup

Synology offers a great on-prem solution for ease of implementation, ongoing management and overall affordability. Their NAS device is easy to set up, receive notifications, and restore files, folders, etc. Synology covers Exchange, SharePoint and OneDrive. It also protects your Microsoft Teams data if it’s stored in the online versions.

Synology NAS is license-free, without limits on the maximum number of allowed accounts. They also offer a cost-effective plan to NAS users for data availability in the cloud through Synology C2.

Barracuda Microsoft 365 backup

For organizations wanting services beyond simple backup, Barracuda Cloud essentials might be the right fit. It provides a solution that, in addition to Microsoft 365 Backup & Recovery, also includes Advanced Threat Protection, Inbound/Outbound filtering, Archiving, Compliance and eDiscovery.

Veeam Microsoft 365 backup

If you, like many of our clients, are already using Veeam to back up your physical and virtual servers or if you need to back up data to an on-prem location, Veeam might be the right fit for you.

The bottom line: Microsoft 365 has a feature-rich infrastructure for organizations wanting access anywhere at any time, but a comprehensive backup for your Microsoft 365 data is not included. It’s your data and you need to have active and successful backups occurring so that the next time a user accidentally deletes their data, you can restore it.

We can help make the process easier! CCB can make your search for the best Microsoft 365 backup solution simple and effective – from demo to trial to purchase. Let’s have a conversation.

The post How to find the best Microsoft 365 backup solution – and why you need it appeared first on CCB Technology.

KnowBe4 is a tool that helps users distinguish between legitimate and phishing emails by introducing them to simulated phishing content and monitoring their behavior. Based on the actions that users take, training can be provided when awareness is needed. Phishing training should be a part of your cybersecurity business plan. Let’s look at how KnowBe4 tests your employees’ awareness of possible security threats.

Phishing attack prevention

The most common threat to a company’s digital security is phishing. How do you know where your company is vulnerable? By creating campaigns in KnowBe4 you can send phishing emails to your employees to test how they react. Various settings can be configured per campaign and then scheduled either on a one-time or recurring basis. You can:

• Create a new campaign and define the who, what, when and how settings.
• Choose an existing template from the large collection KnowBe4 offers or create your own.
• Choose which landing page the user sees should they click on any “infected” email links.

And, as we’ll see later, you have complete visibility into the results.

Vishing attack prevention

To train users about phishing is not enough. Vishing, or voice phishing, is defined as the criminal practice of using social engineering over the telephone system to gain access to private, personal, and financial information from the public for the purpose of financial reward. It’s proven to be one of the most successful methods of gaining information needed to breach an organization.

Are you familiar with those calls from the IRS stating that you are about to be arrested because you owe them money? This is a real-world example of an automated type of call that is used in Vishing. Of course they are looking for a payment that requires personal information.

KnowBe4 lets you create vishing campaigns that test users by calling them via an automated system and asking for sensitive information. If the user hangs up without entering anything they pass the vishing test. If they speak or enter the requested digits in to the phone they fail.

USB dropped drive hack

Have you ever found a USB drive and wondered what was on it? For some people the urge to plug it in is irresistible! One study suggests that 48% – 98% of people will plug in a found drive. Whether it’s because they want to return it to the rightful owner or simple curiosity, plugging it into either their personal or work issued computer is a major security breach.

Called the “dropped drive hack” by WIRED magazine, placing infected files on a USB drive and leaving it somewhere for a user to find is a viable attack vector that targets companies that don’t block USB media or train users on safe USB practices.

To test employee’s awareness of appropriate USB use, KnowBe4 offers the creation of “infected” files that can be put on USB drives and left for users to pick up and plug into computers. If they interact with the files on the drive, it reports back and you’ll see the results on the dashboard.

Monitor user results

So… how are your people doing? How do you know if people are clicking what they are not supposed to? More importantly, how do you know if they are learning and getting better at avoiding risks? The main dashboard in KnowBe4 gives you instant insight into your company’s performance and compares it to the current industry standard, letting you know where you need to focus user training.

Training campaigns for phishing

Up to this point we’ve talked about testing users’ awareness of threats but haven’t covered how to ensure users become more resistant to these threats. At the heart of KnowBe4 is its user training and awareness content. Through the KnowBe4 ModStore, you can access a wide variety of training modules, covering content from security awareness fundamentals to social engineering tactics you can use to train users about phishing.

KnowBe4 does a great job of coupling their phishing campaigns with training campaigns. You have the option of auto-assigning training for users who fail testing, ensuring that the user gets the training they need. You can also create groups, such as a specific department or management team, and assign training directly to those groups.

Get started with freebies

KnowBe4 offers a completely free tool called Second Chance that allows a company to add a step between users clicking on links in emails and launching the associated web page. It takes the golden rule of “hover over a link prior to clicking on it” and brings it to the forefront by showing the user where the link is taking them before launching their default browser. Using an eye-catching orange box as a warning, it displays the link and asks the user if they want to proceed.

Paranoid yet?

If phishing and other illicit scams weren’t effective they would have faded away long ago. If you don’t train users about phishing you can be sure your users will fall victim to them at one point or another. Hopefully the facts we’ve shown will help instill a healthy level of paranoia when it comes to what your users are clicking on in their emails along with an understanding of how KnowBe4 can help your company strengthen its awareness.

Contact CCB for more information or to set up a FREE trial of KnowBe4 for your company.

The post How to Train Users about Phishing Attacks appeared first on CCB Technology.

Let’s start by doing an overview of the two main types of Microsoft 365 migration options available – hybrid vs cutover. There are other migration choices out there such as Staged, Hybrid Lite, etc., but most often we see our clients choose a cutover migration or hybrid migration. Let’s look at the differences.

Cutover migration (or the git ‘r done approach)

One of the fastest ways to get your organization into Microsoft 365 is a cutover migration. This consists of migrating from your current email platform into Microsoft 365 with the “transaction” occurring at a single point in time, which is why it’s called a cutover. With a cutover migration there would be a definitive point when your entire organization moves from their current email platform into the Microsoft 365 platform.

The proverbial “flipping of the switch”, the cutover task itself can take under an hour to perform if a fair amount of staging and prep work happens on the front end. By staging and prepping, I’m referring to tasks such as moving your data into Microsoft 365 (email, calendars, contacts, etc.) or setting up other components as needed, such as AAD Connect and an Encrypted SMTP Relay. The overall process could take anywhere from 4-8 weeks to complete depending on the size of your organization, but in the end, everyone would move over together.

Hybrid migration (or let me ease into it approach)

If you are not a fan of making the switch for the entire organization all at once, then a Microsoft 365 hybrid migration might be a better fit. In a hybrid migration, you can move a chosen number of users or departments at a time into Microsoft 365, allowing your company to move over at a gradual pace. There are additional requirements though that need to be considered when choosing this option.

To begin with, you will need to set up a server that will function as the Hybrid Server to host the connection between your on-premise Exchange Server and Microsoft 365. You’ll also need to utilize directory synchronization (such as AAD Connect) since hybrid configurations rely on them.

How to choose between a hybrid vs cutover Microsoft 365 migration

Here are some questions to help guide you on your way to making an informed decision:

1. How many mailboxes, distribution groups, public folders, etc. will you be moving into Microsoft 365?
   We normally see larger organizations (250 users and above) more prone to choosing the hybrid migration path to better support their user base during the migration to Microsoft 365, especially if they have multiple locations. Smaller organizations can be more agile in their preparation for the move and an Microsoft 365 cutover migration is often a simpler approach, although mailbox size could be a consideration for them as well.
2. What is your current email platform?
   We see clients moving from all types of email platforms into Microsoft 365. In a hybrid migration, an Exchange platform is required, so if you are running anything other than Exchange or anything older than Exchange 2010, hybrid is not an option.
3. Are you currently utilizing Microsoft Teams, or SharePoint On-Premise?
   If the answer is yes, either a cutover or hybrid Microsoft 365 migration would work, however, there are a fair number of caveats – or “gotchas” as we like to call them – that need to be addressed.
4. Do you have additional complexity with your environment?
   This could include things like multiple Active Directory environments from past mergers/acquisitions or the need to move to a new domain and having that occur simultaneously. In cases like these, we see most clients choose the hybrid option to allow for additional testing and a slower phased approach for deployment.

Now that you know what to choose between a hybrid vs cutover Microsoft 365 migration, here are some vital tips to prepare for your transition and avoid common pitfalls.

If you have a unique situation or need more help working through which option is best, please feel free to reach out to us – we would be happy to talk with you about it. Every Microsoft 365 migration is different and feedback from an experienced professional at CCB can be helpful.

We can also help free up some valuable time by doing your migration for you. We have performed hundreds of Microsoft 365 migrations for clients over the years, helping to make the process more efficient and timely, and allowing them to get back to focusing on the achievement of their goals and missions. A consultation is completely free, so let’s explore together the advantages of moving to Microsoft 365.

The post Hybrid vs Cutover – Which Microsoft 365 Migration is Right for you? appeared first on CCB Technology.

Here at CCB we recently switched to a new VoIP solution and know just how time-consuming it can be to evaluate all of the available options. To help you focus your search, I put together this list of the top things to consider and questions to answer while evaluating VoIP solutions.

1. Feature Set

Before evaluating what a new VoIP system can do for you, first identify all of the pain points of your current system. This will help you start to generate a list of requirements that a new system has to meet and help you immediately filter out some VoIP solutions. From there you can start to identify some of the extra features that your company could benefit from.

These are features I prioritized:

2. On-Premise or Cloud Hosted

This decision is being made in more and more areas of our business these days, and when considering phone systems, you can go either way.

On-Premise

• Do you have the capacity to run one or more virtual machines necessary to accommodate the phone system software?
• With on-premise systems, you’re typically talking about a CapEx purchase, so depending upon your financial situation, this might make more sense to you.

Cloud Hosted

• Would you rather not have another on-premise system to manage?
• Would you prefer an OpEx purchase with a monthly payment?

3. Integration

Who doesn’t love it when their systems integrate with one another? Depending upon the current software that your company employs or the software it’s looking to implement in the future, this could be a deal breaker. For CCB, it was a fairly important requirement and I used this to narrow my search results.

Here are some questions to consider:

• Does the system integrate with Active Directory?
• Do you have any internal software such as a CRM or ERP system that would benefit from being tied to the phone system?
  • • From a CRM standpoint, the ability for the phone system to automatically register calls, voicemails, etc. into a CRM can be a huge boost in your sales team’s efficiency.

4. Uptime

Most businesses would prioritize their phone system in the critical column when asked its level of importance. It would then make sense to only consider systems that have a high level of reliability.

• Does the VoIP system offer any type of SLA? Determining an acceptable amount of downtime can help you identify how much you are willing to pay for the amount of uptime.

5. Availability & Mobility

This might not initially be something you consider when conducting your search, but it might be more applicable than you think. With today’s workforce choosing to work wherever they have access to a computer, mobile phone, and internet, how does your phone solution fit into this situation?

With more of the workforce becoming mobile, consider these questions during your evaluation:

• Can your employees utilize your phone system while working remotely?
• Do you have to purchase any extra hardware or software to achieve true remote capabilities?

6. Implementation

Everyone has deadlines to keep and depending upon the timeframe you will have to implement a new phone system, how long it will take could be an important factor.

• Based upon the size of your organization, how long will it take to implement the solution?
• Does the solution come with implementation assistance?
• Does the solution come with user training?
• Can you move any settings from your current phone system to the replacement VoIP solution?

Leveraging an experienced IT partner can help you meet your project goals and make the implementation process smoother.

7. Bring Your Own Device (BYOD)

Does your company employ any BYOD policies? If so, here are some key features to consider in the phone system:

• Does the system offer any type of softphone application that users can use a headset with instead of just a traditional desk phone?
  • • This can alleviate laptop users from having to be at their desk to place and receive phone calls.
• Is there any type of application for mobile devices such as Android or IOS where users can place calls directly from their mobile phones?
• Is the sign-in process to the phone system tied to Active Directory where personal computers won’t work?

8. Proof of Concept (POC)

With the phone system having such an impact on the entire company, I would not recommend even considering a solution that does not offer an adequate trial period, or POC. I would also recommend strategically putting together a test group of employees that are good at giving detailed feedback.

There are so many questions that can only be answered by actually implementing the solution for a trial timeframe with people that will be actually be using it.

• How does the solution handle the load placed upon it?
• What type of feedback did you get from the test group chosen for the POC? This is an invaluable source of information to determine if the VoIP solution is going to work for the company.
• Is the POC using the same platform and licenses that you would receive if you purchased the solution? This is critical to determine as you don’t want to have any misconceptions on what the POC can do and what the actual system you are looking to purchase can do.
• Do you have full access to the solutions support team during the POC? It is important to be able to engage with support prior to choosing a solution and experience how their engineers will work with you during the various problems you will have from time to time.

9. Selling the VoIP Solution to Your Boss

This is often one of the hardest parts of any project. You conduct a thorough search to ensure that the phone system checks all of your boxes, but in the end unless you can sell it to your boss, you can’t move forward. Here are some suggestions on preparing for that discussion:

• Start with the bottom line: are there significant savings that the company will realize by making the change? Look at both the short and long term financial impact.
• Talk about increased efficiencies: Highlight new features that will simplify processes and increase productivity. What are important enhancements to phone system management?
• Close with mobility and accessibility: focus on the impact the solution could have on your continuity plan and the availability of the solution from literally anywhere.

With that said, it’s of vital importance to talk with all departments to ascertain how they currently interact with the phone system and what they would like to see in a new one.

If you align their goals with yours, not only will you have more people in your corner when it comes time to making a decision, but you will also have a higher user adoption rate when it comes to implementing the solution.

Making the Right Choice 

After all the questions were asked and trials were conducted, we decided to “cut the cord” and move to a VoIP solution called RingCentral. We’ve been on it now for four months and we are enjoying features that we didn’t have access to before with our traditional system.

The migration was easy and our employees did a great job of learning and embracing the new technology – and the cost savings was significant. It was a decision that has worked well for us.

Want help learning about VoIP solutions for your organization?
We can help you find, procure, and implement the right VoIP solution for your company. Let us know what you need.

The post VoIP Solution: 9 Things to Know Before Buying appeared first on CCB Technology.

There are numerous vendors that provide wireless solutions, but this article won’t steer you toward one over another. Instead, we’ll address a few key topics to consider when looking for a wireless solution to help you determine what your company needs and narrow the list of options.

1. How do you want to manage your wireless solution?

The answer to this question will have the largest impact on the Wi-Fi solution you choose and depends upon your needs and requirements. There are generally two ways to manage your Wi-Fi – on premises or a hosted cloud solution.

An on-premises solution provides complete control, allowing management of each access point (AP) individually or using a central console. This solution works well for organizations with few APs.

A hosted cloud solution, like the WatchGuard Wi-Fi Cloud, would give you central control over multiple APs from one web portal. This helps simplify management for organizations with many APs. With a hosted cloud solution, however, you will pay a subscription fee and do not own all of the hardware involved in management.

Determining what type of Wi-Fi management your organization needs will help you narrow your search by focusing on the vendors that offer what you need.

2. Thick or thin access points?

Two words you might run into while considering the different types of management for wireless solutions are “thick” or “thin” access points. A thick wireless AP can operate as a standalone unit and doesn’t need a central console to be configured. This option works best if you have one or two access points.

A thin AP requires a central console and cannot be configured without it. It makes managing multiple APs easier as you don’t have to configure each access point. Most vendors will offer both solutions, but thin APs are typically less expensive and easier to deploy.

3. Is it compatible with what you have?

Anyone who has worked with technology can appreciate when “things just work.” Compatibility with existing hardware and software can be a huge factor when choosing a wireless solution. Answer these questions before committing to a solution:

• Which frequency bands does the solution offer?
• Do they allow for a directional or multi-directional antenna?
• Is the wireless solution compatible with your firewall, web filter, or other network devices?

If there is a layer of compatibility, then setting up and managing the wireless solution isn’t going to feel like another island of information separate from all of your other equipment.

4. Does it meet your security needs?

Security is a concern with any type of solution implemented within an organization and choosing a wireless solution is no different. The type of security offered or not offered can be a deal breaker.

Determine what security measures you absolutely need in a Wi-Fi solution. Which flavor of WPA2 do you need? Do you need integration with a RADIUS server? Does the system support 802.1x?

Security is not an area where you want to make a compromise – make sure to choose a solution that fully meets your needs.

Get started with a list.

Hopefully these topics help you start thinking about the different factors involved when researching a wireless solution for your company. It’s a good idea to make a list of items that are important to your organization and make sure that the vendors you’re investigating align with what you need. This will ensure that your company is making the right choice come decision time.

Need some Wi-Fi advice?

Ask CCB about taking a Wireless Network Survey to make sure your decision is based on factors unique to your organization. Contact us and learn more about our projects.

The post 4 Things to Look for in a Wireless Solution appeared first on CCB Technology.

Small businesses often make the false assumption that their data isn’t as vulnerable to compromise as big corporations, but this is proving to be an incorrect and potentially costly assumption. The National Archives and Records Administration reports that more than 90 percent of companies that experience at least seven days of data center downtime go out of business within a year.

So what’s your plan to ensure that downtime doesn’t collapse your company? You need a comprehensive disaster recovery plan in place using a trusted solution like Azure Site Recovery before disaster strikes.

Cost vs. Complexity

When creating your disaster recovery plan, you’ll need to weigh the trade-offs between complexity and cost. What data can you afford to be without? For how long? If you lost some data, would that destroy your business forever? To answer those questions, let’s look at what your plan needs to include.

Five parts of a disaster recovery plan:

• Recovery Point Objective (RPO): RPO defines how much data you are willing to lose. You can give higher priority to saving your most critical data, while being willing to lose less important data, such as pictures of the Christmas party (which may be better off that way!). Customer records might be top of your list, while marketing data might rank lower.
• Recovery Time Objection (RTO): RTO weighs how long you are willing to be without your data. Depending on your business, you might decide that you can lose up to two hours of business operation. A higher time will create higher costs, so you’ll need to consider your options carefully.
• Personnel: Who should get their data back sooner? Who will support the plan? Do you have a backup person as well as backup technology? Is your plan dependent on human intervention, which may not be possible in all cases?
• Regulatory constraints: Is your business subject to regulatory compliance? How will you make sure you are covered?
• Critical data: Which data is critical to your business? What are the dependencies between different areas of the business?

Find a solution that fits your disaster recovery plan

A cloud solution can help you find a good balance between cost and complexity while fulfilling the requirements you’ve outlined in your plan. With Azure Site Recovery, you can easily create disaster recovery plans in the Microsoft Azure portal that can be as simple or as advanced as your recovery plan demands.

For small and medium businesses, you can protect all of your major IT systems inexpensively by implementing disaster recovery to the cloud using Site Recovery. It integrates with other BCDR technologies and you can set up and manage replication, failover, and failback from a single location in the Azure portal.

Site Recovery can also help you meet your RTO and RPO requirements since Azure VMs can be replicated between Azure regions as a part of your strategy. When failover occurs, Azure VMs are created based on the replicated data. Site Recovery provides continuous replication for Azure VMs and VMware VMs, and replication frequency as low as 30 seconds for Hyper-V.

Finally, Site Recovery integrates with Azure for simple application network management, including reserving IP addresses, configuring load-balancers, and integrating Azure Traffic Manager for efficient network switchovers. Learn more about Microsoft’s complete integrated Azure cloud solution for backup and recovery.

Train and test

Once you have a plan in place you’ll need to train all personnel. You’ll increase your chance of success when upper management endorses the plan and promotes training for all employees. Communicating the plan and even incorporating it in new employee training might be good strategies as well. Assuming everyone knows who is responsible for what can lead to failure.

Too often companies will create a plan, implement it and then stick it in a file. They don’t fully test the plan, or consider multiple scenarios. When a disaster hits, whether its cybercrime, a natural disaster or that rogue sprinkler system, the plan fails. The New York Stock Exchange had a plan before Hurricane Sandy, but they didn’t follow it when disaster hit – instead they closed the stock exchange for two days.

Your resources and business needs will evolve over time because location, personnel, and data changes. Annual training, and testing two to three times a year is the best way to make sure the plan is up-to-date, still supports your current business goals, and everyone is prepared for a short, efficient recovery with as little down time as possible.

Your disaster recovery plan can’t wait  

Nobody likes to think about their business getting hit by a disaster, and hopefully you never will, but facts show that you are likely to experience some level of compromise at some point.

Azure Site Recovery is a trusted and robust solution that can help you recover quickly from disaster. It monitors the state of your protected instances continuously and remotely from Azure. When replicating between two sites that you control, your virtual machines’ data and replication stays on your networks and all communication with Azure is encrypted. You can also select encryption for data at rest.

You can’t guarantee you won’t be affected by cyberattack, natural disaster, technical malfunction and uncontrollable human error, but you can protect your business from costly data loss by investing in a solution that aids in data backup and disaster recovery.

We can help you along the way

We’re here to help with all stages of strategy, planning and implementation. We can discuss your needs and help you explore all your available options, including the advantages of cloud BU and DR. Don’t wait any longer.

The post How to create a disaster recovery plan: Is Azure right for you? appeared first on CCB Technology.

Providing IT security training for your business end users is one of the best ways to prevent a security breach. Everyone who touches any type of device in your company needs training on how to use your corporate information systems safely.

Before beginning any user training, make sure your company has a written security policy in place that addresses:

• Acceptable Usage Policies (AUP)
• A Non-Disclosure Agreement (NDA)
• Password management
• Remote Access Policies
• Mobile/BYOD Policies

Having these policies in place will make security training and administration much simpler. All employees should be required to read and sign the security policy documents, but they also need to be enforced with training. Here are five ways to get buy-in from your users.

1. Provide ongoing security training.

All employees should receive network security training during their initial hiring orientation, but that’s not enough. Training needs to be ongoing because users need regular reminders and reinforcement of the importance of your network security. Whether it’s how to choose good network passwords or tips on recognizing the latest phishing schemes, all users need to be able to recognize possible issues and understand the best way to handle them.

Helping users stay ahead of hackers’ tricks is critically important to the security of your network. Hackers are constantly trying clever new ways to trick even the most sophisticated users into downloading their malware or responding to a hoax email. Regular security awareness training is key to keeping users alert to these threats.

2. Make security personal.

Network security may seem like an abstract concept to employees who aren’t responsible for your company’s technology efforts – so how can you make them care about your company’s security? Make it personal. Ask them if they use personal devices to make online purchases at home using a credit card and walk them through what could happen if they don’t take security precautions. Use that scenario to begin a discussion on the necessity of following security policies.

Help employees understand that their information, including details about their identity, is best protected when they follow security policies that keep the corporate network locked down. Network security impacts everyone who accesses your network and they need to fully understand that.

3. Be accessible to users.

Do your employees know who to go to if they experience a network security incident such as a suspicious email or an unusual pop-up window? Do they know who to bring security questions to? Inform them who to contact for all scenarios.

If you don’t have on-site IT support, be sure users understand how to contact support personnel through your provider. And while waiting for an answer from your security expert, it’s equally important that they know what to do – or not to do – during the wait time.

4. Tell users what actions to take and why.

Security awareness training should not only include information on how employees should respond to a security incident, but also how to avoid one by reacting appropriately. What should users do if they click an attachment that turns out to be infected? Do they call your security expert for help or should they take some immediate action with their computer on their own?

Running mock scenarios will help users gain confidence in knowing what to look for, what to do, and who to contact. Employees need to know how to react, including when to immediately shut down their browser windows or computers if necessary. Be sure discussions include email security, URL training and Mobile/BYOD security.

5. Make security as pain-free as possible.

Even the most thoroughly trained and well-meaning user might be tempted to circumvent your security measures if they’re difficult to follow, so make your policies easy for users to follow. Finding the right balance between security and user friendliness is important. Here are a few things that may help:

• Configure your applications to automatically prompt users to change their passwords on a regular basis.
• Make sure your anti-virus software updates automatically when it won’t interfere with employees’ workday.
• Don’t fault the user who reports a security breach. You want employees to feel safe so that they come to you with any potential security risk.
• Consider having a program that recognizes employees for making the right decisions.
• Host a security awareness week that includes distributing information, hosting Q&A sessions, and sharing stories of company security “wins”.

Security training can be done in multiple ways, including online classes or video training for new employees, and as part of staff or team meetings for ongoing awareness training. The end goal is for security awareness to be a two-way partnership between the end user and the company and something end users do without thinking about it.

Protect your company – train your employees
CCB can help educate, train and test your end users. Schedule a free demo of our solution and get a free phishing test of your environment.

The post End User Security Awareness Training appeared first on CCB Technology.