Still using ‘password’ as a password? Even if you aren’t, some of your colleagues may be a bit lax with their password management. Considering 61% of data breaches involve login information being compromised, password security should be a top priority at a business.

Password security is sometimes an overlooked area at a company but can be easily addressed by incorporating a password manager into your IT best practices. Password management software can not only help reduce security risks but it can also decrease the amount of time your team spends on password recovery and downtime.

Let’s take a look at the risks associated with password security, the benefits and features of a password manager, and a few of our favorite password managers that can be implemented in a business setting.

Password Security Risks

Cybercrime is not just a hobby anymore for hackers sitting in a basement. Cybercrime is a lucrative career for hackers – they know if they can get access to company data, they can sell it for a hefty price. One of the most targeted assets for a hacker is user passwords.

Password security risks include:

  • Phishing/Sniffers/Keyloggers: One of the easiest ways for a hacker to get your password is for you to simply tell them. Hackers try to trick users into typing their passwords into a website they control (phishing), infiltrate unencrypted networks (sniffing), and tracking keystrokes either through hardware or software loggers (keylogging). These strategies are clever – and easy – ways for someone to access your passwords.
  • Weak passwords: People are predictable, but passwords shouldn’t be. When users choose predictable passwords that include public data like their children’s names and birthdates, or their middle name, or something easy to crack (password1234!), they are at risk for a cyber-attack.
  • Reuse of passwords: A Google survey found that more than 50% of users reuse their same password across multiple – if not all – accounts. When a hacker finds one password that works on an account, chances are they will try it across other platforms.
  • Compromised passwords: Once your password has been cracked by a hacker, there is a risk your password will end up online in a data breach. Once a hacker has your info, they can sell it on the dark web or include it in an intentional data leak. Compromised passwords should be changed immediately.

We understand choosing – and using – strong unique passwords can feel like a nuisance. After all, the average user has more than 100 different accounts that require a password for access which can be hard to manage without help. This is where the benefits and features of a password manager can be beneficial.

Benefits and Features of a Password Manager

A password manager is a cloud services software application designed to store and manage online logins and passwords, as well as other sensitive information like credit card numbers, frequent flyer information and private data. Passwords and other data are stored in an encrypted database and are only accessible to the user.

Features and benefits of a password manager include:

  • One password for everything: When using a password manager, you only have to remember one password – the password you choose to access your database. This is one of the main benefits of using a password manager as you don’t have to rely on a notebook or your memory to be able to log in to websites or applications.
  • Automatically generated passwords: Having a tough time thinking of a strong password that contains numbers, letters, and special characters? It can be tough to get creative with passwords! With a password manager, passwords are automatically generated in a way that avoids recognizable patterns. When utilizing this feature, it also prevents you from using the same password across multiple websites and applications.
  • More secure than other methods: Storing your passwords in a spreadsheet on your computer? If someone gets access to that spreadsheet, they can really do some damage. Password managers provide extra security than every other way of saving passwords (especially the old ‘write it on a Post-It note’ method).
  • Works across all devices: Depending on which password manager you choose, you can use your password manager across different devices including your computer, tablet, cell phone, and laptop. If you change your password for a website on your desktop, it will automatically replicate to the rest of your connected devices.
  • Can share with a trusted person: While passwords are meant to be kept to yourself, there may be instances where you want to share your credentials with a trusted person. If you are injured or ill and unable to access your accounts on your own, a password manager can help. Some password managers can even limit what your “trusted person” can see. For example, employees can share only their relevant work credentials with their employer and still keep personal data private. For business owners, this can be important if you have an employee out on medical leave or away from work for an extended period of time.

Top Password Managers

There are many password managers available for both business and personal use with common and unique features. Here are our favorites for enterprise password management solutions:

  • 1Password: 1Password makes it easy to store and sort your logins in a secure vault. 1Password offers secure sharing, custom groups and roles, account recovery, end-to-end data encryption, and customizable access polices for businesses. 1Password is also a good choice for personal use with family sharing plans available.
  • Bitwarden: Bitwarden is an open-source password manager for both business and personal use. Business features help companies share private data safely with coworkers, across departments, or with the entire company.
  • LastPass: LastPass is a good choice for organizations with team members who may be unfamiliar with password managers. Features include a comprehensive real-time reporting breakdown of employee password health for managers.

Put Our Cybersecurity Expertise to Work for Your Business 

Not sure which password management solution is right for your business? We can help you identify which product will work for your specific needs. With more than three decades of combined experience, our team of IT experts understands the importance of password security as one part of an overall cybersecurity plan.

As a full-service managed IT services provider, we focus on your information technology needs, so you can focus on your business. Reach out today to start a discussion about your IT needs, including adding a password manager and password security program at your business.

Getting something for free sure is tempting. After all, why would you pay for something that is also available to you at no cost? The internet is full of free features – free maps, free music, free email, free messaging and for decades now, free antivirus solutions.

But can you rely on the free version of an antivirus app? Or should you invest in paid antivirus software? The short answer is – it depends. In most cases, the free version is enough to provide protection for personal use computers. Your home computer likely has some version of antivirus protection already installed.

But can you trust free antivirus programs for your business? Paid versions provide more comprehensive protection and can help you identify and stay ahead of viruses, malware, spyware, and other cybersecurity threats.

Let’s take a look at the different features available in free or paid antivirus apps, the top free programs available, and why antivirus protection is important for businesses.

Different Features of Free vs. Paid Antivirus Programs

Free Antivirus Programs

The main goal of a free antivirus program is to provide basic protection from a computer virus. A computer virus is a malicious piece of code that once unleashed onto your computer, can spread from device to device. While some viruses are designed to damage a device, others are meant to steal your data and personal information.

While different free software programs vary depending on the developer, the basic features include:

  • Anti-virus, anti-malware, and anti-spamming protection: Free antivirus software is developed to identify and remove viruses and malware and protect your computer against spamming. Because computer threats are constantly evolving, antivirus software developers will update the programs regularly.
  • On-demand scanning: Some free antivirus programs have on-demand scanning or scanning only when you start the application or upload data into your computer’s memory. The downside of on-demand scanning is it relies on the user to get into the habit of running it regularly.
  • Real-time protection: Other free antivirus programs have real-time protection. Real-time protection works by scanning data for viruses, malware, and spyware around the clock. With the ever-changing cybersecurity landscape, real-time scanning is recommended to catch a virus before it spreads.

Paid Antivirus Programs

Paid antivirus programs go above and beyond their free version counterparts and provide additional protection from viruses and other harmful computer threats. Paid programs offer additional features including:

  • Extra layer of protection: Some paid programs will be better at detecting new threats such as websites with malware.
  • Firewall protection: Some antivirus companies reserve firewall protection only for their paid versions. A firewall is a security network designed to protect your computer from malicious attacks.
  • Application control: Application control is a security technology that is built into some firewalls. This technology, which is often reserved for paid antivirus programs, protects devices from malicious code and also prevents the installation or use of unapproved applications.
  • Administrative control: Administrative controls help address the “human error” component of cybersecurity. Essentially, this feature allows the administrator to determine what users have access to resources on a network.
  • Webcam protection: Over the last few years, the use of webcams has exponentially increased. For companies with remote teams, webcam protection can be a critical component of overall cybersecurity. Some paid versions of antivirus programs include webcam protection.
  • Customer support: One of the biggest advantages of a paid antivirus service is access to customer service either through email, live chat, or the phone. Free programs usually send users to an FAQ section of their website, or they have to rely on crowdsourced answers to common issues.

Top Free Antivirus Programs

If you are working on a home computer and do not have multiple devices, a free antivirus program may be enough to protect you from most types of viruses and malware. The most popular and well known free antivirus programs are:

  • Microsoft Defender Antivirus: Microsoft Defender Antivirus, formerly known as Windows Defender, is a free antivirus protection program you’re likely already using if your operating system is Windows 10. This program offers solutions to manage how websites track your data and also gives you control over your privacy settings when browsing the web.
  • Kaspersky Security Cloud Free: Kaspersky Security Cloud Free offers full-scale malware protection along with some suite-level features. It gets superb scores from the independent labs, and it won’t cost you a penny.
  • Avast One Essential: Avast One Essential offers impressive free protection for your Windows boxes and somewhat reduced protection on macOS, Android, and iOS.

Why Antivirus Is Important for a Business

As a business owner, can you trust the free antivirus solutions offered to protect your computers and devices from malicious attacks? With new threats coming online every day, businesses can’t afford to leave their data and IT infrastructure vulnerable.

A number of cyber threats target businesses specifically, even small businesses. During the COVID-19 pandemic, remote work caused data breach costs to increase by $137,000 in the United States alone. Further, ransomware attacks such as the one on the Colonial Pipeline caused businesses to be at a standstill until the ransoms were met.

Cyber attacks can paralyze a business. For a modest financial investment into an antivirus solution as part of a larger cybersecurity plan, you can protect your business from threats.

Everound for your Antivirus and Cybersecurity Needs

At Everound, we specialize in internet security and cybersecurity solutions for businesses. With more than 30 years of experience, our team of cyber security professionals can recommend and implement antivirus programs and data protection strategies to help keep your information and your network safe from harm.

Unsure if your company is at risk? Reach out to us today for a free cybersecurity audit. We will take time to identify vulnerabilities and help you come up with a robust plan to protect your business. Let us focus on your IT, so you can focus on your business.

VoIP for Business

Voice over internet protocol, or more commonly known as voice over IP or VoIP, is a type of technology that allows users to make phone calls over broadband internet. Unlike traditional phone systems, a VoIP system works by converting sound into digital voice communication and transferring it through Internet broadband.

Bottom line? If you have access to the Internet, you can call anyone in the United States or internationally with VoIP. VoIP works on any computer and offers advantages over public switched telephone networks (PSTN), also known as plain old telephone service (POTS) for business communications.

Helping Businesses Stay Connected

Advantages of VoIP for Business

There are many distinct advantages of switching to a VoIP system for business purposes. Let’s take a look at the top 8 advantages of VoIP vs. traditional hard-wired phone systems.

  1. Low Cost: Cost savings is one of the biggest advantages of using a VoIP service. VoIP telephone systems eliminate the need for individual telephone lines which can add costs over time. In addition, long-distance calls are less expensive with VoIP since you are utilizing your existing Internet connection.
  2. Higher Call Quality: When VoIP was introduced in the mid-90s, one of its disadvantages was poor call quality. With the advent of fast and stable Internet connections over the last two decades, the original quality issues have disappeared. VoIP calls are crisp and clear, with no latency issues, lags, or dropped calls.
  3. Portability: With VoIP, you can take your business phone number wherever you go, as long as you have a broadband connection. You no longer have to be tied down to a desk with VoIP – it goes where you go.
  4. Scalability: VoIP is a great choice for growing organizations. Adding an additional phone number takes minutes and does not require expensive hardware or a dedicated line. Does your business have a spike in seasonal employees or are you opening branch offices regularly? VoIP is an effective tool for growing businesses.
  5. Remote Workforce Friendly: Remote work has grown exponentially over the last two years. A VoIP phone system can support a remote workforce to help keep them connected to your business. VoIP enables both remote workers and office-based employees to be on the same system. Office-based employees can easily transfer a call from a customer to a remote worker, rather than instructing them to make another call to a separate phone number, and vice versa.
  6. Improved Customer Service: Have you ever missed an important call from a client? With VoIP, you can choose where your calls ring and how, and avoid missing important calls. For example, you can choose for the first few rings to go to your office. If you don’t answer, the call can be forwarded to a second and even third device, such as your mobile phone or tablet.
  7. Wide Array of Features: VoIP is great for making calls, but there are many other features that make VoIP a smart business decision. VoIP also includes video conferencing and conference calling that help both external and internal communications. Other features include auto-attendant, call forwarding, caller ID, voicemail-to-text, call recording, and extension dialing.
  8. Futureproofing: Older technologies such as ISDN are being phased out and businesses that use VoIP are using the modern standard for communications.
We focus on Your IT. You focus on your business.

Everound for your VoIP for Business Phone Systems

If your business is still utilizing old telecommunications technologies, Everound can help you select the right VoIP system for your business. As a managed IT services provider, we have experience helping both small businesses and large enterprises find the best solution for their needs. Our team can advise you on if switching makes sense and can help implement the changes in the most effective way possible to minimize any interruptions.

Ready to make the switch? Reach out today to discuss VoIP for your organization. We focus on your IT, so you can focus on your business.

How to Choose the Right Firewall

When putting together a robust cybersecurity plan for your business, it’s critical to include adding a firewall to your plan. A firewall is a piece of hardware or software that is placed between your internal network and the external public Internet. A firewall is designed to stop malicious intrusions on your private network.

Which kind of firewall is right for your business? There are several different types of firewalls with different levels of protection. Let’s take a look at how to choose the right firewall by examining the different types, what you should consider when choosing one, and how Everound can help you choose the right firewall for your business.

Stop Malicious Intrusions

Types of Firewalls

There are many different types of firewall architectures and each works in slightly different ways to monitor the data coming in and out of your network. While this list is not inclusive of all types of firewalls, here are several common options to consider:

  • Packet filtering firewall: A packet filtering firewall is a network security technique that controls data flow to and from a network. It is a security mechanism that allows the movement of data “packets” across the network and controls their flow on the basis of a set of rules, protocols, IP addresses, and ports. Essentially, data passes through a network in the form of small pieces called data packets. These packets will only get through the firewall if they match the predefined filtering rules set in place.
  • Circuit level gateway firewall: Unlike a packet filtering firewall, a circuit-level gateway firewall does not inspect individual packets, but rather monitors the transmission control protocol (TCP) handshaking between the packets to determine whether a requested session is legitimate.
  • Application-level gateway (proxy firewall): An application gateway or application-level gateway (ALG) filters incoming node traffic to certain specifications which means only transmitted network application data is filtered.
  • Stateful inspection firewall: A stateful firewall, or stateful inspection firewall, keeps track and monitors the state of active network connections. It also analyzes incoming traffic and looks for potential data risks.
  • Next-gen firewall: A next-generation firewall (NGFW) combines a traditional firewall with other network device filtering functions.

Think of a firewall as the virtual wall that separates your internal data from external threats. Without an effective firewall in place, a network could be susceptible to malicious threats and data breaches. If your business isn’t protected by a firewall and you are unsure which kind is best for you, a managed services provider (MSP) like Everound can help you determine what considerations are important in your selection.

What Is Important to Protect?

Considerations When Choosing a Firewall

With several different options to choose from for a firewall, consider the following questions to find the best firewall to meet your needs:

  • What are your top threats? All firewalls offer a similar function – the monitoring of network traffic. How much network traffic do you have at your business? Are you sending and receiving large amounts of data? Are your employees at risk for accidentally opening a door to your network for malicious threats?
  • Does it have DoS/DDoS protection? DoS (denial of service) and DDoS (distributed denial of service) attacks occur when a network is flooded by a machine or a group of machines with malicious intent. Both kinds of attacks can paralyze an organization and opting for a firewall with DoS/DDoS protection can help prevent downtime and lost data.
  • Does it send attack alerts? Some firewalls send real-time alerts when there is a potential threat or breach. Real-time alerts can inform you of when an attack was prevented and when an attack is occurring. With real-time alerts, you can stay ahead of a cyberattack and minimize impact.
  • Are you planning on scaling your business? Some small businesses don’t feel they need cybersecurity protection like firewalls, especially if they only have a few employees. Small businesses, though, can benefit from a firewall especially when starting to grow. Although media coverage focuses on cyber threats to large businesses, small businesses are also at risk.
  • Do you have remote or telecommuting employees? One of the biggest spikes in cyberattacks occurred when remote work increased during the pandemic. If you have a remote team of employees, a software firewall can help you prevent unwanted access to your network.
  • Do you need ongoing support? Before choosing a firewall, ask if the manufacturer has ongoing support. Will they help with installation and integration or are they only selling you the firewall itself? If you need ongoing support, opt for a firewall manufacturer that offers a go-to support specialist.
Protecting Your Data and Organization

Firewall Services with Everound

If you are considering adding a firewall to your cybersecurity plan and are unsure of which type is right for your business, reach out to Everound for help. Our team of cybersecurity experts has decades of experience working with business owners to select and install a firewall solution.

Everound also offers managed IT services and can support your business on an ongoing basis for your information technology needs. Reach out today to start a conversation about cybersecurity best practices including firewalls for your business. We offer a free cybersecurity risk assessment and can recommend the best firewall to protect your network from malicious traffic. We focus on your IT, so you can focus on your business.

layers of the internetThere are more than one billion web pages on the Internet, and 4.8 billion people around the world use the Internet daily. But did you know that only 10% of websites on the Internet are indexed by Google, Yahoo, Bing, and other search engines and accessible to the general public? These websites are called the “surface web,” and the other 90% of websites are the “deep and dark web.” These are the layers of the Internet.

Think of the internet as the ocean, with the surface web as the top layer and visible for miles and miles. The deep web, then, is the deeper part of the ocean just below the surface. This is also accessible to people but requires a bit of work to access. The dark web is the very bottom of the ocean and is only accessible to a small number of people who know exactly how to get there and has the resources and time to do it.

Let’s take a look at what kinds of web pages are on each layer (surface, deep, and dark), and what that means to the general Internet user.

Easily Accessible Content

What is the Surface Web?

The surface web includes websites that we are all familiar with and likely access on a daily basis. This is the portion of the Internet that is readily available to the general public and searchable with standard web search engines like Google, Bing, and Yahoo. The surface web is also known as the “Visible Web.”

The surface web includes websites like:

  • Social media sites including Facebook and Instagram
  • Business websites such as Everound.com
  • Wikipedia
  • Online video sharing platforms like YouTube

Essentially, any website that appears after you complete a search on Google or another search engine is on the surface web.

Accessed Through Authentication

What is the Deep Web?

Unlike the surface web, the deep web is part of the Internet where the contents are not indexed by search engines. The deep web is only accessible with some sort of authentication – a password or other means to be able to view the data and information. Using the previous ocean analogy, a person needs to have a resource to go “below the surface.”

Why is information on the deep web harder to access? Without authentication, that information is at risk for public consumption.

The deep web contains sensitive information like:

  • Personal email accounts
  • Content on your social media accounts
  • Online banking and investments
  • Private online databases
  • Medical records and private health information
  • Content contained within scientific and academic databases.

A lot of what exists on the deep web consists of personal information that you wouldn’t want to turn up in a web search — like your social security number or credit card information. This is private and could be misused in a data breach.

Remember, if you must provide a username, password, or some other type of authentication, the information you access is on the deep web.

Intentionally Hidden on the Internet

What is the Dark Web?

The dark web IS a part of the deep web but cannot be accessed through traditional web browsers. The dark web is intentionally hidden on the Internet. Originally designed to share information and communicate by the US Military, the dark web is now accessed by others.

Accessing the dark web is not an easy task for the general Internet user. Regular browsers like Microsoft Edge or Google Chrome are unable to access dark web websites. The dark web uses what’s called The Onion Router (often referred to as Tor) hidden service protocol. “Tor” servers are undetectable from search engines and provide complete anonymity.

Although not all activity on the dark web is harmful, there is a growing population of cybercriminals that use the dark web maliciously and for illicit purposes. Some cybercriminals sell sensitive information on the dark web that can be used to exploit companies and can lead to identity theft. The dark web also is a place where some cyber attacks are planned.

Here are a few examples of what can be found on the dark web:

  • Stolen information: If a company experiences a data breach because of a cybersecurity failure, there’s a chance the stolen data may be up for grabs on the dark web. Other stolen information for sale includes login credentials and hacked Netflix and Amazon accounts.
  • Illicit substances: Believe it or not, you can find and purchase illicit drugs and toxic chemicals on the dark web. Prescription drugs are also available on the dark web.
  • Dangerous and disturbing images and information: Unfortunately, the dark web can be a dangerous and ugly place. Human trafficking, pornography, gore, and counterfeit goods have found a home on the dark web.

The dark web can be a marketplace for illegal behavior. Companies with a cybersecurity plan in place that includes dark web monitoring can stay ahead of cybercrime on the dark web. Employee information can be at risk – logins and passwords are prime data that can be sold and transferred on the dark web.

Website hackers, too, find ways to compromise company networks through the dark web. A dark web monitoring MSP (managed service provider) can help you keep track of any information that may be compromised.

Protecting Your Data and Organization

Cybersecurity and Dark Web Monitoring with Everound

As a cybersecurity expert, Everound can help monitor the dark web for your small business or corporate enterprise. Through a strategic, customized and intentional approach, our team of cyber experts will create a cybersecurity dark web monitoring protocol that includes:

  • Real-time alerts of dark web threats
  • Routine scan of dark web for your business information
  • Detection of compromised credentials including IP addresses, email addresses, and logins and passwords

Cybersecurity companies like Everound are experts at preventing cyber threats from infiltrating your business. With more than 30 years of experience, our team of cybersecurity professionals can recommend and implement data protection strategies and programs to help keep your information and your network safe from harm. Reach out today for your free cybersecurity risk assessment. We focus on IT so you can focus on your business.

In today’s highly volatile cyber environment, it’s important for business owners to have a clear, strategic approach to a cybersecurity risk management process. Managing cyber risk should be considered a priority for all business owners, regardless of size. While most media coverage focuses on cyber-attacks for large enterprise-level organizations, many small and medium businesses are also facing cyber-attack challenges.

Cyber-attacks are not random. In fact, if you know what to look for, there are usually signs of a planned or imminent cyber threat. Phishing emails and mentions of organizations on the dark web are both red flags that an organization is being targeted.

What should business owners do to stay ahead of potential cybersecurity vulnerabilities? The answer is the creation and implementation of a cybersecurity risk management plan. A cybersecurity risk management plan is the ongoing process of identifying, analyzing, evaluating, and addressing cybersecurity threats. The process is shared among an entire organization, not just members of the information technology team.

Because the cyber landscape is continually changing and new, sophisticated threats emerge daily, a risk management plan doesn’t completely provide a fail-safe for cyber threats. However, by establishing a risk management approach to cybersecurity, an organization can greatly reduce its risk by attending to the flaws, threat trends, and attacks that matter most to its business.

Let’s take a look at how to develop a cybersecurity risk management plan, the common cyber risk management frameworks, and the benefits of cybersecurity risk management.

Prepare Now. Save Later.

Developing a Cybersecurity Risk Management Plan

When developing a cybersecurity risk management plan, many organizations approach the process with a 4-step model. First, organizations should identify risk, then assess the likelihood of the threat or risk actually occurring and what is its potential impact. The third step is to identify appropriate risk mitigation measures, and the final step is an ongoing monitoring program that includes risk response and security controls designed to evolve to address a shifting cyber threat environment.

Let’s explore each step of the process in more detail.

Step One: Identify Cybersecurity Risk

An IT risk is essentially any threat to your business data, IT infrastructure systems, and overall business processes. It is the potential for an unplanned, negative business outcome that comes as a result of a failure or misuse of information technology. When considering what your IT risks are, think of how a threat can impact your business and what would the consequences be?

When identifying risk, start with thinking about the threats, vulnerabilities, and consequences of an IT failure. Document each before moving to the next step.

  • Threats: Threats are circumstances with the potential to affect an organization’s operations or IT assets negatively. This can occur through unauthorized access to IT information systems and can occur through human error, cyber-attacks, IT configuration failures, and even natural disasters such as a hurricane, tropical storm, or black out.
  • Vulnerabilities: What are the weaknesses in the information system, security procedures, internal controls or implementation from a threat? In addition to internal vulnerabilities, list the external weak points such as supply chains and vendor relationships.
  • Consequences: Consequences are any of the adverse results that happen when a threat exploits a vulnerability. What costs – both hard and soft – are at risk and would be a consequence if a cyber threat was successful? Some of the costs include revenue, destroyed or lost information, and customer trust.

Step Two: How to Assess Risk

After cybersecurity risks are identified and documented, the next step is to assess your level of risk to determine what level of cybersecurity measures should be implemented. Which risks are the greatest? Which have low consequences? Assessing risk can help you determine how to build your risk management plan.

For reach risk, conduct an impact analysis that includes:

  • Name all assets
  • Prioritize each asset
  • Identify all possible threats
  • Identify vulnerabilities
  • Determine the likelihood of a threat event
  • Conduct an impact analysis to estimate the cost impact

The results of your risk assessment will be a guide to inform risk management decisions and risk response measures in the future.

Step Three: Identify and Implement Cybersecurity Risk Mitigation Measures

Now that you’ve intentionally identified IT risks, how can you mitigate each risk to minimize the impact of a cyber-attack? Depending on the outcome of the previous steps, there are several options to help manage cybersecurity risk including:

  • Cybersecurity training: Most successful cyber-attacks are the result of human error. Cybersecurity training programs for staff and stakeholders is a great tool to help mitigate risk.
  • Updating software: Updating software is an important part of cybersecurity. Outdated software lacks patches if vulnerabilities are discovered and can fall prey to advanced cyberattacks. This poses several security risks, both due to human malice and the chances of information system failure.
  • Multi-factor authentication (MFA): MFA is a security feature that dramatically improves account security. MFA, also referred to as two-factor authentication, adds an additional layer of security to protect organizational data and assets.
  • Data backup: Data backups are an essential part of a cybersecurity risk management plan as they allow for data protection and recovery in the case of a successful attack. There are different strategies and resources available for data backup, most including cloud services.
  • Endpoint protection:  Every single device that is connected to your network is an entry point to your business. Endpoint protection works by examining files as they enter and leave devices on your network. An endpoint security system is a software program that is centrally managed by an administrator and tracks threats in real-time.
  • Dark web monitoring: Company email addresses, validation credentials, account information, and other important business data can be compromised or sold on the dark web. Adding a dark web monitoring service to your cybersecurity plan helps protect yourself from a data breach.

Step Four: Implement Ongoing Monitoring

After putting cybersecurity risk mitigation measures in place, most business owners have a false sense of security. After all, they’ve identified risks and put security measures in place – shouldn’t that be enough?

Unfortunately, cybercriminals and cybercrime evolves and change rapidly. Ongoing monitoring can help ensure internal controls keep up with changing IT risks.

Best Practices

Common Cyber Risk Management Frameworks

When building a cyber risk management process, there are several frameworks that help businesses adhere to industry and regulatory best practices. A cybersecurity framework provides a common language and set of standards for IT professionals in varying industries. Having a framework in place makes it easier to define the processes and procedures your business must take for cybersecurity.

Some of the most popular frameworks include:

  • NIST Cybersecurity Framework (CSF): Drafted by the National Institute of Standards and Technology (NIST), this framework addresses the lack of standards when it comes to cybersecurity across the private and public sectors. NIST CSF provides a uniform set of rules, guidelines, and standards for organizations to use across industries.
  • DoD Risk Management Framework (RMF): The Department of Defense (DoD) Risk Management Framework (RMF) is the set of standards that DoD agencies use to assess and manage cybersecurity risks. This framework can be applied to other industries and breaks down a cyber risk management strategy into six steps.
  • ISO/IEC 27001 and 27002: Created by the International Organization for Standardization (ISO), ISO 27001 and ISO 27002 are considered the international standards for validating a cybersecurity program. Companies can receive ISO certification by following the framework outlined.
  • FAIR: The Factor Analysis of Information Risk (FAIR) is a cyber risk framework developed by The Open Group to help businesses understand, measure, and analyze risk to help business leaders make well-informed decisions about their business risk and their cybersecurity practices.
Stay Ahead of Cybercrime

Benefits of Cybersecurity Risk Management

An intentional and strategic cybersecurity risk management program can reduce the risk of cyber criminals obtaining sensitive company information. There are countless benefits to a thought-out, intentional approach to cybersecurity including:

  • Phishing detection
  • Brand protection
  • Fraud protection
  • Sensitive data leak monitoring
  • Dark web activity
  • Automated threat mitigation
  • Minimizing supply chain risks

Unsure where to start with a cybersecurity risk management plan? A managed services provider (MSP) specializing in cybersecurity can help you create a framework to protect your business from cyberthreats.

Protecting Your Data and Organization

Cybersecurity Risk Assessment with Everound

Cybersecurity companies like Everound are experts at preventing cyber threats from infiltrating your business. With more than 30 years of experience, our team of cybersecurity professionals can recommend and implement data protection strategies and programs to help keep your information and your network safe from harm.

We offer a free cybersecurity risk assessment that can help you start developing your cybersecurity risk management program. We will take a deep dive into your potential security threats and recommend programs that can help you reduce risk. Reach out today for a free consultation. We focus on your IT, so you can focus on your business.

While the shift to a remote workforce had been gradually evolving over the last decade, 2020 accelerated the move to remote work. Many businesses are now embracing either an entirely work-from-home culture or a hybrid model where employees split their time between an office and a remote location.

A recent survey from PwC reinforced what leaders and business owners have been hearing from their own teams – more than half of employees who were sent home to work during the pandemic prefer to continue to work from home at least 2 days a week. Nineteen percent of all employees surveyed prefer to work remotely entirely. The old paradigm of a 40-hour workweek, bookended with a morning and evening commute, is quickly changing.

The key to a successful remote workforce is a solid technology infrastructure and IT support. Technology plays a critical role in access to resources, collaboration, and most importantly, security. What current technologies can help a remote team? Let’s look at how technology supports a remote workforce.

Keeping Your Team Protected

Critical Cybersecurity for Remote Workers

A successful, efficient remote work platform requires several key technology resources that provide a seamless, secure work experience. With the staggering increase in cybercrime in 2020, the highest technology priority for any business, especially those with a remote team, is cybersecurity.

Last year more than 90% of companies worldwide experienced some form of a cyberattack whose aim was to steal passwords. For businesses with remote employees, a solid, strategically developed infrastructure can help prevent cyber threats while also providing ways for employees to work efficiently and stay connected.

Several technologies that are critical for a secure IT infrastructure include:

  • VPN: VPN, or a virtual private network, is a service that both encrypts data and hides IP addresses by bouncing network activity through a secure chain to another server miles away.
  • Network Security: Network security is the use of technologies to defend a network and network-accessible software and hardware from cyberattacks and misuse of company data. Depending on the type of business, network security can include firewalls, anti-malware, and data loss prevention (DLP).
  • Access Controls: For a remote team, access controls can help business owners allocate different levels of access to sensitive documents on a server. Access control is a security process that regulates who can view and use resources on a network. Access control minimizes risk to the business or organization and reduces the risk of a cyberthreat.
  • Multi-Factor Authentication (MFA): Multi-factor authentication is when a user must provide two or more pieces of evidence to gain access to a digital platform or resource. This extra layer of security is used to protect against hackers by ensuring that digital users are who they say they are.
Keeping Your Team Connected

Communication Technologies for a Remote Workforce

One of the challenges of the abrupt move to a remote workforce in 2020 was the immediate disruption to face-to-face communication and routine day-to-day conversations. Because nonverbal communication makes up 60-80% of communication, it’s important for businesses to integrate a visual platform for communication in addition to digital communication products (think chat programs like Slack).

Successful remote teams have several information technology resources available to them to encourage communication including:

  • Google Workspace: Google Workspace is a platform that provides several collaboration and workspace tools to make remote work easier for employees. Files can be shared on a secure platform, projects can be collaboratively edited from a central location, and communication tools that allow chatting and video and voice communication are available.
  • Microsoft Teams: Microsoft Teams is a platform that allows for instant communication, file sharing, and collaboration. Users can chat with the colleagues in real time, or even place a video phone call with one click. Files can be shared through chat, eliminating the need to send files as attachments via email. Other resources on Microsoft Teams include VOIP, screen sharing, webinars, and online meetings.
  • Video conferencing: Years ago, a video conference felt foreign to many employees. Video conferencing exploded in 2020, with several platforms breaking through as leaders. In addition to Google and Microsoft, Zoom has risen to the top with their easy-to-use platform for video conferencing. Many products can host hundreds of attendees with ease.
  • VOIP: The traditional landline phone system is becoming obsolete, especially without employees working from a shared office of location. VOIP, also known as voice over internet protocol, is a solution that connects users to each other immediately. VOIP is built in to several platforms including Zoom and Microsoft Teams.
Keeping Your Team Supported

Support Services for Remote Workers

A robust remote work program not only includes the apps and services employees need to perform their job but also supports technologies challenges and backup and disaster recovery.

Several approaches to IT support services include:

  • Remote Help Desk: When employees are working in the same building as their information technology colleagues and have an IT challenge, they often walk to their office for a quick fix to resolve issues. With remote teams, minor technology challenges can become a huge frustration without the proper process and support in place. Having a remote help desk in place with an automated help desk ticketing system provides remote employees access to technology help.
  • Backup and Disaster Recovery: While disaster recovery for on-premises infrastructure and data centers has become standard for most companies, moving applications to third-party cloud solutions to support remote work creates a unique challenge. When companies move to cloud-based applications such as file-sharing and storage, they need to do due diligence to ensure those vendors are following the best practices for disaster recovery to ensure their data is safe. Properly secured cloud-based solutions are a great way to backup and restore data in case of hard drive malfunctions, cyberattacks, and natural disasters.
We Focus On Your IT, So You Can Focus On Your Business.

Managed IT Services for a Remote Workforce

At Everound, we understand the unique information technology challenges of businesses with a remote workforce. We can help identify areas of improvement and customize solutions to help meet the needs of a fully remote or hybrid business model.
Interested in learning more? Reach out today for a free assessment to see if your current IT infrastructure is fully supporting your remote team. Let us focus on your IT, so you can focus on your business.

Technology helps improve productivity, collaboration and is arguably the driver of success for business goals and priorities. Sometimes, though, information technology creates a headache for its users. Issues with printer connections, login credentials, and even software and hardware configurations can cost companies money in downtime and can distract leadership from focusing on the business itself.

As a managed service provider (MSP), Everound provides IT help desk support for businesses to alleviate the stress and frustration caused by both day-to-day and long-term IT challenges. But what is help desk support? And what services are included in help desk support?

Help Desk Defined

At its core, an IT help desk team supports internal staff at an organization and solves problems ranging from minor issues such as a lost password to larger, more potentially risky issues such as a company-wide network outage. Essentially, a help desk is internal customer support led by a trained information technology support team that can handle technical problems.
A help desk team provides information and support on an ongoing basis to its customers (ie: the company’s employees). This is achieved by not only responding to specific issues and problems but also by proactively seeking and addressing potential IT pain points.

 

What Products and Services Are Provided by a Help Desk Team?

The main functions of a help desk address immediate day-to-day IT issues as well as prevent future IT headaches. At Everound, our monthly help desk services include:

  • Real-time IT assistance: through a help desk ticketing system, employees have immediate access to IT help for issues related to email, hardware and software.
  • Networking: proactively manage and maintain your operating systems, servers, and applications to ensure everything is running smoothly and there are no potential issues. Review and make recommendations for network infrastructure that is out of warranty or at end of life.
  • Microsoft or other software administration: installation, implementation, and administration of Microsoft solutions or other industry-specific software.
  • Ongoing technology recommendations: review current technology investments and identify areas of opportunity and improvement.
  • ISP support: continually monitor and support internet service provider (ISP) functions to address real-time issues including dropped Wi-Fi and other internet-related challenges.
  • Liaison between 3rd party software and or hardware vendors: manage the relationship between the business and its software and hardware vendors to ensure products meet the needs of the business.
  • Antivirus and malware assistance: routine scan and reporting of potential cybersecurity risks including viruses and malware.
  • Disaster recovery: regularly back up data in case of hard drive malfunction, cyberattacks, and natural disasters.
  • IT documentation: thorough IT documentation to provide a historical analysis of solutions as well as create a knowledge base for employees.
  • Monthly maintenance: provide monthly IT maintenance during a predetermined maintenance window that does not interfere with or interrupt employee workflow.

 

Why You Should Integrate a Help Desk at Your Business

 

Some organizations have an existing help desk team in place, while others rely on someone outside of the IT department to address technology issues. While the latter approach may appear to be a cost-savings measure, it will, in fact, cost a business money in the long term.

For example, if everyone in a company runs to the recently hired college grad for help with their computers, that college grad will be focusing on IT support, not the job function they were hired to do. Adding a help desk team to your company is an affordable and strategic business decision to help your business become more efficient and profitable.

At Everound, we support small and medium businesses with their IT help desk needs. Our full-time staff is dedicated to our client’s successes and works with each of our businesses to create a custom approach to let them focus on their business while we focus on their IT.

Interested in learning more? Reach out today for a free IT assessment of your current IT needs. We will help you understand if a help desk is right for your business. 

Choosing an IT provider and hiring the right information technology consulting company is paramount to ensure both short- and long-term business continuity. A strong proactive information technology strategy and approach can create efficiencies, improve communication, and ensure sensitive business data is secure.

As an IT consulting and managed IT services provider, we know there are many companies that provide similar services. With every IT company promising the same thing, how do you choose an IT provider? As a business owner, it’s critical to understand what to look for when choosing a partner to help you with your IT needs.

Here are 5 key qualifications when choosing an IT provider for your business:

 

choosing an IT provider

Availability

Nothing is worse than having to track down your IT support team when you are having a critical issue that needs quick attention. A reputable managed IT services provider should be available and on-call to respond to issues quickly. When choosing a provider, ask about guaranteed response times, direct access to the IT support team, and if they offer 24/7 support services. 

Onsite Support

Even though remote work is becoming standard for businesses, brick-and-mortar companies still need onsite support for IT challenges. IT consulting firms and managed service providers should offer onsite support included in their scope of services to help employees with their IT needs. From hardware and software installation to general troubleshooting, onsite support is critical in an ongoing IT support relationship.

Innovation & Outside the Box Thinking

Many IT support companies will use a cookie-cutter approach to IT services for their clients. For some functions like software installation, using the same approach is most likely appropriate and even efficient. But individual businesses have specific challenges that are best solved through innovation and custom solutions. Ask your managed IT services company if they understand your specific needs and how they will approach problem-solving as your IT partner.

Disaster Recovery and Response

Are you prepared for an emergency such as a cyberattack, network failure, power outage, or even a fire or other facility loss? When you choose an IT service provider, be sure they are properly helping you plan for an emergency or disaster with cloud services, cybersecurity planning, and proactive disaster recovery and response programming. 

Relationship-Focused

Above all, your managed IT service provider should be relationship-focused. Many companies push their client into an annual service level agreement and then once signed, forget about the relationship. Business owners should feel like their outsourced IT team is not outsourced at all, rather as an extension of their own staff and team.

The Everound Difference

We do things a little differently at Everound. We believe relationships and trust are the drivers of a successful partnership. We work diligently to build, maintain, and improve upon relationships in all that we do. How are we different?

  • Full-Time Certified Staff. Everound does not outsource our clients’ work. When our clients call with a question or send us an email, they are connecting with our full-time, certified staff, not someone off our payroll in an office across the country. We believe in building relationships with our clients, not pushing them to an outsourced contracted employee.
  • A Dedicated, Accessible Team. When our clients have an issue, they know who to call, always. Our clients call us directly and are not routed through an answering service. We share our cell phone numbers and emergency contact information with our clients so they can reach us at a moment’s notice. We know IT challenges can be frustrating, and a quick response is critical. Our goal is for each of our clients to think of us as an extension of their full-time workforce.
  • The IT Factor. Unlike other companies that require an annual service agreement, we work hard each and every day to earn our clients’ trust and business. If our clients are not satisfied with our services, we will help them find another provider that can meet their needs. The IT Factor is our promise to provide outstanding customer service that allows our clients to focus on their business while we focus on their IT.

If you are interested in improving your IT infrastructure and programs, reach out today to learn more about how we can help. Whether you are frustrated with your current provider or are considering choosing an IT provider for the first time, we are ready to listen to your needs and help you make an informed decision.

 

 

As a business owner, you are likely familiar with and utilize antivirus (AV) software to help protect your hardware devices from cyber threats.

While antivirus programs provide basic protection from threats, the technology has been relatively unchanged since its inception in the late 1980s and can easily be bypassed by today’s savvy cybercriminals.

Antivirus programs are not enough to protect you from advanced threats like ransomware. Ransomware works much differently than traditional viruses and can attack your data and hold them hostage with encryption. Ransomware attacks cost businesses nearly $20 billion in 2020 alone.

So how do you fully protect your business from cyber threats including ransomware and malware? While nothing is completely infallible, implementing an endpoint detection and response (EDR) solution can protect your company from advanced threats.

What is Endpoint Detection and Response?

Endpoint detection and response is a cloud-based continuous monitoring cyber software platform designed to find and mitigate cyber threats that have bypassed your existing cybersecurity measures.

Think of endpoint detection and response, also referred to as endpoint threat detection and response (ETDR), as a cyber threat “hunter” and antivirus, as a cyber threat “roadblock” or “obstacle.” Sophisticated malware like ransomware can overcome a roadblock or obstacle, so “threat hunting” with EDR adds an additional layer of cybersecurity. If a threat infiltrates your antivirus software, EDR takes over.

How Does Endpoint Detection and Response Work?

EDR software such as SentinelOne is installed on endpoints and records every file execution, registry change, network connection, and other activities in a central database. Every action taken on endpoints is monitored and recorded. Then, using machine learning, EDR provides real-time data and threat intelligence on and between the endpoints.

EDR investigates the entire lifespan of the threat. EDR will determine how the threat bypassed the initial cybersecurity system (usually the antivirus software), where it has been in the environment, what it’s doing now, and how to eliminate it.

Using this data, EDR contains the threat and prevents it from spreading throughout your entire network. EDR uses analytics to find patterns and anomalies in an environment including rare processes, strange connections, and related risky activities.

System administrators can access the data compiled by the EDR in a central dashboard, and users that have suspicious activity on their endpoint will be notified of the threat in real-time.

EDR Capabilities

While many EDR programs have varying security capabilities, they share key components and features. When searching for an EDR solution, here are key capabilities to look for:

Detection

Cyber threat and incident detection are critical to a successful endpoint detection and response program. EDR uses continual file analysis to determine if any malicious behavior is unfolding. When identified, an EDR solution will flag the file as suspicious so immediate action can be taken.

Containment

After detecting an issue, an EDR solution will immediately contain the threat. If left alone, the threat can spread quickly throughout a network, creating chaos, and potentially infecting and harming other endpoints. Quick containment can save companies thousands of dollars in lost revenue, ransom, and downtime.

Investigation

What sets EDR apart from traditional antivirus is its ability to investigate the cause of the threat, document its behavior, and then use that information to improve upon existing security protocols. For example, if the threat slipped through the front-line barriers, there is clearly a vulnerable point-of-entry in the network. The EDR will help you find that vulnerability and remediate it.

Elimination

An EDR solution will efficiently and effectively remove the identified threat and scan the network for similar suspicious files that may have infiltrated the system. Using compiled data and best practices in cybersecurity, the threat is eliminated, and preventative measures are put in place to prevent the threat from replicating.

Why EDR Is Important for Businesses in 2021

Cybercrime rose a staggering 300+% in 2020, most notably after the abrupt transition to a remote workforce in the spring. The increase occurred mostly at companies that were using antiquated antivirus software without an EDR solution in place.

With remote work extending into at least the first few quarters in 2021, it’s important to take proactive measures to reduce the risk of cyber threats and attacks. Even if your workforce isn’t remote, EDR can help keep your company endpoints safe from a cyber threat.

Originally adopted by large enterprise businesses, EDR is now recommended for businesses of all sizes to avoid and mitigate a cyber attack. An effective EDR can protect businesses from losing thousands of dollars in lost revenue and critical hours of downtime.

Everound and SentinelOne: Your EDR Security Team

Everound partners with SentinelOne, a national, leading EDR solution, to implement affordable endpoint detection and response programs for both small and enterprise-level businesses. Nearly all data breaches occur at endpoints, so having a proper EDR solution in place is critical to keeping your business operating at peak efficiency in a safe cyber environment.

As endpoint protection platform (EPP) experts, Everound can help your business implement a comprehensive EDR solution at a reasonable investment. Reach out today for a free consultation, and to learn more about how we can help keep your IT safe, so you can focus on your core business.