Year: 2019

If you are a smaller Not-for-Profit, it is likely that your organization has been driven from its inception by individuals strongly motivated with a passion for their cause or humanitarian goal. As a result, it is also possible that the leadership has little interest in developing the administrative technology infrastructure that is necessary for any organization to function in the internet age.

Failure to understand and focus on technology can damage an organization’s growth and success. However, NPO leadership has to be laser focused on the day-to-day struggles of the organization such as seeking funding, keeping the doors open, and pursuing the mission. As a consequence, technology infrastructure may be cobbled together as an afterthought; resource limitations may lead to short term tech decisions that can be wasteful and more expensive in the long term.

An NPO, with its tight budget margins, is an excellent example of an organization that could benefit from outsourcing its fundamental tech needs to a MSP. A MSP can determine short and long term needs, assess possible solutions, and propose the most cost effective tech solutions to ensure a stable, long-term tech infrastructure. Without the time or stomach for administrative distractions, NPOs may continue to use the break/fix model, making less informed tech decisions that may ultimately waste precious resources. Good and careful planning with a professional can mean a better strategic use of organizational resources far into the future.

You can have all the locks on your data center and have all the network security available, but nothing will keep your data safe if your employees are careless with passwords.

1. Change Passwords – Most security experts recommend that companies change out all passwords every 30 to 90 days.
2. Require passwords that mix upper and lowercase, number, and a symbol.
3. Teach employees NOT to use standard dictionary words ( in any language), or personal data that can be known, or can be stolen: addresses, telephone numbers, SSNs, etc.
4. Emphasize that employees should not access anything using another employee’s login. To save time or for convenience, employees may leave systems and screens open and let others access them. This is usually done so one person doesn’t have to take the time to logout and the next take the effort to log back in. Make a policy regarding this and enforce it. If you see this happening, make sure they are aware of it.

These are just a few basic password hints, but they can make a difference.

The Cloud: Are there security issues?

For many, the idea of offloading their data to another physical/virtual location can seem like a security risk. It seems counter intuitive that moving data away from “ home” is safer. But is that really true? Any server stored at your location is probably more physically vulnerable than one protected in a large server farm. If you had a fire, flood, or other physical damage that included damage to your server, what would be the result? Also, are your backups stored on–site? If a major event damaged your entire physical location, those backups would be also lost.

There is a second reason the cloud may be safer: security. All of your data, no matter where it is located, may be vulnerable to cyber attacks and data breaches. However, cloud storage providers probably offer some of the most sophisticated security projection available. It is unlikely that a small or even mid-sized firm has the internal resources and research capacity to maintain an equivalent level of security.

So give some thought to the cloud as tool to preserve your data and the integrity of your business (as an added bonus, it likely will be a money saver, too).

How the cloud saves smaller firms money

OK. You pay someone to store all of your data in the cloud, as opposed to keeping it on your own server and backing it up. And you pay on an ongoing basis. How is that possibly going to be cheaper than just making a one-time investment and keeping it your self?

Let’s count the ways:

(1)  You lose the hardware expense –a capital expenditure cost.

(2)  If that hardware fails, you are out in the cold.

(3)  Someone has to maintain that hardware. In house IT labor is expensive. 

(4)  If you need more capacity, you have to ramp up at a tiered level, which means you may need to buy capacity you don’t presently need

(5)  All of that hardware runs on software, which costs money 

(6)  All of that software needs to be installed, updated, etc. (see # 3)

(7)  All of that hardware and software has to run 24/7. Are you large enough to pay for in house monitoring and support 24/7? (See again #3)

(8)  All of that data has to be protected with security software, which means skilled IT support and expensive virus protection

Ok. The list doesn’t end here, but this blog will. Talk to Empower Information Systems about how the cloud can be a really budget saver for small and medium sized firms.

Data regulation and our business: 
You are probably regulated by these laws

Small firms are probably aware that there are laws regulating the handling of data, but they probably assume that these apply only to larger firms and that they are too small to have any data that is worthwhile or protected under state/provincial or federal laws. Think again. Data protection laws generally worry about the content of your data, not the volume of it. That is, you don’t need to have “tons” (not the technical term) of data to be to regulated by data privacy laws. If you maintain personally identifiable information (PII) you may be regulated by these laws which may include penalties and fines for non-conformance. PII means you store a person’s first name/initial, last name and then link it to another piece of personal information, such as, but not including:

• Social Security Number
• Driver’s license, or state ID
• Passport
• Some financial account number, e.g. credit/debit card, checking account, etc.
• Health insurance ID

You are very likely required to observe regulations regarding protection of that data, and reporting of data breaches.

This isn’t an issue for the faint of heart. Contact a managed service provider with expertise in your specific industry or field of business to make sure you are in compliance. Failure to maintain compliance can lead to some very expensive fines and penalties.

A security hack doesn’t have to mean the
end of your company

Statistics are showing that each year over 50% of small firms are victims of a cyber attack or data breach. Why does this matter? Most smaller firms have not prepared business continuity plans to keep their IT infrastructure going in the event of an attack. Failing to do so often leads to the failure of the business. Delaying the creation of a business continuity plan is a bit like a younger person delaying writing a will, on the grounds that they are not likely to die soon. That may be true, but if the worst occurs the consequences can be severe for their heirs.

If the chance of a breach that could compromise your data or cripple your IT infrastructure is over 50%, there is every reason to immediately develop plans for how your business could maintain operation in the event of an attack on your IT systems.

This is an effort that shouldn’t be delayed. Contact Empower Information Systems to help you develop a complete and holistic business continuity plan immediately. Your income and your future depends upon it.

Don’t steal… It isn’t nice and makes you
vulnerable to security hacks

Don’t steal. It isn’t nice. And… it make you extremely vulnerable you security hacks if you “steal” software packages. Smaller firms often will use unlicensed software packages to save money. This is especially true if they only need a program for a specific task. Aside from the legal and ethical issues involved here, there is a very selfish reason not to do this. Software providers are constantly sending users updates to their programs, and those updates aren’t just about features. They include fixes to security holes and protections against specific new viruses that have been discovered. So, the longer you have an old, outdated software program on your PC or laptop, the more vulnerable you become. Is it really worth saving $200.00 when your entire business’s IT infrastructure could be put at risk? We suggest not.

Cybercrime: In-house protection that only YOU can provide

From the political world to the corporate, all we hear about is hacking, hacking, hacking. Everyone gets hacked, data is stolen, etc. So, the cry goes up for better security protections for everyone’s data. Firewalls, virus software, etc., etc., etc.

Want to know one of the best ways to protect your data? Train your employees to stop opening any emails or links unless they absolutely know they are safe. Scam emails that try to trick you into opening a link to a bogus site, or worse, trick you into providing your password or ID for a known site are exceptionally effective ways for hackers to get into your internal system and compromise data. Yes, ransomware is a serious issue, and malware is out there, but employees naively opening phishing emails remain one of the biggest risks to data security. Talk to your employees on an on-going basis and provide training and tips on how to ID phishing scams

VoIP: A money saving solution for your
company’s technology backbone

When small business managers think about their IT infrastructure, they think about their employee’s mobile devices, cabling, Wi-Fi, laptops, a printer, and Internet connectivity. These are the basics of their IT infrastructure. However, there is one other aspect of a modern corporate IT infrastructure and that is an internal phone system that can connect “voice” over the internet, rather than traditional copper wires. Once upon a time, every office had an internal phone system that connected to the world via wire/cable/fiber. That wire/cable/fiber then connected a person in your office to a person somewhere else via the local phone company and a long distance carrier. And they did it for a per minute fee. And a very high per minute fee if you called internationally.

A VoIP phone system eliminates the phone company’s per minute connection, sidestepping them and running the voice call over the Internet.

Talk to your managed service provider about this money saving addition to your firm’s technology backbone.

SAFETY PUP SAYS…. Update

One thing smaller firms and individuals are often reluctant to do is download updates to their operating systems and individual apps and programs. Why? Well, because it takes time and you have to reboot the device. Other reasons are a fear that the newest update will have a bug and cause problems. The perception is that it is better to wait a few weeks. Finally, there is a fear that anytime you update a program or OS, something always starts acting weird.

All of these may have a certain legitimacy. Even procrastination has its defenders. But why should you download updates ASAP? Because they are not only about new features and a new gadget – they include patches to security issues that have been identified. One of the easiest ways to protect yourself from hacking malware and other nefarious online viruses is to always update your software. Do it the day the update comes out, because it may be released specifically due to the discovery of a brand new malware or ransomware hack.

Everyone talks about security. Be the person who acts. It is easy.

With Ransomware, The ONLY Cure Is Prevention

It just keeps showing up in the news. Ransomware seems to just not come to an end. If you haven’t heard, ransomware is a particularly nasty virus that freezes access to your data and then demands a ransom, usually in bitcoin. The worst thing about it is that once you are hit, there is almost nothing you can do. There are only 2 options: don’t pay the ransom and lose your data, or pay it. There is no “downloadable” fix. You are stuck. With ransomware, the ONLY cure is prevention.

In the case of ransomware you need to be constantly updating your data and securing it in isolation from your network. Even then, if your backup system overrides your older data each time it backs up, you can actually save the virus if it has infected your system at the time of the backup. To make sure you are as protected as you can be, we strongly recommend you contact a technical security expert to consult on the best way to protect against ransomware and other security hacks.