Category: Blog

Categories
Blog

A nontechnical guide to Microsoft Intune and 5 ways it to improve your business  

Microsoft Intune

As a busy business owner, you’ve got plenty on your plate. Keeping your business efficient and on-target is crucial, but let’s face it: you don’t have time to dive deep into the technical details of every new software tool that comes along. 

At Data Magic, we get it: you need your business’s IT operations to stay modern and competitive, but you have other things to spend your time on. 

That’s why we’ve created a few non-technical guides to key tools or initiatives: our goal is to give you a quick read in plain language so you can make the right decision. 

Today we’re covering Microsoft Intune: what it is, and what it can do for you. 

What Is Microsoft Intune?

Microsoft Intune is a cloud-based endpoint management solution. But that’s not a very helpful term for nontechnical users, so let’s break it down. 

  • “Cloud-based” means it runs in the cloud, rather than on your servers. 
  • “Endpoint management” is the process of setting up user access, determining who can do what with their company devices, and keeping user devices up to date without having to manually install every single Windows update. 

Essentially, Microsoft Intune is a solution that helps your business control two things: 

  • User access: who can see, download, and edit which files, documents, and so forth 
  • The devices those users use: what software is preloaded, what can they install on their own, security updates, and so forth 

It’s a part of the Microsoft 365 (formerly Office) suite that you’re likely already paying for, and it’s an incredibly powerful tool. That said, it’s not as end-user- or beginner-friendly as Word or PowerPoint or Outlook. 

Setting up and using Intune can seem like a lot. But the benefits are worth the investment. And if you need a partner to help you move forward, we should chat! 

Top Benefits of Microsoft Intune for Your Business 

Here are the top benefits of Microsoft Intune for your business — explained in terms that don’t require a computer science degree. 

1. Simplifies the process of equipping employees with new computers

When you hire a new employee or give a current one a newer computer, someone has to set it up. Someone has to connect the cables and plug the thing in, but you also have to worry about software. 

Most businesses have moved past manually installing Office, Slack, Salesforce, and whatever other desktop apps a user may need. It’s time-consuming to do this and imagine if you hired 10 new employees (or 100!). Manual installs aren’t scalable. 

So instead, businesses use one of several methods to automate parts of this process. 

This may be called imaging or provisioning a device. It can happen on-site, where a tech essentially copies an existing device setup (an image) onto the new device’s hard drive. 

But it can also happen via the cloud, thanks to Microsoft Intune. 

In our remote-focused world, this is a big deal. With Intune, you can ship a computer to a new employee. All they need is a login, and Intune pushes all the software and settings they’ll need onto their device — automatically. 

2. Automate your IT policies and security settings 

Even after every employee has a functioning PC with the right software installed, there’s no accounting for the sorts of things those employees will try to do with their machines. Just like Intune can push the right software and software updates to a device automatically, it can also impose the IT policies and cybersecurity “guardrails” that your business sets up. (Your IT partner can help with figuring out what these should be.) 

This way you’re not constantly putting out fires, telling people to stop doing x or y and trusting they’ll do it, or just hoping for the best that the policies you initially set up won’t get changed or go out of date. 

With Microsoft Intune, all of this can be managed remotely. Need to change a security setting due to a new threat? Change it in Intune, and the change gets pushed to every user’s PC. 

3. Integrates with the rest of Microsoft 365 (and other Microsoft services)

More than likely if you’re looking into Intune you’re already using other Microsoft products: your workforce is using PCs running Windows, and you’re probably already paying for them to have access to Microsoft 365 (the productivity suite containing Word, PowerPoint, Excel, Teams, Outlook, and something like 50 additional tools). 

If that’s true, then it means Intune could be effectively free for you depending on the subscription you have. But even more importantly, it means that Intune integrates closely with all those other Microsoft products and services you’re using. (Integrations aren’t rare and aren’t exclusive, but when you stick with products made by the same company you tend to get better, more robust integrations.) 

When used to the fullest, these integrations give you a comprehensive approach to security, analytics, deployment, and endpoint management. For many businesses, doing it this way is far less hassle than using dedicated solutions from various providers for each of these functions. 

4. Works with mobile threat defense services

Endpoint management deals with the devices your company owns. But what do you do about employees who want (or even need) to access company resources from their phones or laptops? 

Most companies offer a correlating service for mobile threat defense, and Microsoft is no exception. Microsoft Defender for Endpoint is the first-party option, and there are plenty of others out there. 

With these services, you’ll be able to control what mobile devices can access and keep your company’s IT resources safer. And if you choose Defender for Endpoint along with Intune, you’ll get a harmonized, integrated experience. 

5. Enables access control and conditional access

This one can get technical in a hurry, but we’ll keep it straightforward: not everyone in your business should have access to everything in your IT environment. Deciding and enforcing who can see/edit/download/delete what is called “access control”. 

Conditional access works alongside, setting other sorts of limits to access. You might block all access from certain regions (where you have no employees) to keep out cybercriminals who snagged a stolen login. You might block access at certain hours, too: if no one would ever need to access files at 2 am and someone is doing so, that someone is very likely up to no good. 

Intune makes both access control and conditional access simple enough for businesses of just about any size to implement. 

These are just five of the many benefits your business could experience by leveraging Microsoft Intune. Got questions? Not sure about an internal deployment? Data Magic has your back. Give us a call or send us a message today

Categories
Blog

Comparing On-Premises Servers Vs. The Cloud: The Top 5 Differences

The Cloud profit drivers

With the rapid growth of digital transformation, businesses are faced with a crucial decision: to maintain their IT infrastructure on-premises or move to the cloud. Each option has its advantages and challenges, and the best choice often depends on a company’s specific needs, budget, and long-term goals. Here’s an objective look at the differences: 

Table of Contents

1. Cost Implications

On-Premises:

  • Capital Expenditure (CapEx): Requires a large initial investment in hardware, software licenses, and infrastructure. 
  • Ongoing Costs: Maintenance, upgrades, energy bills, and potential need for dedicated IT staff. 
  • Predictability: Fixed costs can be more predictable but can also lead to overprovisioning. 

The Cloud:

  • Operational Expenditure (OpEx): Pay-as-you-go model based on actual usage. 
  • Scalability: Can scale up or down based on needs, often leading to cost savings. 
  • No Hardware Costs: No need to purchase or maintain physical servers. 

2. Scalability and Flexibility

On-Premises:

  • Limited Scalability: Requires manual effort and investment to scale. 
  • Infrastructure Limitations: Dependent on physical space and hardware availability. 

The Cloud:

  • Instant Scalability: Resources can be added or reduced instantly. 
  • Global Reach: Can deploy services in multiple regions worldwide. 

3. Security and Compliance

On-Premises:

  • Physical Security: Businesses have full control over physical access to servers. 
  • Customization: Can tailor security protocols to specific needs. 

The Cloud:

  • Advanced Security Features: Providers invest in top-tier security measures, including encryption, firewalls, and multi-factor authentication. 
  • Compliance: Many providers offer compliance certifications for various regulations. 

4. Maintenance and Updates

On-Premises:

  • Manual Updates: Requires IT staff to manually update and patch software. 
  • Downtime Risks: Potential for longer downtimes during updates. 

The Cloud:

  • Automatic Updates: Providers handle software updates, often with minimal disruption. 
  • Continuous Monitoring: Continuous monitoring for potential issues and threats. 

5. Accessibility and Collaboration

On-Premises:

  • Network Limitations: Access is typically limited to the company’s internal network. 
  • VPN Dependency: Remote access often requires VPNs, which can be slower. 

The Cloud:

  • Anywhere Access: Can access resources from any location with an internet connection. 
  • Collaboration Tools: Many cloud platforms offer tools for real-time collaboration. 

Conclusion

Both on-premises and cloud computing offer distinct advantages. Make sure to evaluate your specific needs, growth projections, and budget constraints to make an informed decision! 
 

If you need any help with this process, reach out today!

Categories
Blog

Is SharePoint HIPAA Compliant? FAQs You Need to Know

HIPAA Compliance

Healthcare organizations are, like many others, in the middle of digital transformation. A new generation of tools and tech promises all sorts of real benefits, from increased efficiency to fewer errors to better data-driven decision-making, all while ensuring they remain HIPAA compliant.

But getting from wherever you are right now in terms of your organization’s relationship with technology to wherever it is you want to go? It’s a complicated process, and there are plenty of places where organizations can get off track. There’s a vast potential for missteps. At this juncture, it’s worth asking: “Is SharePoint HIPAA compliant?”

In some cases, this just means not getting as much efficiency or ROI as possible from a digital transition. That’s highly unfortunate but isn’t necessarily an existential threat. In other cases, though, there’s much more at stake. Transitioning to the wrong system or tool — or using a good tool in the wrong way — can lead to regulatory violations, including HIPAA violations. And that’s something no medical organization wants to face. 

Table of Contents

Microsoft 365 and SharePoint in the Healthcare Setting

Within this context of digital innovation and regulatory concerns, many healthcare organizations have questions about specific tools and platforms. Microsoft 365 is a wide-ranging suite of tools that offers plenty to healthcare organizations, and many are already using it or are transitioning to it soon. 

One pressing question is whether the cloud-based productivity suite is truly HIPAA compliant. Many organizations are asking, is SharePoint HIPAA compliant? What about the broader Microsoft 365 package? 

Organizations may already be using these tools for general operations, but is it possible to move electronic health records and other material with personally identifying information (PII) to SharePoint or edit those documents in Microsoft 365? 

The answer is, unfortunately, a little complicated. Microsoft isn’t totally clear on whether these products are compliant, and of course, they can’t account for user behavior in every instance, either. 

So, while it is possible to use Microsoft 365 and SharePoint in HIPAA-compliant ways, it isn’t automatic. Healthcare organizations need technical safeguards in place. That’s something we can take care of for you — but more on that later. 

 Let’s start with some FAQs you need to know before you make this transition. 

Is Microsoft 365 HIPAA compliant?

This is an important question, but it might not be the right question to ask. It’s a little bit like looking at a car and asking whether the car is “speed limit compliant” — unless you’re actually asking whether a car has been somehow programmed to never be capable of exceeding the speed limit, then there’s no such thing as a “speed limit compliant” car. Whether the car operates at the speed limit is entirely up to the driver. 

Now, that’s not to say you shouldn’t ever ask questions about the quality of a car — or the quality of a software platform. A shoddily made car might have an accelerator that sticks, creating significant and unnecessary risk. And shoddily made software or digital services could do the same thing with sensitive medical data. 

Microsoft 365 is well-made software, to be sure. But it’s nearly as unrealistic to expect Microsoft to be able to stop any and all instances of data misuse as it would be to expect car manufacturers to “lock” cars to the speed limit. The same rules and filters that might prevent a HIPAA violation in a healthcare setting would interfere with normal, ethical use cases in other industries. 

Given all this, it’s no surprise that Microsoft isn’t totally clear on whether its products are HIPAA compliant. Can they be used in HIPAA-compliant ways? Yes. But can Microsoft guarantee they as HIPAA compliant? Not without outside help. 

Is SharePoint HIPAA compliant?

This is another common question, but again it’s a little like asking “Does this car drive the speed limit?”: it’s not exactly the right question, and it’s more about how you use it. 

Some organizations want to use SharePoint exclusively for sharing EHR and other files and documents that may contain personally identifying information (PII). So we understand why this leads to the question about whether SharePoint is HIPAA compliant. 

The answer is that it certainly can be used in HIPAA-compliant ways. But no, the system isn’t designed to somehow prevent users from violating HIPAA — just like your car isn’t designed to prevent you from speeding. 

With both products, organizations need specific technical safeguards in place if they want to remain HIPAA compliant. But to get into those safeguards, we need to look closer at aspects of HIPAA itself and compliance with it. 

What are the core compliance areas to be HIPAA compliant? 

HIPAA compliance breaks down into three core compliance areas: 

  • Technical compliance 
  • Administrative compliance 
  • Physical compliance 

Technical compliance deals with the technological systems that interface with patient data that qualify as PII. Access control, data integrity, authentication of users, and secure transmission of files all fall under this category. 

Administrative compliance refers to the policies and procedures that organizations put in place to protect data and data access. Hospital policies about what can and can’t be shared verbally in public areas, rules about passwords and authentication, and any other administrative decisions touching on privacy fall into this category. 

Physical compliance deals with the real world: are physical records kept in a location not accessible to the general public? Are on-premises servers and endpoints secure, either by physical barriers (such as a locked server room) or by high-quality access control (badges, passwords, biometrics, etc. for computer access)? 

As we look at the question of using Microsoft 365 and SharePoint in a medical setting, all three compliance areas matter. The technical underpinnings of Microsoft 365 come into play, as do the administrative policies an organization sets up around the use of SharePoint. Physical compliance matters as well, though this has less to do with which software or platforms you’re using and more to do with how you physically set up your equipment. 

What are the technical safeguards of HIPAA?

HIPAA rules require that organizations maintain “reasonable and appropriate” safeguards in all three of the major compliance areas. Generally, safeguards are reasonable and appropriate if they protect EHR from “reasonably anticipated” threats or disclosures, but HIPAA does not specify or define what these safeguards must look like. 

On the technical side, HIPAA describes three types of technical safeguards: 

  • Access control 
  • Safeguards on data in motion 
  • Safeguards on data at rest 

Access control

Access control is straightforward enough in concept: only those who have been granted access should be able to access data. So a completely open cloud workspace (like a simple Google Workspace) clearly fails this, while a legacy rights-managed folder-based network generally has the appropriate technical safeguards. 

Microsoft 365 and SharePoint can certainly be set up as environments using appropriate access control. So on this point, the products are reasonably HIPAA-compliant. 

Data in Motion

Data in motion (and data in use) can be harder to protect (or at least to prove protection). These terms describe when data is in transit between systems or is actively being used by a system (or human operator). 

Typical safeguards on data in motion include data encryption, access control (on systems and on specific data), and using metadata or anonymized data for research and analytics rather than raw data. 

Data at rest

Data at rest is data that’s sitting on a server somewhere — either your on-premises server or a cloud server belonging to a provider like Microsoft. This data isn’t being used, but your organization needs to maintain it in case it’s needed later on. 

Data at rest safeguards include encryption and access control once again. Physical access control usually comes into play here as well: an unguarded server in an unlocked room may be a HIPAA violation if it gets breached. The argument could be made that the organization didn’t implement “reasonable and appropriate” safeguards — in this case, locks and access control. 

How does an IT provider assist in technical HIPAA compliance?

By now it’s likely clear that using Microsoft 365 or SharePoint while staying compliant requires some technical considerations. That’s where an IT provider comes into play. 

We assist healthcare clients with designing and implementing the technical safeguards required and recommended by HIPAA regulations. We design environments where healthcare professionals and support staff can simply do what they need to do, not spend their time worrying about all facets of their technology being compliant. 

A quality IT provider assists in this way by providing the cybersecurity layers, risk assessments, and ongoing auditing to make sure clients are covered and remain HIPAA compliant. 

Is a BAA needed with Microsoft?

HIPAA regulations stipulate that healthcare organizations must enter into a business associate agreement (BAA) with any business associate that has access to protected health information (PHI). Microsoft states that it “will enter into BAAs with its covered entity and business associate customers,” but the company is quick to point out that the BAA alone does not ensure compliance with HIPAA or HITECH. 

Microsoft goes on to state explicitly that your company’s compliance program and internal processes are the keys to HIPAA compliance and that “your particular use of Microsoft services aligns with your obligations under HIPAA.” 

BAA isn’t automatic, either. If you need a BAA with Microsoft, you’ll need to reach out directly (or through your IT provider). 

Microsoft 365 and SharePoint HIPAA Compliance Is Complex. We Can Help. 

By now we hope we’ve shown you that, while it’s possible to use Microsoft 365 and SharePoint in HIPAA-compliant ways, the burden lies on your organization to ensure that you’re in compliance while using the products. And that can get complex in a hurry. 

We are an IT and cybersecurity organization that specializes in creating the technical safeguards and policies needed to achieve HIPAA compliance — with Microsoft 365, SharePoint, and a wide range of other apps and services. 

If you’re ready to step into a cloud-forward future — without worrying about compliance — reach out today. We can help you move from where you are to where you want to be. 

Categories
Blog

5 Key Benefits of Using a Password Manager  

Key benefits of password managers
Key benefits of password managers

Remembering passwords is difficult. Breaking passwords (with the right tech tools) is easier than we’d like to think. And reusing passwords is incredibly risky.  

Enter the password manager.  

Password managers generally work like this: you input all your username and password combinations to the password manager (usually over time as you naturally use them), and the service stores them in a secure, encrypted vault. The companies offering the service don’t have access to your actual passwords thanks to the magic of encryption: only you do.  

Your password manager can help you convert all your old, simple, or reused passwords to unique, randomly generated ones, which increases the security of each of these accounts. These new, difficult passwords are then stored in the vault.  

Then, to secure that vault, you create a single, complex master password to secure your vault. That’s the only one you have to memorize now. You may also set up additional methods or protocols, such as two-factor authentication, to keep that vault extra secure.  

Next, when you need to log into a website or app, your password manager steps in. You confirm that you’re you to the password manager, and it supplies the right credentials and logs you in.  

Password Manager Benefits

The benefits here are numerous:  

  • You don’t have to remember 137 unique passwords  
  • You have no incentive to reuse passwords  
  • Every account gets a unique, complex password  
  • The process of logging in gets simpler (no guesswork or password resets)  
  • Your business and personal accounts become exponentially more secure  

So, what are the next steps? 

The truth is, implementing a password manager for your own personal use is very straightforward. Implementing one across your entire business is a little more involved and may require IT support. 

 If the prospects of making this move seem like more than you can take on, we’re happy to help. We can advise you on the right solution for your needs and assist you with the setup and implementation of that solution.  

Ready to get started? Reach out to our team today, (click here)

Categories
Blog

Non-Technical Guide to Finding Network Bottlenecks: 7 Tips on How to Avoid Them

Network Bottleneck traffic jam example

We’ve all been there: one minute everything at work is running just fine, and the next minute you can’t get websites to load, or your file upload or download speeds slow to a crawl.  

When this happens at home after work, it’s an inconvenience — and most of the time rebooting your router, modem, or gateway solves the problem. But at work? Internet speed issues or network bottlenecks can seriously interfere with your employee’s productivity and profitability of the company. 

Today we’re going to share 7 common causes for network bottlenecks — and we’ll do our best to use plain, nontechnical language as we go. But first, let’s start by explaining what’s going on when network speeds plummet. 

Table of Contents

What Is a Network Bottleneck?

A network bottleneck is any situation where the flow of data gets constricted, limited, or slowed. It’s a blanket term, in a way, covering all the various reasons why you’re not getting what you need out of your internet connection. 

Think about your home internet for a minute. Sometimes when you have issues, you call or chat with your service provider, and they tell you that the problem is at its end and they’re working on it. That’s a network bottleneck: something somewhere at your ISP is limiting data flow (imagine data as water running through pipes, and that water just hit a partial blockage). 

Sometimes the problem is at your house: if you’re on the budget plan but 3 TVs and 5 mobile devices are all trying to stream Netflix, you’re going to use up your bandwidth (the incoming water pipe is at full blast, and you’re still not getting enough water). Or you might have a rogue device gobbling up most of your bandwidth for no good reason, giving you the same result. 

All of these concepts are network bottlenecks. But if you want to fix or avoid the symptom, you have to know the cause first. So, with that in mind, let’s look at 7 common network bottleneck scenarios in the work environment.  

1. Firewall Size

A firewall blocks traffic coming in and out of your network, giving your IT department control over what’s allowed in and out. They can get awfully technical from there, but this definition will work for our purposes. 

Firewalls come in different (metaphorical) sizes, which can be measured in total number of users or total amount of throughput. Kind of like our Netflix-at-home example, if you try to push more data through your firewall than it can handle, you’ll hit a network bottleneck.  

Maybe you have plenty of bandwidth (speed) from your internet service provider — it doesn’t matter if your firewall can’t match that speed.  

2. Problems with Network Switches

If your building and your IT infrastructure are more than a few years old, you might need to check on several things. The network switches installed throughout might be older 10/100 switches, which max out at 100mbps. Your actual network connection might be way, way faster—but it gets bottlenecked at these switches. 

As infrastructure ages, the ports on your switches (including the ethernet ports your computers plug into in the wall) can go bad, degrading performance. 

3. Insufficient or Outdated Modem

The modem you’re using (at home or in the office) could be another chokepoint: it doesn’t matter how lightning-fast a connection you’re paying for, you won’t see anything move faster than what your modem is rated for.  

The good news is that this is a relatively easy fix. It’s not difficult to find out what bandwidth your modem can handle (or what bandwidth you’re paying for). If the first is lower than the second, it’s time to upgrade. 

4. Bad or Insufficient Cabling

Along the same lines, your network cabling — the wires running inside wall conduits at your office or connecting your modem and router at home — is also rated for a specific max speed. Older buildings may be equipped with outdated Cat5 cabling (or slightly newer Cat5e). If your internet speeds are gigabit or higher, you really want to look into cat6 or even cat6a cabling. 

These all look virtually identical, so you may need technical assistance in identifying what you’re currently using. 

5. Low-Speed VoIP Phone Pass-through Ports

Sorry if we’re sounding like a broken record, but the network ports on your VoIP phones can also be the source of a network bottleneck. 

If your office has switched to VoIP phones (and it probably has), you likely have a physical handset at your desk that sits between your network cable and your computer. The network connection “passes through” the VoIP phone. 

Ordinarily, there are no issues. However, some of those ultra-cheap VoIP phones are actually quite a problem. You might need to investigate the speed that those pass-through ports are rated for: if it’s lower than your connection speed, you’ve likely identified your network bottleneck. 

6. LAN Overload

This one isn’t relevant at home or in a small office, but if you’re at a larger office, be aware that it’s possible to overload your local area network (LAN) with too many physical devices. Once you reach a certain number of IP devices, you’ll get better results by segmenting them out to separate LANs. 

To use the water pipe analogy, not every house in a city can possibly connect to a single massive trunk line. A street or a neighborhood might all be connected on a line that then connects to a main line, and so on. Segmenting groups of houses or businesses adds resiliency and balances the system. 

In a large office, think of all those connected devices as houses, businesses, and neighborhoods. 

7. Old Access Points

Far and away the most likely network bottleneck is Wi-Fi. It is inherently not as fast, consistent, or stable as wired internet. Even worse, old Wi-Fi access points were never built to handle modern internet speeds, so they cap users far below their actual bandwidth. 

Older devices can even slow down networks when they connect to Wi-Fi. A smart Wi-Fi system like Unifi helps to mitigate this problem. 

We Are Here to Help

We hope this guide has helped you to isolate the cause of your network bottlenecks. Still, even once you’ve found the problem, many of these are more technical to fix than you might be comfortable trying on your own— especially if they need to be fixed at the scale of an entire office. 

If you could use help identifying the problem or implementing the solution, we’re experts that you can trust. Reach out to our team today to schedule a consultation! 

Categories
Blog

4 Leading Password Managers for Personal and Business  

Password Managers

We hope that your enterprise is already contemplating the implementation of password managers. However, the challenge remains in pinpointing the appropriate password manager that suits personal use, enhances business security, or perhaps satisfies both requirements.

We’ll provide our honest feedback on four leading solutions below, but first we need to talk about why “ecosystem exclusives” may not be sufficient, especially on the business level.  

Table of Contents

Ecosystem Exclusives  

If you’re an Apple user or a heavy Google Chrome user, you might have already stumbled across what we call ecosystem-exclusive password managers. Both Chrome and Safari (Apple’s web browser on mobile and desktop) can notify you if one of your passwords has been exposed in a data breach (remember our earlier point about not reusing passwords? This is why!).  

These browsers may prompt you to change your password, or even offer to generate a unique, complex, hard-to-guess password for you.  

These work quite well in the right circumstances — but there are some significant limits you should know about. These new passwords get stored either in your Chrome/Google profile or in your Apple Keychain, and they can auto-fill for you later, if you’re on a device with access to your Apple Keychain (for Safari/Apple) or a device and app that can access your Google account (for Chrome).  

The problem with this? Most of us don’t live exclusively in Chrome or Apple products.  

If your work PC needs that very complicated password your iPhone generated for you, even finding it will be a challenge, and manually retyping it correctly is downright obnoxious.  

And as far as Chrome, its password manager is no help when logging into anything that isn’t running in a Chrome tab.  

For more robust, ecosystem-agnostic solutions, any of the following choices should perform well for most businesses.  

LastPass 

One of the biggest names in password managers, LastPass grew in popularity as a freemium consumer product, but its business offerings are impressive. Its business product gives each user their own password vault and gives your organization robust admin oversight, including over 100 policy customization options.  

Users can safely share their credentials with others, such as providing a vendor temporary access to an app or location.  

LastPass also supports multiple modern authentication technologies, including passwordless (with the LastPass Authenticator), multifactor authentication (MFA), and single sign on (SSO).  

One downside: business pricing is opaque and quote-based — but we can help you with this!  

DashLane  

Dashlane offers password management for home, mobile, and business that’s CCPA compliant, GDPR compliant, and AICPA SOC 2 compliant. It’s a bit more streamlined than some others, yet it still provides plenty of power, security, and control.  

DashLane’s Team plan starts at $5 per user per month and provides simple, secure password management, group sharing, policy management, and an admin dashboard. The Team plan also integrates with Active Directory and supports two-factor authentication (2FA)  

Businesses that need access to SSO or SCIM provisioning should choose the Business plan, which starts at $8 per user per month. Notably, the Business plan offers every paid user a free family plan — an attractive perk to offer your team.  

Keeper  

Designed with the needs of small to mid-sized businesses in mind, Keeper is simple and straightforward to implement. It uses a zero-trust and zero-knowledge security architecture, which is the most secure method available. It’s also extremely affordable at $3.75 per user per month. And even at that low price, Keeper Business matches DashLane’s offer of a free Family Plan for every paid user.  

The Keeper Business plan isn’t as robust as LastPass or DashLane and does omit certain technologies, including SSO, advanced provisioning, and compliance reporting. If you need those and like the Keeper model, the company does offer an enterprise plan with those features.  

1Password  

1Password offers a powerful business-oriented product that promises to “secure employees at scale.” That tagline alone tells you that 1Password is angling for the enterprise crowd. Integrations with Azure Active Directory, Google Workspace, Okta, OneLogin, and Slack suggest the same — though no matter your business size, you may benefit from a few of those integrations.  

1Password rolls together most of the offerings of other password managers: secure password storage, encrypted password sharing, free family accounts, and ability to access passwords virtually anywhere on any device.  

Unique features here are the ability to access from the command line (nerds rejoice!) and the ability to store more than just passwords: secure notes, SSH keys, and sensitive documents can all reside within users’ 1Password vaults.  

Pricing starts at $7.99 per user per month, but every contract is a custom quote. Translation: your real costs will likely be higher.  

At publishing time, 1Password’s SSO support was only in beta, which is a bit surprising for a company targeting large businesses. They’re likely to catch up soon, but if SSO is essential for you, they might not be the strongest choice at this time.  

Password managers are worth the investment. If you need more guidance on finding the right fit, don’t hesitate to reach out!   

Categories
Blog

Cable Isn’t Stable – Understand the 3 Types of Internet Connections 

When was the last time you looked at the internet connectivity options for your business or fully understand the different types of internet connections?  

If it’s been a little while, now is a great time to take another look.  

Fiber internet offers a host of business benefits like greater speed, higher reliability, and lower costs. It’s been around for a few years, but the rollout has been slow. It might not have been available at your physical address the last time you looked.  

If you’re still operating on a cable internet connection (or if you aren’t quite sure what kind of business internet connection you’re running), it’s worth taking a look.  

Here’s why cable isn’t stable — at least when compared to newer, better fiber optic internet connections for business.  

Table of Contents

Not All Business Internet Is the Same   

It’s important to understand that there’s no one thing meant by the term “business internet.” That term is little more than a marketing device that differentiates between residential and (higher-priced) business accounts — even when a company is offering the same essential quality of service for both!  

Not every business internet connection is equally effective. So, it’s important to look a little deeper than the business label and understand the type of connection an internet service provider (ISP) is selling.  

Understanding the Types of Internet Connections 

Before we go into detail about fiber internet, we need to define some terms. There are a wide range of service types available depending on the ISPs that serve your location (along with the size and budget of your organization). The relevant ones can be organized by the types of internet connections.  

Copper and Coaxial Wire Connections 

The first generation of high-speed business internet came over copper wire. This is the same exact copper wire that phone signals have transmitted across for decades. DSL and T1 connections fall within the copper wire category.  

Coaxial wire connections are nearly as old, transmitting over the same coaxial connection that cable TV signals have transmitted across since the 1980s.  

T1 connections are higher cost, higher speed, and higher reliability. Of the three main copper connections, this one is the best choice — but the costs may be prohibitive, and not every ISP will run T1 service to every location.  

DSL and cable internet are both extremely common in residential settings, and the business versions aren’t all that different. They may promise higher maximum speeds, but they face a slew of drawbacks that we’ll cover later.  

Wireless Connections 

Not to be confused with your in-office Wi-Fi connection, wireless connections refer to a few methods for getting internet to your office building sans wires. Satellite, private cellular networks, and wide-area LAN are a few examples.  

These connections essentially serve customers who can’t get wired internet, usually because they operate in a rural location. They’re better than nothing, but you don’t want to choose them if you have another option.  

Fiber Connections 

The next generation of wired internet access is delivered over fiber optic cables (fiber for short). This light-based transmission protocol offers much higher speeds, greater reliability, and lower long-term costs than legacy formats.   

The downside of fiber — at least for now — is that it doesn’t piggyback off a legacy wire, so it requires more granular infrastructure rollout than cable or DSL. But once that infrastructure reaches you, you’ll want to make the switch.   

Make sure you understand the types of internet connections while also making sure it will match your business goals: 9 times out of 10 coaxial cables isn’t enough. Reach out to schedule a FREE fiber consultation and plan the next steps for your internet. 

Categories
Blog

5 Top Cybersecurity Threats: An Executives Guide

Top Cybersecurity Threats

Business Cybersecurity is serious; an ever-present threat that executives are right to worry about. 

But understanding the top cybersecurity threats — and the steps your business should take to be more secure — is complex and technical (and let’s be honest, not very interesting for most people). 

Unfortunately, many of the resources out there that deal with cybersecurity do so from a specialist’s point of view. They’re packed full of jargon and insider lingo that just doesn’t work for executives who aren’t tech specialists. 

We want to fix that, so we’ve assembled this Executive’s Guide to the top cybersecurity threats and their solutions.

Below, we’ll show you the top cybersecurity threats that every executive should be aware of, and we’ll do it in straightforward language. Then we’ll cover high-level mitigation strategies and best practices that your company can implement to stay safe from ongoing and future cyber threats. 

These top cybersecurity threats can get complicated in a hurry, but most forms of attack are easier to avoid once you know what to look for. Here are the top cybersecurity threats executives like you should be aware of. 

Table of Contents

Phishing Attacks (including Spear-Phishing, Whaling, and More)

Far and away the most important top cybersecurity threats to understand, phishing attacks (and several variants) are fairly low-tech cybersecurity threats — but they’re also extremely effective. They’re quite dangerous for you and your business, so let’s spend a little time here. 

The classic phishing attack occurs via email. An unsuspecting employee gets an urgent-sounding email from somewhere important (say, Apple or Microsoft 365 or some other service they’re likely to use at work). The email contains news of some kind of problem with their account, usually with dire consequences if the user doesn’t act immediately. 

Of course, the email wasn’t really from Apple or Microsoft or anyone else legit. It’s from an impostor. 

If the user clicks the link in the email, they land on a website that prompts them to log in. But the website, too, is an impostor. When users attempt to log in to the fake website, boom: the bad guys now have working credentials and can log into whatever service they were impersonating. 

Phishing is common via email, but it can happen across any communication channel: SMS, voicemail, and even live chat or messaging (though it’s very rare for a threat actor to break into internal message systems like Slack or Teams). 

Spear-phishing is much harder to pull off but even more effective. That’s when a criminal already has limited access to your systems (or at least basic information about your company structure). They send an email targeted to John in accounting, and they make it look like it’s from a high-ranking executive asking for a favor. People tend to want to please their superiors, and you might be surprised at the kinds of crazy things people fall for in this scheme. 

Whaling is the inverse: it’s phishing targeted at the executives, managers, and C-suite personnel — the people with the most access to the most sensitive information (and the highest discretionary spending capabilities). 

The Top Insider Threats 

Sometimes your greatest threats are on your payroll. 

The obvious one here is the corporate spy or something similar, someone who weasels their way onto your payroll with the malicious intent of stealing data or secrets and sending them to the competition. 

But insider threats can also look like negligence or incompetence. An employee leaving their workstation unlocked, loaning out their access badge, or letting in that “repairman” are all real dangers that threat actors could exploit in the right circumstances. 

Malware

Malware refers to any kind of malicious software (mal + ware) that makes its way onto computers, servers, or other hardware. Different malware can do any number of things, from scanning databases and skimming data to logging keystrokes and sending that data to cybercriminals (logins, credit card numbers, sensitive customer data, and more could be involved). 

Malware must be installed to take effect, but this sometimes happens without the victim knowing. They thought they were opening a legitimate attachment or clicking a legitimate link, and whatever happened next either didn’t make sense or happened in the background. 

Ransomware

A particularly vicious form of malware, ransomware takes over a system or part of a system, locking companies or individuals out completely. The user receives a prompt that they can regain access — for a fee. (That’s the “ransom” part.) 

Ransomware attacks are more complex to pull off than simple malware attacks, which just install themselves and then run without help until they’re discovered. Often an attacker will spend weeks snooping around a victim’s system undetected, carefully designing the attack after understanding which files and applications are most vital. 

Even worse, there’s no guarantee the bad guys will play by the rules. Even if you pay, they may not return your data — or they may return it, but also sell it to the highest bidder. 

Vulnerable Out-of-Date Systems (Hardware and Software)

Another huge threat can actually be the open-door cybercriminals use to access your systems and steal your data: this is when your hardware or software systems are vulnerable because they haven’t been kept up to date. 

(This one’s going to get just a little nerdy — sorry about that. Stick with us, though — it’s well worth learning.) 

Software, operating systems, and firmware are all complex: to the end user, things just work (well, most of the time). But there are a ton of very complicated processes happening behind the scenes to make that happen. 

Security researchers and the companies that provide software/OS/firmware regularly discover vulnerabilities in these products: clever or novel ways that people can exploit the software to do something it shouldn’t do or give them access to something they shouldn’t have access to. 

Whenever these problems — called exploits — are discovered, the company that made the software develops a fix and releases that fix to users. These are often called patches or security updates. On the OS level (macOS, Windows, iOS, and so forth), most security updates are rolled into operating system updates. (This is why your iPhone updates to iOS 15.6.1: Apple didn’t add any new functionality with the 0.0.1 parts; they just fixed a vulnerability.) 

Usually, these fixes arrive quickly, before most bad guys have a chance to act on the new exploit (or even figure out that it exists). 

But there’s one very, very big problem here: As soon as updates or patches are released, anyone and everyone with the right tech skills now knows about the vulnerability. And that means that any system that hasn’t yet been updated is ripe for exploitation. 

OK, so what does all of this have to do with you and your company? Simply put, most businesses have all sorts of outdated systems that haven’t been kept up to date with the latest security patches. You might even be relying on hardware or software that’s no longer supported at all (the manufacturer is out of business or expects users to have upgraded by now). 

The vulnerabilities are well-known, and it’s only a matter of time before someone takes advantage. 

Solutions for Top Cybersecurity Threats 

So now you know about five vital categories of cybersecurity threats, but knowing about them isn’t enough. You also need to know how to avoid them! 

Strategies can get nuanced and complex, but there are simple steps that every business, team, and executive can take right away. Here are quick tips for each category. 

Phishing

The big thing here is education. Usually, these messages have some tells: the urgency is odd and seems out of step with how the (legitimate) business tends to communicate. These messages push you to take unusual action and threaten grave consequences if you don’t (again, in a way that Microsoft or Apple would never do). Maybe the graphics aren’t quite right or there are obvious typos. 

Training your people (cybersecurity awareness or phishing awareness training) is the best defense here. We can help with that! 

Malware and Ransomware

Education is a big component here as well: just don’t open that attachment or click that suspicious link. Moving away from email as a main way to move files around helps, too. Cloud storage is far less likely to let this stuff through than email spam filters (though you should definitely have a good one of the latter, too.) 

A broader review of your network security can also help. Successful ransomware attacks tend to require vulnerabilities that go beyond someone opening a malicious attachment. 

Insider Threats

Comprehensive access control policies go a long way here: entry-level employees should never have access to highly sensitive documents. Without access, he can’t steal them or even expose them through incompetence. 

Strong password management and insistence on multifactor authentication reduce the threat of in-person cybercrime, too: stealing a password of a sticky note sounds cliché, but it happens. Better policies and MFA make that virtually impossible. 

Vulnerabilities

Lastly, keep those systems updated. It’s a chore, but it’s vital to your security. 

Thankfully there are tools and systems that can help. 

You might’ve heard the term “endpoint protection” and wondered what exactly that’s all about. Essentially, endpoint protection gives your IT group (or your managed IT services partner) the ability to control parts of each user’s computer: what’s installed, what users can and can’t install themselves, and when/whether system and software updates are installed. 

If you’re interested in exploring endpoint protection for the first time, we can help you roll it out in a way that keeps everyone protected without disrupting their work. 

We Know Small Business Cybersecurity 

These tips are a good place to start in avoiding small business cybersecurity threats. Below we have the services that we can provide to be even more thorough in protecting your valuable information, along with the threats that each service can prevent or resolve. (Network Intrusion and Data Loss/Extortion are more like consequences that are borne of the other threats we discussed, but we still show which services resolve those problems.) 

Ultimately the best strategy for small business cybersecurity is a robust, holistic one that addresses all these threats and more. It considers the needs and risks unique to your business and formulates a plan that provides both flexibility and protection. 

For many companies, creating this kind of cybersecurity plan in-house just isn’t feasible. If you could use help developing and implementing a small business cybersecurity strategy, we’re here to help. Reach out to our expert team today to get started.  

Check out our additional resources on Small Business Cybersecurity

Common Sense Cybersecurity: 4 Scenarios to Avoid | Data Magic (datamagicinc.com)

Why Multi-Factor Authentication is so Important for Your Microsoft 365 Account  Data Magic Multi-Factor Authentication (datamagicinc.com)

Cybersecurity Audit: What It Is And 9 Steps For Securing Your Business | Data Magic (datamagicinc.com)

Categories
Blog

Embracing Remote Work Necessities with the Right Technology

Remote work necessities


Whether you’ve accepted it at your business or not, remote work is only going to grow and become a necessity for businesses to offer partial or full remote. 

If you currently offer remote work or looking at potentially expanding this option, there are a few key items to consider.

Let’s lay out the most important remote work necessities.

Table of Contents

Hardware

User’s computers should be: 

1. Laptop  

or  

2. Desktop at work AND home 

Either of these computers are remote work necessities as they allow personal devices opens your organization to risk that can easily avoidable. 

For desktop, it’s easy. Identical setup at your business and at their home 

For laptop, here is the perfect setup:

1. Powerful laptop 

2. USB Docking station - These are easier and more compatible than the old school “docking stations” 

3. Dual Monitors – Now they have 3 monitors! 

That’s it! Simple and easy. They unplug their laptop and connect the USB port and are instantly running at home.  

G16 Mobile Worker Starter Kit

 VoIP Phones: This is listed under hardware and are great remote work necessities, as physical phones are quickly becoming obsolete. Download the included software phone and provide an inexpensive headset for your employees and they easily take their work phone with them on their computer! 

Access

There are lots of ways to make access easy without sacrificing security. Having your employees connect to the office to a physical server is the “old school” method that many businesses are still utilizing. Consider moving to SharePoint .  

With SharePoint, folders can sync to the file explorer, so it looks just like what they’re used to! That data is then backed up, just like a server would be. 

G06 SharePoint Versus OneDrive 1 scaled

However, you may have business specific applications that is not cloud based and requires a server. These are becoming rarer but may still be applicable. I don’t want to get too technical, so you can reach out and we can provide an audit on the best solution for accessibility.  

Moving to a hosted (cloud) solution or ensuring remote access for your users to your server onsite would be the primarily recommendations here.  

Security

As mentioned, you don’t want users accessing company data on their personal devices. There are very easy force functions your IT provider can implement to ensure this is not occurring.  

As more devices move away from the umbrella of the firewall (firewall is a physical device on your network that “filters” your internet data and protects computers at your business) you will need to ensure your security is focused on the computer and laptop, rather than the office location. 

How do we improve the computer/laptop security?

There’s a lot that we do, and I’m sure your current provider may do too. Here is a quick summary of the highest benefit lowest impact layers you need to have in place: 

  1. Multi-Factor Authentication – when the users log into their Microsoft accounts, they will be prompted with a push notification to their mobile device confirming it’s them This prevents 99% personal identify attacks… it’s a no brainer.  
  2. Anti-Virus – There are lots of terms for this, but at the end of the day you need a trusted anti-virus on all computers. 
  3. Conditional Access Policies – you want to make sure company data is NOT accessed on personal devices. Get your IT team to set this policy up and you’re all set. Need help? Let us know.  
  4. Managed Detection and Response – This is the one all of those cybersecurity insurance questionnaires ask about. Make sure your provider has this on ALL machines.  

There are more layers to consider for a remote work environment, but these are the non-negotiables.  

Conclusion

Moving to an increased remote workforce should not be a scary proposition. If you embrace remote work necessities and make it easy for yourself and your employees, it will improve your business. Ensure employees have strong KPIs and that you have an IT team with ample experience in consulting and implementing these types of setups.  

Categories
Blog

How to pick the right Co-Managed IT Provider: 10 Important Questions to Consider

Co-Managed IT Provider

In the past, businesses either had an internal IT person/team or they worked with an outsourced IT company that provided Break/Fix or Managed IT Services. As the model has developed, businesses are finding it advantageous to have a combination of in-house and outsourced IT as known as a Co-Managed IT Provider. For instance, they may not have the budget or need for a full-time senior network engineer but need to have that expertise on-hand if needed. The opposite is also true, where they may have a high-level IT professional, but need to provide support for the person or team to lessen pressure and expense.  

In our previous blog we outlined how to determine if your organization is ready for Co-Managed IT. In this blog, we’ll cover how to pick the right Co-Managed IT provider.  

In this blog we’ll be covering:

Table of Contents

10 Questions to ask a potential Co-Managed IT Provider

These questions are meant to be difficult. Coming prepared with the right questions will help you identify if a Co-Managed Service Provider can adequately provide these Co-Managed services. 

  1. Why should we partner with you as our IT Firm? 
  1. Why shouldn’t we partner with you as our IT firm? 
  1. What is your process for keeping up with the rapidly changing IT environment? 
  1. What reporting can you provide our organization? 
  1. How many customers do you currently support that have internal IT Support? 
  1. What role(s) do you normally take on as the outsourced IT help? 
  1. Are you willing to provide 5 customer references that we can reach out to? 
  1. Do you have a customer portal? What does it include? 
  1. What is an ideal partnership with an in-house IT team? 
  1. What makes a partnership/client relationship less ideal? 

Just like a job interview, you want to come equipped with questions. These are some of the best questions we’ve received as the Co-Managed IT firm. These will provide an excellent starting point when interviewing a Co-Managed partner.  

The Co-Managed IT Worksheet

Every Managed Service Provider will say they provide Co-Managed IT services, but few have extensive experience with Co-Managed. They sign on the client and try to “figure it out” on the go. We recommend using this worksheet to identify which team will be accountable for which roles. Some roles can be shared, and others cannot. For instance, the CIO (Chief Information Officer) either needs to be the in-house IT or the Managed Service Provider.  

Review and complete this worksheet. What roles do you want to see in-house versus external? Does the MSP have recommendations based on this worksheet? 

While simple, this worksheet will eliminate any finger pointing and headache down the road! 

Other Considerations when evaluating a Co-Managed IT provider. 

There are other considerations when evaluating potential providers. We’ll list a few here, but if you have any questions or would like to learn more about Co-Managed IT, please give us a call. 

Location 

When a business solely depends on a Managed Service Provider, location becomes very important. In the case of an onsite issue, you need your MSP onsite right away. However, when you have internal IT, this requirement becomes a bit more lax.  

When you can only evaluate providers in your immediate area, you’re at a disadvantage. Co-Managed allows you to evaluate providers around the state or even country! 

The Tools 

Many of the tools outsourced IT teams use can be cost prohibitive for a smaller internal IT team. However, in a Co-Managed environment, they will often provide access to most or all these tools to your internal IT. This perk alone can pay dividends! Ask what tools/programs/productivity software comes with the Co-Managed IT relationship. You might be surprised by the additional value that comes with the agreement.  

Office Visit 

This may be lower on the priority list, but we always recommend visiting the provider. Go check out their office and meet their people. Try not to get stuck in the trap of only talking to the salesperson. Meet their team, see what their inner workings look like, and check out their office culture. This should be reserved for finalists of course but could help you make the final decision. 

Conclusion 

Choosing the right Co-Managed IT provider can be difficult, but it’s incredibly important. The right team can truly improve your business in many measurable ways.  

We are experts at Co-Managed IT at Data Magic and would be happy to answer any questions about these types of partnerships.  

Contact us today! 

Skip to content