Want to Be a Remote Worker? Get These Digital Skills

Jim Landis, 53, is job hunting after a year spent as his wife’s full-time caregiver. Because she has ongoing medical issues, one of Landis’ must-haves is the ability to work from his Denver home at least part-time. To make himself a stronger candidate for remote work, the requirements-analysis manager and software programmer paid roughly $500 for four online classes in advanced digital skills such as data science and data analytics.

Landis says his previous employer wasn’t very cutting edge, so his digital skills lagged. “I wish I had been a bit more focused on my own interests and kept an eye on staying technologically current with the broader industry,” he says. Landis doesn’t expect the courses to lead directly to a job offer, “but if a hiring manager is thinking about moving to a new technology in the future, being able to say I have course work — that will get me some points,” he notes.

Brushing up on digital skills is a smart move if you want to work remotely in your 50s or 60s. That’s true whether you hope to get hired as an employee who works remotely, or you want to get freelance jobs that let you work from home.

Apps for Remote-Based Work

Older workers can possess all the qualities that make them a great fit for remote work and not get an offer if they aren’t up to speed on popular apps for sharing files, participating in video chats or communicating with co-workers.

A younger candidate might be less qualified, but if that person can use the tools and speak the lingo, it can give an employer peace of mind, says Laurel Farrer, a remote work strategist and founder of the Remote Work Association,

Farrer, Kate Lister (a long-time remote-work analyst and president of Global Workplace Analytics) and other professionals group must-have digital skills for remote work into four categories:

• File-sharing platforms that let coworkers upload and share work-related documents, including apps such as Google Drive, Dropbox and Box.
• Videoconferencing applications such as Zoom, BlueJeans, me, Skype and WebEx.
• Enterprise communications platforms that have taken email’s place as the main source of interoffice communication, including Slack or Microsoft Teams. Remote workers can use the platforms to exchange public or private messages with individual coworkers or groups and search old messages (like a Facebook newsfeed but for the workplace). Most communications platforms connect with other workplace apps so remote workers can share files and calendars or participate in video chats.
• Collaboration apps that make it easier for people on a team or project to work together, including project management applications such as Basecamp, Asana and Trello. Collaboration apps typically include some type of shared project checklist so team members can see who’s responsible for what and check off tasks as they’re finished.

At Dell Technologies, for example, six out of 10 employees of all ages work remotely at least one day a week in a typical month. When they work remotely, employees stay in touch through Skype, Zoom, Slack and Chatter, an enterprise communications platform owned by Salesforce. “We strive to make the process of leveraging flexible and remote options easy and simple for all of our employees,” says Dell spokesperson Jennifer Faulk.

Independent contractors who are savvy about digital tools find that expertise beneficial in landing assignments.

Working From Home With Digital Skills

Take Lee Ann Harris, 59, who works from an office she set up in a spare bedroom of her Sunnyvale, Calif. home. Since leaving a job as a senior director of clinical operations for a medical device manufacturer five years ago, Harris has crafted a livelihood out of doing a variety of contract work.

Harris consults for a few medical device companies on training and regulatory compliance issues, and got a notary public license to do home loan signings and similar work. She uses conference-calling services and file-sharing platforms such as Dropbox with all her clients. She also uses Google’s office apps suite, including Google Docs for writing and Google Sheets for spreadsheets.

“It comes down to making a living,” she says. “I also have a component of fear. I’m afraid of being left behind by technology.”

Along with the basics, people interested in remote work need to keep up with digital skills unique to their profession.

Prior to leaving her full-time job, Harris dabbled in interior design as a hobby. After quitting, she completed an online interior design certification program to become an interior decorator. She followed that up by teaching herself a few computer-aided design (CAD) programs in order to show interior design clients what their spaces would look like after a remodel.

“I’d never done any kind of computer-aided drawing in my life. It was a lot of fun,” Harris said.

Getting Your Boss to Let You Be a Remote Worker

If you’d like to work remotely with your existing office job, ask your manager during a routine performance review or a check-in about career goals, says Paul McDonald, senior executive director for Robert Half, a global staffing firm that places professionals into temporary and full-time positions, including hybrid or fully remote jobs.

And if your company already offers remote work, let a supervisor know that it’s something you want to map yourself toward doing, McDonald adds. He also suggests taking advantage of employer-offered training to pick up needed digital skills.

To find remote-work digital training on your own, McDonald says, look into courses available on online-learning sites such as LinkedIn Learning (previously known as Lynda.com) and Udemy.

DIY types can teach themselves through free online resources offered by app developers, including training videos, step-by-step instructions and on-demand classes. Examples include Microsoft’s on-demand end-user training videos for Teams, the Slack Foundry tutorial app, Zoom’s instructor-led weekly online training classes, and  free video lessons for adult learners that Google offers for its office apps suite, including Docs, Sheets and Slides.

Learning Digital Skills at Community Colleges

Some community colleges offer training on in-demand digital skills, in some cases, partnering with tech companies to train educators. Classes and costs vary by institution.

In April, Google teamed up with the Coalition on Adult Basic Education to train community college teachers and other educators countrywide how to impart digital skills to adult learners, part of the tech giant’s ongoing Applied Digital Skills initiative. In 2018, Facebook said it would work with community colleges and other local groups in 30 cities, including Houston, St. Louis, Des Moines and Greenville, S.C., to develop classes on coding, digital marketing and other skills.

Remote work’s popularity has also led to startups offering specialized remote-work training programs for companies and individuals.

Workplaceless has a self-paced remote-work certification course costing $195. The full course, which can take up to a year to complete, covers seven topics, including productivity and time management, teamwork and critical thinking.

Some nonprofits also offer digital skills training for older workers who can’t afford classes. One is Senior Service America, which runs programs to connect low-income and disadvantaged adults with prospective employers.

Article provided by PartnerOn and Forbes.com.

The way we do business is in a constant state of evolution. Having a strong business phone system presence is increasingly important as we all look to deliver the best client service. Here are the 4 benefits of unified business communications you should be aware of.

1. High Reliability
Top-level, unified business communication systems are designed with multiple data centers that provide redundancy and minimize latency. Strict guidelines for Voice over Internet Protocol (VoIP) network testing ensure reliable connections and high voice quality.

2. Increased Employee Productivity and Collaboration
There’s a good chance that your employees are highly mobile in our current age of technology and client service. Having a unified business phone system allows your mobile devices to interact seamlessly with your corporate phone lines. Increased flexibility allows your staff to be more productive and accessible.

Business Communication System Mobility Features

• Integrated chat
• Short Message Service (SMS)
• Video conferencing
• Screen and file sharing
• Data backup

3. Business Continuity
A business communication system is not complete without a mobile application with full phone functionality. Should a desk phone become unavailable, these cloud-based systems are immune to local outages, keeping your business moving and flexible.

4. Scaling and Management
A unified business communication system is scalable based on your current needs. Phone services are designed based on the number of users or resources that are needed. Users pay only for what they need and can order additional services quickly.

Yeo & Yeo Technology specializes in unified business communications with YeoVoice through its partner, Elevate. Contact us to learn more and get started today!

• Email helpdesk@yeoandyeo.com
• Use our online Tech Support Request Form
• For emergency support after 5:30 p.m. and before 7:30 a.m., call 989.797.4075 and select option 7.

There seems to be a constant supply of news stories involving high-profile, high-impact, criminal cyber activity. More often than not, the data breaches that we hear about occur at large businesses or global organizations. This leads many people to think that it’s only those big companies that are at risk of being attacked. They incorrectly assume that today’s cybercriminal is always looking for a giant financial payout or a huge cache of personal data. But the reality is that small and mid-size businesses (SMB) are actually at greater risk. SMBs’ focus on cybersecurity needs to be a high priority.

In their 2018 Data Breach Investigations Report, Verizon found that 58% of all cyberattacks target small businesses. While it is true that the ultimate reward might not be as high as from a multinational organization, cybercriminals go after SMBs because they are easier to penetrate.

Gaining access to a multinational organization can be difficult. Larger organizations have the budget and the obvious need to protect their networks. When you collect personal data from around the globe or generate billions in revenue, you dedicate time and resources to protecting yourself. SMBs, on the other hand, don’t always focus on cybersecurity the way they should. And this is what cybercriminals are counting on.

Why Are Small and Mid-Size Businesses at Risk?

Regardless of the size of your business, cybercriminals who want to access your network will take advantage of any vulnerable attack surface. A single unprotected or improperly secured edge device can be all they need to access an entire system.

According to the Verizon Report, cyberattacks can occur in several different ways. 48% of last year’s breaches featured hacking while 30% included malware. Other less prevalent but still dangerous methods of attack were social attacks, privilege misuse or physical breaches.

A comprehensive approach to security is crucial for keeping cybercriminals at bay. Unfortunately, when it comes to the cybersecurity of physical security systems, many smaller organizations have a relatively haphazard approach. They roll out disparate solutions for access control and video surveillance which puts them at greater risk. And, as they grow or evolve, they add new cameras or technology when they can find the resources rather than developing a strategic plan to upgrade their system as a whole. This means that they may not be aware of potential points of attack on their evolving physical security network.

In addition, SMBs don’t always have a clear cybersecurity strategy that they communicate to every member of their team. The Verizon Report states that nearly one-fifth of system breaches occur because of human error. This can happen when an employee clicks on the wrong link or doesn’t adequately secure a device. Like any organization, an SMB can mitigate these errors through training and organization-wide awareness.

This takes a commitment from senior executives as well as an understanding of what is actually at risk. Unfortunately, SMBs tend to think that, because they aren’t dealing in billions of dollars, cybercriminals won’t bother attacking their networks. While they may believe they have less to lose to a cyberattack than large organizations do, they are actually at a greater risk that their business might not survive the fallout or cleanup.

The Impact of a Data Breach on SMBs

When a multinational or global company is attacked, the cost can be astronomical whereas, according to the Ponemon Institute, the average cost for small businesses to clean up after being hacked is about $690,000 and, for middle market companies, it is over $1 million.

To an outsider, this may seem less significant in comparison with the high-profile cases that make it to the top of the news cycle, but these costs represent a huge financial burden for an SMB. In fact, according to the U.S. National Cyber Security Alliance, 60% of small companies are unable to sustain their business more than six months following a cyberattack. They frequently just don’t have the resources.

And, in addition to cleanup and containment costs, SMBs who collect personally identifiable information (PII) in Europe are now also going to have to deal with potential fines that arise from the European Union’s General Data Protection Regulation (GDPR). The regulation includes mandatory breach reporting rules that stipulate an organization must report a breach within 72 hours of detection.

The penalties for non-compliance are steep with fines of up to 20 million Euros or 4% of global annual turnover – whichever is higher. When you think of a small business not being able to survive a breach that costs under a million dollars to clean up, you can imagine what the outcome of such a heavy fine would be. Clearly, SMBs need to put the work in now to protect their networks and their budgets for the future. But how do can they do this without breaking the bank?

How Can SMBs Focus on Cybersecurity and Protect Their Networks?

As with any organization, an SMB can protect itself by deploying solutions that are developed with cybersecurity in mind. This means the systems they use should include ways to encrypt data, authenticate users and authorize access.

Encrypting data helps SMBs protect the private and sensitive information on their network and enhance the security of communication between client and servers. When data is encrypted, even if an unauthorized person or entity gains access to it, it is not readable without the appropriate key. The question then becomes how to control access to those encryption keys. The answer is through authentication.

Authentication comes in different forms. Client-side authentication includes username/password combinations, tokens and other techniques while server-side authentication uses certificates to identify trusted third parties. These allow SMBs to first determine if an entity – user, server or client app – is who it claims to be, and then verify if and how that entity should access a system, including the ability to decipher encrypted data.

However, while encryption and authentication are great tools for protecting data, they cannot stop unauthorized access to a network. The Verizon Report also states that more than 25% of network attacks involve people inside an organization. As a result, in addition to protecting access through authentication mechanisms, SMBs also need to use authorization to control who sees sensitive data and what they can do with it.

When authorization capabilities are built into security solutions, they allow administrators to restrict the scope of activity within their systems by giving specific access rights to groups or individuals for resources, data, or applications. By defining privileges, administrators can fine-tune the level of access granted to each individual. This allows administrators to strike a balance between providing individuals with the access rights necessary to do their jobs efficiently and ensuring that they mitigate the risks associated with a potential data breach. This not only increases the security of the physical system as a whole, but it also enhances the security of other systems connected to it.

Return on Improvement

Prevention and detection are the best ways to avoid the costs associated with a system breach, including cleanup, loss of data and potential fines. By hardening your network against criminal cyber activity, you improve the security of your data and increase your resilience against cyberattacks.

At the same time, you should also be monitoring your systems for common indicators of a compromise. These can include unusual login times, reduced operating speeds across the network, errors in application and system event logs, new devices on the network, new users with admin privileges, unusual event log entries in the security log, or workstations with very high traffic.

Detection is increasingly important when it comes to mitigating the damage caused by a breach. The Verizon Report states that 68% of breaches took months or longer to discover. Having best practices in place to detect a breach as quickly as possible helps to reduce its overall impact and can make recovery that much easier. In the event of a data breach, you should also be prepared to respond quickly and effectively.

Overall, the challenge of securing SMB systems might be easier than for large businesses. SMBs tend to have a better picture of all their assets and a more direct way of communicating a new cybersecurity strategy to their teams. And their return on improvement is significant.

This article was provided by ContentMX and Securitymagazine.com.

The best way to defend your organization against a cyberattack is to take proactive steps now, before an attack ever occurs. That way you’ll be prepared if your organization is targeted.

Attacks often begin with phishing schemes. Typically, someone within your organization would receive an email from someone posing as a trusted or well-known source. The employee lets their guard down and clicks on a link in the email. That may automatically provide the scammer with the employee’s log-in information, or prompt them to enter a user ID or password, or both. This allows the criminal to access financial or personal information that can then be used to commit crimes.

Although your organization may not hold the same treasure trove of information as a bank or other financial institution does, the information you store can do plenty of damage if it falls into the wrong hands. Many times, a cybercriminal will be looking to steal individuals’ identities through their Social Security number or other sensitive data.

Finally, hackers are constantly devising more sophisticated ways to invade your organization’s system. One recent innovation is the use of ransomware that may be downloaded to a system through a phishing expedition. This enables the phisher to block an organization’s access to its own information unless it pays a healthy ransom.

Taking Action

Although every situation is different, following are six steps you can take that will help fight cybersecurity attacks:

1. Install a security solution on each device used by top administrative employees who have access privileged information. This will isolate an attack to a single user. Otherwise, all devices might be infected in one fell swoop.

2. Encrypt data. If intruders obtain data, it will be virtually unusable. For servers, set different levels of permission, such as blocking lower-level employees from payroll records. Partition or “silo” information so that access to it doesn’t also grant automatic access to all authorized users.

3. Keep extremely sensitive data on a server that is separate from the network. If an employee is fired or otherwise leaves the firm, the network administrator should disable that employee’s access immediately.

4. Install the latest firewall and antivirus software. However, be aware that these measures aren’t foolproof and the criminals are often one step ahead of the good guys. 

5. Establish parameters about using , including sites employees are permitted to access. Not much good can come from workers viewing pornography or using gambling sites, for example, and these are often ripe for malware or ransomware.

6. Educate your employees. Convey to employees the importance of being vigilant. Even though workers might be attuned to avoiding potentially dangerous emails, there are still those who don’t realize the damage they can cause by clicking on just one link. Learn how to easily train your employees to think before they click with security awareness training. 

Make it clear to your employees that cybersecurity is a top priority and that errors, omissions and exhibiting poor judgment will not be tolerated. Such actions may even be subject to disciplinary measures. Create a culture that makes it difficult for invaders to pierce your defenses. 

It can be costly and time consuming to recover from a cyberattack and devastating to your business overall. Although insurance protection is available, premiums may be cost-prohibitive, or insufficient to meet your needs. Focus instead on preventing damage in the first place.

© 2018

Several popular Microsoft products are scheduled to reach the end of support on October 13, 2020. The time to prepare for this deadline is now.

Microsoft states that the end of support means security updates and technical support will no longer be provided for these products, and it is recommended that users upgrade to the latest cloud or on-premise version to remain secure. The following are among Microsoft products reaching the end of support in October. Click to learn more about the recommendations for each.

• Exchange Server 2010
• Office 2010
• SharePoint Server 2010
• Project Server 2010
• Windows Embedded Standard 7*

* Eligible for Microsoft’s Extended Security Update Program.

What does End of Support mean for me?
Unsupported systems and programs turn environments into security and compliance risks. If a security flaw is found in these Microsoft applications after the end of support date, no patches for security updates will be released. If you’re still using these programs beyond the end of support date, your company will be at risk for security vulnerabilities, putting your data and your clients’ data at risk.

Time is running out – plan now!
Organizations that have not yet scheduled upgrades should begin doing so immediately. The longer you wait, the more potential there is for missing the deadline and running into costlier problems later. Plan now so you can consider your budget as well. Please reach out to YYTECH to discuss scheduling, even during the coronavirus pandemic. Many software upgrades can be done remotely. 

Contact YYTECH if you are using any of these products – we can help you evaluate and upgrade your systems as painlessly as possible.

The recent anniversary of the General Data Protection Regulation (GDPR)’s implementation commemorated the first full year that businesses dealing with EU resident data have spent operating in this new regulatory environment. One year in, GDPR looks less like an outlier and more like a global trendsetter. While the EU may have led the way, consumer data protection conversations have shifted to the forefront in the United States, both at the state and federal levels and in countries around the globe.

Businesses aren’t the only ones that have begun educating themselves on all things compliance; thanks to a GDPR-related uptick in regulatory content in the media and other public spaces, consumers are increasingly better informed on their digital personas and the rights that do (or do not) accompany them. With that knowledge comes increased expectations for the businesses they choose to interact with and more awareness of those that may be using their personal data without consent. The bar has been raised, and it’s hard to think that consumers will accept less protection than they now see represented on a global stage.

There is a broadening recognition and acceptance that privacy regulations aren’t going away. In a recent Gartner survey, executives named accelerating privacy regulation as their top concern of Q1 2019, with 64% of respondents citing it as a key risk facing their organizations.

Businesses must be prepared for ongoing and elevating compliance standards in the years ahead — standards that may vary greatly by region, country or state. GDPR spurred great strides in data governance, causing companies to take note of what data they have, where is it, who has access, etc. as well as make significant improvements in the timeliness of breach notifications. However, better data governance and reporting isn’t the end of the compliance story. While improving procedures in these areas is important for companies and consumers alike, these first steps are just that — a beginning.

Some organizations used GDPR as a catalyst to establish broader data protection strategies, while others have yet to implement technologies that will actually have a meaningful impact on consumer data security. Data governance and reporting satisfy a number of tasks on the compliance checklist, but they do little to prevent sensitive consumer data from being breached or stolen. With the GDPR’s first year behind us, it’s time to shift our collective focus to ensuring the personal data businesses use and possess is truly locked down.

Establishing a data-centric approach to security and focusing on securing the data itself rather than just the networks, servers and applications it resides on is one of the most effective ways to deal with variable and accelerating regulations. If a company’s security strategy is built around protecting data at all times, the business will be better prepared to prevent breaches and misuse no matter what regulatory environment it finds itself operating in.

Data must be secure wherever it is within an organization, whether at rest on the file system, moving through the network or while it’s actually being used or processed. This is a protection strategy I refer to as the “Data Security Triad,” the three components of which include:

• Data at Rest: Categorized as inactive data stored in any digital form, data at rest resides on the hard drive or in databases, data lakes, cloud storage or other locations and is commonly protected by perimeter-based, access control and user authentication technologies. Additional security measures such as data encryption are commonly added depending on the level of sensitivity.

• Data in Transit: Data is vulnerable as it moves through a private network, public/untrusted space or a local device, and it is, therefore, standard practice to protect it using transport encryption. If businesses adhere to proper protocols, this is an efficient and effective defense strategy for data in transit.

• Data in Use: Data in use has become the point of least resistance for increasingly sophisticated attackers, as it is the most commonly overlooked segment of the Data Security Triad. Technical methods for securing data in use include homomorphic encryption, secure enclave and secure multiparty compute.

Access management is important for ensuring protection for data at rest, in transit and in use, but when it comes to locking down data to prevent a breach or misuse, one of the most effective technical solutions is encryption. While encryption itself does not prevent interference, without access to the keys, encrypted data is useless to an attacker, and data breached in its encrypted state is not subject to regulatory penalties. Limiting encryption to only a portion of the Triad is a dangerous oversight. If there is data of value at stake, attackers will find a way to reach it, so every point of entry needs to be protected.

GDPR has proven that regulations can spur real change in the commercial market — change that many consumers view in a positive light. When referring to businesses’ ongoing battle with compliance, as highlighted in its Emerging Risk Trends Report, Gartner’s Matt Shinkman described GDPR as the “starting gun in this process, and not the finish line.” While that seems to be an accurate summary of the market, where businesses perceive that finish line is also critical.

Compliance just to avoid regulatory penalties is not enough to impress an increasingly informed consumer base. In GDPR’s second year, let’s drive action geared more specifically toward what the law was intended to accomplish: Protecting the privacy of consumers by ensuring the security of their data.

Content provided by Microsoft and Forbes.com. 

If you haven’t already upgraded to Windows 10, add the task to your to-do list.

The risk that a hacker will breach your manufacturing company’s data is already high — and rising. Forbes recently reported that 4.1 billion records were breached in the first six months of 2019, which is more than 50% over the same period in 2018.

Businesses in every industry and of any size are vulnerable to data hacking. But the manufacturing sector is victimized more often than many other industries. Over 50% of manufacturers suffered at least one data breach over the previous 12-month period, according to a recent survey. 

A single attack can hobble operations, lead to lawsuits and cost thousands, even millions, of dollars. IBM has calculated that the average cyberattack on a U.S. company costs $8.19 million. Then there are harder-to-quantify costs such as damaged relationships with customers, supply-chain partners and others. So, even if your company has some cybersecurity protocols in place, you owe it to stakeholders to ensure you’re doing your utmost to fend off cybercriminals.

Avoiding Assumptions 

Data hackers are creative and constantly adapting their schemes to security technology changes and as new opportunities arise. Hackers also come in many different guises. You shouldn’t assume, for example, that data breaches can only be launched from the outside by criminals in remote locations. Working from the inside, a disgruntled employee can just as easily (if not more easily) breach your network’s defenses and exact costly damage.

Also, whether you’re starting fresh or updating an existing cybersecurity plan, know that there’s no such thing as one-size-fits-all. Your company’s existing IT protections, products, customers and other factors will help determine the best plan for protecting vital digital assets. 

4 Steps

To design a cybersecurity plan that works for your company, consider taking the following four steps: 

1. Identify major risks. What do you want to protect? This may sound like an unnecessary question, but specifics matter and your resources are limited. For example, could someone hack the system behind your automated machinery and interrupt critical operations or cause malicious damage? Can customers safely make purchases on your website without fear of credit card theft? Is payroll data, including employee Social Security numbers, as secure as it could be? Work with department managers, internal IT staffers and outside professionals to address each issue separately and then include them in your larger cybersecurity plan. 

2. Get industry specific. Depending on what you manufacture, your company might face additional security obstacles. For example, the data storage practices followed by makers of health and beauty products generally are different from those of electronics manufacturers. Familiarize yourself with any relevant regulations and best practices that apply to your industry niche. 

3. Be ready with a backup. How important are system and data backups? Their existence can mean the difference between getting things back to normal within 24 hours and going out of business. Back up your data in multiple locations. This may seem like overkill, but you’ll be glad you have an extra backup if one set is lost or destroyed. 

4. Integrate parts into the whole. Assign individuals to be responsible for each piece of your cybersecurity plan. Also designate one person to execute the overall plan. This leader should keep other team members on track and monitor their progress toward meeting goals. 

Make It a Priority

Cybersecurity shouldn’t be relegated to the back burner — no matter how busy your business is right now. The stakes are too high. If you don’t have the internal IT personnel to develop and put in place a cybersecurity plan, find an experienced and reputable vendor to do it for you. Your professional advisors and fellow business owners should be able to provide recommendations.

Each second, more than 77 terabytes of internet traffic takes place online. As such, the internet has become a digital Silk Road that facilitates nearly every facet of modern life. And just as ancient merchants were sometimes beset by bandits on the actual Silk Road, today’s entrepreneurs can easily find themselves under attack from cyber malcontents working to derail companies through theft and disruption.

In recent years, headlines have spotlighted crippling cyberattacks against major corporations. While each corporate cyberattack resulted in millions of dollars in damages, most stories fail to mention the many data breaches that affect much softer targets: small businesses. According to Verizon’s 2019 Data Breach Investigations Report, 43% of breaches impacted SMBs.

You may not know when the next attack could occur, but taking proper precautions can hamper or completely stymie a hacker’s attempt at gaining access to your network. To help you avoid the mistakes of Target and, most recently, more than 20 government agencies, we’ve compiled info on why your SMB could be at risk and how to avoid a similar fate.

Why cyberhackers go after small businesses

When it comes to starting a small business, new owners have many decisions to make and often leave cybersecurity measures by the wayside. Unless they focus on shoring up their defenses, they may inadvertently end up leaving points of entry wide open for hackers. That can be a major problem. A report by the U.S. National Cyber Security Alliance estimated that 60% of all SMBs fail within six months of a cyberattack.

According to Towergate Insurance, SMBs often underestimate their risk level, with 82% of SMB owners saying they’re not targets for attacks. They believe that, researchers said, because they feel they “don’t have anything worth stealing.”

Stephen Cobb, a senior security researcher at antivirus software company ESET, said that SMBs fall into hackers’ cybersecurity sweet spot since they “have more digital assets to target than an individual consumer has but less security than a larger enterprise.”

Couple that with the costs associated with implementing proper defenses, and you have a situation that’s primed for intrusions. Since security breaches can be devastating to a SMB, owners are more likely to pay a ransom to get their data back. SMBs can merely be a steppingstone for attackers to gain access to larger businesses.

Cybersecurity attacks to look out for

Regardless of their target, hackers generally aim to gain access to a company’s sensitive data, such as consumers’ credit card information. With enough identifying information, attackers can then exploit an individual’s identity any number of damaging ways.

One of the best ways to prepare for an attack is to understand the different methods hackers generally use to gain access to that information. While this is by no means an exhaustive list of potential threats, since cybercrime is a constantly evolving phenomenon, business owners should at least be aware of the following types of attacks.

• APT: Advanced persistent threats, or APTs, are long-term targeted attacks in which hackers break into a network in multiple phases to avoid detection. Once an attacker gains access to the target network, they work to remain undetected while establishing their foothold on the system. If a breach is detected and repaired, the attackers have already secured other routes into the system so they can continue to plunder data.
• DDoS: An acronym for distributed denial of service, DDoS attacks occur when a server is intentionally overloaded with requests until it shuts down the target’s website or network system.
• Inside attack: This is when someone with administrative privileges, usually from within the organization, purposely misuses his or her credentials to gain access to confidential company information. Former employees, in particular, present a threat if they left the company on bad terms. Your business should have a protocol in place to revoke all access to company data immediately when an employee is terminated.
• Malware: This umbrella term is short for “malicious software” and covers any program introduced into the target’s computer with the intent to cause damage or gain unauthorized access. Types of malware include viruses, worms, Trojans, ransomware and spyware. Knowing this is important, because it helps you determine what type of cybersecurity software you need.
• Man in the middle (MitM) attack: In any normal transaction, two parties exchange goods – or in the case of e-commerce, digital information – with each other. Knowing this, hackers who use the man in the middle method of intrusion do so by installing malware that interrupts the flow of information to steal important data. This is generally done when one or more parties conduct the transaction through an unsecured public Wi-Fi network, where attackers have installed malware that helps sift through data.
• Password attack: There are three main types of password attacks: a brute-force attack, which involves guessing at passwords until the hacker gets in; a dictionary attack, which uses a program to try different combinations of dictionary words; and keylogging, which tracks a user’s keystrokes, including login IDs and passwords.
• Phishing: Perhaps the most commonly deployed form of cybertheft, phishing attacks involve collecting sensitive information like login credentials and credit card information through a legitimate-looking (but ultimately fraudulent) website, often sent to unsuspecting individuals in an email. Spear phishing, an advanced form of this type of attack, requires in-depth knowledge of specific individuals and social engineering to gain their trust and infiltrate the network.
• Ransomware: A ransomware attack infects your machine with malware and, as the name suggests, demands a ransom. Typically, ransomware either locks you out of your computer and demands money in exchange for access, or it threatens to publish private information if you don’t pay a specified amount. Ransomware is one of the fastest-growing types of security breaches.
• SQL injection attack: For more than four decades, web developers have been using structured query language (SQL) as one of the main coding languages on the internet. While a standardized language has greatly benefited the internet’s development, it can also be an easy way for malicious code to make its way onto your business’s website. Through a successful SQL injection attack on your servers, sensitive information can let bad actors access and modify important databases, download files, and even manipulate devices on the network.
• Zero-day attack: Zero-day attacks can be a developer’s worst nightmare. They are unknown flaws and exploits in software and systems discovered by attackers before the developers and security staff become aware of any threats. These exploits can go undiscovered for months, or even years, until they’re discovered and repaired.

How to secure your networks

Just as more companies continue to grow their businesses online, so, too, will the need for robust cybersecurity measures. According to Cybersecurity Ventures’ 2019 Cybersecurity Market Report, worldwide spending on such products will increase from $3.5 billion in 2004 to an estimated $170.4 billion in 2022.

For small businesses looking to ensure that their networks have at least a fighting chance against many attacks, that generally means installing any number of basic types of security software available on the market, each with varying levels of efficacy.

A hardware- or software-based firewall can provide an added layer of protection by preventing an unauthorized user from accessing a computer or network. Most modern operating systems, including Windows 10, come with a firewall program installed for free.

Along with those more surface-level tools, Cobb suggests that businesses invest in three additional security measures.

• The first is a data backup solution so that any information compromised or lost during a breach can easily be recovered from an alternate location.
• The second is encryption software to protect sensitive data, such as employee records, client/customer information and financial statements.
• The third solution is two-step authentication or password-security software for a business’s internal programs to reduce the likelihood of password cracking.

As you begin considering your options, it’s generally a good idea to run a risk assessment, either by yourself or with the help of an outside firm.

Cybersecurity best practices

In addition to implementing some sort of software-based solution, small businesses should adopt certain technological best practices and policies to shore up vulnerabilities.

1. Keep your software up to date. Hackers are constantly scanning for security vulnerabilities, Cobb said, and if you let these weaknesses go for too long, you’re greatly increasing your chances of being targeted.
2. Educate your employees. Teach your employees about the different ways cybercriminals can infiltrate your systems. Advise them on how to recognize signs of a breach and educate them on how to stay safe while using the company’s network.
3. Implement formal security policies. Putting in place and enforcing security policies is essential to locking down your system. Protecting the network should be on everyone’s mind since everyone who uses it can be a potential endpoint for attackers. Regularly hold meetings and seminars on the best cybersecurity practices, such as using strong passwords, identifying and reporting suspicious emails, activating two-factor authentication, and clicking links or downloading attachments.
4. Practice your incident response plan. Despite your best efforts, there may come a time when your company falls prey to a cyberattack. If that day comes, it’s important that your staff can handle the fallout that comes from it. By drawing up a response plan, attacks can be quickly identified and quelled before doing too much damage.

Content provided by Microsoft and Business News Daily. 

The following has been excerpted from doc.microsoft.com.

This article applies to both Office 365 Enterprise and Microsoft 365 Enterprise.

On October 13, 2020, Exchange Server 2010 will reach end of support. If you haven’t already begun your migration from Exchange 2010 to Office 365 or Exchange 2016, now’s the time to start your planning.

What does end of support mean?
Exchange Server, like almost all Microsoft products, has a support lifecycle during which Microsoft provides new features, bug fixes, security fixes, and so on. This lifecycle typically lasts for 10 years from the date of the product’s initial release, and the end of this lifecycle is known as the product’s end of support. When Exchange 2010 reaches its end of support on October 13, 2020, Microsoft will no longer provide:

• Technical support for problems that may occur;
• Bug fixes for issues that are discovered and that may impact the stability and usability of the server;
• Security fixes for vulnerabilities that are discovered and that may make the server vulnerable to security breaches;
• Time zone updates.

Your installation of Exchange 2010 will continue to run after this date. However, because of the changes listed above, we strongly recommend that you migrate from Exchange 2010 as soon as possible.

What are my options?
With Exchange 2010 reaching its end of support, this is a great time to explore your options and prepare a migration plan. You can:

• Migrate fully to Office 365. Migrate mailboxes using cutover, minimal hybrid, or full hybrid migration, then remove on-premises Exchange servers and Active Directory.
• Migrate your Exchange 2010 servers to Exchange 2016 on your on-premises servers.
• Recommended: If you can migrate your mailboxes to Office 365 and upgrade your servers by October 13, 2020, use Exchange 2010 to connect to Office 365 and migrate mailboxes. Next, migrate Exchange 2010 to Exchange 2016 and decommission any remaining Exchange 2010 servers.
• If you can’t complete the mailbox migration and on-premises server upgrade by October 13, 2020, upgrade your on-premises Exchange 2010 servers to Exchange 2016 first, then use Exchange 2016 to connect to Office 365 and migrate mailboxes.

Contact YYTECH if you are using this Microsoft product version – we can help you evaluate and upgrade your systems as painlessly as possible.

Information excerpted from < https://docs.microsoft.com/en-us/office365/enterprise/exchange-2010-end-of-support>

The following has been excerpted from support.office.com.

Support for Office 2010 will end on October 13, 2020, and there will be no extension and no extended security updates. All of your Office 2010 apps will continue to function. However, you could expose yourself to serious and potentially harmful security risks.

Here’s what the end of support means for you after October 13, 2020:
Microsoft will no longer provide technical support, bug fixes, or security fixes for Office 2010 vulnerabilities which may be subsequently discovered. This includes security updates which can help protect your PC from harmful viruses, spyware, and other malicious software.

• You’ll no longer receive Office 2010 software updates from Microsoft Update.
• You’ll no longer receive phone or chat technical support.
• No further updates to support content will be provided and most online help content will be retired.
• You’ll no longer be able to download Office 2010 from the Microsoft web site.

What are my options?
We recommend you upgrade Office. Your options to upgrade will depend if you’re using Office 2010 at home or if your version of Office 2010 is managed by the IT department at your work or school.

Contact YYTECH if you are using this Microsoft product version – we can help you evaluate and upgrade your systems as painlessly as possible.

Information excerpted from <https://support.office.com/en-us/article/end-of-support-for-office-2010-3a3e45de-51ac-4944-b2ba-c2e415432789?ui=en-US&rs=en-US&ad=US>

The following has been excerpted from techcommunity.microsoft.com.

As revolutionary as SharePoint Server 2010 was at the time, our latest versions of SharePoint both on-premise and in the cloud through Office 365 have even more to offer. For customers who want to upgrade to the latest version of SharePoint on-premise, you will first need to upgrade to 2013, 2016, and finally 2019. Through advancements in both on-premise and hybrid cloud capabilities, SharePoint Server 2019 provides the benefits of years of cloud innovation, providing best in class IT and developer experiences, along with new user experiences that work the way users work. Customers can also choose to migrate their data directly from SharePoint Server 2010 to 2013 or to SharePoint Online.

Customers wanting to maximize their on-premise server investment should strongly consider migrating to SharePoint Server 2019 as SharePoint Server 2013 is already well into its own 10-year lifecycle.

Mainstream support for SharePoint Server 2010 ends in October 2020. SharePoint Server 2010 has been on extended support since then, which means only security updates are released. On October 13, 2020, Microsoft will completely end support for SharePoint Server 2010.

Here’s what End of Support means for you:

• No critical updates were released in 2017 for SharePoint Server 2010 under extended support.
• No security updates will be developed or released after end of support.
• More importantly the operating systems supporting SharePoint Server 2010 are reaching or have reached end of support.

Lack of compliance with various standards and regulations can be devastating. This may include regulatory and industry standards for which compliance can no longer be achieved. For example, lack of compliance with Payment Card Industry (PCI) Data Security Standards might mean companies such as Visa and MasterCard will no longer do business with you. Or, the new cost of doing business will include paying catastrophic penalties and astronomically high transaction fees. In the worst case, lack of compliance can even result in lost business.

Servers running SharePoint Server 2010 are affected.
Both virtualized and physical instances of SharePoint Server 2010 are vulnerable and would not pass a compliance audit. Many applications will also cease to be supported once the operating system they are running on is unsupported. This includes all Microsoft applications, including Groove Server servers.

Staying put will cost more in the end.
Maintenance costs for aging hardware will also increase, and you will face added costs for intrusion detection systems, more advanced firewalls, network segmentation, and other security measures–all simply to isolate legacy server operating systems and SharePoint Server 2010.

Contact YYTECH if you are using this Microsft product version – we can help you evaluate and upgrade your systems as painlessly as possible.

Information excerpted from < https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/extended-support-for-sharepoint-server-2010-ends-in-october-2020/ba-p/272628# >

The following has been excerpted from doc.microsoft.com.

This article applies to both Office 365 Enterprise and Microsoft 365 Enterprise.

Project Server 2010 will reach end of support on October 13, 2020.

What does End of Support mean?
Project Server, like almost all Microsoft products, has a support lifecycle during which Microsoft provides new features, bug fixes, and security updates. This lifecycle typically lasts for 10 years from the date of the product’s initial release, and the end of this lifecycle is known as the product’s end of support. When Project Server 2010 reaches its end of support on October 13, 2020, Microsoft will no longer provide:

• Technical support for problems that may occur.
• Bug fixes for issues that are discovered and that may impact the stability and usability of the server.
• Security fixes for vulnerabilities that are discovered and that may make the server vulnerable to security breaches.
• Time zone updates.

Your installation of Project Server 2010 will continue to run after this date. However, because of the changes listed above, we strongly recommend that you migrate from Project Server 2010 as soon as possible.

What are my options?
If you are using Project Server 2010, you need to explore your migration options, which are:

• Migrate to Project Online
• Migrate to a newer on-premise version of Project Server (preferably Project Server 2019).

Contact YYTECH if you are using this Microsoft product version – we can help you evaluate and upgrade your systems as painlessly as possible.

Information excerpted from <https://docs.microsoft.com/en-us/office365/enterprise/project-server-2010-end-of-support>

The following has been excerpted from microsoft.com.

Windows has long been a leader in powering dedicated devices. Many of the ATMs, cash registers, and airport kiosks around the world run Windows Embedded 7. That operating system is based on Windows 7 (support for it ended January 14, 2020) and, similarly, Windows Embedded 7 extended support will end soon.

Microsoft offers Windows 10 IoT as the modern migration path for these devices, which includes the same security improvements, excellent application compatibility, and management flexibility as the rest of the Windows 10 family. It also has many advanced features like machine learning along with built-in cloud readiness. In addition, the latest Windows 10 IoT releases from October 2018 will be supported for 10 years, until 2028.

The affected devices range from the previously mentioned types to devices in industries such as healthcare, manufacturing, digital signage, and many more. Windows 10 IoT lets users leverage their existing skills in software development and management. Similarly, most current applications and peripherals can also continue to be used.

There have been many changes since Windows 7 was released almost 10 years ago. Some of the most significant for dedicated devices include information security and privacy, manageability, artificial intelligence (AI)/machine learning, and cloud computing. Windows 10 has countless advances in these areas. Here are a few highlights*:

Security—Trusted Boot, device encryption, and Device Health Attestation
Manageability—Azure IoT Hub, Microsoft Intune, and Device Update Center**
Deployment—Azure IoT Hub Device Provisioning Service and Windows Autopilot
AI/machine learning—Windows machine learning and cognitive services
Cloud computing—Azure IoT Edge support

In September Microsoft announced that they will offer paid Windows 7 Extended Security Updates (ESU) through January 2023. This also applies to the Windows Embedded 7 family of products. These updates are sold through our embedded partners, so interested customers should contact their device manufacturer.

Now is the time to migrate to Windows 10 IoT and move to modern.

Contact YYTECH if you are using this Microsoft product version – we can help you evaluate and upgrade your systems as painlessly as possible.

*Some of these services require an additional subscription.
**Device Update Center only applies to Windows 10 IoT Core.

Information excerpted from <https://www.microsoft.com/en-us/microsoft-365/blog/2019/01/14/move-to-modern-windows-10-iot-safer-smarter-cloud-ready/>

Yeo & Yeo Technology is proud to announce its achievement of Fortinet Gold Partner status. Fortinet is a leading network and cybersecurity provider.

“Our partnership with Fortinet reflects our shared values, providing high-quality security solutions,” says Jeff McCulloch, President. “Achieving Gold Partner status allows us to continue to grow our partnership and offer a broad range of services for new and current clients.”

YYTECH partnered with Fortinet in 2010, offering next-generation firewalls, endpoint protection, network security, and secure access switching and wireless networks. To become a Gold Partner, YYTECH had to achieve proven success with Fortinet solutions and demonstrate commitment to the continued adoption of future Fortinet technologies. YYTECH technical and sales staff had to complete additional training and certification as part of the Gold Partner requirement.

Fortinet Gold Partners deliver the full spectrum of Fortinet’s solution set and retain certified staff to assist with any variety of implementation needs. They are recognized for their superior customer service and support capabilities.

“We are proud to have Fortinet as a strategic partner, offering some of the best-performing security devices on the market for our clients,” said McCulloch. “Fortinet’s solutions are a complement to our other strategic partners in offering complete security solutions.”

Scaling up a corporate security department can be an exercise in futility. These organizations need to cover multiple areas of expertise, from classic IT security to physical security, compliance, regulations, secure coding, incident handling and legal/privacy, all while facing the need to run lean.

The reality is that security is becoming more than an engineering exercise. Culture and education of security is a necessity in a modern organization. Without it, we are bound to fail. Over the past year, I have focused on keeping a small and lean security organization, all the while evangelizing a security champion program to spread and, most importantly, live the mission.

Through this program, we channel our champions into “front-line support” on everything related to security. These advocates know their businesses better than any of my security engineers could, and they are deeply embedded in their organization’s culture. And, as a result, they can provide the best context for security decisions. Our role is to equip them with our services and security expertise.

I’ve been on the front lines running (and also challenging) security organizations for years. During this time, I’ve experienced firsthand how the push and pull of scaling a security team manifests itself. Pull toward one side (try to focus your resources on an “emerging” or “critical” issue), and you end up exposing the other (less pertinent issues or technologies). Hiring more security staff doesn’t scale, as the areas that need coverage will almost always be exponentially larger.

Equip Your Teams

However, what if more of that “uncovered” area had appropriate security expertise in it? What if you could lower the attack surface in a systematic manner across the organization — not through buying more tools and products, but through going deeper into the root cause of those problems and addressing them by creating champions out of the resources and people at your disposal?

Let’s consider Verizon’s “2019 Data Breach Investigations Report (DBIR),” which analyzed 41,686 security incidents (among them, 2,013 were confirmed data breaches). The report shows that web applications are the top breach target for hackers. This means that addressing vulnerabilities and exposure in web applications brings a significant return on investment compared to other areas of focus.

Equipping development teams with the knowledge and skills to identify and address security issues through the application development life cycle has been around for decades — secure software development life cycle (SDLC) methodologies. Yet, it is still a major investment.

Consider Your Code Quality

I’ve yet to see an SDLC implementation that was simply taken “off the shelf” and applied to an organization. It takes time, an understanding of how development works in your organization and collaboration from the development teams. However, more than anything, it’s about code quality, not just a pure security play. Less breakable code, no matter if it is security-focused or performance-focused, is better code. Period.

In every implementation of an SDLC that I’ve had a chance to work through, I’ve always partnered with development stakeholders to ensure that, at the end of the day, developers get more tools and knowledge to improve their code. And they end up more receptive to those efforts because it’s about the work they do, and not a security measure forced down their throats. Take a hard look at how your development outputs affect your attack surface and the impact that a code improvement can make to your risk exposure.

Before throwing expensive “it was on the best-practice list of tools to deploy” products into your budget or hiring another couple of security engineers, consider how a strong security champions program and a reframing of the problem at hand can deliver the most return on investment.

Article provided by Partner On and Frobes.com.

As you compile your organization’s IT budget for 2020, a familiar concern will likely top the list: security. According to a survey by TechRepublic, security and cloud services are the two top priorities heading into the new year, but other priorities are gaining in importance. 

While priorities have changed, IT budgets still comprise an average of 10% of total budget spending heading into 2020. We have identified some considerations for planning your organization’s IT budget for the coming year.

Software and Hardware Updates
Making room in your budget for software security upgrades is critical. While some, such as Microsoft Office 365, automatically push out updates and patches, it’s important to stay on top of third-party patching for your Windows devices. Third-party patches from Adobe, Google Chrome or Flash should be easy but can be a hassle. Investing in patch management software will help keep you secure while saving time and resources.

Going into each new year, it’s important to consider the state of your hardware to ensure efficiency, effectiveness and security. Consider the following:

• Do your PCs and servers still have enough storage space?
• How old is your current hardware?
• Are your devices running slow?
• Is your network running slow?

Consider investing in a Managed Services package to cover all hardware and software management.

Cybersecurity Monitoring and Training
Ransomware and malware continue to be major threats for business owners and IT professionals. Incorporating a 24/7/365 cybersecurity monitoring solution allows trained professionals to act on threats to your network in real time. This keeps your organization safe from cybercrime while staying compliant at the same time.

Education is a key factor in prevention and Security Awareness Training is a cost-effective way to train employees to notice warning signs and stop an attack before it strikes. Data shows employees who are tested show a drop in phish-prone percentage from an average of 15.9 % to 1.2 % in just 12 months.

Microsoft End-of-Support Applications
Several of Microsoft’s applications, including Windows 7  will no longer be supported. Any applications that are being used after their end-of-support date immediately become a threat to your network since they will no longer be patched for vulnerabilities. Additional Microsoft products reaching end-of-support in 2020 include:

• Hyper-V Server 2008 (January 14, 2020)
• Windows Server 2008 (January 14, 2020)
• Internet Explorer 10 (January 31, 2020)
• Office 2010 – Including Outlook, Word, Excel, and PowerPoint (October 13, 2020)
• SharePoint 2010 (October 13, 2020)

Additionally, Windows 10, versions 1809, 1903 and Systems Center, version 1807, will move into retirement in 2020. Upon retirement and end-of-support, these products will no longer receive new security updates, non-security updates, free or paid assisted support options or online technical content updates.

If you would like to learn more about planning your IT budget or YYTECH’s suite of services, contact us today.

Sources

TechRepublic Premium: 2020 IT Budget Research Report

ZDNet: 2020 IT Budgets Increase as Priorities Grow

Yeo & Yeo Technology welcomes Matt Ruhlig to the company as sales manager. Ruhlig will be responsible for overseeing the day-to-day sales functions for the organization while managing a team of inside and outside sales professionals.

“We are excited to welcome Matt to YYTECH,” says Jeff McCulloch, President. “He brings a fresh perspective and approach to our sales group and is a great addition to our leadership team.”

In addition to leading the sales staff, Ruhlig will advise management on ways to maximize business relationships and enhance client service.

Ruhlig has more than 10 years of sales and account management experience and is a graduate of Central Michigan University. He holds a Master of Science in Administration and a Bachelor of Applied Arts in Recreation Administration and Facility Management.