We’ve said it before and we’ll say it again. There are two types of companies in this world when it comes to backups: those that do backups and those that wish they did.
Cyber criminals continue to target businesses of all sizes. Falling victim to an attack is becoming a matter of when – not if. With the ever increasing prevalence of the ransomware viruses that encrypt a user’s data and hold the encryption key ransom, the only reliable solution to this problem is a working backup. Backups are also the only thing that will save you in the event your equipment is lost or stolen or your office is hit by a natural disaster.
Failing to have back-ups could cost you your business. Research from the Insurance Institute for Business & Home Safety shows that at least 25 percent of businesses that close following a disaster never reopen. Of course, loss of data isn’t the only factor preventing a company from re-opening, but it’s certainly a big part.
When it comes to backing up your data, there are three critical questions you need to ask to make sure you’re getting the best solution for your business:
What kind of back-ups should you use?
The standard in the industry today has become the image-based backup, though file-based backups haven’t gone away completely.
Image-based backups take a snapshot of the machine at a particular point in time. The snapshot includes the Operating System, installed programs and software updates, and files. So if something happens, you just need to restore from the last known good backup image and the company is back to the point in time that it was before the problem arose.
Compare that to a file-level backup: Recovering from a file-level backup requires manually reinstalling the operating system, drivers, updates, software, recreating any shares, reconfiguring previous settings. Only then can you restore the files back to their location.
File-level backups can be cheaper in some cases – but you get what you pay for. The difference in recovery time between these solutions is huge. Image-based backups can get you working again pretty quickly, while file-level backups will take much, much longer. Of course, if your choice is between file-level backup and no backups, please go with file-level. But otherwise, using image-based backups is going to be the better option.
Another big question for backup types is “Should we use Cloud based backups or physical backups?” There is no right answer for this. We tend to prefer the convenience of cloud storage and back-ups. But it’s not necessarily the best solution for every company, especially if you have an unreliable internet connection or have to meet regulations that require physical backups. Work with your IT company to figure out what will be right for you.
Where should you store your backups?
An often overlooked aspect of backups is the actual storage location. Where is your system being backed up to? Is it on the same network as your working files? Or is it going to an off-site location (whether this is through the Cloud or taking a physical backup to an off-site location like a safety deposit box)?
Having backups on your network or on a hard drive in your office is fine for situations like a file accidently being deleted. But if disaster strikes, the only way to ensure you can get up and running again is to have back-ups in an off-site location.
For example, if your office is broken into and all of your equipment is stolen, how are you going to start working again? Or what if someone connected to your network accidently gets ransomware and your whole network gets encrypted?
With an off-site backup solution, simply notify your backup vendor of the problem and they will send you a drive with your latest backups stored on it so that once the hardware that was stolen or encrypted is replaced, you can simply restore the backup and get back to work.
You’ll also need to consider the security of backup locations (both local and off-site). If someone is able to steal your back-ups, can they actually access the information? Consider encrypted backups to add an extra layer of security.
How often should you back everything up?
Getting a good backup system in place is only the first step. Backing up your system doesn’t do you much good if you aren’t doing it regularly. “Regularly” means different things to different companies, though. Ideally, the more frequently you back your system the better. This applies for both local and off-site backups.
Realistically, to determine how often you should be backing up your network, think about how much information you could afford to lose in the event of a disaster. A week? A day? An hour? That’s how often you should be backing up your network at a minimum.
If you lost the last weeks’ worth of information for your entire company right now, how big of a problem is that? If the answer is “very big,” you need to be backing up more often than that. If the answer is “It would be a little annoying but we could recover it fairly easily,” once a week may work for you.
You can also use a combination of full back-ups and incremental back-ups. With this, you can back up your entire system at certain intervals, like once a week (usually on a weekend), with incremental back-ups at night to catch and back up the information changed that day.
The importance of a reliable backup is not to be underestimated in today’s’ world especially when it comes to security. Don’t misunderstand – firewalls, anti-malware and antivirus programs and other preventative solutions are essential to any data security plan. But the reality is, even the best solutions won’t catch everything. And as nice as it would be, a firewall isn’t going to stop a natural disaster from destroying your office.
Planning accordingly and putting the right measures in place – like backups – will save you time and money and get you back and up running quickly. Have questions about your backups or how to get started? Please contact us.
Several members of our team have spent the week at Microsoft’s Worldwide Partner Conference (WPC). This annual conference is where Microsoft kicks off their fiscal year with partner companies like PTG (and 20,000 of our peers). It’s three days of keynotes, meetings, breakout sessions (and maybe a few parties) designed to help us improve our business, and in turn, help empower our customers.
Here are a few key takeaways:
1. We’re number one! Again!
We’re going to toot our own horn for a minute. At WPC, we were once again named the Champions Club Southeast Cloud Partner of the Year! This is the second year in a row we’ve won this award and the third year overall.
The Cloud, specifically Microsoft technologies like Office 365, Azure and Dynamics CRM, are a huge part of our business. We’ve helped dozens and dozens of companies improve their productivity and security by moving to to the Cloud – that include us, by the way! It’s always nice to be recognized for doing something you believe in!
2. Microsoft has embraced their newly redefined mission and it shows.
Within the last couple of years, Microsoft redefined where they are going as a company and rewrote their mission statement to match it:
“Empower every person and every organization on the planet to achieve more.”
It shows in their messaging: This mission statement is widely shared and was repeated in keynotes and sessions throughout WPC. Throughout the week, Microsoft has given the stage over to partners and other organizations to show what they’re doing using Microsoft products. A HUGE range of companies spoke: companies using Microsoft technology to improve the fan experience at sporting events to an oil company tracking problems before they start to a non-profit using Microsoft technology to help find missing children in Canada – and that was just in one session.
Microsoft’s mission also shows in their product line up. Their more recent products and newly released products and offerings are all about giving people the right mix of technologies needed to achieve more. Which leads us to…
3. Microsoft is all in on the Cloud, especially in a SaaS model (New products alert!)
This isn’t really new or surprising if you’ve been paying attention to the Microsoft’s direction in the last few years. WPC definitely reinforced it, though. The theme of the week was digital transformation. The tool to achieve that? The Cloud.
There is also a big emphasis on Software as a Service (Saas) models, which should be no surprise to Office 365 users. These are typically more flexible and an easier barrier to entry to companies, especially small businesses. Microsoft announced a few new SaaS Services throughout the week:
- Dynamics 365: Dynamics 365 was actually announced shortly before WPC, but was covered heavily throughout the conference, including in CEO’s Satya Nadella’s keynote address. See below for more explanation.
- Windows 10 as a Service: Microsoft has been describing Windows 10 as a service for a while now, and we finally got more details. Businesses will soon be able to purchase licenses for Windows 10 Enterprise E3 for $7/user/month. This will include ongoing updates (rather than waiting for a big OS upgrade every few years), but the biggest advantage we see is some significant advancements to cyber security.
- Surface as a Service: Microsoft announced a new program for partners (like PTG) to be able to offer Surfaces as a Service to customers. It’ll basically act as a leasing program. We don’t have a ton of details yet, but this could be huge for companies who have highly mobile employees and companies with a seasonal workforce.
4. Microsoft is applying what they’ve done with Office 365 to Dynamics CRM.
Dynamics 365 was a big topic at WPC. The service, coming this fall, combines existing CRM and ERP products into one service (this article provides more explanation). We see two key advantages to Dynamics 365:
- Role-based licensing: You’ll be able to buy licenses for Dynamics 365 based on your job (finances, sales, marketing, etc). Different job roles have different needs, so being able to buy based on your role is a nice change.
- Integration with other programs: A big part of Microsoft’s mission to help you achieve more is by building products and services that integrate with one another – Dynamics 365 is no exception. The service will integrate directly with Office 365 and other Microsoft programs to give you a seamless working experience.
We’re excited to see the release of the Dynamics 365 and other programs announced this week. Microsoft has changed their thinking in the last few years. They’re no longer a closed ecosphere – they’re making products to make it easier to work, no matter what platform or device you’re using. The biggest beneficiary of all this? The customer.
Let us know if you’re interested in any of the new products. They’re not quite all out yet, but we can go ahead and start pulling together a plan to get you working… and help you acheive more.
Today’s post was written by PTG Founder & CEO Reed Wilson.
Recently, I was in a meeting with some 20-somethings in our company and mentioned how on business trips, after a meeting, we used to race back to the hotel so that we could ‘check email’ (this was in the early 2000’s before the advent of the smartphone). While we had cell phones they were just used to make calls – that’s it. They looked at me like I was a dinosaur.
I will admit that I miss these times because the lines between ‘work time’ and ‘personal time’ were clearly demarcated. Obviously, that has changed since the rise of smartphones and tablets. The lines between when you are working and when you are away from work have become increasingly blurred. We are always connected now and, surprisingly, staying productive has become extremely difficult. (Isn’t it funny that the very tools that were supposed to make us more productive have had the opposite effect?)
Staying productive while running a business and balancing family life can be tricky. I thought I would share some of the tools, tips, and tricks that I have adopted over the years to keep myself focused and productive in this ‘always on’ world.
Turn off the email distractions
For me, email can be a huge distraction. I’ve turned off all email notifications in Outlook so that I’m not notified when new mail comes in. Prior to doing this, I would stop what I was doing anytime my email would ‘chirp’ or I would get a new mail notification. This allows me to stay focused on the task at hand.
Use an app to track your smart phone usage
There are several apps that will track how often (and for how long) you use your smart phone. I use an app called Moment. It’s a great app that reminds me when I have gone over a certain amount of screen time for the day. Be prepared to be shocked!
Set clear expectations on how and when you will communicate
My team knows that if they have something that is urgent, it’s best to pick up the phone or come down to my office. If it’s not urgent, feel free to send an email and I will respond when time allows. This has two effects: 1) it limits the amount of email I get and 2) people will generally ‘think’ before bringing an urgent issue to me.
Leave your phone in your car when you get home
I have two small children at home and have learned, if my smartphone is handy, I find it difficult to be ‘in the moment’. I’ve gotten into the habit of leaving my phone in my car when I get home in the evening and I don’t get it out until after they’ve gone to bed. It’s great to have conversations at the dinner table again!
Go old school and write a list
While there are certainly some great apps to help you with your to-do list, for me the best method of keeping a to-do list is to hand write it on an index card every day. I keep a stack at my desk in the office and at home. Every day, I write down the list of things that are crucial for me to get done that day.
The card stays with me all day long and it’s extremely gratifying to mark items out. The following morning, anything that didn’t get marked off goes on to today’s card. If a to-do is moved more than twice then I have to ask myself how important it really is. Although this is low-tech, this is my favorite productivity hack!
What about you? Have you found any productivity hacks that you think are especially useful? Let me know – I’d love to hear them as I am always trying to get better.
In the meantime, our team has put together an email course full of productivity advice on topics like email, cutting distractions and meeting to help you get more done as an individual and as a company. It advice we use in our own company every day to help us be more successful and I highly recommend it. You can sign up here.
Working in an office can sometimes feel like a minefield of productivity killers. Emails constantly popping up, co-workers swinging by to chat, meeting where not enough gets accomplished can all be a drain on your productivity.
It only gets worse when you take into account that most people are pretty terrible at mental accounting (how we add up things, like how long it takes to get tasks done in our heads). Not only do you have an inaccurate picture of how much you’re really getting done, but it can make you feel worse about what you still have to do.
In a recent article on Inc.com, Robin Camarote wrote:
“Patterns of imprecise time estimating are what keep us in that perpetual state of feeling behind and overwhelmed.
If we knew and acknowledged how much time various tasks took, we’d not only get more done, but we’d feel more confident in our ability to finish what we set out to do in the first place.”
One of the piece of advice Camarote gives is to time yourself to see how long your recurring tasks actually take. This can help you get a better understanding of how long it actually takes you to accomplish your tasks.
Of course, you can do this manually. But if you’re an Office 365 user, you may not have to. Using Delve Analytics can help you get a handle on your mental accounting. It gives you insight into how much time you’re actually spending on tasks like emails and meetings – and how much time you actually have to focus on more important tasks.Delve Analytics (available on Office 365 E5 plans or as an add-on to other plans) automatically tracks your habits to give you better insight into your work day. Some of the numbers it tracks include:
- How long you spent on emails in a week: This includes a breakdown of how long you spent reading emails, how long you spent writing emails and a total comparison versus your company average.
- Percent Read: What percent of emails do you read and what percent of your emails are others reading
- Reply time: How long does it take you to reply to emails and how long does it take other to reply to you
- How long you spent in meetings: This tracks how long you spent in meetings you scheduled and meetings scheduled by others.
- Meeting habits: This breaks down common occurrences in meetings that could be hurting your productivity, like multitasking in meetings, after-hours meetings, recurring meetings, longer (+1 hour) meetings, and conflicting meetings.
It also calculates your focus hours (defined as at least two hours without a meeting), after-hours work (emails and meeting outside of defined working hours) and collaboration (who you’re in meetings with and emailing the most). Microsoft has a nice breakdown of how all of these are calculated here.
Having access to this data can be a wake-up call for how much time you’re actually spending on email and in meetings. Take a look at your numbers and see if there are places where you can improve. Delve Analytics let you set goals, so use this to incrementally cut down on the bad habits eating into your productivity and work on getting your focus hours up.
Of course, the data isn’t perfect. It can only tell you what it can track in Office 365. It isn’t going to track the productivity killers (like checking social media and getting interrupted by co-workers) that creep in outside of email and meetings.
But using Delve Analytics can give you much a better handle on your mental accounting. Getting a clearer idea of where you’re actually spending time working can make it easier to make intelligent decisions about what you need to change to be more productive.
Looking for more advice about how you can improve your productivity? Sign up for our Productivity Kickstarter Course.
Working with an outside IT support company can be a huge help to small businesses who don’t have their own IT team (or who need supplemental IT support). As with any vendor relationship, the key to getting your IT issues solved quickly and efficiently is open communication – even when it may not seem necessary.
When it comes to IT, though, the Benjamin Franklin quote is very true: “An ounce of prevention is worth a pound of cure.” Letting your IT company know about changes beforehand can save often times save you money and headaches down the line.
That new line of business application you’re about to purchase may not be compatible with your environment (or we might just be able to help you get the licenses at a lower cost!) or the software upgrade you’re about to install may break an integration with another program. We would much rather have a five-minute phone call before you make any changes, than a 5-hour phone call after changes have been made and something has broken.
At PTG (and at any good IT provider), we take the time to document and learn your environment when you sign on as a customer. We have diagrams, recorded passwords, account numbers for other vendors and notes about how things in your network interact. To provide the best service possible, we get to know your environment like the back of our own hand.
If you make changes to your environment without telling your IT company, it could lead to poor service down the line. Our engineers work from what they know about your environment and the information you give them about a problem. If the information they have is incorrect, it will take longer to solve the problem. Or worse, we potentially won’t be able to solve your issue.
In addition to poor service, changes to your environment could potentially cause some of your equipment or software to break. These are some common issues we see:
- A program can stop working altogether or be seen as unrecognized by us during troubleshooting another process and in the effort of helping we disable a new product that we didn’t know about causing problems for the customer.
- Some programs you have may be too old to work with a new email solution.
- A new version of your line of business application may not function on your old server or it may require updates be done to all of the computers at the same time.
- There may be a Microsoft Update or a virus definition that causes your system to go down due to a change.
- Your newly purchased desktop may not appreciate the old Adobe Acrobat that you bought eight years ago.
- An update to your timekeeping software may be simply too much for your outdated computer’s hardware to handle.
Any and all of these could lead to potentially costly downtime. Imagine that you just dropped several thousand dollars on a brand new line of business application. If you didn’t consult with your IT provider first, there’s a very real chance that your server and workstations simply don’t have the hardware required to run it – and that new software isn’t doing anybody any good sitting in the box.
If you call your IT company beforehand, what they should be doing is contacting the vendor and getting the system requirements. This is information that your IT provider can use to compare against your current environment to then come back to you as the customer and give reassurance that your current set up will or won’t work for the newly purchased software.
If it won’t work with the current set up, that’s ok. Better to find out now and then be able to budget for any new or changing equipment or services instead of having to make the unexpected purchase after the software has been bought.
There is also going to be a discussion going on between the technical and sales staff at your IT provider and these are some of the questions that are going to be asked in that discussion. Is this the right solution both from a functionality and financial standpoint? Will this product do what our customer needs it to do? Is the customer’s current environment going to be able to support this product from a hardware standpoint? There is a whole team of intelligent individuals working to ensure that you and your company are at your most productive as long as possible. We at PTG want technology to be the last thing you worry about. That’s our job.
Service Provider Changes
Changing internet service providers is a great example of a change that may not seem like it should have any effect on your IT service. After all, you’ll still have internet, right? But changing providers actually does involve some changes to your network.
Most businesses use what is called a Static Public IP address. Basically, it’s how your business is identified on the Internet (think of it like your mailing address). That Static IP address is hard-coded into your firewall and potentially other places in your environment (like the public records of where the Internet sends your email to be sure it gets to your email server).
If a change is made to a different internet provider this IP address needs to be changed similar to how you notify the Post Office when you change addresses so that you can still get your mail. Failure to do so can result in the loss of Internet access because the old provider will turn off the circuit to your building as you are no longer their customer.
It can also result in the loss of emails not being delivered to you. If the emails are still trying to get to where they think your email is hosted because the IP address wasn’t changed, they’ll go there and bounce back to your clients as non-deliverable messages.
Any remote users that use a VPN will need changes made to their remote access as the old address will no longer have your firewall on the other side of the connection to allow for the remote connection to be established. This leaves your remote employees up the proverbial creek without a paddle.
We at PTG will contact the new provider and get this new information so that we have it in hand ready to go when we arrive onsite to make the changes in your firewall and the rest of your network to ensure as little downtime as possible.
We can also publish out directions or contact your remote users to make changes necessary to keep their remote connections operational. Some of our monitoring systems at PTG are reliant on this IP information as well. If it changes and we cannot monitor your network, we may miss an alert about a serious problem.
The last example of changes to consult with your IT provider about revolves around licensing. Microsoft updates and provides changes to their products constantly. New features and new offerings are always around the corner. Let’s take Office for instance. Microsoft only supports Office within three versions. In other words, if you have a computer with Office 2007 installed and are trying to run your email on an Exchange server that is current (Microsoft Exchange 2016) it will not connect. Now you are in the pickle of having to spend more capital to purchase a current version of Microsoft Office.
PTG is also constantly getting new offers from our vendors with better values that we can pass on to our customers. Previous versions of Office 365 required purchasing a la carte products and now over time Microsoft has bundled these into popular plans that give the customer the best bang for their buck with the best features.
To add onto that with your Office 365 subscription will be constantly updated when the newest version of Office or another product is released. This keeps you and your company on the cutting edge and the best performance Microsoft has to offer.
There are many reasons to call your IT provider. You should never be made to feel like you are being a pest or bothering your team. At PTG, each interaction is a chance for us to re-earn the customers’ business. We will gladly pool our knowledge and experience to bring you the best solutions for you and your company. Even if you think an issue is very simple and you are completely capable of performing the work on your own, please call us. It really does save you time and money in the end, and that’s why we are here.
Without the right tools in place, sales can be a messy process, making difficult on leadership teams to know what their sales numbers really are – and can cause major problems if a salesperson leaves the company.
Using a Customer Relationship Management (CRM) system can go a long way to alleviate those problems. Getting the right system in place can bring clarity to your sales process and even help your sales team close more deals. Here’s how:
Get a better handle on your sales data
Without good sales data, you’re shooting the in dark. Often times, the only place sales data exists is in the heads of your sales team. Using a CRM gets this data out of their heads and into a place where it’s beneficial for everyone.
A good CRM system will include reporting features so you can see what’s going with your existing sales. This will allow you to get an accurate picture of what your sales team is doing and what sales efforts are and aren’t working. It’ll also allow you to see what’s in your sales team’s pipeline, so you can more accurately forecast and plan for the months ahead.
Some CRM’s include customizable dashboards. We recommend looking for a CRM that does – if team members can’t see the numbers that are actually important to them, dashboards aren’t exactly helpful. Individual members of your sales team should be able to see their own numbers while sales managers and leadership should be able to see company numbers.
Close More Sales
Using a CRM system can also help you close more sales with new customers. There are few places where it does this:
A CRM formalizes your sales process and puts controls in place so that nothing falls through the cracks. Is there something you need every time you make a sale? Make it required information in your CRM.
Using a CRM helps you make more informed decisions by showing you what’s working and what isn’t working in your sales and marketing. This helps you focus your sales efforts on the area that drive the most sales instead of guessing at which way will work best.
A good CRM gives you more time to sell by automating administrative tasks (this is also helpful if the admin work isn’t getting done now – a common problem among sales teams in every industry). Some CRMs can integrate with your email and automatically keep track of communications with prospects.
Manage and Upsell to Existing Customers
A good CRM will help you manage your relationship with your existing customers by acting as a portal for notes, communications, and records of your relationship. Everything from individual touchpoints up to contracts should be in your CRM, so there is never confusion about what a customer has and follow up actions can be taken appropriately.
Say a customer mentions to you that they will need to make a large purchase in six months. Using a CRM, you can create an activity for yourself to follow up with them at the right time, quickly access the details of your conversation, see what they have already purchased from you and make the right suggestion at the appropriate time.
Some more robust CRMs, like Microsoft Dynamics CRM Online, actually have upselling as a built-in feature. It looks at your existing data to see what kind of customers buy which products and when and will offer suggestions to your sales team. This helps you suggest the appropriate products at the right time, instead of trying to cross sell products a customer probably isn’t interested in.
Keeping track of your client information in a CRM is also especially helpful if a salesperson leaves your company. Their information is still there and a new sales person should be able to come in a pick up right where the last one left off.
Using a CRM can be a huge help to your sales team. But it’s not a decision that should be taken lightly. It’s important to spend time finding the right system for you and your sales team. Using a system that doesn’t work for you can be just as painful as using no system at all. We’ve broken down some specific features to look for in this blog.
Want to get your feet wet with a CRM? Sign up for a free trial of Microsoft Dynamics CRM Online.
SharePoint 2016 has started rolling out to Office 365 users. As heavy SharePoint users ourselves, we’re pretty excited about this and there are a few new features that have already piqued our interest. In addition to an easier navigation, Microsoft seems to have a renewed focus on collaboration and productivity.
(If you’re wondering whether you’ve been upgraded, the easiest way to tell is to look for the new ‘SharePoint’ icon in the app launcher (instead of ‘Sites’).
Copy files from OneDrive to SharePoint
For years, Microsoft has pushed OneDrive as a place to store your personal files and SharePoint as the place for collaborating on files with your team. Their official recommendation was to store your documents in OneDrive until you were ready to work on them with the team, at which point you would save the file to your desktop, upload the file to SharePoint, and then go back and delete the file on your desktop.
This cumbersome method is no longer needed, as you can now move files directly from OneDrive to SharePoint. To move a file, select a document or folder and then choose the ‘Move to’ option from the ribbon. This brings up a list of libraries you’ve followed or recently accessed.
Pin Files and Folders
Another great feature is the ability to ‘pin’ files and folders to the top of a library. This is very similar to the existing features already in Office programs like Word and Powerpoint and we’re thrilled to see it added to SharePoint. It’s sure to be a time saver.
Before SharePoint 2016, there was no way for an administrator to highlight an important file or folder. Some users have been cheating the system for years by naming the file with an ‘A’ or with a number (see below), but the method was inefficient and clunky at best.
To pin a file or folder, select it and choose ‘Pin to Top’.
Link Files and URLS
Another new feature in SharePoint 2016 we love is the ability to link files and URLs.
With files, you can now upload a file in one place on SharePoint and link to it in other libraries rather than uploading the file in multiple places. If a change needs to be made to the document, you just make the change to the original without needing to re-upload it to any other locations. This should also help from a storage limit standpoint since you won’t be using storage space to hold the same file multiple times.
You can also link to outside URLs, which is especially helpful if you often deal with outside vendors. If you use SharePoint for an employee portal, you can now add links to outside URLs relevant to your employees – like the support portal for your IT company or the 401K information on your HR company’s website.
These are just a few of our favorite new features in SharePoint 2016. We’re excited to keep exploring and see what else Microsoft has added to improve productivity in SharePoint.
So, you own and operate your own small business? Good for you! Small businesses are a huge part of the economy and provide work for millions of Americans. We’re a small business, too, and we handle the data security and IT needs of dozens of small businesses. So we’re pretty qualified to tell you the following: You and your data are in grave danger.
Now, more than ever, small to medium sized businesses are the target of cyber-attacks. These crooks know what you do: small businesses don’t have the capital of a large, multi-billion-dollar, international conglomerate, ergo, you cannot invest as heavily in securing your data. So you have to invest in your security wisely.
What To Do
Small businesses are a fantastic place to work. Unfortunately, for you as the small business owner, your biggest liability may be the employees. The employee that opened the email that (on the surface at least) appeared to be a resume, but was actually a ransomware virus and has now brought the entire company to a standstill because all of the data is now encrypted and therefore useless. The summer intern who gives out the wireless password to a “visitor” has inadvertently opened the entire network to potential attack.
So you may be asking, “How do I stop this?” Train your employees. Create an environment of caution.
It can be intimidating to tell a supervisor the email that you just opened doesn’t look right and there’s a bizarre message on your computer explaining that all the files are encrypted and being held ransom for Bitcoins.
Send out monthly newsletters, have lunch and learn meetings and discuss what a potential attack could look like. The sooner you are aware of a problem; the sooner it can be fixed.
Employees should know how to critique an email from an unknown source. Look for things like spelling and grammatical errors, symbols where letters should be, and file attachments from unknown senders.
Employees should know what constitutes a strong password: at a bare minimum, eight characters, mixing upper and lower case letters, numbers and symbols. The longer and more complex a password is, the harder it is to break.
Employees should also be trained on social engineering attacks. When the phone rings and the caller states they are from the IT department, and you don’t have an IT department, it’s probably not a good idea to give out passwords, much less remote access to your machine. Employees should be trained not to leave their computers unattended especially if the screen is not locked. Unlocked computers are an open door to those who would love nothing more than to wreak havoc on your network.
What to Buy
There is a myriad of products a small business can invest in for data security. Let’s look at the true necessities and go from there.
Firewall and Wireless
First and foremost, you need a firewall appliance. A firewall is a piece of equipment that sits between the internet and your internal network that can filter the traffic. No, that wireless router you bought at the big box store does not count as a firewall. This device needs to have some form of gateway antivirus, website blocking and tracking, inspecting both encrypted and unencrypted web traffic. The firewall may or may not come with built-in wireless, however, it should govern the wireless traffic.
Speaking of wireless, if you decide to implement it, there should be separate corporate and guest access. In other words, the wireless network allowing devices to connect wirelessly to the corporate network where your data is stored should be completely separate from the wireless that you would allow guests or clients to connect to. A client could walk into your business with a compromised computer, connect it to your network wirelessly or physically and unknowingly create a huge problem for you. The guest network should be completely separate with only access to the Internet.
Another investment that you will need to make is a backup solution. There are two kinds of people in the world when it comes to backups: those that do regular backups and those that wish they had. Don’t be the latter. It’s not uncommon for companies to lose years of work due to not having a backup solution.
What should you look for in a backup solution? Your best bet is an image based backup. The days of just doing file-level backups are over and done. Image-based backups take a snapshot of the system at that time and store it. The image-based backup gets everything, operating system, programs, files, and permissions etc. This drastically decreases recovery time.
In a file-level backup recovery, you must first replace the hardware, if necessary, reinstall the operating system, reinstall all programs and then restore the files from the backup. Not the case with image-based. Simply replace the hardware, if necessary, restore the image-based backup and you are right back to the point in time where the last good backup occurred.
These backups aren’t just useful in disaster recovery, i.e. natural disaster, fire, theft etc. They are also helpful if you happen to be the victim of one of the many cryptoware attacks. Once the time of the attack is discovered, simply remove the machine where the attack originated from the network and restore the backup prior to the attack.
The second part of the backup solution should include an off-site component. Technically according to best practices, it should include two off-site components: one local, one not local.
A local backup could be taking the backup drive to the safe deposit box at a local bank on a weekly basis. It could be as simple as taking a backup drive home every night or every week. The idea is to not have all of your backups in one place at one time. If your office burns to the ground one night and all of your backups were in the building you may as well not have had any backups at all.
There are several cloud backup solutions that offsite your data to their data centers and can assist in disaster recovery efforts. Typically, this involves either spinning up virtualized versions of your servers or files on their equipment in the cloud or shipping a drive to your location to restore your data locally.
Backups are a crucial part of your data security. The more money you spend up front, the less money it will cost on the back end to fix the loss of data. Now let’s move on to our last topic.
What Policies to Put in Place
Policies are one of the most difficult and time-consuming measures to implement for data security in a small business. Policies should be as detailed as possible to leave little room for doubt. Policies cover everything from who has access to what file shares, allowing users to connect their mobile devices to your corporate, or guest network or not at all. Here are few questions to consider when putting your data security policies in place:
Will you allow employees to store information from their workstations on removable media like flash drives or writable media such as CDs or DVD’s? Allowing users to store proprietary data on external removable media leaves you open to the possibility of data theft.
Will you allow employees to store and send information on cloud storage or file shares? Cloud storage is great (we’re big fans on OneDrive in particular), but only when it’s tightly controlled and everyone’s on the same system. Users should have the minimum access necessary to still be able to perform their job. The recent rash of cryptoware malware attacks preys on the open access that most users have to company file shares today.
Will you allow employees to access the network from outside the office? Permitting employees to access corporate networks from outside should be very tightly controlled. It does not take an overly skilled attacker to find a vulnerability to exploit on a less than secure remote access method. Remote access should always include connecting to a VPN over an open port allowing access to the corporate network.
Will you implement two-factor authentication methods like an RSA key or biometrics? Two-factor authentication is a great way of securing your network even further. Couple the two-factor authentication with hardware level encryption and the frightening specter of a stolen laptop becomes a lot less scary. Since the thief wouldn’t have the key to decrypt the drive even if they remove it from the stolen laptop, it becomes as useful as a paperweight.
Will you force users to change their passwords on a regular basis and require a complex password? Forcing users to change passwords on a regular basis helps to mitigate long-term dictionary password attacks. These attacks involve the perpetrator running a program that uses an enormous “dictionary” of common words to try and match the password. Best practices are to change the password every 30 days while not allowing for repeated passwords.
All of these decisions can have huge impacts on your company’s data security. Strict data security policies might seem annoying now, but they’re critical to your company’s security. But keep in mind, a policy doesn’t do anything if it isn’t enforced. Luckily, with data security, policies affecting computers and computer systems can be set within the programs, at the user level, making them much easier to enforce.
The bad guys of the cyber world are only getting more skilled and crafty in their attacks. It’s up to you to put measures in place to help keep them out.
Have questions about your data security? Contact us to find out what you security measures you can put in place on your budget.
Using a Customer Relationship Management (CRM) system can vastly improve the productivity of your sales team. There are a lot of very different CRM options on the market and figuring out which system is right for you can be daunting. When looking for a CRM, there are a few factors you must consider before committing to a system.
Will it support your sales process?
Look for a CRM system that supports the way you and your team want to work. You shouldn’t have to adapt your entire process to fit the system – the system should fit you. This doesn’t mean you aren’t going to make changes to your process (no doubt, that’s part of the reason you’re looking for a CRM in the first place), but those changes should be dictated by your needs, not by the CRM.
Involve your team in the process and make sure it fits your team across the board. Not every salesperson works the same, and not everyone on your team is going to want the same features. This is where features like customizable dashboards are especially helpful!
Does it connect to your other applications?
Look for a CRM that can easily connect to the applications you already use. The more your team has to switch between applications to record data, the less likely people are to do it.
For example, if you’re using Outlook for email, find a CRM that will integrate with Outlook and track emails, appointments, contacts, and tasks so your sales team doesn’t have to switch between the two applications.
Consider the departments your sales team works with the most – will your CRM integrate with their systems? How easy or difficult will it be for the sales team to get other departments information they need (and vice versa)? Will your marketing team be able to easily alert your sales team to new leads? Can financial information about deals be passed to QuickBooks (or whatever accounting software you’re using) automatically?
Integrating your CRM with other systems ensures information is consistent across the board without an employee having to spend time entering it into multiple systems.
Can it grow with you?
Look for a CRM that can grow and adapt with you as your sales team grows. There are some nice, cheap (even free) options for small CRM systems on the market that can seem perfect when you’re just starting out – but may not be able to grow with you as you add more contacts and employees. There are a few specific areas where you’ll need to watch for this:
Price: How are you billed? Are you charged by the seat (user)? By the number of contacts? By features? Or some combination? Will you still be able to afford it if you need to move up to the next pricing level? And the next one? Some CRM systems make their money by getting you in the door at a low price, then getting more and more expensive as you grow. If you’re already dependent on the CRM system at this point, this could put you in the position of having to choose between the features you need and the features you can afford.
Features and customization: Not everyone needs a ton of bells and whistles in their CRM system, especially when your team is small. It may seem like a waste of money to invest in a system that has more than what you need right now. But consider a few years down the road – how big will your team be then? What will your sales process be like? Consider what features you need now AND what features you may need down the line.
For example, Microsoft Dynamics CRM Online has some really nice upsell and cross-selling features. When you’re just getting your feet wet with a CRM and have a small sales team with a fairly simple process, these may seem unnecessary. But as your team grows and become more sophisticated, cross-selling and upselling may become a vital part of your sales process.
Another factor to consider is whether or not features can be customized to fit your needs. The out of the box options may work fine for you up front, but as you grow, you may find you need more – or different options.
Is it easily accessible from any location?
A CRM system should be easily accessible to everyone who needs to use it – no matter where they’re working. This is especially important if you have a mobile workforce or a sales team that often goes to client offices for sales meetings.
If your team can’t easily access the CRM system and has to wait until they’re at the office to enter data, it’s much less likely that the data is going to actually end up in the CRM every time. Look for a CRM that can be accessed from anywhere, to make it as easy as possible for your sales team to enter information as soon as they get it.
To do this, your best bet is generally going to be a cloud-based CRM that can be accessed from anywhere with an internet connection. An on-premise server with a VPN can work, too, although, accessing a CRM with a VPN can be a slow process.
Even better, look for a cloud-based CRM with an offline mode and offline synchronization so you can still work, even when you’re offline.
Finding and implementing a CRM isn’t always a quick process. But taking the time to find the right system for your company will save a lot of headaches down the road.
One way to see if a system works for you? A free trial. Follow the link below to try out Microsoft Dynamics CRM Online for 30 Days.
Using job boards in your hiring process can seem incredibly impersonal (and if you’re the one looking for a job, it can seem like throwing your resume into a black hole), which isn’t something you typically want when looking for a new person to your join your team.
But we have a very real and very important reason for using one: security. Malicious emails designed to look like resumes are a very common way to send ransomware and other forms of malware.
Ransomware, a form of malware that holds your files hostage for a ransom fee, can be potentially devastating to businesses, especially if you don’t have good backups (for a deeper dive into what it is and what to watch out for, read this blog).
While we back up our files regularly, and haven taken measures to limit the possibility of ransomware entering our system, we don’t take chances when it comes to protecting our data and our customer data.
What We Do Instead
Use a Job Board: Instead of asking applicants to email their resumes (and opening resumes sent to us via email), we use a job board. The particular job board we use displays the resumes submitted in a web browser so we never have to actually download the file. We can get through the entire hiring process without having to take any risk of opening a file that could be malware.
Block Certain File Types: Outside of the hiring process, there are other steps we’ve taken to help prevent malware emails from even coming in our environment. One step is to block files types commonly associated with malware from coming into our company via email. Some of the file types we’ve blocked include .exe, .scr, .bat, .js, .jse, .vb, .vbe, .wsf, .wsh, .cmd, .pif, and .chm. We update this list as new forms of malware come out. Directions for how to do this in Office 365 are in this blog post.
Use Advanced Threat Analytics: We’re Office 365 users and have turned on Advanced Threat Analytics (which we’ve written more about here). Basically, it uses machine learning to detect threats (specifically in attachments and links in emails) before they come into your network. This has prevented multiple malicious emails – including some disguised as resumes – from getting inside our network.
Train Employees: All employees on are trained on data security best practices, including the warning signs for malicious emails. We post about the newest threats on our company-wide social media site (Yammer), so everyone is up to date. This is critical – even the best spam filter isn’t going to keep out 100% of malicious emails. It’s vital for all employees to know what to look for. It only takes one click on a bad link or opening the wrong attachment and your entire company could be compromised.
What to Watch Out For
We understand a job board isn’t right for everyone. If you do still need to get resumes via email, take some precautions and watch out for the warning signs that something could be off. Some of the red flags include:
- Resumes sent with emails not customized to your company or the position in any way – this could be a sign of a hacker blasting an email to as many people as possible to try to up their chances of someone falling for it.
- Bad grammar and spelling – Emails containing malware are typically poorly written with a grammar and spelling errors.
- Large files sizes – Resumes typically shouldn’t be very large files, so a large file size should raise a red flag.
- Weird file types – If you don’t recognize the file extension (or if it’s a file extension not typically associated with documents or resumes), don’t open it. This doesn’t mean a .doc file doesn’t contain malware, but if it’s a strange file type, it’s more likely you’re in for a nasty surprise.
- Macros – Do not ever enable macros on an attachment from an unknown sender (and be very, very cautious even when you know the sender). This has gotten to be such a common way of sending malware in an otherwise innocent looking file that Microsoft has turned them off by default.
Of course, emails that don’t raise any of these red flags could still be dangerous. Always be careful when opening attachments from unknown senders.
Not accepting resumes via email may not seem like the friendliest way to recruit new employees, but it’s the safest for us – and security is a top priority. If you’re interested in what our job board looks like, or what positions we currently have open, check it out here.
Our friends at Propel HR have written more about best practices while hiring on their blog.