Changing the Way We Work

We’ve already seen self-checkout technology reduce the retail workforce, and AI-powered live chat is driving the customer support profession to extinction. Self-driven vehicles may completely change the transport industry, putting truck drivers and logistics workers out of business. Automated phone and scheduling services may also end the need for office administration staff.

Many other professions won’t be safe for long, either. Hospitals and pharmaceutical chains are using automated machines to replace human pharmacists. Surgeons are now competing with sophisticated surgical robots. Recently, a law algorithm obtained a 70 percent success rate when tested in thousands of cases.

Predictions are that AI will transform the global economy, affecting as high as 40 percent of jobs as we know them today. However, in all things where there is change, there are both negative and positive. AI in the workplace offers both and could potentially transform industries for the better.

Potential Benefits of AI Integration

Boost Efficiency and Productivity

One of AI’s key benefits is increased efficiency and productivity. According to the Nielsen Norman Group, user performance improved by 66% across three case studies. AI-powered systems can automate repetitive tasks, saving time and resources and allowing employees to focus on more strategic, complex work. For example, AI can optimize manufacturing production processes, reducing errors and increasing efficiency.

Improve Data Analyzation

AI integration will allow for quicker, improved decision-making since it can analyze large amounts of data and find trends and patterns that may not be apparent to humans. Using AI in the financial industry could mean an increase in the GDP by 7% since AI algorithms can analyze market data to make investment recommendations and help businesses make data-driven decisions that gain a competitive edge.

Skills and Training for the AI Workforce

AI is also initiating many new job opportunities for the next generation directly related to the AI field and several associated with IT, including computer support specialists and software developers, with nearly a half-million additional positions are expected in the next decade. Additional skill sets will be needed in coding, data analytics, and systems infrastructure.

The future AI job market demands both formal education and continuous learning. While it will necessitate educational institutions to offer AI-related courses and programs, AI’s rapid advancement will require lifelong learning, critical thinking skills, and ongoing development to stay updated in the field.

Ethical Considerations in AI Employment

The potential for bias is one of the key ethical considerations in AI algorithms. Since AI systems learn from data, biased or discriminatory data may perpetuate those biases in AI output. For example, an AI algorithm used in hiring could discriminate against certain demographic groups, so establishing diverse and unbiased datasets will be needed.

Data privacy and protection are other ethical considerations that AI could impact, leading to concerns about privacy and the security of personal information. It will be crucial to establish robust data protection policies that give individuals control over their personal data being used within AI systems.

The bottom line is that transparency and accountability will be important in using AI systems because they can be complex and challenging to understand. AI integration in employment will mean establishing fair, explainable, and ethically used systems.

The Future Outlook in the Age of AI

The job market will likely undergo significant changes as AI continues to advance. However, the job outlook depends greatly on the adoption and implementation of AI technologies. Businesses and policymakers will play a huge role in determining its inclusion in the workplace and, therefore, the extent to which it impacts jobs.

The future of work in the age of AI is dynamic and evolving. While there are concerns about job displacement, there are opportunities for new roles and job functions. Balancing automation and human-based labor will be essential to ensure a sustainable and inclusive workplace.

By embracing AI technologies and investing in skills development, individuals and organizations can navigate the changing work landscape and thrive in an AI-driven economy.

Fascinated by the possibilities of AI?

AI is weaving its intricate web deeper into the fabric of our daily lives and will soon become an indispensable tool in the workplace. But do we truly comprehend its capabilities or what we may be relinquishing by letting it in? Our upcoming Tech Strategy Summit on September 19 was built for business leaders and IT professionals looking to dive into the world of artificial intelligence, with a special focus on Microsoft Copilot.

Check out this video by Marc Laliberte, a Tech Strategy Summit speaker with WatchGuard Technologies. He discusses the good, the bad and the ugly of AI in cybersecurity.

Don’t miss it. Sign up today!

The post Artificial Intelligence and the Future of Work appeared first on CCB Technology.

Longevity isn’t a word we associate with any of our personal digital devices, yet the “if it’s not broke, don’t fix it” philosophy seems to be the rule when it comes to our work devices. While most business owners want to stretch their asset dollars as far as possible, waiting until your computers are outdated can mean decreased productivity and increased downtime and repairs. 

Your employees’ work devices directly affect your cybersecurity, so developing a healthy replacement cycle is an essential business consideration. Figuring out the right upgrade schedule for business computers can be challenging, but it will help avoid the significant issues of waiting too long to refresh.

What‘s a good replacement cycle for business devices? 

Today’s computers run at peak for roughly 3-5 years, though most IT pros say it’s closer to 3 years. A “wait till it dies” mentality can be costly when applied to the devices your employees use daily – financially and even from an employee morale standpoint. Frustrating tools can quickly create a frustrated workforce. 

A study from Microsoft found that employees spend, on average, a day per year waiting for old computers to boot up. Their study also found that a PC beyond year four: 

• Runs slower and struggles to run multiple applications at once 

• Consumes more power and has a shorter battery life 
• Is 2.7x more likely to require repair than in year three 
• Decreases user productivity by 112 hours per year (nearly three weeks!) 
• Costs a company an average of $2,636 per year per device 

Further, these aging computers have twice the downtime and are three times more susceptible to security breaches and data loss. This translates to a significant upswing in the cost of ownership, making it more cost-effective to replace two or more PCs than to keep an old PC operational for more than four years. 

How do you spend your tech budget wisely? 

If your computers have hit the three-year mark, don’t pour more resources into old devices. The “make it last longer” philosophy can backfire where your computers are concerned, draining money and resources away from your business in other ways. Considering all the costs of outdated PCs, new devices are your best investment. 

Plan a computer refresh now.  

CCB can show you cost-effective solutions to meet your budget needs. You have options. Let’s talk. 

The post When is a Computer Outdated? appeared first on CCB Technology.

Weak passwords exist because of the simple convenience of being easier to remember. Strong passwords should be complex, random, and unique for each account and at least 12 varied characters long. Obviously, not something easy to commit to memory! So how do you train users and ensure they’re creating strong passwords? 

What End Users Can Do

Let‘s start with the basics. Here are important password practices to share with employees to teach and inspire better password habits. 

1. Don‘t reuse passwords.

If hackers access one account, they could gain access to other accounts that reuse that password. 

2. Don‘t leave passwords unsecured.

No post-it notes, notebooks, or unencrypted text files. 

3. Don‘t share.

Keep your accounts and your passwords safe by keeping them to yourself. Never give coworkers access. Every employee should have unique login credentials.

4. Make long, complex passwords.

A 7-character complex password can be hacked in roughly 31 seconds. Compare that to a 12-character version that uses upper and lower case letters, numbers, and symbols – it would take 3000 years!  

5. Change breached passwords.

The only thing worse than using a weak password is continuing to use one that has been breached! In 2021, 70% of users still reused compromised passwords found in breaches from the previous year. 

6. Use a password manager.

If your company offers one, learn how to use it. You only need to remember one password since the password manager will create and store them for all your accounts.

7. Change passwords at least annually.

The more vulnerable an account or site is, the more frequently your password should be changed, but at a minimum, change all your passwords annually.

What Your Organization Can Do 

When you consider that more than 40% of all breaches involve stolen credentials, managing passwords for your organization should be a vital part of your security strategy.

1. Use an Identity Access Management (IAM) solution.

An IAM authorizes the right users the proper access to your organization‘s applications, systems, and data. Once you have policies and procedures, adding and deleting access based on roles and responsibilities becomes efficient and quick.

2. Implement Multifactor Authentication (MFA).

Multifactor authentication (MFA) is one of the best security measures to protect against attacks. It forces potential hackers to bypass multiple authentication measures before gaining access to an account. Get it done if you’re still among the 50% of companies that still haven’t implemented it.  

By adding a second verification step, you can stop attackers before they access credentials, increasing the chances of stopping an attack before it starts. But because passwords are the main factor in MFA, authentication will be strongest when you also protect your passwords with a credential management solution.

3. Offer and require a password manager.

Passwords generated with a password manager are fundamentally impossible to crack and take things like a pet‘s name out of the equation! A password manager gives you more control over password quality, reduces the need for password resets, and alleviates the issue of reused, shared, or stolen passwords. Use a password manager wherever you can. It’ll allow users to create completely random passwords without having to create or re-type them.

An Offer Worth Considering 

WatchGuard recently introduced AuthPoint Total Identity Security. It contains everything you need for a complete MFA solution available as one package. Total Identity Security includes the AuthPoint MFA solution, Corporate Manager, and Dark Web Monitoring services so that you can enforce a strong password policy with the best user experience.  

With WatchGuard’s Corporate Password Manager, users can retrieve their corporate, personal, and shared vault passwords using the AuthPoint app and/or browser extension when they need to access their apps or systems. This allows organizations to add non-SAML Cloud applications to the Web SSO Portal for more robust authentication and a smooth SSO experience.

Want to learn more about your MFA and IT Security options?

Talk to your CCB Account Manager. CCB offers security choices that allow you to choose the right solutions for your needs. We‘ll help you get secure and stay secure.

The post Guidelines for Creating Strong Passwords appeared first on CCB Technology.

Here are eight questions to ask to help you identify a potential phishing attempt:

1. Is the sender familiar?

When it comes to identifying phishing emails, rushing can be your downfall, so slow down. If the sender is unfamiliar, do a thorough analysis. Check the display name and email address. Using banks, credit cards, and big retailers, scammers will impersonate display names to appear legitimate. Be sure the domain matches the organization’s name – @microsoft can become @microsaft or @microsoft123. Check online for legitimate URLs.

2. Is the greeting generic?

If you are doing business with someone, they should be using your name – it’s simple to personalize an email these days. If the email starts with “dear sir or madam,” you can be sure it’s not your bank or credit card company. Hackers may also avoid using a salutation altogether and move you directly to take action through a link.

3. Are there spelling and grammar errors?

These errors can be due to poor language translations, but they aren’t always mistakes. Sometimes they are meant to bypass spam filters that block keywords and phrases to prevent phishing attempts. They also weed out targets with greater attention to detail that are less likely to fall for their bait. Bottom line: legit businesses know how to spell.

4. Is the message urgent or threatening?

Pushing you for a quick response is a common trick to get you to act without thinking. Messages like “recent account changes” or “your package couldn’t be delivered” are screaming for immediate attention. Don’t respond, or click attachments or links, until you are 100% confident that the email is from a trusted source. If you can’t determine that, try contacting the organization through ways you trust.

5. Are they asking for personal information?

Never send personal information through email – reputable companies won’t ask you to do that. Be suspicious if they request you to provide login credentials, account numbers, payment information, etc.

6. Are the email domains consistent?

Always check embedded links in an email by hovering the cursor over them, but don’t click on them! If the link address doesn’t match the embedded link, it is most likely malicious and redirecting you to a phishing website. Remember, never click on a domain without a URL that starts with https.

7. Are there suspicious attachments?

Malicious attachments are an easy way for attackers to deploy malware onto your device and gain access to sensitive data. Look for file types like .exe, .scr, and .zip. Most reputable institutions will direct you to their website to download documents or files – they don’t randomly send you emails with attachments.

8. Is it an urgent internal request?

Don’t automatically trust emails from internal sources if you have concerns about the email – like requests for urgent attention or asking for sensitive information. HR-related emails are top on that list and most often involve a financial verification or change. Message or call to confirm the sender is legitimate.

Think the email you’re looking at is a phishing attempt?

Don’t just delete it. Flag it as spam mail so your email client will know to move these types of emails to your spam folder in the future, ensuring you don’t accidentally open them going forward.

Phishing attacks are becoming increasingly sophisticated, and you simply won’t always be able to detect them. If you think a phishing attack has fooled you, immediately report it to your IT department. Don’t let embarrassment hold you back. Your IT team will be able to determine if the email you received is legit, run a virus scan, and address suspicious activity.

So, should you lose sleep over phishing attempts? No, there are a lot of phishing emails out there, but fortunately, antivirus, firewalls, and spam filters stop most of them from ever getting into your inbox – so you won’t have to see them often. You only need to be prepared to defeat the few that get through. Stay educated and be cautious and discerning about what you open or click on.

Don’t be fooled by scammers – contact CCB to learn more about our security offerings and how we can help you train your users.

The post 8 User Tips for Identifying Phishing Emails appeared first on CCB Technology.

Sometimes it’s an explanation that just seems “off.”
Sometimes it’s a gut feeling around trust that you try to rationalize away.
And sometimes, you don’t have a clue until it’s too late.

No one likes to think an employee, vendor, or other business relationship would do anything to compromise their business, however that threat is real. Cyber-attacks can come from the inside – whether deliberate or not, and the warning signs are usually there. Do you know what they are?

What defines an insider threat?

Simply put, it stems from people who have a connection to your business. Current or former employees, vendors, contractors, partners – people who have legitimate reasons to access your networks, systems, or data and can potentially damage your business using those privileges.

It’s important to recognize that not all insider threats are intentionally malicious. It’s estimated that most compromises result from reckless or careless activities that are often missed or overlooked. Either way, over a third of organizations have been affected by an internal attack, and 70% overall say they are more concerned about internal threats than external ones.

Understand what to look for.

Internal threat indicators are often dismissed, meaning damage can be done over a more extended period and become costly. Knowing what signs to look for will help you act quickly and develop internal safeguards and policies to reduce their impact.

Unintentional compromise

Stress, distraction, the pressure of deadlines, or being short-staffed can contribute to accidentally clicking on a phishing email, miskeying a code, or accepting a questionable request. Another often missed opportunity for data loss is your employee’s personal equipment, like a cell phone or home computer. Do they have up-to-date virus software or password management? Is a PIN required to open a personal cell phone if it’s misplaced? Accidents happen, so it’s critical to arm employees with knowledge about social engineering and the due diligence required to protect themselves and your organization.

Concerning changes in behavior

Emotional, financial, or relationship stressors may entice some to participate in acts they wouldn’t consider otherwise. Listen for verbal dissatisfaction about the company, pay, and work expectations. Watch for attitude and performance changes or changes in time spent working off-hours. Addressing behavior changes will reduce your potential risk.

Data or technology actions

A sudden increase in accessing shared drives, copying large volumes of files, or emailing documents to personal accounts could indicate your data is a target internally. Watch for someone accessing files or folders that don’t relate to their job role or trying to get around security protocols, like tampering with anti-virus or changing privileges.

Accountability and trust issues

Employee training is only as good as employees’ willingness to participate and apply what they have learned. Finding ways to reinforce good behavior and call out careless actions is essential. Unfortunately, some will continue to do what they want or don’t want without regard for your business’s safety. Reinforce that behaviors are monitored, and everyone is expected to act responsibly.

Weak security and unsafe practices

So, where does the fault lie if your house gets burglarized because you left the front door open? Poor digital and physical security protocols can increase the chance of exploiting a vulnerability. Is the company server behind a locked door? Are visitors to your business being properly vetted? Be aware of and address opportunities for anyone to damage or steal property.

Take preventative measures.

Recognizing behavioral factors, warning signs, and areas of vulnerability is the first step in protecting your organization. Still, things can escalate quickly without an action plan in place that will detect and reduce the impact of an internal cyber-attack.

Here’s a checklist of things you can do to reduce your risk:

• Complete a risk assessment

• Pinpoint and address your vulnerabilities

• Identify and protect critical assets

• Document governance and control policies

• Enact entitlement controls and access privileges

• Invest in data loss prevention (DLP) tools

• Incorporate integrated security technologies

• Maintain strong security and patch management

• Reinforce your email security

• Provide regular cybersecurity user training and testing

• Do additional training for those in highly targeted positions

• Encourage a strong culture of trust and accountability

Want to be better prepared against insider threats?

Your business needs a security strategy that brings together people, processes, and technology to defend your organization effectively.

CCB is here to help you with:

• Risk and vulnerability assessments
• Consulting on best practices for security policies and protocols
• End user security awareness training and testing with reporting
• A customized integrated security approach for your organization
• Managed Detection and Response

We have solutions – so you can avoid a situation.

The post Identifying Potential Internal Threats appeared first on CCB Technology.

A friend of mine works for a local industrial supply company that, within the last year, went from a small business to a mid-sized one as a result of an acquisition. She recently told me some company executives had received an email with a link to a document, and three of the group clicked the malicious URL. As a result, a hacker gained access to several areas of their systems, and their one-and-only IT person was being blamed.

Sadly, she isn’t the first person I know who has been through a company breach. While companies of all sizes are targets, the small to midsize ones are experiencing the majority of successful attacks. As high as 55% of companies in this category have experienced a data breach, with 53% having multiple occurrences. Smaller organizations’ elevated attack success rate is often simply due to insufficient budget for adequate cybersecurity tools and resources.

Data breaches are becoming extremely costly to businesses and, in many cases, result in significant fines and legal fees. They not only hurt financially but cause damage to a business’s reputation and put customers and employees at risk. That’s why organizations are rapidly embracing cyber insurance to limit their liability and ease the burden of recovery in the event of cybercrime.

What is cyber insurance?

Regular business insurance does not cover cyber incidents or data breaches – they often exclude them. Cyber insurance policies generally start with business liability related to a data breach involving sensitive customer information and progress to more robust policies with additional coverage to help prepare, respond, and recover from a cyber-attack.

What does cyber insurance cover?

There are multiple layers to how cyber insurance policies are constructed, but four primary risk areas are considered in the process: privacy, security, operational, and service. Policies are generally written based on first-party and third-party coverage:

First-party covers costs related to:

• • Extortion demands
  • Legal counsel
  • Investigative/forensic services
  • Data or identity recovery services
  • Lost income due to business interruption
  • Public relations/crisis management
  • Fees, fines, and penalties

Third-party covers costs related to:

• • Damages to customers or partners impacted
  • Settlement expenses due to lawsuits
  • Costs related to litigation in regulatory inquiries

Cyber insurance has no one-size-fits-all policy since company size, industry, revenue, and geographic location are all considerations. As with any insurance, policies, and pricing vary widely from one provider to the next.

Why consider cyber insurance?

Protecting your business with cyber liability insurance will help you respond and recover quicker after an incident. In addition, your business may need coverage if you store or process sensitive data – like digital payments, medical or financial information, or personal data about customers. Ultimately, the question is, “What would happen to your business if you faced a cyber-attack today?”

How does cyber insurance work?

We’ve made it easy and put together a complete guide on what you need to know about cyber insurance and how to qualify. It includes a comprehensive checklist so your organization will be eligible for cyber liability insurance and better prepared in the event of a cyber-attack.

The post What is Cyber Liability Insurance? appeared first on CCB Technology.

1. Start simple

Chat functions can be an excellent way to get people communicating and active in Microsoft Teams. Show employees how to like comments, add emojis, gifs, and bookmark messages. It’s also a good time to teach the functionalities of calling, video, and screen sharing.

If you want your organization to get used to communicating within teams and channels, you may need to provide motivation. We found a creative way to do this by introducing “The Daily Thread” channel as a part of our company team. Each day we present a question and ask everyone to respond with their answer. Here’s one on “What’s your favorite sandwich?” that led to some interesting responses.

Be sure to add a subject title to your group post so it’s easy to keep track of. Using Teams in a fun way first can become a quick way for people to learn to respond to the appropriate threads and get used to chatting and posting in Teams.

2. Download the mobile app

Encourage the download of the Microsoft Teams mobile app to enable teamwork from anywhere on your phone while on the go. Don’t worry – the app allows you to set boundaries on your work time by setting quiet hours.

3. Think fewer teams and more channels

Be careful about starting too many small teams. Creating large teams with dedicated channels to collaborate on specific topics, projects, disciplines, or whatever you like, is the way to go. Don’t confuse teams with channels and the role they each play. It’s best to have a few large teams with several channels than many small teams with few channels.

4. Customize channels

Channels are where the real action happens – it’s the most efficient way to pull together all related content into one location. There is a learning curve here, but start by uploading files to a channel and pinning frequently used files to make it easy for everyone to find and start using for their resources.

5. Add apps to channels

You can integrate Word, PowerPoint, Excel, Power BI, Planner, SurveyMonkey, Hootsuite, and more with team chats and meetings. There are also fun ones, like Praise for recognizing accomplishments. It allows you to choose a badge and then add a personal note of thanks, congratulations, or whatever fits.

6. Manage ‘need to know’ content

Conversations can get messy and confusing quickly if users aren’t careful, so use OneNote or Wiki features to spotlight important content, meeting notes, best practices, and goals without cluttering conversations.

7. Highlight key resources

You can add essential websites used to track news, performance, live site monitoring or metric tracking. Simply add them as a tab at the top of a channel by highlighting the “+” and selecting “tab.” This keeps frequently used content easily accessible.

You can also pin your most frequently used channels or chats. To pin them, select the three dots next to the group, then select  Pin. This keeps your most important chats and channels at the top for easy access.

8. Forward email conversations

You can forward an email to a Teams channel for faster feedback within a threaded chat – attachments will upload automatically too. From Teams right-click on the ellipsis menu and select “Get Email  Address.” Next, click “Copy” to add the email address to your clipboard. Open Outlook and paste the email address into the “To” field of any email you wish to forward to your Teams channel.

9. Keep channels active

It will take some discipline but be sure you are using the appropriate channel for the related content. Stay active in channels and use @team to highlight posts for the whole group to help others keep content and conversations where they belong.

10. Have fun!

Microsoft Teams provides everything you need to effectively collaborate with your co-workers and what we like best is the ability to also have some fun. We’ve done virtual happy hours, enjoy communicating through emojis, YouTube and gifs, and add background images during calls – just to name a few.

Here’s an occasion where we congratulated our department employee of the month:

The possibilities are endless – both for getting work done and connecting in general. Onboarding Microsoft Teams throughout your organization doesn’t have to be a challenge and CCB is here to help support you. Let us know how we can make Teams happen for you.

The post The First 10 Things to do in Microsoft Teams appeared first on CCB Technology.

Our local story never received national attention, nor should it compared to the larger devastation that occurred across the world last year from hurricanes, tornadoes, earthquakes and wildfires. However, the recovery story which is rarely told, is the most devastating part of a disaster and generally takes longer and costs more than planned. After big news stories fade, the aftermath continues in ways that we can’t imagine.

Our July floods receded, but wells were unsafe to use, thousands of sand bags had to be disposed of, debris removed, and then there is “basement sludge” – ever thought about that? I hadn’t either until we received a call from a company whose server was immersed in it. This is where the importance of a proven disaster recovery plan gets tested.

What makes us rationalize that it will “never happen here”? Disasters that affect our business, whether thanks to nature, hackers, or local utilities, have one commonality – they are unexpected. So in the world of IT, how does a company prepare for the unexpected?

This list of questions will help guide your annual DR assessment and planning, and provide resources for additional help.

1. Have you analyzed possible threats and discussed plans for each scenario?

Wisconsin will never see a hurricane, but our spring storms can include wind damage, which could mean time without power, or worse. One 12-hour power outage at CCB was caused by a raccoon in a transformer! Making a list of possible scenarios will help you target the kind of solution that will best suit your needs.

2. Do you know what the cost of downtime will mean financially for your company?

The average cost of downtime is often listed around $100,000 per hour. What size company is that average based on, in what industry and with what necessary functions? To get buy-in from management on the right solution, the conversation needs to start by calculating the cost of downtime relative to your company.

Here’s a resource that can give you an estimate of potential financial losses based on your company’s information.

3. Have you prioritized your applications based on what is most critical to recover first?

Here’s a simple breakdown of how to categorize your applications:

• Mission critical: generally revenue or legally required applications – what data needs protection?
• Business critical: critical for your business functionality – what can directly affect your revenue?
• Required: Important to your business functionality, but will not directly influence revenue in the short term. HR and marketing apps may be in this category.
• Other: Lowest priority with little or no impact on the business.

4. Do you know that your plan will hold up if a real world event comes along?

The only way to tell is if you test, retest and test again. According to a Unitrend’s survey, 62% of companies test once a year or less, a schedule that doesn’t guarantee successful recovery. The complete spectrum of your company’s operations should be tested frequently, especially when there are major changes to your environment.

Is finding time to test the issue? Consider a solution with automated DR testing built in. This can provide you with reporting that can build confidence with management, bring attention to areas that need improvement, and help maintain compliance requirements.

5. Do you know how long it will take to get from disaster to recovery?

The average recovery time most companies set is around four hours, but is that realistic? Even if four hours isn’t manageable, there may be ways that you can reduce the time between the “D” and the “R”, since that’s the important factor in cutting your losses.

With new advances in backup and recovery, there are ways you can quicken your recovery time.

Their video shows you five ways to do that:

6. Are all of your applications, including cloud and SaaS, covered by your plan?

The question is straightforward, but one you should consider. Here is a cloud cost calculator that can help.

7. Are you looking into DRaaS?

When selecting a DRaaS provider, be sure you get key information. What assurances do you have that you’ll get your provider’s attention during an event? Learn how they test and validate your data and workflows. Ask how extensively and frequently they test and the level of review and reporting they provide afterwards. Finally, be sure you get a one-hour DraaS SLA.

8. What about the day-to-day recovery of lost files?

Can you restore them in 5 minutes or less – from login to restoration? This is the most requested IT function from the user level. Let’s face it – for some end users this can be the most devastating type of disaster! (Cue the eye roll from IT.) Using solutions that can meet this need could help alleviate some regular workday frustrations.

You can’t recover what you don’t backup.
Hopefully this article has given you the knowledge and resources needed to evaluate your company’s DR plan. If your company doesn’t have an adequate backup solution, a DR plan will not be of much help. Unitrends has a robust backup portfolio, which your account manager can help you assess to find the right solution and set you up with a free demo and trial.

Are you prepared for the upcoming year?

Everyone’s hope is for a quieter year on the natural disaster front, but the local stories will continue to happen and are the most important to prepare for. Take time to re-evaluate your DR plan and backup solution to be sure it is still the best fit for your business.

The post How to Review a DR Plan: 8 Questions You Need to Answer appeared first on CCB Technology.

What is a Penetration (Pen) Test?

Many successful hacks are done by exploiting vulnerabilities associated with externally visible servers or devices such as DNS, web, and email servers and firewalls. Penetration testing is a manual, authorized, simulated attack on a network that looks for security weaknesses within a system’s features and data. You may also hear penetration testing referred to as “ethical hacking”, “white hat” attacks or a “lights on” approach, so named because everyone is aware of, and can see, the tests being carried out.

Here are four reasons why penetration testing should be seriously considered for your organization:

1. Uncover Hidden Vulnerabilities Before Hackers Do

Many external breaches can be prevented by performing a penetration test. Pen testing shows you exactly where your vulnerabilities are or where policies can be compromised and addresses those weaknesses – proactively – before hackers find them. Bottom line: you can’t fix it if you don’t know where it’s broken!

Pen testing goes beyond finding security gaps and actively tries to exploit those vulnerabilities to see if a hacker could actually access data. It’s like an MRI for your infrastructure in that it looks for problems that may not have developed symptoms yet. It’s a true test of the effectiveness of your existing protections and it clearly reveals where your organization is leaving doors open for cybercriminals to enter.

2. Maintain PCI, HIPAA and CJIS Compliance Requirements

Although a penetration test is a wise decision for all types of companies, organizations that are required to be PCI, HIPAA, or CJIS compliant must perform annual pen tests and after any significant changes are made to network infrastructures. This may require both network and application layers, which could involve the addition of vulnerability testing.

Penetration testing is not a full compliance audit or security assessment since it does not address the dangers from within the organization, only potential threats coming from the outside. Vulnerability testing is an assessment of internal risks, that when combined with pen testing, can give you a 360-degree view of potential risk factors. Under compliance guidelines, both can be mandatory. Additionally, once vulnerabilities are addressed, retesting is required.

If you have enough credit card transaction volume to be bound by PCI or if you are storing Protected Health Information (PHI), you MUST perform penetration testing.

3. Evaluate Monitoring and Response Effectiveness

Though most companies will state that they place a high priority on security, few actually test their ability to detect, contain, and recover from a security breach. An active pen test provides the opportunity to evaluate how IT staff responds in a real life security incident. Here are areas to evaluate:

• Were IT security personnel able to detect the malicious activity?
• Did they effectively take the necessary steps to neutralize and control the threat?
• Were established communication protocols utilized to alert the company that an attack occurred?
• Did employees immediately respond and comply with alerts being sent out from the IT staff?

Your IT security staff may pass without issue, but if they aren’t able to identify compromising activity, the pen test reporting can be an invaluable tool to help them improve their incident response skills and reinforce security practices with the entire company.

4. Gain Management Support for Change

What happens when IT staff are aware of serious security weaknesses but are unable to get buy-in from management to make necessary changes? Bringing in an outside company with a reputation for security expertise could provide the analysis necessary to validate the need and convince management that additional investments are required.

The internal IT team may know that a vulnerability exists, but because they aren’t able to demonstrate the weakness effectively, management may not realize the potential risks of not adding the resources. Since an outside tester has no stake in the outcome or inside knowledge of a network’s details, management is more likely to respect their opinion after witnessing the vulnerability through testing. On the other side, pen testing can also be a confidence booster to management that their internal IT team is doing things right and reinforces their belief in their own IT team’s capability and opinions.

Who Should Do Your Penetration Test?

Do-it-yourself pen testing is not an effective alternative to hiring a professional testing company. It does not offer an unbiased perspective or the fresh look that may be needed to dig deep and find overlooked vulnerabilities. Performing pen tests requires creativity, skill, experience, and training to think like a cybercriminal.

Professional pen testers are trained to use techniques that hackers use to safely exploit your infrastructure and uncover vulnerabilities. You want an expert that can think on the same level as criminals so that they know what to look for and how to solve the issues. That brings us to the primary factor you should look for in choosing a pen tester: reputation.

CCB Technology collaborates with several companies that hold Certified Ethical Hacker (CEH) certification to perform penetration testing for our clients. This means they have a minimum of 2 years of security experience and have passed a rigorous examination process. We have vetted them for their vast experience and reputation so that you can have confidence trusting them with your business, data and networks.

Here’s a simple breakdown of how the pen test process works:

1. A pre-testing consultation is held to discuss the process and needed preparations.
2. The Statement of Work (SOW) is defined and timelines for completion are established.
3. The penetration test is performed.
4. CCB meets with you to present the Network Penetration Test Assessment Report and discuss next steps for addressing any uncovered vulnerabilities.

Here’s a sample of the information provided on the pen test assessment CCB provides its clients:

2.1 Vulnerabilities

The testing uncovered several potential vulnerabilities, all of these vulnerabilities should be considered legacy and would be remediated by current versions of device software and patches. These vulnerabilities are illustrated in Figure 1. The vulnerabilities were classified by the following severity levels

• Critical – (Qty. 0) – easy for attackers to exploit and require immediate attention
• Severe – (Qty. 46) – harder to exploit and may not provide the same access but still require review
• Moderate – (Qty. 29) – provide information that can assist hackers in mounting subsequent attacks

There were 75 vulnerabilities found during this scan. No critical vulnerabilities were found. Critical vulnerabilities require immediate attention. They are relatively easy for attackers to exploit and may provide them with full control of the affected systems. 46 vulnerabilities were severe. Severe vulnerabilities are often harder to exploit and may not provide the same access to affected systems. There were 29 moderate vulnerabilities discovered. These often provide information to attackers that may assist them in mounting subsequent attacks on your network. These should also be fixed in a timely manner, but are not as urgent as the other vulnerabilities.

No critical vulnerabilities were found on any of the systems. 5 systems were found to have severe vulnerabilities. Moderate vulnerabilities were found on 5 systems. No vulnerabilities were found on the remaining 3 systems.

The report then describes in more detail the types of attacks that were attempted and the recommended course of action to remediate the threats.

Are There Limitations to Penetration Testing?

Yes. As much as the test tries to think and act like a cybercriminal, testers are limited by the tools, methods and time allotments available at the time of testing. Hackers have unlimited time and no limitations on methods, whereas testers have to work within the constraints of the agreement, budget and timeframe approved by the client.  It’s impossible to compete with hackers who work with limitless resources.

So… Will you be Hacked Next Week?

In the war on cybercrime, complacency can be your biggest enemy. Cybercriminals have all the time in the world to devote to planning their next attack and they only need one that works to hold your data hostage. Companies need to be prepared for any attack at any time by insuring that their protection is 100% effective.

Pen testing is not a standalone defense, but a critical part of a holistic security plan that should include documented security protocols and response plans, employee security training, network monitoring, and vulnerability testing. Comprehensive security strategies must be backed up with continuous testing to ensure that networks are adequately protected against an increasingly complex cybercrime landscape.

Need help with your security strategy?

Let our team of experts help you detect any vulnerabilities in your organization and safeguard your company against the next hack. Develop defense.

The post 4 Reasons Why Penetration Testing is Critical appeared first on CCB Technology.

Whether you plan to work with CCB as your IT partner or perform the migration on your own, there are a number of actions you can take to solve unexpected problems while improving your migration readiness. Doing so means you won’t have to explain to your supervisor why the company is facing extended downtime, noncompliance or unexpected licensing costs because of an unforeseen migration issue.

To avoid pitfalls, here are 9 tips that will help you make sure your Microsoft 365 migration goes smoothly.

1. Take inventory of all devices and applications that are going to be impacted by a migration. 
By taking inventory of networked devices ahead of time, you will be able to identify which ones will lose functionality during the migration. This gives you the opportunity to research and implement additional configurations to maintain their functionality in the new environment.

2. Make sure your versions of Office and Windows meet the Microsoft 365 system requirements.
It’s always best to deploy the most recent version of Microsoft 365, but if your organization is currently using older versions, such as 2010 or 2007, you can still upgrade to Microsoft 365, but it will have reduced functionality that could impact your users. If your organization is currently using Windows XP or Vista, it won’t be compatible with Microsoft 365. Your organization would need to at least upgrade to Windows 7.

3. Verify that your current DNS provider is compatible with Microsoft 365.
DNS misconfiguration won’t prevent you from completing a migration, but it can prevent Microsoft 365 features from working. Failing to check a key detail, such as whether your DNS provider supports SRV records, could lead to users losing the ability to email, instant message – and more. Email is the communication hub of an organization and losing it can cost you response time and potentially customers.

4. If you’re a nonprofit organization, confirm that you have been approved for nonprofit pricing.
If you are a religious, academic, government or any other type of nonprofit, make sure you qualify for nonprofit pricing before beginning the migration process. Unexpected expenses could be a real headache — especially if you thought your licensing was free. If you’re not sure which pricing plan you qualify for, it’s a good idea to talk with your CCB account manager or start by reviewing eligibility requirements listed on Microsoft’s nonprofit page.

5. Think through your business needs before choosing your Microsoft 365 plan.
Does your company have industry-specific compliances when it comes to data security, confidential information, regulatory reporting or data recovery? Be sure to know your organization’s requirements ahead of time so you know your Microsoft 365 plan will meet those needs.

6. Test your on-prem Exchange server migration readiness.
Microsoft’s Remote Connectivity Analyzer is a useful tool that tests whether your on-prem Exchange server will encounter any connectivity issues during the course of a migration. If your server doesn’t pass the test, the Connectivity Analyzer will highlight any problems that need to be fixed before the migration can begin.

7. If you are migrating files, make sure to inspect them first.
Files that are not supported by Microsoft 365, or files that contain unsupported characters in their filenames can cause hang-ups in the migration process. In addition, failing to account for file permissions will cost you even more time when you realize you have to rebuild security policies on each of the files from scratch after the migration.

8. Confirm that you have properly decommissioned any on-prem servers.
Although you may have already decommissioned your old Lync server before starting the migration, verify that it was properly decommissioned. If you don’t, the Lync server you thought was sent gently into retirement might still prevent users from connecting to new Microsoft 365 features.

9. Determine ahead of time who will manage your server.
Once your migration is complete, somebody is going to be in charge of administering the Microsoft 365 tenant. With CCB as your IT partner, we can manage it for you, and we will work with you to provide the services that will best fit your needs. If you’re planning on managing the tenant in-house, courses at Microsoft’s Virtual Academy can get you started.

Work with CCB as your IT partner and enjoy peace of mind.
CCB has helped more than 65,000 users migrate to Microsoft 365, helping IT pros navigate the migration process and root out unexpected problems before they begin. Our impressive success rate with all migrations — even the most challenging ones — is one of the many reasons CCB is recognized as one of Microsoft’s top cloud providers.

MAKE CCB YOUR IT PARTNER

Learn about our streamlined Microsoft 365 migration process to
find out how we can make your transition to the cloud easy. Start now!

The post 9 Tips for Avoiding a Microsoft 365 Migration Meltdown appeared first on CCB Technology.