Educating Your Employees About Cybersecurity

Making Your Employees Excited About Your Cybersecurity Strategy

Cyberattacks cost businesses millions each year, and employees are the weak point. Here’s how to educate them about cyberattacks and protecting your business.  

Did you know that the average cost of a cyberattack is now over one million dollars? This total factors in the cost of lost or diminished productivity and the impact on customers and their negative response. Many attacks also include some type of service disruption, which can negatively impact your bottom-line as well.

If you’re a small- or mid-size business, you might not suffer a seven-figure loss due to cyberattacks. But it’s clear that the threat of cyberattacks is real, and they have a major financial impact on businesses, no matter how big or small you are. Without the right cybersecurity plan, your business is at risk.

As you start to plan your cybersecurity strategy, the first step is educating your employees. The leading cause of data breaches, for example, is actually human error. In fact, a survey of businesses conducted by Shred-It found that almost half of all companies had experienced at least one data breach caused by employee error. This is not an idle threat. It can, and will, happen to businesses just like your own.

Cyber Security Consulting For San Francisco Bay Area Businesses

To help shore up your cybersecurity strategy and safeguard your company from cyberattacks, here are five important things to do to educate your employees as soon as possible:

1. Don’t Go Overboard to Start

The worst thing you can do is put together a long, boring memo with an accompanying document of best practices and expect your employees to digest the information. You need to keep it short and simple to start. Use videos and infographics to make them care. Start with the most important action items to start and slowly introduce more over a couple of weeks or months. Organize ongoing training sessions for follow-ups and open discussion. You’ll be giving out a lot of information – taking it slowly gives your employees the chance to understand and implement your action items. Spreading it out over time makes cybersecurity a part of your company’s culture, not just a one-time initiative left to collect dust in the corner.

2. Run Simulated Trainings

The best way to learn is to see something in action. For example, have your IT department send out fake phishing emails to employees randomly throughout the month and see who clicks on them and who alerts them of a potential problem. You can use this information to see who needs further training and what types of messages are going to pose an elevated risk.

3. Trickle Down From the Top

A truly effective cybersecurity strategy has to start from the top and trickle down to the rest of the company. Executives and managers must be trained first and given the responsibility of ensuring that their employees are ready to handle cyberattacks, too. If they’re not onboard, there’s no reason for their teams to be onboard, either. Start off by fully training them and everything else will take care of itself sooner than later.

4. Develop and Communicate a Clear Emergency Plan

Training your employees to know how to safeguard themselves from cyberattacks and what to look for is important, but it’s ultimately not going to be effective unless they know what to do when they notice that something is amiss. All employees should know exactly who to contact if they have any questions or in the case of an emergency. Most importantly, they should feel comfortable and confident reaching out immediately.

5. Keep the Momentum Going

Once you’ve gotten your employees educated and excited (or at least onboard with) cybersecurity, you have to keep it going. Schedule regular sessions to talk about the latest industry threats and field any questions your employees might have. Make them a part of the process, introducing any horror stories or threats that they might have encountered or read about. This makes them a part of the process and keeps them engaged with your overall cybersecurity strategy.

A strong cybersecurity plan is only as effective as the employees carrying it out every single day. With a strong employee education initiative, you can ensure that not only is your plan solid, but it’s being acted out and implemented day-to-day. In the end, your business will be protected and your business can operate uninterrupted.

How to Protect Yourself from Ransomware

Ransomware can impact the operations of any organization. Find out how to protect yourself from ransomware attacks.

Organizations everywhere are being targeted in ransomware attacks. Not only do these attacks derail the organization’s operations, but they can also lead to exorbitant expenses, whether or not the ransom is paid. Because ransomware attacks are so devastating, it is important for all organizations to take precautions.

What Is Ransomware?

Ransomware is a specific type of malware that takes data and/or system “hostage.” The perpetrator may then threaten to either block or publish the stolen system or data if the owner does not pay a large sum of money. In most cases, ransomware infects a system after a user visits an infected website or opens an infected email.

Protecting Your Organization

Although it is possible to remove ransomware on your own without paying the criminals behind it, the software can do a significant amount of damage in the meantime. For this reason, it is better to prevent infection with ransomware in the first place. Some of the steps you can take to defend your organization against this type of malware include:

  • Securing the web – Setting up security features to prevent ransomware infections while surfing the web is one of the best precautions you can take. Be sure to install security software that scans websites, advertisements and any other links that could lead to danger.
  • Protect email – The primary mode of ransomware infection is through email attachments and links. To prevent users from accidentally accessing infected emails, use secure email gateways designed specifically for this purpose.
  • Safeguard the server and network – Install monitoring tools on your server that can detect any unusual activities and stop them before the ransomware has control of your system.
  • Back up systems and data – Keep full copies of all of your essential data and systems so you can access them in the event of a ransomware attack.
  • Defend mobile devices – Ransomware can infect your system through mobile devices as well. Be sure to invest in mobile device management tools and protection software to keep these devices safe.

Regardless of your organization’s size or industry, you are always at risk of ransomware attacks. By following the tips above, you can reduce these risks as much as possible. If an attack occurs in spite of your efforts, seek help from your San Francisco IT consulting professionals and law enforcement as soon as possible to minimize the damage.

The Top Online Journal Services For CEOs

How to Choose the Right App for CEO Online Journaling

Learn why many business leaders turn to journaling to build their brand and improve their leadership skills and see what features the top applications offer.

CEO Journaling

When you want to establish your own personal and professional brand online, using an online journal is an effective way to spread the word about your insights, leadership, business and philosophy. Having the right tool to help you get your message across to readers is an important decision.

Other CEOs use journals to fine-tune their skills, reflect on their days and improve their leadership skills.

“Setting aside as little as 10 minutes a day to record your thoughts stimulates reflection critical to making sense of the fast-moving world around you,” notes a recent Strategy and Business article. “Journaling engages the analytical, rational functions of the brain, which gives the more creative parts of your cranium space and time to work their magic.”

Below are the top online journal services that CEOs can use to build a better online persona or simply track their thoughts and perspectives.

What Features Should I Look For in a Journaling App?

The most effective apps are those that offer features that make it easier to write and publish. Some of the most common features among the top apps are:

  • Easy interface. You want to be able to focus on writing, so you need a minimalist interface that lets you focus your thoughts and write well. The app you choose should also be easy to use, with a limited number of clicks or taps needed to add an entry.
  • Exporting. You want to choose a product that allows for exporting into formats such as PDF, RTF or common word processing extensions that allow you to use the content wherever you want.
  • Syncing. Keep your journal synchronized across your devices with an app that has synchronizing capabilities.
  • Reminders. Gentle automated nudges to enter your thoughts are a good way to maintain the habit.
  • Visual support. You may want to add other elements to your journal, including photos, videos and graphics.

What Are the Top Online Journal Services for CEOs?

You have many choices when it comes to journaling services. Here are a few of the top options:

  • Day One. Automatically add metadata such as date, location, time and weather, synchronize your entries across devices, and use a dark mode if working in low light. It also uses IFTTT (“if this then that”), a free web-based service to automate the creation of entries on multiple apps.
  • Diario. A great choice when you want to add lots of images. You can add folders, tags, dates, locations and other filters.
  • Diary. A simple interface makes Diary popular for shorter entries, which can be shared easily with friends and followers on Facebook, Twitter and other social media platforms or via email. Provides cloud storage and reminders, too.
  • Journal. An intuitive interface and clean layout highlight this product. Synchronize with Google Maps to add location metadata and street views. Export entries to file types suitable for printing. Security features include Touch ID, Face ID and PIN protection and automatic backups to Google Drive.
  • LiveJournal. One of the oldest journaling apps dating to 1999, LiveJournal lets you share and read others’ journal entries while writing your own.
  • Momento. Connect Momento to social media apps like Facebook, Instagram, Twitter and YouTube and you can automatically add social activity to your journal.
  • Penzu. Security is the name of the game with Penzu, which offers double password protection and 256-bit encryption, along with customizable backgrounds and fonts.

Whether for branding or reflection, the right journaling tool can improve your professional outcomes.

Will Your Business Be Impacted by the End of Microsoft Exchange 2010?

End of support Microsoft Exchange 2010

Will Your Business Be Impacted by the End of Microsoft Exchange 2010?

Exchange 2010 has been a great program for businesses for many years, but its time is now winding down. Find out what this means for your business. 

All good things must come to an end. For Microsoft Exchange 2010, that end will happen at a date in the very near future: January 14, 2020. Migrating away from an integral piece of business software can take some time, so if you’re not already planning this shift for your business it’s time to get started! While Microsoft is encouraging people to shift away from the perpetual license option and go towards Office 365, you can also move to Microsoft Exchange 2016 if you don’t want to move to the cloud. At the end of a product’s lifecycle, the manufacturer determines that the vast majority of individuals and businesses have already moved on to a new platform, and they stop providing new features, security and bug fixes, time zone updates and support. In today’s world, your email server is your first line of defense against malware and ransomware — making the lack of security updates a key reason for taking the time to upgrade before time runs out on your support.

What Does the End of a Software Lifecycle Really Mean?

As with most software companies, there are several stages in the lifecycle of Microsoft Exchange and other Microsoft Office products. They are generally defined as mainstream support, extended support and service pack support. Mainstream support is generally guaranteed for a minimum of five years after product ships and is valid while the vast majority of people are still actively using the platform. Extended support generally lasts another five years, and includes a more limited support infrastructure. There are limitations on the work that the software teams are willing to do on products in this stage of life: non-security hotfixes are not released and there are no new functionalities added to the platform. While the platform is still considered secure and supported, this stage is an indication that it’s time to start your search for what comes next. In the final stage, you only receive critical security updates and little else in terms of support.

Why It’s Time to Move On . . . Quickly

Exchange 2010 doesn’t support an in-place upgrade, meaning you’ll need to find the time and IT staff hours to migrate completely — setting up new servers and mailboxes if you decide to go the route of another perpetual license option. Moving to Office 365 may be a good option for your business, but there is still a bit of setup required before you can make this move. With only a few months left before security updates are no longer provided, many organizations are scrambling to be sure they beat the deadline and maintain a platform that is fully protected and receives regular security patches. Email is a mission-critical application for your business, making it crucial to ensure that you’ve made a decision and have a game plan in place long before January 2020.

Upgrade Options Available

There are a few different ways to get out of the woods if you’re still running Exchange 2010. It may seem intuitive to simply upgrade to Exchange 2013, but that product has already completed Phase I and II of its lifecycle and is no longer receiving cumulative updates. Exchange Server 2016 is a better option if you prefer to stick with perpetual licensing models, but the product is already several years old. Updating to the most recent version of Exchange 2019, which was released in late 2018, seems like the best option — but it’s important to note that you must first upgrade to 2016 before making the jump to 2019 versions. Moving to Exchange Server 365 may provide a range of benefits for your organization such as better integration, improved security and continuous updates but it’s also important to note that there are additional decisions to be made around the other aspects of Office online.

Finding the right solution for your business does take time and analysis, but it’s vital that you take the first steps soon to reduce the risk to your organization. Critical patches for Microsoft products are released on a fairly regular basis, and your business can be opened to cyberattackers if you miss a single update — much less several security updates. Completing your migration will provide your technology team with peace of mind knowing that your most important channel of business communication is fully protected by an up-to-date Exchange server.

Staffing In The Digital Age

Staffing Digital Age

Digital Disruption Forces Businesses to Rethink Staffing Strategy

See how rapid technological advances are revolutionizing how companies approach the structure of their workforces and new strategies for employee recruitment.

The remarkable pace of digital transformation has changed how businesses operate at every level. Companies today need to be nimble, taking a close look at emerging technologies, choosing the right investments and continuing to thrive in the face of constant disruption.

That means reexamining business models, processes used and, perhaps most critically, the nature of work and who (or what) does it.

Understanding staffing in the digital age means taking a strategic approach to personnel.

What Staffing Model Works in the Digital Age?

Traditional labor models are not always the right choice in the digital era. Major initiatives are conceived, launched and executed more quickly than ever, requiring companies to act nimbly. Leaders are shifting towards a model that’s both strategic and flexible.

The modern staffing model may include a mix of the following:

  • Permanent employees who focus on the most critical initiatives
  • Skilled contract employees that support the work, complementing permanent employees and providing talent not available internally
  • Specialists that provide additional capabilities and are available on an as-needed basis to complete high-value projects

This approach allows companies to be responsive, provide the right resources for time-sensitive and mission-critical work, and make key hires.

As a recent Deloitte report notes, HR offices are grappling with how to address personnel management in a digital age. “HR’s concerns will soon be revolving around the changing nature of the organization and employees becoming increasingly digital,” the report states.

Organizations must be mindful of the realities of work, including:

  • Digital trends that are pervasive, including cloud computing, social media, mobile connectedness, cybersecurity and data analytics
  • A multigenerational workforce that includes several generations whose entire lives have been digital in the same workplace with older employees whose technical comfort and skills may be lacking
  • Hyperconnected employees looking to blur the lines between work and personal lives
  • An emerging group of digitally skilled employees
  • Business models that are challenged by digital disruption and new competitors
  • Employee perceptions that they are the first consumers of and ambassadors for their employers’ brands

“HR needs to be more pre-emptive with regard to digital transformation as it plays an important role in shaping the organization’s digital identity,” cites Deloitte. “It is a challenge and a real complexity to plan future capabilities of a workforce in the digital economy.”

What Are the Challenges of Staffing in the Digital Age?

The greatest challenge is talent. For many highly skilled positions, competition is fierce, with potential employees having considerable leverage. Advanced data analytics, robotic process automation and cloud computing are just three needed areas where demand is high as companies seek to incorporate emerging technologies into business processes.

Recruitment is fiercer and requires more creativity than ever before. Companies are using a number of tactics to improve their hiring outcomes, including:

  • Pre-Employment Networking. Companies are forging relationships with potential candidates well before there are available openings. A focus on engaging potential talent may include providing insights into the company and its strategic plans, offering informational interviews, social gatherings and regular check-ins with a recruiter. Relationships forged early can lead to faster-hiring processes.
  • Digital Solutions. Digital labor platforms allow for integrated personnel management, connecting the primary HR functions under one roof. With recruitment, hiring, onboarding, training, development and evaluation in the same platform, it allows organizations to be more nimble and cohesive in employee matters. According to a recent McKinsey Global Institute report, using a digital labor platform can increase output by 9 percent, reduce employee costs by 7 percent and add 275 basis points to profit margins.
  • Flexibility. Many employees today expect to have a high level of flexibility in when, where and how they work. Remote employees can use digital technologies and powerful collaboration tools that keep them in contact with colleagues. A digital mindset in the HR office and throughout the organization makes companies more attractive to candidates.
  • Focus on Company Culture. Businesses today need to focus on corporate culture. Why? Because there is more information available about most workplaces. Sites such as Glassdoor provide detailed information about companies, including employee reviews that can paint a clear picture of how an organization treats its workers. “Top performers know their value and are growing more footloose as a result; many are going online to find new opportunities and to evaluate potential employers,” notes McKinsey.

Recruiting and retaining employees in the digital age requires employers to think very differently about their workforce. Flexible, creative and strategic approaches allow for better outcomes.

The Rise of MarTech: Navigating the Intersection of Marketing and Technology

MarTech

The Rise of MarTech: Navigating the Intersection of Marketing and Technology

Is your organization struggling with the intersection of marketing and technology? If so, you’re not alone — marketers everywhere are.

There is a crisis in boardrooms and offices around the world: who owns marketing technology? Is it the CIO or CTO, who doesn’t always understand how data is utilized by the marketing teams or best practices to provide an exceptional customer experience? Is it the CMO, who is struggling to stay abreast of how all the various tech options fit together — and managing complex projects while staying on top of marketing initiatives? Or are these professionals working to bring their teams together into a new hybrid that is still being defined? Welcome to the rise of MarTech: where marketing and technology intersect. It’s not always a pretty landscape, but many organizations are navigating through this season of change within the business.

Marketers Love Their Technology

Marketers are generally a creative bunch and are increasingly engaged with the selection of tech, especially as it relates to their specific job functions. Today’s data-driven CMOs are looking for ways to measure their advertising spend, analyze their marketing program results and create timely and relevant messages for their audience. This requires a great deal of integration between the trifecta of communications infrastructure: marketing automation, website CMS (content management systems) and CRM (customer relationship management) solutions. Some smaller organizations are able to utilize a single system for several of these functions, but there is still a level of complexity involved in scoping functionality, acquiring trusted vendors, creating timelines and ultimately approving the user stories and processes. Enter the IT team.

IT Teams Want to Retain Control

Marketers love their data, but IT teams have historically retained control of everything database-related. This tension is an ongoing one, and one that can cause frustration on both sides of the spectrum. Marketers are constantly driven by a need for change and finding the best possible solution for their business needs while technologists tend to take a more sedate path to find a solution. This can cause marketers to go off the reservation and create an unruly tangle of solutions that not only don’t work well together — they often don’t work at all, and might be a security risk besides! It’s incredibly challenging to keep track of the volume of change in the MarTech world, as new platforms are cropping up on a daily basis. In fact, it’s so convoluted that ChiefMarTech.com puts out an annual supergraphic of what it calls the “MarTech 5000“. The 2019 edition has a note showing that the completely illegible list is now made up of over 7,040 entrants in a range of sections broken down into:

  • Advertising & Promotion
  • Content & Experience
  • Social & Relationships
  • Commerce & Sales
  • Data
  • Management

Oddly enough, data and management are two of the smallest buckets but ones that likely contain some of the most powerful tools in marketing — or technology.

Managing Disruption

“Marketers are being asked to do more with less and so they buy into the digital hallucinates that are out there,” according to Former Commonwealth Bank and Foxtel chief marketing officer Andy Lark. There are hundreds of businesses selling little more than “smoke and mirrors” instead of digging deep into the reasons that MarTech can work for the business. This means looking at the core business and marketing functionalities that are needed, a place where IT professionals and marketers can come together as they’re defining requirements instead of waiting for salespeople to come to them. No matter how easy technology salespeople say it is to manage these massive MarTech systems, there are still technical requirements that will end up either back in the hands of your IT department or with marketers needing the ongoing support of external technical staff. Either of these solutions can cause disruption to the business, which is why it’s critical that marketing and technology teams work in lockstep to determine which — if any — new platforms are implemented in the near future.

Even adding a simple module to SalesForce, Adobe or Oracle can have unintended consequences, especially when it comes to data privacy and security — a top concern for IT and marketing alike. The recent spate of legislation around privacy reminds senior leadership that this must be kept top of mind and managed actively. That can be difficult if organizations are saddled with a makeshift raft of platforms that float together well as long as the waters are not bumpy. When you need to track the specific actions of individuals through various systems, IT pros and marketers alike will be reminded that sometimes “less is more” when it comes to new systems and integrations.

Clearing Up The Cloud – Have You Harnessed Its Strategic Advantages?

Cloud Services

The cloud may still feel like a new technology – but in reality, it’s been around for more than 10 years now.

Does that make you feel old?

Let’s be clear about something – the cloud is here to stay. In recent years you may have still heard the occasional “industry insider” suggest that the world may be moving too quickly to an untested and unsure platform in cloud computing, but no more. The cloud is now an integral part of daily life for private consumer and business users alike.

What Is The Cloud?

The cloud is a network of technologies that allows access to computing resources, such as storage, processing power, and more. That’s where the data is – in these data centers all around the world. Which data center your data is in depends on what cloud service provider you’re working with.

The Cloud’s Many Layers

Public Cloud

Ideal for small businesses that may have trouble budgeting for any other type of cloud deployment, a public cloud is simple and cost-effective. Your data is stored in a “communal” data center, which, while not offering the best possible security or compliance guarantees, is often sufficient enough for organizations that aren’t required to maintain regulated compliance.

Private Cloud

A secure, dedicated environment to ensure maximum performance, security, and functionality for your business applications and employees. This is usually deployed for complaint-driven businesses such as healthcare and finance.

A Hybrid Cloud

This is like a dedicated cloud computing resource on Office 365 and Azure Stack with an extension to on-premise resources for maximum performance, control, security, and functionality. This is for businesses that require maximum control and scalability.

Instead of entrusting your legacy solutions to a public or private cloud, many businesses are opting for a hybrid cloud. They use a mix of on-premise, private and third-party public cloud services because this provides an infrastructure where one or many touchpoints exist between the environments.

Using a hybrid cloud gives you the freedom to choose which applications and resources you want to keep in the data center and which ones you want to store in the Cloud.

The Cloud Isn’t As New As You Might Think…

Would you say the cloud is “new”?

To some, this may seem like a question with an obvious answer, but it’s not that simple.

The way in which we think about technology can lead to something feeling new for a lot longer than would make sense otherwise.

After all, the cloud is more than a decade old, but a lot of people still think of it as a new technology.

For context, it was 2006 when Google and Amazon began using the term “cloud computing” – not necessarily the beginning of the cloud, but as good a point to choose as any.

In that year, the now woefully dated Crash won Best Picture at the Oscars. The Tesla Roadster was still two years from hitting the streets. Netflix was more than a year away from launching its now prolific streaming services.

Does that put it in perspective?

How Is The Cloud-Delivered?

SaaS (Software as a Service)

Software as a Service (SaaS) applications are being adopted at a much faster pace today than in the past. These are productivity applications like Microsoft Office 365, cloud-based practice management solutions, accounting programs, and more.

Your SaaS provider helps you identify and select line of business applications that will run well in the cloud. They can migrate your data and integrate it with software platforms in your current premise or cloud technology stack, or help you implement new ones.

PaaS (Platform as a Service)
This is whole cloth delivery of web applications that are based in the cloud, all via a comprehensive platform. The idea is that, in accessing this platform, you can utilize, develop and even deliver applications based on resources that you don’t need to maintain on-site.

IaaS (Infrastructure as a Service)
Infrastructure as a Service (IaaS) delivers IT infrastructure on an outsourced basis and provides hardware, storage, servers, data center space, and software if needed. It’s used on-demand, rather than requiring you to purchase their own equipment. That means you don’t have to expend the capital to invest in new hardware.

Why Should You Use With The Cloud?
For the same reasons that thousands of other businesses around the world have already adopted cloud computing:

  • Computing Power: The cloud has the ability to activate tens of thousands of CPUs. This unparalleled power can quickly perform deep analytics of your data, and process nearly any ad-hoc queries that you require.
  • Reliable Costs: The cloud services subscription model offers the strategic advantage of low-cost, low-risk opt-in combined with a simple, predictable monthly fee.
  • Easy Scalability: Cloud services have the unique strategic characteristic of being able to stretch or shrink to suit your current level of demand. This is especially useful for businesses of scale or companies that go through seasons of activity.
  • Real-Time Collaboration: With cloud technology, your staff doesn’t have to wait for each other to be done with their part of the document or project in order to tackle their own aspect. They can all work on the same project at the same time to maximize productivity.
  • Remote Work Capability: This cloud feature allows you and your employees to work remotely as need be, which will give your business members the flexibility they desire to have a more balanced home/work life.

You Need To Keep An Eye On Your Cloud

As beneficial as the cloud can be, it’s important to note that it can also pose risks if it isn’t managed properly. It all comes down to the classic binary relationship between convenience and security.

The cloud gives you unparalleled access to your data from anywhere with an Internet connection. That means that external parties (including cybercriminals) can have undue access to your data as well if you don’t take the necessary steps to secure your environment.

That’s why you need to monitor your cloud. No matter who you entrust your data to, you should ensure that you or someone in your organization is given appropriate visibility over your cloud environment. That way, you can guarantee that security and compliance standards are being maintained.

If you don’t have the resources to manage this type of ongoing monitoring, then it would be wise to work with the right third party IT services company. Doing so will allow you to outsource the migration, management, and monitoring of your cloud. You’ll get the best of both world – security and convenience.

Why Your Non-Profit Should Consider a CIO Before Setting Up IT

Why Your Non-Profit Should Consider a CIO Before Setting Up IT

Just like businesses, more and more non-profit organizations are looking to their IT infrastructure in hopes of optimizing operational processes and driving cost-efficiency. For non-profit entities that are working on limited and donor-sourced budgets, making the most out of organizational technology isn’t just smart – it’s necessary. That’s why we’re hoping to help non-profit professionals understand the benefits of working with an outsourced CIO to manage and optimize organizational technology.

What is a CIO and Why Should Your Organization Work with One

CIO stands for Chief Information Officer and the responsibility of these professionals is to drive IT innovation and optimization for businesses. Usually, people associate CIO’s with large-scale enterprises that have massive amounts of funds allocated to spend on IT optimization. However, more and more managed IT service providers of all shapes and sizes are starting to offer outsourced CIO services for smaller or more financially limited organizations.

Simply put, outsourced CIOs are responsible for all the same things as enterprise-grade CIOs, but they do the work for a fixed monthly rate – not an annual salary. The primary benefit of working with an outsourced CIO is that it allows smaller organizations to take advantage of strategic IT planning and optimization without breaking the bank or hiring an in-house professional. This is especially beneficial for non-profit organizations who are always looking for ways to reduce overhead costs and drive streamlined optimization.

The Top Ways a CIO Will Help Your Non-Profit Organization

Listen, we get it. You’re probably wondering – how will an outsourced CIO, with a monthly price-tag – help your budget-conscious organization reduce costs? What are the true benefits of investing in outsourced CIO services? How will my non-profit organization benefit from this kind of investment? Let us break it down for you below.

Here are the top ways a CIO can help your non-profit organization:

  • Identification of operational inefficiencies

Right out of the gate, an outsourced CIO will work to identify gaps and inefficiencies in your organization’s approach to IT. Even better? They’ll work efficiently to create solutions to these problems and will develop a plan to put those solutions in place strategically. No matter your unique IT needs, a CIO will help you get things running at optimal capacity. You’ll have support for everything – from installing hardware to optimizing software, and everything in between.

  • Improved IT security

IT security is critical for non-profit organizations. A single data breach or cyber-attack can have devastating financial and operational consequences for hardworking non-profits. That’s why a reliable CIO will work to proactively identify security gaps and patch them sufficiently. They’ll also help your organization develop a long-term security strategy that is designed to prevent and mitigate existing threats and identify emerging ones. This way, your organization’s data and hard-earned funds are continually and proactively protected.

  • Disaster recovery and organizational continuity

Even with the most strategic IT security plan in place, the reality is disasters still happen. In fact, they often happen when organizations least expect them. That’s why a good CIO will work with you to create a plan for the worst-case scenario. This plan will include a detailed strategy for responding to and recovering from a data breach with little to no organizational disruption. It will also include a sure-fire organizational continuity plan to make sure even the worst security breach doesn’t cripple your organization.

  • Strategic, long-term planning

As we mentioned, the ideal benefit of working with a managed IT provider is all about thinking about the future. An outsourced CIO’s primary responsibility is to help your organization plan strategically for the long haul. This could include keeping an eye on industry-specific innovations that could help your organization thrive. It may also include strategies that position your organization for maximum scalability potential. No matter the approach they take, a good CIO will be working proactively to help your organization stay on the cutting edge for years to come.

  • Fully managed IT service and support

Finally, once all the initial strategy and planning is put in place, an outsourced CIO can play a critical role in helping you and your team manage IT on and ongoing basis. This could include anything from dynamic IT monitoring and management to reliable and responsive troubleshooting support. No matter what you need in terms of ongoing IT service, a CIO can help, leaving you free to focus on the important work you do day in and out.

Support for Your Search: Finding the Right CIO for a Non-Profit Organization

So far, we’ve outlined the key non-profit benefits of investing in an outsourced CIO. Hopefully, you’re convinced of these benefits and if you are, you’re probably wondering how you should go about finding a strategic and reliable outsourced CIO to help your organization. Don’t worry – we’ve got you covered.

First things first, you need to go into your search with an informed perspective. Take stock of your organizational needs when it comes to IT and try and think of problem areas where strategic IT solutions could help your team work more efficiently. Also, be sure to do your research on the providers you consult with. The best way to find the right provider is to go into your search with as much information as you can.

Don’t settle for anything less than an outsourced CIO provider who:

  • Has experience offering CIO services – especially to non-profit organizations like yours
  • Is committed to understanding your needs – both in terms of IT and budget constraints
  • Will work continuously to customize their services to meet your unique organizational needs
  • Explains their value to you in a language you can understand

If your non-profit organization is looking for an outsourced CIO that can provide all of the strategic benefits we’ve listed in this guide, we welcome you to start your search by contacting the team of CIO professionals from Scoja Technology Services. We have the expertise and experience necessary to help your non-profit organization reach new heights of productivity, cost-efficiency, and dynamic scalability.

Non-profit organizations do not need to be left in the dust when it comes to innovative and forward-thinking IT support. If your organization could benefit from a new and fully-managed approach to IT optimization, reach out to our team of certified tech professionals at (415) 373-0550 or via email at info@scoja.com. We can’t wait to help your organization reach new heights.

OAuth Phishing Attacks: Threat Advisory

OAuth Phishing Attacks

What You Need To Know About OAuth Phishing Attacks

Amnesty International has reported that OAuth Phishing attacks targeted dozens of Egyptian human rights defenders since the beginning of this year. They are warning that these human rights defenders should be vigilant and contact them if they receive any suspicious emails.

“Since January 2019 several human rights defenders and civil society organizations from Egypt started forwarding dozens of suspicious emails to Amnesty International. Through the course of our investigation, we discovered that these emails were attempts to access the email accounts of their targets through a particularly insidious form of phishing known as OAuth Phishing … We estimate the total number of targeted individuals to be in the order of several hundreds.” Amnesty International

What Is OAuth Phishing?

The Egyptian authorities are using a new spear-phishing technique called OAuth phishing. OAuth is an industry-standard protocol used for authorizations. All computer users should beware of OAuth Phishing.

OAuth Phishing is being used to abuse the legitimate authorization feature of online service providers that lets third-party applications gain access to an account. OAuth is the protocol used by many companies, including Google, Facebook, Amazon, and Microsoft. It’s used to manage access to user data across these and other platforms.

With access to a user’s email account OAuth can add events or flight times to their calendars. The OAuth Phishing hackers use malicious third-party applications to trick users into giving them access to their accounts.

OAuth Phishing targets OAuth tokens instead of passwords. When a user grants a third-party app the right to access their account, the application uses the OAuth token instead of a password. Egyptian authorities are gaining unauthorized access and use third-party apps to compromise users’ accounts.

How Does OAuth Phishing Work?

The hacker uses phishing emails with fake security warnings from Google to trick victims into clicking on a malicious link. The victim is instructed to click the “Update my security now” button. When they do, they’re sent to a third-party application called “Secure Mail.” This prompts the OAuth process.

But that’s not all. They are then asked to give the “Secure Mail” app access to their Gmail or other accounts. They’re told to click on the “Allow” button. When this happens, the hacker gains access to the victim’s account.

Now the attacker can use a malicious application to:

  • Download other messages, attachments and files.
  • Search for and read their messages.
  • Install filters and forwarding rules.
  • Inject macros into Word documents.
  • Access users’ contacts.
  • Get into OneDrive and search for downloaded files.
  • Extract emails by searching for keywords.
  • Setup malicious Outlook rules.

Amnesty International warns that these OAuth phishing attacks also target users’ Yahoo, Gmail, Outlook and Hotmail accounts.

How Can You Prevent Your Employees From Being Victimized By OAuth Phishing?

The best way is to be educated. Security Awareness Training is the go-to solution to keep employees informed about security threats and how to avoid them. But, because OAuth phishing can be difficult to detect and the victim authenticates through a legitimate site, people are still being tricked.

OAuth Phishing can be hard to identify. And, even with Security Awareness Training, people are being tricked. They’re trained to look for suspicious website URLs and to use Two-Factor Authentication. But these tactics don’t work to prevent OAuth phishing.

Phishing messages can convince users to click links that deliver malware or reveal their user credentials. Now with new tools, OAuth is being used for this. The account can be accessed until authorization is explicitly revoked. Not even password resets or using 2-factor authentication will work to stop it.

Train and test your users to:

  • Spot phishing messages and specifically OAuth phishing messages.
  • Know how to submit suspicious email messages if they find them.
  • Defend and respond to OAuth attacks.

Along with Security Awareness training, companies must ensure that their IT service companies have set up the technology, policies and remote monitoring and management to detect these OAuth attacks.

What Does OAuth Recommend?

You can visit this page for security guidance. They say that if a suspicious or malicious third-party application is found in the OAuth environment that all permissions should be revoked. Then review remote monitoring logs to learn what was compromised.

They also suggest that you:

  • Limit the number of third-party applications that can be accepted.
  • Disable any third-party applications that you don’t need.
  • Search and monitor all third-party applications that have been approved for use, and check for suspicious activity.
  • If you use Microsoft Office 365, be sure to monitor your application permissions in the Cloud App Security.

The Bottom Line

All of your employees should be educated about the dangers of OAuth and other phishing attacks. They should always use best practices and only access applications that they trust.

Also, make sure that you and your IT provider periodically review the list of applications that you use. Revoke access to all applications that you no longer need.

Why Today’s CEOs are Worried About Cybersecurity

The top concern for CEOs today isn’t competitors or a recession — it’s cybersecurity. See why this is becoming the biggest challenge for an organization’s top executive.

Why Today’s CEOs are Worried About Cybersecurity

A business’s top executive has plenty on their minds: the potential of a major recession, competitors nipping at their heels and a shortage of talent. However, none of these hot topics are the top concern for US CEOs in 2019 — that banner falls to cybersecurity. When there are so many other issues facing organizations, why is cybersecurity the highest business concern for CEOs? Perhaps part of the issue is the continual cycle of mainstream media coverage of the massive breaches such as Equifax in 2017 that affected millions of individuals and can cost billions of dollars to resolve. It could also be the high-profile challenges that FacebookYahooUnder Armour and Marriott have been facing over the past few years. A recent poll of over 1,400 CEOs and senior executives by The Conference Boardpoints to some of the reasons cybersecurity is a top strategic consideration for CEOs in 2019.

CEO Concerned About Cybersecurity

CEOs Struggling to Find the Right Cybersecurity Leaders

One of the key threats facing today’s CEOs is the ability to adequately resource their cybersecurity teams. This relatively new need is one that is causing a significant shortage in the hiring market, with organizations wrestling with budget requirements for an increasingly-expensive skill set. Unfortunately, the dearth of talent is not just at the executive leadership level, it is also causing IT departments around the country and the world to flounder as they attempt to staff up to meet the growing needs of cybersecurity as well as data compliance requirements. These individuals will be in high demand for the foreseeable future as gaining knowledge about cybersecurity requires time and investment in education. Savvy CEOs and other technology leaders have been growing these skills internally for the last several years, but having a split focus between cybersecurity requirements and their “day job” can quickly cause individuals to fall behind in the ever-changing security landscape.

Keeping Cybersecurity Initiatives in the Limelight

It’s relatively easy for CEOs to keep shorter-term strategies top-of-mind for their executive teams, but there are no quick solutions to enhancing your organization’s cybersecurity. This requires a long-term, focused effort — and resisting the siren songs of short-term gains to ensure that your strategic focus on IT security stays in place. Changes in the economy or in the competitive marketplace may tease CEOs to redirect some of the funds or teams to other parts of the organization, but it’s crucial that top executives stay in tune with the benefits that cybersecurity provides to the organization. In many cases, the changes that need to be made to make your organization more secure will also have payoffs in the efficiency of your operations, too.

Marketplace Perception of a Data Breach

The extremely negative perception and sheer quantity of negative publicity that can come with a data breach are reason enough for CEOs to be overly concerned about the cybersecurity within their organization. It doesn’t take long for smaller, leaner competitors to enter many marketplaces, and these organizations can receive positive publicity if larger organizations are caught up in a breach situation. How the business handles their communication around a massive breach, ransomware or other cybersecurity incidents can be as damaging as the incident itself if the CEO isn’t careful. These situations require a great deal of proactive communication and notification to customers along with the major effort required to evaluate the incident and begin remediation. Without a comprehensive incident response plan in place, the situation becomes that much more difficult for leaders throughout the organization.

Creating a proactive field for cybersecurity does start at the top, which makes it encouraging that CEOs are considering cybersecurity their very top initiative for 2019. As long as this focus on IT security and the value for the business continues strong over the next few years, businesses should be able to prepare adequately to weather this type of storm.

Contact Your Next
San Francisco Bay Area IT Company