Category: Technology

For business owners, finding the right IT partner can be overwhelming. With so many companies offering similar services, how do you know which one is right for you? Which managed services provider (MSP) can you trust with your IT infrastructure and needs?

Whether you have an in-house IT team who needs additional support or are looking for an IT MSP to take on all of your information technology needs, it’s important to ask the right questions to determine which partner is the best fit for your company.

Before entering into a contract or agreement with a managed IT services provider, get to know their capabilities and experience through a thorough interview process. What important questions should you ask? Focus on areas like company experience, pricing and contracts, data management, and comanaged services.

Here are questions to ask your managed IT services provider to get you started.

Company Experience

First and foremost, you will want to make sure the company you select to be your IT partner has the experience and background to provide you with the best experience and service. Sample questions to ask include:

  • What are the team qualifications? What skills and abilities does your technical staff carry? If you are outsourcing some or all of your IT needs, it’s critical you work with a team that has the technical expertise of a CTO AND the hands-on skills of a tech support team. What experience do they have in their field? How long have they worked in IT? What industry credentials or certifications do they have?
  • Can I contact your existing clients for references? Does the managed IT services provider readily offer references and testimonials? If not, why? Current client testimonials and references can be very helpful during the decision process. Another way to check references is to look at their Google reviews.
  • Do you have specific experience in our industry? If you are in an industry that has unique IT needs, the answer to this question may be key in whether or not you move forward with the MSP.
  • Is there any reason to NOT hire your company? This question tends to surprise many companies. Ask them reasons why they may not be the best partner. What areas do they need to improve? What potential problems or issues could you encounter if you hire them?

Pricing and Contracts

If you are considering working with a managed IT services provider, you likely have a budget you need to stay within. While an MSP may have a tiered pricing structure that fits into your budget, there are other pricing and contract questions you should ask including:

  • Do you charge a flat fee? Or do you charge by the hour or help desk ticket? The answers to these questions will vary widely between MSPs. Some companies charge a flat fee for ongoing services while others will charge by the hour or even by the number of help desk tickets. If the company works by the hour or by issue, this can be more expensive in the long run than charging a flat fee.
  • Do you have a service level agreement? A service level agreement (SLA) defines the scope of work and the level of service you can expect in the relationship. Essentially, an SLA is a commitment by the provider to you as their client. Professional, reputable companies will offer a service level agreement.
  • Is there an onboarding fee? Some MSPs will hide this extra fee in their contract and clients may not notice it until they get their first invoice. While onboarding fees are not necessarily unheard of, an MSP should be upfront and transparent if this is their business model. If they DO charge a fee, ask what is covered for onboarding – meetings? Discovery time? Be sure you understand what is and isn’t covered.
  • Is there an annual contract? If so, is there an opt-out clause? Many managed IT services companies require a one-year contract. What happens if you aren’t happy with their service after 3 months? Six months? Ask what options there are if you are not satisfied with their service. Do they offer contract flexibility including monthly options?
  • Do you offer a free IT assessment before signing a contract? If you are interviewing potential IT partners, how do you know what you need? Companies that want to work with you will offer an assessment BEFORE a contract so you understand what services may or may not be needed. Don’t be afraid to ask for this service, too.

Data Management

One of the most important aspects of information technology is data management, especially for companies that manage sensitive internal data and external client or customer information. How will the MSP protect that data and how is it managed? Here are a few key questions to ask your potential MSP:

  • How do you protect my data? Cybersecurity is critical in data management. Ask the MSP what policies and procedures they have in place to keep prying eyes off of your company information.
  • How are backups and disaster recovery handled? Let’s face it – sometimes even with the best IT teams in place, systems can crash. How does an MSP handle disaster recovery? Can they remedy service issues remotely? What is the average downtime for their clients after an issue?

Comanaged Services

Companies who already have an internal IT department may want to partner with an MSP for comanaged services. Comanaged service is a framework where some IT tasks are delegated to the MSP while others are handled internally.

  • Do you offer comanaged services? What does that relationship look like? Some MSPs adopt an “all or nothing” approach when working with their clients. In reality, this isn’t always necessary. For companies that have a CTO, they may only need ongoing cybersecurity or help desk services. For other companies that have an internal tech support role on staff, they may need IT consulting and strategic planning services. Discuss your managed service needs with the provider to have a full understanding of how a comanaged relationship works.

Managed IT Services from Everound

At Everound, we work with our clients to customize a partnership that not only meets their specific IT needs but does so in a way that fits into their budget. We provide a service level agreement for our clients that details what we will do to help them realize IT operational efficiency.

Here are other ways we are set apart from other managed IT services providers:

  • Many of our current clients came to us after their existing MSP overpromised and underdelivered. We do not walk away from a challenge and if your current IT company is telling you “no,” we can find a way to say “yes.”
  • We do not require an annual contract, just a 30-day heads-up that we weren’t a great fit. And we do not charge a fee if our relationship ends.
  • If we aren’t the right partner for you, we will help you find a managed IT services provider to replace us! Our goal is to provide the service our clients need and deserve and if we fall short we will work hard to find you another company to work with you.

Curious about our approach to managed IT services? Reach out today to start a discussion. Let us focus on your IT so you can focus on your business.

Almost daily we learn about cybersecurity threats and data breaches that are affecting businesses across the country and around the globe. The pace and costs of these incidents aren’t slowing down either. In fact, it’s projected that by 2025 the costs related to cybercrime will reach $10.5 trillion.

Most business owners acknowledge the importance of cybersecurity to protect their business assets. The complexities of cybersecurity best practices, though, can leave a business owner feeling confused or overwhelmed and prone to making a costly mistake.

What are the most common cybersecurity mistakes that make a business vulnerable to attack? Let’s take a look at missteps that can make a business a target for cybercrime.

Mistake #1: Not Having a Plan in Place

By far, the biggest mistake that can hurt a company is not having a plan in place in case of a cyber threat. Companies without a formalized cybersecurity plan in place are the most prone to a cyber attack. While creating a response plan takes time and effort, the trade-off for NOT having one in place is immense. A lack of preparation can have devasting financial consequences on a business, not to mention severe damage to customers’ trust and loyalty.

It’s critical for all organizations to prepare and plan for attacks before they happen beginning with an incident response plan. An incident response plan details the step-by-step process for responding to a cyber event. An incident response plan helps to minimize downtime, maintain public trust, and in many industries such as healthcare and law, remain in compliance with governing organizations.

As the saying goes, prepare for the worst and hope for the best.

Mistake #2: Not Staying Up to Date

You’ve likely done it once or twice – ignored the annoying notification that a software update is available for your computer. It’s natural to delay a notification while you are in the midst of working on a project, but regular software updates are important to help keep your business secure by:

  • Fixing security weaknesses
  • Addressing known threats
  • Installing computer patches
  • Fixing computer bugs

If you are at an organization with an internal IT department, your IT team should be pushing updates regularly to the entire organization’s IT infrastructure. Are you the IT department AND the business owner? Chances are your team isn’t updating their computers regularly unless you are specifically asking them to do so.

Mistake #3: Not Training Employees

Did you know that one of the biggest threats to your business’s cybersecurity isn’t a hacker or cybercriminals? The biggest threat is actually your employees. Human error accounts for a large percentage of data breaches and other cyber incidents.

When you fail to provide regular training to your team, they may fall victim to phishing emails, ransomware attacks, improperly storing sensitive data, or clicking on an unsafe link. Cybersecurity awareness training isn’t failsafe, however, developing a security posture is about building up layers of defense. Training is one of those layers.

 

Mistake #4: Not Using Strong Passwords

Humans are predictable – passwords shouldn’t be. Weak passwords are an easy way for outsiders to gain access to your network and data. Considering 61% of data breaches involve login information, a strong password policy is critical to keep data safe. A strong password policy can include:

  • Required two-factor authentication
  • Long passwords with a mix of lower and uppercase letters
  • Avoiding predictable passwords such as, well, password
  • Not allowing recycled passwords
  • One-time access passwords

Overlooking password security is sometimes an overlooked area but can be easily addressed by incorporating a password manager into your IT best practices.

Mistake #5: Skipping Backups

Not backing up data is a critical mistake when it comes to cybersecurity and protecting data. In the event your company is held hostage with ransomware, or if your data is lost or corrupted, a backup can help you restore it.

There are two ways to backup your data: cloud-based and local. Cloud-based backups are stored on servers and local backups are stored on external hard drives or other devices. Business owners should consider using both methods, especially startups and small businesses.

Mistake #6: Thinking “It Won’t Happen to Us”

Own a business and think cybercrime only happens to other companies? The hard truth is most businesses – even small businesses – will be targeted for a cybercrime at some point. Hackers often target small businesses over large ones as their IT infrastructure is more likely to have holes and gaps for them to exploit. If you own a business, it’s not if, but when, you will be targeted.

Cybersecurity Services from Everound

Everound is a managed IT services company specializing in cybersecurity services, IT consulting, network administration, help desk support, and other IT services. Our team of professionals has worked with large, enterprise organizations as well as small startup businesses to help them plan for and prepare for a cybersecurity threat.

We know what it’s like to run a business and make our customers’ cybersecurity needs a priority. We offer a free cybersecurity assessment that will help you understand where you may be vulnerable and can help you develop a plan to reduce your risk for a cyber threat. Contact us today for a free consultation and let us focus on your IT so you can focus on your business.

As a business owner, you likely understand the power of making your budget work as hard as possible and spend money wisely on business operations. This time of year, you may be working on next year’s budget and wondering if there are areas of opportunity to show cost savings. One area where you can reduce costs is your information technology expenses.

Outsourcing IT business functions to a managed services provider (MSP) allows you to cut costs, save time, and even produce the same or a better outcome at a lower cost. There are also indirect benefits to outsourcing your IT including consistency in service. For example, when you use an outsourcing company, there are no sick days or PTO days to worry about – in fact, your managed service provider is always on call for you!

How does outsourcing IT save costs over relying on an in-house team? Let’s take a look at the ways outsourcing IT can alleviate budget constraints while also helping your business realize IT operational efficiency.

Reduced Salary Expenses

Let’s face it – payroll and related costs are the biggest expense for a business. On average, a company spends more than $4,000 to hire and train a new employee. In addition, recruitment and retention costs can add even more expenses to a company’s bottom line.

When you rely on an IT outsourcing company for technical support, cloud services, disaster recovery, and other IT services, you not only save money on these expenses, but you also save money on annual salaries and additional overhead costs including:

  • Medical, dental, and other healthcare benefits
  • Retirement costs such as 401k contributions
  • Quarterly or annual bonuses
  • Hard costs such as office space and furniture, computers, cell phones, and miscellaneous resources

When you work with a managed IT services provider, these costs fall on the MSP’s shoulders and not on your business. Curious if outsourcing is for you? We can help you determine if working with an MSP makes sense for your budget.

No Training Costs

Information technology changes rapidly, especially when it comes to IT concerns like cybersecurity and remote monitoring and management. In-house employees need to be on top of the latest technology developments and risks which can only be achieved by ongoing training and education. This can come with a massive price tag for a business owner.

When you work with a managed services provider, training is included, and you have access to highly trained experts without the costs. Most MSPs spend their own time and money on training for their team members meaning you can put those costs back into your business.

Another ancillary training benefit is for your own employees. As part of some support packages, MSPs offer cybersecurity training, software training, and other IT-related educational services. At Everound, we can work with your company to develop training programs that allow your employees to maximize the power of technology at your business.

Easy Scalability

Another way outsourcing your IT can save your company money is the ability to scale up – or down – quickly and easily. If you have a seasonal business and need more IT help in the summer months, for example, your IT services package can scale down in the winter. When you have an in-house IT team, you are responsible for their salaries and expenses year-round, no matter your current IT needs.

Cash flow down? With an MSP, you can scale back services for the short term to help increase your bottom line. Similarly, if you run a small business, you may not need 40 hours per week of technical support. The good news is your MSP can work with you to scale up or down based on your current financial situation.

Why Choose Everound for your Managed IT Services?

At Everound, we work with our customers to develop an ongoing managed IT services relationship that helps their bottom line. We can create a customized package that meets your IT needs AND reduces your overall information technology costs.

We won’t charge you for every help desk ticket, phone call, or meeting. Our customer service is part of the package, and you can consider us an extension of your team. Our MSP service offerings include help desk, network and server administration, network monitoring, equipment installation and configuration, backup and disaster recovery, and even after-hours support. Working on your budget and considering outsourcing your IT functions? Let’s chat.

Phishing scams are nothing new and are one of the biggest cyber threats to a business. According to Proofpoint, more than 80% of companies were targeted by phishing cybercriminals in 2021. Do you know how to spot phishing attempts at your organization?

Understanding the different types of phishing strategies is the first step to stopping them from infiltrating your organization. Let’s examine the different types of phishing attacks, ways to spot them, and how to block phishing emails.

Types of Phishing Attacks

What is phishing? Phishing is an email or text message scam that tricks users into providing personal information either by clicking on a link or opening an attachment. The emails or text messages appear to come from someone the recipient trusts, either a supervisor, colleague, or in some cases, a family member.

Not all phishing attempts are the same, and there are several different ways a cyber thief can deploy a phishing attack. The most common types include:

  • Deceptive: Deceptive phishing is the most common type of scam. In this method, attackers impersonate a company the user is familiar with to steal personal information or data. The emails may look real and even include legitimate links to trick the user into falling for the scam.
  • Spear: Spear phishing is a more targeted type of a deceptive phishing attempt. With spear phishing, the criminal will specifically target an individual with personal information they can find on the Internet. A spear phishing email may contain the user’s full name, place of employment, job title, email address, and even specific information about their role at their company.
  • Whaling: Whaling is similar to spear phishing, however, targets senior leadership such as the C-suite. With whaling, scammers impersonate the CEO, CFO, or another high-level team member with the hope the recipient will “follow orders” from a superior. The requests are typically to complete a financial transaction or respond to the email with personal information.
  • Smishing: Smishing is a type of phishing attack that uses text messaging rather than emails, but the goal is still the same – to get a user to click on a malicious link or provide personal information. Many phishing criminals will send text messages disguised as a bank and claiming there was suspicious activity with the user’s bank account or credit card.
  • Vishing: Vishing is much the same as smishing, however, the platform switches to a phone call rather than a text message. Senior citizens are particularly at risk for vishing attacks. The caller will pose as someone in an authoritative position to be able to obtain bank account numbers, credit card information, and more.
  • Pharming: As users have become more aware of email phishing, fraudsters have changed their strategy to include pharming. With pharming, users are redirected to a fake or “spoof” website that essentially appears to be a real website. The fake sites are designed to capture a user’s personal information such as their social security number, website credentials, account numbers, and more. Pharming is implemented when the hacker sends malicious code in an email that redirects traffic to the fake website.
  • Angler: Angler phishing is a fairly new type of phishing attempt that targets social media users, particularly ones who are frustrated with customer service at a financial institution. The cybercriminal will pose as a customer service rep for the company and respond to a complaint using a handle that includes the name of the institution. The fake account will attempt to “resolve” the complaint and ask the user to click on a link to talk to an agent. Once the link is clicked, the fraudster can install malware on the user’s computer or steal business data.

While there are different methods of phishing, they all share the same goal. The email (or text message or phone call) may ask for a password, billing information, credit card numbers, or other sensitive data. Once the information is shared, hackers can infiltrate a company’s network and steal information or deploy malware. Phishing is a real risk for all sizes of organizations, from small businesses to large enterprises. If you are concerned about phishing attempts at your business, a cybersecurity team like Everound can help.

How to Spot Phishing Attempts

how to spot phishing attemptsIt’s more than likely that you have been the target of a phishing attempt either at work or at home. Were you able to spot it as suspicious? There are “red flags” to watch out for when determining if an email is real or a phishing attempt.
Here are ways to spot a phishing attempt:

  • Unfamiliar tone: Does the email from your friendly coworker down the hall come off as cold and monotone? Chances are, the email is a phishing attempt. Hackers don’t understand tone very well and some phishing emails are even written by bots. If the content in an email feels a little “off,” make sure you verify the sender actually sent you an email.
  • Spelling and grammatical errors: Most email platforms have a built-in spell check feature for outbound emails. If an email contains several spelling and grammatical errors, it may be a phishing attempt.
  • Inconsistencies with an email address, links, or domain: Another easy way to spot a phishing attempt is to look for inconsistencies with the domains in email addresses or links. For example, if you hover over a link in an email from your “bank” and the URL doesn’t contain the bank name or trusted domain, that’s a huge red flag.
  • Threats or a sense of urgency: Threats or a sense of urgency are often used in whaling. Your “CEO” may be busy in a meeting and ask you to quickly take care of sending a payment to a vendor. If you receive an email that feels out of character, is threatening, or creates a sense of urgency that is uncommon at your business, this is likely a phishing attempt.
  • Suspicious attachments: Attachments sent via email should always be opened with caution. Attachments can contain harmful viruses and malware that can infiltrate an entire organization quickly causing financial damages. If you receive an email with an extension such as .zip, .exe, .scr, etc., or another unfamiliar extension, be very cautious about opening it. Check with the sender by phone to see if they sent you a safe attachment.
  • Odd request: Did you get an email with a request to do something that is not within the normal scope of your job at work? Or perhaps an off-hours text message from your “boss”? Did your IT team send an email with an attachment and you weren’t expecting it? Odd requests are a sign of a phishing attempt.
  • Short and sweet: Some phishing emails are full of content and detail, and others are short and sweet. If you receive a message with a short note like “Per your request” or “As a follow up…” however didn’t request or need anything from the user, do not click on any links or open the attachment.
  • Request for a password or other sensitive information: This is by far the easiest way to spot a phishing email – when the requestor asks for a password or other sensitive information in an email. Passwords, bank account information, and personal data should never be shared via email. A savvier attempt is to send the user to a fake landing page and ask the user to enter their credentials. Remember – banks, financial institutions, and other reputable companies you do business with will not request your credentials via email or their website.

Learning how to spot phishing emails can reduce your risk of a data breach or other cyber threat. Phishing emails are always a little bit “off” and are suspicious. If you are unsure if you can tell the difference between a real email and a phishing scam, working with a cybersecurity team can help.

How to Block Phishing Emails

The first line of defense against phishing emails is learning how to spot them. Your information technology team is likely also implementing several strategies to block phishing emails all together.

How can you block phishing emails?

  • Security awareness training: Phishing attempts all rely on one thing – human interaction. You can reduce your threat and risk of being a target of phishing emails by implementing regular security awareness training at your organization. There are also phishing simulators that can send suspicious emails that are actually harmless to see if employees would fall for a phishing scam.
  • Anti-spam, anti-malware, and anti-phishing software: There are several cloud service software packages that include anti-spam, anti-malware, and anti-phishing support. This technology can identify and stop phishing emails before they even get to a user’s inbox.
  • DNS authentication services: DNS authentication services that include SPF, DKIM, and DMARC protocols help prevent fake websites (spoofing) and impersonation. With DNS authentication, users are blocked from visiting sites that are flagged malicious by the software.
  • Anti-impersonation technology: One of the cornerstones of phishing attacks is the criminal’s use of impersonation. Anti-impersonation technology scans inbound emails and detects abnormalities in headers, domains, and suspect body content.

Cybersecurity Services from Everound

At Everound, we make it our business to protect our clients from phishing and cyberattacks. As a managed IT services provider, we offer comprehensive cybersecurity solutions to protect organizations from phishing, data breaches, dark web threats, malware, viruses, and more.

Unsure if your business is protected and able to sustain a cyber threat? Reach out today for a free cybersecurity audit. We will take a look at your current IT infrastructure, assess vulnerabilities, and work with you to come up with a robust cybersecurity plan. Let us focus on your IT, so you can focus on your business.

Working remotely may have eliminated nuisances like a daily commute, but it also means you’ve likely been hit with digital overload. Even if you are in the office every day, you may still have a cluttered digital life that is getting in the way of productivity and even adding to your daily stress level.

Cluttered digital lives affect us much in the same way as a cluttered home. It can take longer to find something you’re looking for, create anxiety and stress, and slow down your productivity. From messy desktops (quick – how many files are saved on your desktop right now?) to blurred lines between work and home, a cluttered digital life can start to interfere with your day-to-day.

How do you break the cycle of a cluttered digital life? Let’s take a look at how to declutter your digital life and what benefits you will enjoy after you go through the process.

Ways to Reduce Digital Clutter

If you suffer from a messy digital life, have tech fatigue, or merely want to improve your productivity at work, here are ways to declutter your digital life at work (and home, too!):

Create a Digital Separation: One of the biggest hurdles that has popped up over the last decade, and even more in the last two years, is a very blurry line between work and personal life for many workers. How many times have you been working on a project one minute, then the other minute you are emailing teachers about your child’s homework?

While multitasking is certainly admirable, jumping back and forth can create inefficiencies. Set aside time either that is most convenient during your day to focus on non-work-related digital tasks. While you may not be able to stick to this 100% of the time, it can help you reduce some of the digital “noise” in your life. 

Turn Off Notifications: The average smartphone user gets as many as 63.5 notifications per day. Add on top the countless desktop computer notifications from emails and websites you quickly understand how being connected through our digital lives creates unnecessary clutter.

If you constantly pickup up your smartphone to reply to a text message or check social media notifications or stop a task to respond to an email, consider turning off notifications during your workday. Most smartphones can “snooze” notifications or go into “do not disturb” mode.

Clean Your Desktop: You know that feeling when the entrance to your home is cluttered with shoes, sporting equipment, toys, and yard tools? It feels chaotic and unmanageable.

Your desktop is very similar to your foyer or entryway – it’s the first thing you see when you sit down at your desk. Cluttered desktops can create a sense of disorder. Instead of saving a file to your desktop out of convenience, save it in its proper place from the start.

Create a Folder System: A good folder structure can save you time and help improve productivity at work. Not sure where to start or how to organize your folders? It’s best to come up with a system that mimics how you work.

Do you work on one project at a time? Set up folders by project name. Work on a time-based system? Set folders up by month or quarter.

Pro tip – create a template that contains your desired folder structure and copy and paste it for each new project or task.

Delete Contents of Downloads Folder: Your downloads folder is a key factor in your computer’s operating system. Many people overlook their downloads folder when trying to free up space on their computer, however, this is a very easy task to do to help keep your computer running in tip-top shape.

Deleting digital files you don’t need is generally good maintenance and doesn’t harm your computer. Not sure where to find your downloads? Check out this step-by-step guide on where to find your files.

Clear Out Your Email Inbox: Ugh – the dreaded email inbox! Chances are you have hundreds of emails sitting in your inbox. This creates an unmanageable “to-do” list and not only can it be stressful it can also make things hard to find easily and quickly.

Just like your folder system for saved files, create a folder system within your email inbox to help you organize and sort emails. There are many ways to approach this task, either by sorting by sender, topic, or follow-up. Many email platforms have built-in tools to keep you organized, too. Outlook, for example, offers a “follow-up feature” that will let you tag certain emails and assign a deadline for follow-up.

While you may never get down to just a few emails, taking time to sort and organize what you have can help you get on the path to productivity!

Click the Unsubscribe Button: Speaking of cluttered inboxes, how many emails do you receive and immediately delete without reading? Even though this takes mere seconds, unsubscribing can save you time – and stress – in the long run. Imagine opening up your email on Monday morning and not having to sort through what needs attention and what can be deleted? Get that inbox under control and keep it that way.

Benefits of a Digital Declutter

A digital declutter not only helps create control and organization in your work and personal life, but it can also have other tangible benefits. Specific benefits of a digital declutter include:

  • Fewer Distractions and Improved Productivity: When you separate your work and personal digital life, turn off notifications and digitally declutter, you will be surprised how many fewer distractions you have in your 9-to-5 day. With fewer distractions, you will have more time to focus on the task in front of you.
  • Improved Computer Performance: Anytime you delete files from your computer, it frees up memory space and more memory space = improved performance. Delete old files, emails, and even unused programs and applications to help improve your computer’s performance.
  • Reduce Stress: The biggest advantage of any kind of decluttering, whether physically or digitally, is reducing the amount of stress in your life. We could all use that, right?

Managed IT Services for Businesses 

Are you ready to start a digital declutter at work but aren’t sure where to start? At Everound, we can help you devise a strategy to create digital efficiencies for you and your team members using customized cloud services storage solutions, systematic folder structures, and creating best-practices and systems for your entire organization.

As a managed IT services company, Everound focuses on your IT so you can focus on your business. We offer IT consulting, cyber security services, disaster recovery, hardware and software installation and maintenance, cloud storage solutions, and more. Reach out today to find out how we can help you improve the information technology at your business.

When it comes to protecting your data online, you can never be too cautious or safe. The building blocks of online cybersecurity begin with strong passwords and two-factor authentication (2FA), however nothing is failsafe. Strong passwords can be hard to remember if you aren’t using a password manager, and 2FA can still result in data breaches.

That’s where a hardware security key comes in. Hardware security keys provide an extra layer of protection when you are online. With a security key, no one can access your accounts unless they have BOTH your password and the physical security key.

Should you use a hardware security key for your business? Let’s take a deep dive into what a hardware security key does, the pros and cons of using them, and what are the most popular security keys on the market today.

What is a Hardware Security Key?

A hardware security key is a way to secure your computer without having to rely on a password. Hardware security keys (also called security keys, U2F keys, or physical security keys) work in a similar manner to 2FA and multi-factor authentication.

Instead of receiving an SMS text message, email or notification on an authenticator app with an authentication code, the way you use a hardware security key is similar to how a regular key functions. You insert the key, usually the size of a thumb drive, into the USB port of your computer and that’s it — no need to enter anything else from that point on.

Security keys house a small chip with the security protocols and codes that allow it to connect with servers, websites, and apps and will verify your identity. Security keys essentially ‘communicate’ with the server and confirm you are who you say you are. The keys support an open-source universal standard called FIDO U2F, which was developed by Google and Yubico for physical authentication tokens.

You can think of a hardware key just like a hotel room key. When you visit the front desk to check-in, the front desk associate codes your key to your room. Once you insert the key into the door, the data on the key tells the locking mechanism you have permission to enter the room. Hardware security keys work in the same way.

Pros and Cons of Hardware Security Keys

As with most things in life, there are pros and cons to using a hardware security key. How do you know if they are a good choice to enhance cybersecurity at your business? Here are several points to consider:

Pros:

  • Convenience: Hardware security keys are incredibly easy to use. Most people working at a company in a role where they are required to use a computer are familiar with USB ports. Plus, you don’t need to install any extras like software or drivers and most people find hardware security keys are easier than using a password manager.
  • Hassle-Free Recovery: Even if you lose your hardware security key, you don’t need to worry about being locked out of your accounts. Hardware security keys have a fallback number or code you can use until you can acquire a new key. Just be sure to keep your backup code in a safe place.
  • Security: Hardware security keys are one of the most secure ways to protect your data. They cannot be reverse-engineered or intercepted and are a reliable choice.
  • Phishing Proof: Even people who are aware of cybercrime and are cautious online can fall victim to phishing. Hackers are savvy and can lure users into sharing their passwords or online credentials. With hardware security keys, this risk is eliminated.

Cons:

  • Cost: Even though hardware security keys are relatively inexpensive, costs can add up for a large organization. Considering the costs of a cyberattack can reach tens of thousands of dollars for a small business, the cost of hardware security keys is a justified expense.
  • Time/Learning Curve: Change can be a barrier to trying something new and different, particularly at an organization that hasn’t intentionally focused on cybersecurity. Hardware security keys, although easy to use, make take some time to be adopted by team members.
  • Risk of Being Lost or Misplaced: Because of their size, hardware security keys can be misplaced or lost. A good way to keep track of your key is to attach it to your car keys or another keyring. After all, it is a ‘key’ and can be stored alongside other more traditional keys.
  • Not Universally Supported: Most major websites support hardware security keys, but not all. While the technology is being rapidly adopted, some sites may not support them.

Best Security Keys on the Market

There are many hardware security keys on the market today for both business and personal use. Here are a few of our favorites for businesses that work with sensitive data like financials, customer information, and other highly confidential data.

  • Yubico Security Key Series: The Yubico Security Key series is compatible with most of the online services that businesses use, including Google, Microsoft, Twitter, Facebook, GitHub, and Dropbox. It’s available for USB-C ports as the Yubico Security Key C NFC and for USB-A ports as the Yubico Security Key NFC. The Yubico Security Key series is also affordable at approximately $25 each, making it a budget-friendly choice for businesses.
  • Yubico YubiKey 5 Series: The YubiKey 5 series is a step up from the Security Key series and supports a wider array of security protocols and is compatible with more online accounts. It also has more connection options including USB-A, USB-C, USB-C with NFC, and a dual-headed USB-C and Lightning-port model. Because this is an upgrade and provides additional features, the investment is higher at $45-$70 each, depending on which model you choose in the series.
  • CryptoTrust OnlyKey: OnlyKey has a few interesting features that other hardware security keys lack, notably an onboard keypad that is used to enter a PIN, and a password manager. It supports several methods of two-factor authentication including FIDO 2 U2F, Yubico OTP, and TOTP. Other features include encrypted backup, self-destruct (which wipes the device after a certain number of incorrect PIN attempts), and the ability to update the firmware in order to access new features. The price for the OnlyKey is around $45.
  • Kensington VeriMark: The Kensington VeriMark is FIDO U2F certified and offers a good balance of protocol support, cost, and most importantly, fingerprint scanning. The fingerprint technology combines biometric performance and 360° readability with anti-spoofing protection. The investment for this hardware security key is around $50 each.

Put Our Security Expertise to Work for Your Business 

As a managed IT services provider, Everound has the expertise and experience to help you protect your business data from cyber threats. While not every business may need to invest in hardware security keys, it makes sense for companies that deal with sensitive customer data, financial records, and any information that could be tempting to steal.

If you are unsure if hardware security keys are a good fit for your business, reach out today for a free cybersecurity assessment. We can take a look at your network infrastructure and business processes to assess how vulnerable – or secure – your business is from a cyberattack.

Our cybersecurity assessments are free and there is no obligation to engage in our services. Complete our online form or give us a call to learn more. Let us focus on your IT so you can focus on your business.

Still using ‘password’ as a password? Even if you aren’t, some of your colleagues may be a bit lax with their password management. Considering 61% of data breaches involve login information being compromised, password security should be a top priority at a business.

Password security is sometimes an overlooked area at a company but can be easily addressed by incorporating a password manager into your IT best practices. Password management software can not only help reduce security risks but it can also decrease the amount of time your team spends on password recovery and downtime.

Let’s take a look at the risks associated with password security, the benefits and features of a password manager, and a few of our favorite password managers that can be implemented in a business setting.

Password Security Risks

Cybercrime is not just a hobby anymore for hackers sitting in a basement. Cybercrime is a lucrative career for hackers – they know if they can get access to company data, they can sell it for a hefty price. One of the most targeted assets for a hacker is user passwords.

Password security risks include:

  • Phishing/Sniffers/Keyloggers: One of the easiest ways for a hacker to get your password is for you to simply tell them. Hackers try to trick users into typing their passwords into a website they control (phishing), infiltrate unencrypted networks (sniffing), and tracking keystrokes either through hardware or software loggers (keylogging). These strategies are clever – and easy – ways for someone to access your passwords.
  • Weak passwords: People are predictable, but passwords shouldn’t be. When users choose predictable passwords that include public data like their children’s names and birthdates, or their middle name, or something easy to crack (password1234!), they are at risk for a cyber-attack.
  • Reuse of passwords: A Google survey found that more than 50% of users reuse their same password across multiple – if not all – accounts. When a hacker finds one password that works on an account, chances are they will try it across other platforms.
  • Compromised passwords: Once your password has been cracked by a hacker, there is a risk your password will end up online in a data breach. Once a hacker has your info, they can sell it on the dark web or include it in an intentional data leak. Compromised passwords should be changed immediately.

We understand choosing – and using – strong unique passwords can feel like a nuisance. After all, the average user has more than 100 different accounts that require a password for access which can be hard to manage without help. This is where the benefits and features of a password manager can be beneficial.

Benefits and Features of a Password Manager

A password manager is a cloud services software application designed to store and manage online logins and passwords, as well as other sensitive information like credit card numbers, frequent flyer information and private data. Passwords and other data are stored in an encrypted database and are only accessible to the user.

Features and benefits of a password manager include:

  • One password for everything: When using a password manager, you only have to remember one password – the password you choose to access your database. This is one of the main benefits of using a password manager as you don’t have to rely on a notebook or your memory to be able to log in to websites or applications.
  • Automatically generated passwords: Having a tough time thinking of a strong password that contains numbers, letters, and special characters? It can be tough to get creative with passwords! With a password manager, passwords are automatically generated in a way that avoids recognizable patterns. When utilizing this feature, it also prevents you from using the same password across multiple websites and applications.
  • More secure than other methods: Storing your passwords in a spreadsheet on your computer? If someone gets access to that spreadsheet, they can really do some damage. Password managers provide extra security than every other way of saving passwords (especially the old ‘write it on a Post-It note’ method).
  • Works across all devices: Depending on which password manager you choose, you can use your password manager across different devices including your computer, tablet, cell phone, and laptop. If you change your password for a website on your desktop, it will automatically replicate to the rest of your connected devices.
  • Can share with a trusted person: While passwords are meant to be kept to yourself, there may be instances where you want to share your credentials with a trusted person. If you are injured or ill and unable to access your accounts on your own, a password manager can help. Some password managers can even limit what your “trusted person” can see. For example, employees can share only their relevant work credentials with their employer and still keep personal data private. For business owners, this can be important if you have an employee out on medical leave or away from work for an extended period of time.

Top Password Managers

There are many password managers available for both business and personal use with common and unique features. Here are our favorites for enterprise password management solutions:

  • 1Password: 1Password makes it easy to store and sort your logins in a secure vault. 1Password offers secure sharing, custom groups and roles, account recovery, end-to-end data encryption, and customizable access polices for businesses. 1Password is also a good choice for personal use with family sharing plans available.
  • Bitwarden: Bitwarden is an open-source password manager for both business and personal use. Business features help companies share private data safely with coworkers, across departments, or with the entire company.
  • LastPass: LastPass is a good choice for organizations with team members who may be unfamiliar with password managers. Features include a comprehensive real-time reporting breakdown of employee password health for managers.

Put Our Cybersecurity Expertise to Work for Your Business 

Not sure which password management solution is right for your business? We can help you identify which product will work for your specific needs. With more than three decades of combined experience, our team of IT experts understands the importance of password security as one part of an overall cybersecurity plan.

As a full-service managed IT services provider, we focus on your information technology needs, so you can focus on your business. Reach out today to start a discussion about your IT needs, including adding a password manager and password security program at your business.

When you think of a patch, your first thought may be of a patch for a ripped pair of jeans. Once applied, the patch extends the life of the garment and covers up a vulnerable, worn area. In the information technology world, a computer patch functions in much the same way as a piece of fabric on a torn pair of jeans. A computer patch is a modification to a software program that is intended to improve security or performance or fix a bug or issue. It helps to repair an exposed flaw.

Computer patches are an integral part of keeping your information technology infrastructure operating smoothly and protecting your data from cyberthreats. What are the different types of computer patches and how do you find and install them? Let’s take a look at the most popular patches, how to find them, and what the consequences are for not patching regularly.

Types of Computer Patches

Over the course of a software program’s lifespan, it will run into “bugs.” A bug is a coding error in a computer program that can create a vulnerability. A patch is a software update that provides an immediate fix to a bug and allows the software developer to work on the issue for the next release of the software.

There are different kinds of computer patches available including:

  • Point Release: A point release patch from a software company is usually a minor update. Point releases correct bugs and feature minor enhancements to a program as opposed to adding to new features. The point release adds a decimal “point” to the software version number; for example, Version 4.2.06 and Version 4.2.07.
  • Security Patch: A security patch corrects errors in computer software code and addresses cyber vulnerabilities. Vulnerabilities are often discovered in the aftermath of a cyberattack and new security patches respond to the latest threats.
  • Service Pack: Service packs are bundles of patches released together and often contain new features in addition to bug fixes. Most operating systems and software programs provide service packs free of charge.
  • Monthly Rollup: Similar to services packs, monthly rollups contain multiple patches combined into a single update. Each rollup is cumulative, so users need to only install the latest rollup.
  • Hotfix: A hotfix, also known as a quick fix engineering update, addresses a specific issue found with the software. Hotfixes can typically be applied without restarting your computer. A hotfix is an update that cannot wait for a service pack or monthly rollup release.
  • Unofficial Patches: When a software product reaches its end-of-life (EOL), it is often no longer supported by the company that released it. Other developers may create their own patches to address bugs, but because these patches are not developed by the original developer, they are “unofficial.”

Computer patches can help keep your software running smoothly and protect your business from cyberthreats. Software patches are only useful, though, if you have a patch management process implemented. A patch management program outlines how your computer support team will find, download and install patches on a routine basis.

How Do You Find and Install Patches?

When patches become available, vendors will put them on their websites for downloading and installation. As part of your routine IT processes, check for updates at least once a month for installation to protect your business. Some cyber attackers will continue to target vulnerabilities long after patches are available, so it’s important to apply fixes monthly.

Some software will automatically check for patch updates, too. If automatic updating is available, take advantage of this service from your vendor. Automatic patches can contain critical fixes for security and usability.

Here are several tips to keep in mind when installing patch updates:

  • Only download and install patches from vendor websites. Never click on software update links in an email – this is a common phishing tactic used by cybercriminals.
  • Only install patches on a secure network. If you are attempting to install patches on a public network, use a VPN.
  • Microsoft, Oracle, and other software companies release patches on “Patch Tuesday.” Patch Tuesday occurs on the second Tuesday of the month, and sometimes the fourth Tuesday as well. Your IT team should be looking for these patches on a regular basis.

Consequences of Not Patching

If you are managing your business’ information technology needs on your own, you may be tempted to skip patch updates either because of time constraints or the process is outside your area of expertise. Skipping patch updates, though, can put your business at risk for:

  • Damaged Software: Nearly all software programs will experience a bug or issue at some point during its lifespan. A patch will help fix the bug and allow you to continue to use the software as intended. When you skip patches with critical fixes, the software can become damaged or malfunction. Patches are a great tool to keep your software at peak performance.
  • Security Risks: Cybercrime is at an all-time high, and one of the methods a criminal uses to access a company’s data is through a third-party application like software. Some malware can completely erase your data, or a cyber thief can install ransomware and lock your data behind a paywall. Patches can help you stay ahead of data loss and identity theft.
  • Loss of Compatibility: When users on a network have different versions of software, incompatibility issues can arise. When one has a patched version, and the other does not, sharing files can be challenging and cause inefficiencies.

While implementing a patch management program may feel overwhelming, the consequences of not doing so can be damaging. Patches should be a part of your regular information technology functions, either performed by your IT department or a trusted managed IT services provider like Everound. If you are not sure where to start with computer patching, reach out to us today for help.

Computer Patching Support with Everound 

Everound is a managed IT services company in Central Pennsylvania focused on helping businesses create operational efficiency through information technology. Our team can help your business develop a comprehensive patch management program to protect your business and its assets.

In addition to patch support, we provide other IT services including cloud services, cybersecurity, dark web monitoring, email security, hardware and software procurement, help desk services, IT consulting, business phone system design, and more. Let us focus on your IT so you can focus on your business.

Ready to Update to Windows 11? What You Need to Know

Microsoft is rolling out its latest update to its operating system, Windows 10. Sooner or later you will be asked whether or not you want to upgrade to the latest version, Windows 11. Do you know if your PC is ready for Windows 11, or should you stay with Windows 10?

For now, you won’t be forced to update, and installation is not automatic. Before agreeing and installing the update, you should be aware of the differences between Windows 10 and 11, and what challenges you could face if you update on an older PC.

What Is Different?

Differences between Windows 10 and 11

With each new update, Microsoft adds in new features and improves performance issues. The biggest change you will see is related to how the operating systems differ visually, and how those changes impact productivity.

Highlights on the latest update include:

  • Start Menu and Task Bar: The biggest notable difference with Windows 11 is the Start Menu and Task Bar. In Windows 11, the Start Menu and Task Bar are centered in the middle, much like you’d see on a MacOS. If this new layout isn’t appealing, you do have the option to move it to the left.
    The Start Menu in Windows 11 does look different than Windows 10. It’s a bit simpler and shows a static list of apps and your frequently accessed documents. You can expand and scroll through the app list and pin your favorites. This is like Windows 10, however, if you are accustomed to using the Live Tiles, you will be disappointed. The Live Tiles feature goes away with Windows 11. 
  • Snap Layouts for Multitasking: If you are a multitasker, you will like a new feature of Windows 11 – snap layouts that group your windows and save them to the taskbar. Snap layouts replace the drag-and-drop snap assist feature of Windows 10 and allow you to arrange your apps neatly on your desktop.
  • Performance: With Windows 11, Microsoft has made some notable performance improvements that could speed up your PC. The new operating system does a lot of work in memory management, giving the apps that are opened and running more CPU power than closed, dormant apps.
    An additional performance change is the way Windows 11 resumes from sleep mode and handles standby time. Compared to Windows 10, with Windows 11, your RAM will stay energized in sleep mode and will help your PC unsnooze up top 25% faster.
Review Before Updating

Potential Challenges When Updating to Windows 11

With any new software update, there are potential challenges and bugs. The release of Windows 11 is no exception. Many experts believe the release was a bit rushed, even with the clear improvements on some features related to productivity and performance.

If you are considering updating your Windows 10 PC to Windows 11, here are some potential challenges you could face:

 

  • Hardware May Not Support Update: If you have a new PC, chances are this will not be an issue. For older PCs and laptops, this is the biggest challenge of the new operating system. To run Windows 11, you’ll need an Intel Core 8th-gen processor or newer, or an AMD Ryzen 2000 processor or newer.
    This hardware requirement will be frustrating for users with PCs older than 4 years old. Still working on that laptop from 2016 or 2017? There’s a good chance you cannot update to Windows 11 without a workaround. Although you CAN install Windows 11 on unsupported hardware, Microsoft has hinted those unsupported users will not receive critical security updates.
  • You May Lose Some of Your Favorite Features: Die-hard Windows 10 fans may be disappointed to learn some of their favorite features went to the wayside in Windows 11. The S Mode feature, which restricts administrators and users from installing apps from outside the Microsoft Store, is now only available in the home edition. The voice helper Cortana is also being retired, and RIP to Internet Explorer.
  • Critical Hardware and Software May Not Be Compatible: Most devices and apps will continue to work – but “most” is not “all.” Before updating to Windows 11, it’s best to test compatibility on a separate device. Not sure how to make that happen? Drop us a note – we can help. Trying to troubleshoot a post-upgrade compatibility issue can be time-consuming and frustrating.
  • Windows 11 Bugs: An expected annoyance with any new update is some level of instability and bugs. Even with beta-testing, Windows 11 still may experience some bugs that could interfere with productivity. If you are concerned with any of the known issues with Windows 11, but are otherwise eager to move to the new operating system, you may want to wait until it is more mature.
We Focus on your IT, So You Can Focus on Your Business

Ask Everound About Windows 11

Unsure if you can – or should – update your PCs and laptops to Windows 11? Don’t fret – Everound can help! We offer a free IT infrastructure assessment and can develop a plan for you to keep your IT assets working at peak performance. We have decades of experience working with Microsoft products including operating systems, Microsoft Edge, Microsoft Teams, and the entire Microsoft suite. Let us take a look to see if your computers have the minimum system requirements to move to Microsoft 11.

As a managed IT services provider, our team supports business owners with their information technology needs. We can serve as your IT department without the overhead of hiring staff in-house or can work with your existing IT teams as an additional support or resource. We specialize in cybersecurity, IT planning and strategy, network administration and monitoring, help desk support, hardware and software configuration and installation, and backup and disaster recovery. Reach out today for your free IT assessment. We focus on your IT, so you can focus on your business.

MSP, IoT, VPN, Oh My! Your Complete Guide to IT Acronyms

Do information technology acronyms seem confusing? In our industry, we love to abbreviate technical terms to acronyms. No worries – we are here to help with the alphabet soup! Some of these acronyms may be familiar to you and you may hear them every day. Others are specific to information technology systems and challenges.

Here are the most frequently used IT acronyms you may come across in your day-to-day life or as a business owner:

AI: Artificial Intelligence

Have you ever asked “Alexa, how is the weather today?,” or “Siri, what is the best recipe for baked ziti?” This is an example of artificial intelligence. Artificial intelligence is the development of computer systems that can perform tasks that normally require human intelligence.

Speech recognition, visual perception, and even decision-making are all examples of how artificial intelligence is changing the way we communicate and perform daily tasks.

API: Application Programmer Interface

An application programmer interface, or API, is software that allows for two separate applications to “talk” to each other. You likely use an API nearly every day but never thought about it. When looking for the best deals on a travel site, an API lets the travel site quickly collect flight and hotel availabilities from providers before showing you your options. Without an API in place, the travel site would have to manually reach out to the provider to find pricing and availability.

AWS: Amazon Web Services

AWS, or Amazon Web Services, is a cloud-services platform that offers its users database storage, content delivery, and other services. Individuals, businesses, and even government agencies rely on AWS to obtain large-scale computing services without having to build their own IT infrastructure.

Big brands like Netflix, Twitch, Turner Broadcasting, BBC, LinkedIn, Facebook, ESPN, and Twitter use AWS for storage. If you’re binge-watching your favorite new show online, chances are you are watching content stored with AWS.

FTP: File Transfer Protocol

FTP, or file transfer protocol, is one of many ways of transferring a file over the internet. While this is less common now that companies rely on the cloud to share files, some businesses still use FTP. With FTP, the files are hosted on an on-premises server and employees can upload files to share via a link, like you would do when sharing a link on Google Drive.

HaaS: Hardware as a Service

Hardware as a Service, or HaaS, is a procurement model that is similar to leasing or renting equipment. In the HaaS model, businesses essentially “borrow” their IT hardware from a managed service provider (MSP). The MSP owns the hardware and is responsible for maintenance and upkeep.

IoT: Internet of Things

The IoT, or the Internet of Things, describes all the physical objects that are interconnected over the internet or other communication networks. It’s literally the billions of devices around the world that are connected to the internet.

A good example of IoT in action is a wearable device like an Apple Watch or Fitbit. Wearables give users data about their lifestyle using the internet to collect and share the data. Other real-world examples of IoT include home security systems with cameras that are accessible online, smart appliances (think thermostats you can turn on or off from an app on your phone), and even medical devices that document health data through a wireless connection.

IP: Internet Protocol

Internet Protocol, or IP, is the set of rules by which data is sent from one computer to another over the internet. Every computer has a unique IP address – do you know how to find yours? Go to Google and type in “What’s my IP address?” That is your unique identifier when you are communicating online.

IP addresses are useful to trace a device’s location or an origin of an email and to troubleshoot network errors or identify cyber intruders.

MFA: Multi-Factor Authentication

With the increase in cyber threats over the last decade, MFA, or multi-factor authentication, has become a best practice to access private data or sensitive information. MFA requires a user to submit at least two different identifiers to log in to a website or to access files on a server.

A common example of MFA is when you have to enter a password AND a code sent to your smartphone to authenticate yourself. The banking industry uses MFA frequently, as well as websites and apps such as Facebook, Amazon, Dropbox, and Apple ID.

MSP: Managed Services Provider

Another common IT acronym is MSP. A managed service provider, or MSP, is a term used to describe an organization that provides an outsourced specialized service to a business. While there are MSPs in several industries, the most common are outsourced IT services.

An IT MSP provides specialized IT support through services including technical support, cybersecurity, hardware and software installation and maintenance, help desk, network and server administration, network monitoring, and computer patching and software updates, to name a few.

SaaS: Software as a Service

Software as a Service, or SaaS, allows users to access applications and software over the internet. While the terminology may seem unfamiliar to you, you likely are already using SaaS daily. Cloud-based apps like email, calendars, and even Microsoft Office 365 are all examples of SaaS.

With SaaS, businesses do not need to install and maintain software on their own. Applications are updated and maintained through an internet connection.

VoIP: Voice Over Internet Protocol

Voice over internet protocol, more commonly known as voice over IP or VoIP, allows users to make phone calls over broadband internet. Unlike traditional phone systems, a VoIP system works by converting sound into digital voice communication and transferring it through Internet broadband.

VoIP also allows users to conduct video meetings and conference calls and is often a more cost-effective means of business communications.

VPN: Virtual Private Network

A VPN, or virtual private network, gives you online privacy by creating a private network on a public internet connection. A VPN essentially protects your data from unwanted eyes by creating an encrypted tunnel for your data. A VPN also hides your IP address and allows you to access public Wi-Fi safely.

Traveling abroad and want to access your favorite Netflix show that is only streaming in the U.S.? You can use a VPN to hide your IP address and binge-watch away!

We Focus on your IT, So You Can Focus on Your Business

Everound, Your Managed IT Services Provider

At Everound, we partner with small and medium businesses in Central Pennsylvania, Philadelphia, and the Baltimore/DC metro region and take care of their IT infrastructure and needs. We provide managed information technology services designed to help companies become more efficient, boost productivity, reduce risk, improve operations, and promote digital security.

We support national organizations and local businesses by solving IT challenges with customized information technology solutions. Our team of network engineers and technology specialists has been helping clients for more than 30 years.

When you choose to work with Everound, you are more than a ‘client,’ you are our partner. We are relationship-focused and work hard to understand your unique challenges. From day one, we will integrate seamlessly into your organization and treat your team as our team with respect and transparency; communicate with clarity; and above all, implement solutions to help your business be successful.

Let us take on your IT challenges so you can focus on your business. Reach out today for a free IT infrastructure and cybersecurity assessment.