Cybersecurity

3 Solid Cybersecurity Tests for Your Employees

Cybersecurity is a prime concern of many modern businesses. And it should be – a direct cyber attack can cost businesses as much as $40,000 per hour. It doesn’t take much time for the costs to become dangerously large.

So how can organizations begin to protect themselves from these malicious threats? The most common first step to comprehensive defense is proper employee training.

A staggering 55% of organizations have had a security incident or data breach due to a malicious or negligent employee. These disasters are often extremely costly, but the good news is that they are easily avoidable.

60% of survey respondents believe employees lack adequate knowledge of cybersecurity risks. Informing your employees of the lurking cyber threats is an important first step in protecting your company. Proper employee training can significantly reduce the chances of a cybersecurity attack striking an organization.

Here are three solid approaches to cybersecurity tests that will keep your employees more secure than ever before.

Workspace Inspections

One of the biggest concerns in cybersecurity is in their immediate physical security. Many people leave their passwords physically written somewhere around their workspaces. The worst offenders will go as far as leaving their account names and passwords on sticky notes on their computers.

To combat this threat, you must perform random workspace inspections. Aside from helping you keep a clean office, they can clearly show you who is taking their cybersecurity seriously. From there, you can establish a reward system for those that pass the test to incentivize employees to follow proper physical security procedures.

Cybersecurity Knowledge Quizzes

Another important aspect of workplace cybersecurity is the overall security knowledge of employees. You should regularly send articles and notices of the latest cyber threats, including what to look for to avoid them and how to tell if an infection has occurred.

Your organization should also hold cybersecurity seminars – once a quarter should be plenty. Take the time during these meetings to showcase proper cybersecurity habits, such as regularly changing your passwords and locking your computers when you step away from them.

After the spread of cybersecurity information, ensure that employees are retaining their knowledge by administering multiple-choice quizzes. Just like their workplace inspections, you should incentivize those that perform well on these tests with various types of rewards.

Simulated Phishing Attacks

Phishing attacks tricks people into willingly clicking on malicious links and dangerous viruses. You’ve undoubtedly heard of them – one of the most popular is the “Nigerian prince” scam.

These cyber attacks are easily avoided by those that know what to look for, and they’re commonly clicked on by those that don’t. Though there are many different kinds of phishing attacks, the most common kind will come through as a seemingly innocent email.

You can run simulated phishing attacks that don’t contain malicious viruses. Instead, they simply inform you which of your employees fell for the phishing attack. When the test is completed, you must re-train all those that failed the test with proper cybersecurity policies. After all, it just takes one person to let a nasty virus into your network.

Cybersecurity for Your Business

Testing your employees properly takes a certain effort and coordinatioCybersecurityn that you simply not have time for. However, you can’t afford to let your cybersecurity efforts slip through the cracks.

But don’t fear – Diverge IT is here to help. We can bolster your cybersecurity and make it airtight, giving you the freedom you need to work on what matters to you. Ready to get started? Contact us.

Security Mistakes

The Top 3 Security Mistakes Employees Make

Network security is a chief concern of many organizations throughout the world. 75.6% of organizations encountered at least one successful cyberattack within the past 12 months. And though the rate of cyberattacks is not going to decrease anytime soon, it’s important to recognize why it’s so high.

The ideal network security efforts for organizations typically involve advanced devices and programs such as next-gen firewalls, antivirus software, and encryption programs. Despite these effective tools, the first line of defense should always start with the employees of the company.

Without proper security training, employees are prone to making mistakes that they could otherwise easily avoid. Here’s the top three security mistakes employees are making.

1. Reusing Passwords

The perfect password should be a combination of lowercase and uppercase letters. It must contain both letters and numbers, and special characters if allowed. Picking the perfect password isn’t difficult, but picking the perfect password multiple times can get extremely tedious.

Unfortunately, it’s nearly unavoidable. Multiple accounts require multiple passwords. To try and bypass this, employees will often reuse the same password across multiple (and usually all) accounts. It may be easier to remember the password, but it also poses a large risk. If a hacker came to know your password for one account, they would gain entry into every other account.

2. Using Unsecured Networks

It’s increasingly common for employees to use mobile devices for work purposes. That’s great for productivity and flexibility – but it also poses new risks. For example, users may sit down at a coffee shop to grab a drink and check their emails. Without thinking about it, they connect to the Wi-Fi network.

The importance of proper encryption cannot be understated. If the coffee shop uses an unencrypted and unsecured Wi-Fi network, a malicious actor can easily connect to the same network and access the machines connected to the same network. In other words, you’re handing someone information without meaning to. Sending an email or sharing a file with sensitive data in it can pose a huge security risk in an unsecured network.

3. Neglecting Physical Security

IT infrastructures are constantly bombarded with cyberattacks from everywhere on the internet. However, the attacks aren’t always based on the internet. They come from within the workplace itself and stem from a lack of physical security. When a user gets up and walks away from their computer without locking it, they invite trouble.

In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all attacks were carried out by insiders. Of these attacks, three-quarters involved malicious intent, and one-quarter involved inadvertent actors. Malicious actors can simply access an unlocked device and grab whatever data they need. From there, they can do whatever they want with it… leaving your innocent employee liable for a potentially devastating data breach.

What to Do About Security Mistakes

Your employees aren’t actively trying to let cyberattacks into your network. But without proper security training, they still pose a risk that software or hardware can’t account for.

Keeping your employees informed is a powerful way to drastically reduce the chances of your organization suffering a cyberattack. If you’d like to learn more about how we can help you with security awareness training, contact us today.

6 Simple Steps for Better Business Security

You’re sitting at your desk and you’re innocently browsing your emails. You click on one with a strange subject line, insisting you must open “an critical attachment”. Without much thought, you open the attachment and – oh great, you’ve been hacked. IT support spends hours trying to contain the breach.

Oops.

A week later, your phone rings. The person at the other end of the call claims to be an IT technician. They say that they’ve got to run routine maintenance on your PC, but they’ll need your username and password to complete it. You’re used to the ol’ IT update game, so you think nothing of it. You go about your business like normal, until… your computer suddenly gets remote controlled, locking you out.

You’ve been hacked. Again.

What Gives?

Most companies would be quick to blame the employee in these situations. However, that’s not the full story. The problem isn’t that employees are easy to fool, or that they’re not smart enough. The truth is they’re untrained and unprepared.

75.6% of organizations encountered at least one successful cyberattack within the past 12 months. That’s a scary statistic. But it doesn’t mean all hope is lost – adequate training can dramatically reduce this number.

How’s that, you ask?

Start by following these six simple steps that fight back against business security threats.

1. Get Better Passwords

Passwords exist pretty much whenever there’s sensitive data involved. There’s a 17% chance we know your password. Is it 123456? If it is, 

please go change your password right now. Password security is simultaneously one of the easiest things to take care of, and also the one of the most annoying.

Modern computer users have to remember dozens of passwords for individual sites and applications. Even so, it’s important to have a good password consisting of uppercase, lowercase, and numerical elements. If possible, throw in some special characters too.

2. Lock It Up

Improved password security is a great start, but there’s plenty more to do. Here’s another highly important habit that all employees need to get into: locking their computer. In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all attacks were carried out by insiders. Of these attacks, three-quarters involved malicious intent, and one-quarter involved inadvertent actors. Physically accessing a machine is easy as pie whenever it’s out in the open like a sitting duck. (No offense, ducks – it’s not like you can read this whitepaper).

When you lock your computer, you’re adding another level of security that a malicious person has to get through. Network administrators can also establish policies throughout domains that lock people out of computers after a certain number of attempts for even more protection.

3. Keep It Clean

When you store a lot of stuff on your computer, you’re giving viruses and malicious applications a wide range of places to hide. An infected document is hard to find among a sea of clutter. But with the proper usage of folder structures, computers become easier to manage for both IT departments and employees.

After all, it doesn’t take much to fill up the desktop and have it turn into a word-search game (and people always manage to do just that).

4. Save to Secure Devices

IT departments should discuss the importance of saving documents in appropriate folders. Employees usually don’t have the option to backup their own data, so this tip requires collaboration between administrators and computer users. Employees should be trained to save their files to specific folders, hard drive partitions, or network devices. From there, IT admins need to regularly backup their data to safe locations. In the event of a disaster, restoration of data becomes easy.

5. See Something? Say Something

Employees should never be hesitant about flagging suspicious activity. After all, it’s always better to be safe than sorry. If a user receives an unusual email with an odd attachment, you need to give them access to IT support that can answer their question. Yes, it’s possible that Carol from HR will flag a Java update eight times in a row… but it’s also possible that you catch something far nastier, such as a ransomware virus or a phishing attack.

6. Stay Informed

Lastly, an easy way to improve business security is to just keep your employees informed of the latest changes in the network security landscape. While it may not always be a riveting read, sharing the occasional IT security article here and there throughout the office can be a great boon to your security strategy.

What better way for employees to prepare for possible incoming cyber threats than to read about them directly?

Better Business Security for You

Implementing the tips listed in the six steps can drastically change the effectiveness of your business security strategy. Your employees will be better prepared with proper security habits and an overall improved knowledge of lurking threats. However, there are two drawbacks:

Time and effort.

Proper security awareness training can take a lengthy amount of time. Without the right people conducting that training, you may just waste precious time. Of course, efficient training stems from a hefty amount of effort too. You may not be equipped to run effective training sessions and informative events, but luckily for you, that’s what we’re here to do.

Diverge IT can help you with your security awareness training. To find out more about how we can boost your business security and keep your organization safer than ever, shoot us a message.

Password Security

4 Ways Hackers Can Steal Your Password

Hollywood likes to portray hackers as intelligent nerds that sit in front of computers all day. They’re usually stationed in front of a dated computer observing lots of matrix-style code as it cascades throughout the screen. When they “hack” their targets, they make it a point to show furious typing and repeated “access denied” notifications.

While it may look natural in a movie, real hackers couldn’t be more different.

Hackers are criminals that use advanced software and special techniques to gain entry into systems for data exploitation. These data breaches and cyberattacks are a lot more common than people think – 50 percent of small and midsized organizations reported suffering at least one cyberattack in the last 12 months.

Global spending on cybersecurity products and services are predicted to exceed $1 trillion over the next five years, from 2017 to 2021. And yet, hackers are still attacking more businesses than ever. Without proper cybersecurity measures in place, you face a very real risk of losing your data to a criminal

Let’s look at four of the most common ways that hackers can steal your password.

1. Brute Force Attacks

This form of attack is nothing more than a random trial-and-error session. Specialized programs operated by the hacker work tirelessly to guess your password, conducting a high number of attempts per minute. The hacker will point the software to focus on words that they know matter to you. This can include your pet’s name, your birthday, names of your loved ones, etc.

You’re probably not considering the fact that hackers can and will specifically target you. A hacker needs only a few minutes to find your online profiles, such as LinkedIn, Facebook, Twitter. Using the information they find on these sites will allow them to guess more relevant passwords, giving them a better chance at accessing your data.

2. Spidering

Sometimes, the hackers will skip the personal information hunt completely. They know that many people prefer to keep their work passwords related to their jobs. Therefore, they study up on corporate terminology and relevant facts about a certain company. Spidering is typically reserved for bigger companies, as they usually have more information online and are more likely to have standardized passwords.

Spidering is especially effective for gaining access to WiFi passwords. Most office routers are protected by simplistic passwords related to the business itself. Without much effort, hackers can break into the WiFi network and steal sensitive data.

3. Keyloggers

Keyloggers are a form of malware. They’re spread through infected attachments and are difficult to spot without the aid of a comprehensive antivirus software. They burrow deep into your computer’s file system and wait for you to type things. As you type on your keyboard, the keylogger (living up to its name) will log every keystroke and send it to a receiving hacker.

Upon receiving this information, the hacker will have everything they need and more. Keyloggers are especially dangerous because they completely expose all of your actions and not just your passwords. You may type sensitive information meant for only a select number of people … only to have it end up in the logs of a hacker who can use it for extortion and ransom.

4. Shoulder Surfing

It’s not as fun as it sounds. Shoulder surfing is probably the simplest way for a hacker to gain information, but it’s still surprisingly effective. As the name implies, a hacker will simply look over your shoulder as you enter in passwords and other sensitive information. Shoulder surfing is more common with ATMs, credit card machines, and any other device that requires the input of a PIN.  

Part of practicing proper password security is not leaving your password in plain sight. Part of shoulder surfing is also when hackers simply search around your computer for any mention of passwords, which many users foolishly leave on sticky notes on their monitor or under their keyboards.

Bolster Your Password Security

We’ve listed four of the most common ways for hackers to swipe your password, but there are many more. The best way for you to avoid having your password stolen is a combination of effective network security devices and software and end-user training.

Having your employees create passwords that are complex and difficult to crack will deter hackers from even trying to break into your systems. If they do try to break in, having strong passwords in place will buy you the valuable time you need to catch them and lock them out of your infrastructure.

At Diverge IT, we’re no strangers to keeping hackers away from businesses. If you’d like to learn more about how your organization can avoid these cyber criminals through helpful security solutions, reach out to us today.

Image of Phishing

Your Go-To Guide for Identifying Phishing Attacks

To a cybercriminal, you’re nothing more than a big, juicy fish. You’re slow, you’re hungry, and they don’t expect much from you in terms of intelligence and strategy. That’s exactly why they throw their “worm” in the water and hope you gulp it down without a second thought. But you’re not the only one – the cybercriminals cast a gigantic number of lures out to try and snag anyone who is willing to take the bait.

The practice is called “phishing”, and it’s a pretty apt name for this type of cybercrime.

PhishingWhat phishing IS:

In short, it’s a type of cybercrime that aims to convince you to divulge information to the criminal. Instead of malicious code and software, the cybercriminal depends on deception and simple trickery to gather personal or sensitive information from the victims. From there, they gain access to critical files and data.

hackerWhat phishing IS NOT:

Phishing is often confused and grouped with hacking. However, hacking requires the knowledge of programs and code that exploit (or create) gaps in security infrastructures. In other words, hacking extracts information involuntarily, while phishing requires users to hand over information willingly.

Though phishing isn’t necessarily invasive, it doesn’t mean it’s conducted without effort. Phishing attempts often rely on expertly crafted emails, documents, and even websites. If it can be copied or mimicked, cybercriminals will use it to phish for information (a process known as “spoofing”).

But it doesn’t stop there. Phishing isn’t a straightforward trick that you can easily ignore. It requires constant attention, intelligence, and a basic sense of awareness. Phishing attacks have become a natural part of running a business: the total number of phishing attacks in 2016 was 1,220,523, a 65% increase over 2015.

But all hope is not lost. The multiple different types of phishing attacks have their own unique twists that you can spot if you know what to look out for.

Pull Quote

Clone Phishing

When cybercriminals get their hands on an email, they can do a lot with it. For starters, they analyze everything – from the user-sender relationship to the tone and kind of language used in the email. With this information, they can create an almost identical email that can be nearly impossible to distinguish from the real version. The difference with the clone is that it usually claims to be a “resend” of the original email due to one reason or another.

Usually, the email that they clone will be one that contains attachments. When they resend the email, they send an infected attachment with the same filename and size. This helps them to gain a foothold within an infected machine, possibly infecting others within the same network. These can be tricky and may require assistance to confirm authenticity when you have concerns.

Website Forgery

This web-based attack is also known as a “deceptive site”. The cybercriminal goes through the process of building a site that is nearly an exact replica of the target website. When a user arrives on the site, they browse it like they would for the original site, since it contains the exact same functionalities. Often, the user won’t be able to tell that they’re on a fake site because a fake URL will be overlaid over the address bar on the site.

Once the user submits any information on the site (such as email addresses, passwords, credit card info, etc.), the criminal has won. This attempt is hard to spot and even harder to defend against. The credit giant Equifax recently fell for a website forgery attempt, and actually directed its users to go to the fake site on accident.

Man using phone

Phone Phishing

Phishing attempts don’t always find you through an email or a browser. Sometimes, the most convincing attempts actually come from phone calls. Usually, the cybercriminal will use untraceable VoIP services to conduct the calls.

The attempts usually go something like this: first, they claim to be important services, such as debt collectors, banks, and hospitals. Then, they prompt their users to enter in information such as account numbers and PINs. When the criminal has what they want, they simply hang up and move on to their next victim. It’s helpful to remember that most important account notifications or confirmations requiring personal information will not be delivered or requested by phone and usually not via automated voice service.

Spear Phishing

Generally speaking, phishing targets the masses. More than a fishing pole, it’s more accurate to think of it as dragging a large net. It’s imprecise, and it tricks only those that don’t know what to look out for.

But spear phishing is nowhere near as clumsy and imprecise as most other types of phishing.

Pull quote

Spear phishing targets a specific company or group of individuals. Criminals behind this approach take their time; they gather as much information as they can before taking any action. Because of this, spear phishing attacks often take many months, and in some cases, even years. In other words, while the approach is usually like types of phishing, there is a massive amount of research behind each and every word. According to Symantec, spear phishing emails have targeted more than 400 businesses every day, draining $3 billion over the last three years.

Whaling

The most dangerous type of phishing is actually a variant of spear phishing. Whaling earns its name because it goes after the biggest targets in a business – the executives. The content of whaling attempts typically deals with executive-level issues while carrying itself as an important email. Often, they disguise themselves as legal subpoenas, customer complaints, or as fellow executives needing important information.

Once the executive of the company falls for the scam, the company can suffer greatly and even shut down completely.

So What Can You Do?

There are no two ways about it – phishing schemes are tricky cyberattacks to deal with. The number-one defense mechanism against them doesn’t come in a pre-packaged box, and isn’t sold in stores.

 

The best defense is user awareness and proper security training.

Diverge IT can help you attain and maintain proper security awareness. We’ve been protecting businesses since 1999 from hackers and all kinds of malicious cyberattacks. If you’d like to learn more about what we can do, reach out to us today.

Training employees on phishing attacks.

Breaking Down a Phishing Attack

Dearest Reader,

You’ve caught me at a very critical moment. It is in both of our best wishes for me to extend a lucrative business opportunity forward to you. My name is Prince Obviouso Phishingscamman. My father, King Blantanto Phishingscamman has tucked away his massive fortune of over $15 million. Unfortunately, the wicked Fakemenistan regime has locked him away for good, with bail set at $3 million.

However, with your help, I can exploit a loophole where I can send money overseas to you. I received your email address from a very reliable source so I know you can be trusted. Once my father is free from his prison, I will send the remaining $12 million to your bank account as a show of good faith. All I require is for you to open an bank account within our borders. It will require a small fee of $500 and some information of yours.

Please make the haste. I am looking forward to working with you in the near future.

The most regards,

Prince Obviouso Phishingscamman

What Just Happened?

If you’ve been around for more than 20 years, you’ll probably recognize the format of the “email” above as the classic Nigerian prince email scam. While it seems far-fetched, many people fall for this kind of email all the time. It’s known as a phishing email, named aptly so because it tried to “phish” for information by getting you to spill the beans willingly. In fact, 91% of cyberattacks and resulting data breaches begin with a phishing email.

Let’s take a look at some of the signs that shouted “phishing scam” in the email above.

1st Sign: Your Email

I received your email address from a very reliable source so I know you can be trusted.”

The chance of someone stumbling across your email is low. The chance of them getting your email from a faraway foreign land where you have no ties? Even lower.  These cybercriminals typically use sophisticated tools to harvest email addresses from the internet. They also purchase lists that contain many thousands of email addresses. Once they’re ready with the email, they send it out to everyone they can.

2nd Sign: The Spelling

“All I require is for you to open an bank account.”

It’s not a rule set in stone, but emails from phishers often come filled with typos. The sentence structure is sometimes fragmented, and they don’t always get their point across clearly. This particular email wasn’t really poorly written (aside from the occasional and purposeful spelling mistake here and there), but some phishing scams can be absolutely flawless.

3rd Sign: The Catch

It will require a small fee of $500 and some information of yours.”

As with any scam, there’s a catch. Phishing emails will always require more information from you. In this case, the scammer asked for money and information, which happens often. Sometimes, the criminal is more patient; they don’t ask for anything on the first email or so, but if you respond to them and keep the conversation going… things begin to get dicey. They build a huge backstory, complete with numbers that you can call and businesses that you can look up.

In other words, the longer the communication goes on, the harder it is to break away from it.

Defending Against Phishing Scams through Employee Training

So what is the best way defend against these emails? Time and time again, studies have shown that employee training is the way to go. When employees know what to look out for, they can identify and flag the phishing attempts without putting your company at risk of a breach.

You should train your employees by showing them real examples of phishing attacks. Some companies go as far as to employ people to run a “friendly” phishing attack on their business to see who falls for it.
If you’d like to learn more about how we can help increase your employees’ security awareness, reach out to us today. Our comprehensive network security plans will ensure that both your company and your employees alike stay protected against any cyberattack that comes your way.

Outsourced IT Support

4 Lies SMBs Tell Themselves About Outsourced IT Support

Partnering with a top-notch managed service provider can be greatly beneficial to SMBs. By outsourcing their IT support, companies can focus more on their business and deal less with burdensome IT issues. And with more time to spend on their business, they can grow their bottom line and gain a competitive edge.

But when it comes to outsourcing their IT support, small and medium-sized businesses always seem to hesitate. For one reason or another, they rely on false and outdated information to dissuade them from even seeking more information about the matter. And without proper support, these companies unknowingly hurt their chances for success.

Without further ado, let’s take a look at the four most common lies that SMBs tell themselves about outsourced IT support.

1. It’s Too Expensive

SMBs usually tell themselves that they simply can’t afford to have outsourced IT support. They’ll usually turn to what they mistakenly believe to be a cheaper form of IT support – themselves. When there isn’t much going on, this isn’t an infeasible plan. Handling an email here and there is absolutely manageable for a company just starting out.

But with multiple employees, copious important email attachments, sensitive data transfers and more factored in… what happens? They quickly become overwhelmed with the sheer amount of data thrown at them. From there, they also have to begin accounting for hardware and software purchases, including their setup and management.

Many companies will then turn to hiring an in-house IT person, still believing that it’s cheaper.  But this person requires a salary, time off, benefits, continuing technical education, and more. Meanwhile, outsourced IT support is done on a set, flat rate that is predictable and easy to budget around. Many MSPs don’t realize that this rate can also vary based upon need; not all companies have the same level and costs of support. In the end, SMBs partner with IT professionals for far less money (and headaches) than they could by handling it themselves, or leaving it to an expensive in-house IT person.

2. We Can Handle Our Own Security

Seeing a cyber attack in the news is hardly a rare sight. Though bigger companies take the spotlight more often, SMBs are still at a very high risk of cyber attacks. After all, 43 percent of cyber attacks target small businesses. Why? Because SMBs often don’t have the knowledge or resources to defend themselves properly. When they attempt to handle their own security, they only scratch the surface of proper network protection.

Many outsourced IT support providers include 24/7 network monitoring for security issues. They also assist with firewall configurations and installations, and even the management of an antivirus program for the company. Partnering with a managed service provider gives SMBs the peace of mind to focus on their work without the fear of being stalked by cyber threats.

3. We’re Too Small to Need Outsourced IT Support

For some reason, SMBs think IT support is something that is achieved at a certain level of size. But the truth is a company is never too small to have IT issues. When things like computer system crashes, file deletions, and malware infections occur, the SMB is left to their own devices. Without someone to handle the problems, the SMB is forced to seek out specialists to fix their issues as they occur.

This break/fix approach is very expensive and ultimately impractical for companies. However, with outsourced IT support from a managed service provider, SMBs can skip the issue entirely.

Modern IT support is completely scalable. It doesn’t matter how big the company is; they can get the service they need for a price they can afford, at any size.

4. All Support Is the Same

The idea that all outsourced IT support is the same is a common belief of SMBs. However, that simply isn’t the case. It’s not as simple as choosing the most expensive or inexpensive service, as those are often poor indicators of the caliber of service received.

Instead, SMBs need to focus on how the managed service provider treats each interaction. The perfect IT partner needs to understand where the business is coming from, and where they want to go. They also should strive to be an extension of the company, rather than just another service that will come and go. And at Diverge IT, that’s exactly what we do.

If you’d like to talk to us to see how our managed IT services can help you grow your business, feel free to contact us. We’ll work together to develop the best plan of action for your company, and we’ll choose the type of services that make the most sense for you.

Managed Services

What Happens When You Don’t Use Managed Services?

Take a long look at your company’s overall IT infrastructure. You’ll notice that you probably have a lot of physical hardware in your workspace. You also undoubtedly have many different applications for your day-to-day operations. Now ask yourself: who’s in charge of that?

 

Well, you are, of course.

 

While all those devices and programs may seem totally manageable today, it may become impractical to self-manage them by tomorrow. With every passing day, your company probably grows by some degree. Sometimes, the growth comes slowly and with painstaking toil. Other times, the growth is explosive and unpredictable.

 

Your organization’s growth means that you’ll be adding more complexity in your IT environment. This can include more users, more programs, and more devices – not to mention adding completely new IT processes within your workspace. And after all this growth, who’s in charge of it all?

 

It’s still you, of course.

 

The freedom of managing your own IT can suddenly become a sizable burden. You need to focus on problems that occur elsewhere, and you can’t be tied down to making sure the network is running smoothly.

 

At this point, you may consider partnering with an IT provider for their managed services. With expert, dedicated assistance, you’ll be able to focus on your business to keep your business productive, rather than your IT.

 

But what happens when you don’t use managed services?

You Lose Money

If you decide to forego a managed services provider, you’ll have to shoulder all of the IT burden. For you, that means that you’ll have to either dedicate time and effort personally into IT upkeep  … or you’ll have to hire someone to do the job for you.

 

By choosing to do it yourself, you’ll need a modicum of training to get started. Entry-level IT upkeep can be straightforward, but it still requires patience and technical understanding. And, if you run into an issue that you’re unable to solve, you’ll have to reach out for assistance anyway (which can cost quite a bit, depending on the specialist). With your time on the line, you’re losing valuable hours that translate into lost opportunities for creating revenue for the company.

 

On the other hand, you could hire dedicated in-house IT support. This means adding another person to your company payroll, which includes benefits, taxation, and HR hoops to jump through. Though they may do a good job managing your company’s IT, they won’t work for a flat, set rate like a managed services provider would.

You Lose Out On a Skilled Workforce

When you work with a managed services provider, you gain access to a large and experienced pool of IT technicians and engineers. Because they work with multiple companies across industries, these people are seasoned veterans in their respective fields. Having access to their skill sets keeps you on the leading edge of solving difficult problems or completing specialized projects, all without paying any extra to the managed services provider.

 

Conversely, if you choose to handle your own IT, you’ll lose out on all that advantage. You’ll be limited by whatever current knowledge you already have. For new projects and ventures, you’ll have to reach out to specialists for their knowledge, on their terms. Depending on the specific amount of help and the level of difficulty, it could cost you greatly.

You Limit Your Productivity

It’s a no-brainer: when you have to focus on your IT issues, you can’t focus on your business. In truth, software and physical devices malfunction on a near-daily basis, so maintenance quickly becomes a full-time job. With managed services from an IT partner, you’ll receive quick and efficient resolution to problems that occur within your workspace. As an added bonus, most reputable managed service providers will provide options for 24/7 support. For you, that means that you can work whenever you want without the fear of a malfunction slowing down productivty.

 

By yourself, you get none of that. Even with a hired in-house IT department, they may not respond to after-hours calls. If they do, it will usually cost you more in overtime hours.

The End Result: Managed Services are Better for You

 

Managed services overall boost your productivity, they save you money, and they allow you greater flexibility to handle bigger and more difficult projects. By yourself, you risk running up costs and wasting time, which hurts your company overall. The key to getting the most out of your managed services is to partner with a provider that works well with you.

Diverge IT want to be your partner. Together, we can find innovative solutions for your IT problems and keep a watchful eye over the technology in your work environment. We’ll learn about you and your business to best align our service with your needs and wants. To learn more about how we can help you, feel free to reach out to us.

 

End User Security Tips

6 Helpful End User Security Tips

Cybercriminals are tricky fellows. They try their best to sneak into your organization’s network and wreak havoc. Often, their goal is to steal your company data and hold it for ransom. From an IT department’s perspective, there are many things that can be done on the system level to prevent such cyberattacks. You can upgrade to a newer firewall, utilize different anti-malware programs, and deploy network monitoring tools, among many other things.

 

But in the end, the cybercriminals aren’t targeting the hard-to-crack IT department.

 

They’re targeting the end users.

 

It makes total sense; end users don’t have the technical know-how to spot malicious attacks. They are by far the most likely to be in direct contact with cyberattacks, and they’re the ones most likely to interact with the attackers. Statistics show that 30 percent of phishing emails get opened. With so many end users dealing with these cybercriminals, you must ask yourself:

 

Are you training them well enough to deal with these attackers?

 

It’s vital to have employee training to minimize the risk of attacks affecting your company. We’ve compiled six helpful end user security tips to guide them to better security practices for your company.

1. Lock It Up

Many people simply get up from their computer and walk away. That’s an open invitation for someone to jump onto it and do whatever they want. Instead, make it a habit to teach employees to lock their computer every time that they move away from it, and adjust their automatic lock setting in case they forget. If your car is full of stuff, you definitely wouldn’t leave it unlocked in the middle of a busy street.

 

Why wouldn’t you do the same for your computer?

2. Open Sesame

A no-brainer, but it still needs to be mentioned from time to time. Picking a good password is critical to securing your data. In a similar vein, leaving your password on a sticky note near your computer is a big no-no. Literally anyone can walk by and access your data.

 

Stop doing that.

3. Triple-Double Check

Why is the CEO of your company asking for your bank information and social security number? They shouldn’t do that, and you know that. Often times, they aren’t even the ones asking. They may be the victim of email spoofing or may have had their email compromised entirely. Always call or contact the person (or their assistant) directly to double-check for legitimate requests.

 

A simple phone call can save everyone from a massive data breach.

4. The Latest and the Greatest

Software updates contain patches to security holes. Keeping your software updated to the latest edition is your best bet for keeping cyberattackers away from your data. If you don’t have administrative rights on your computer, let your IT department know that you need updates.

 

Better safe than sorry.

5. Easy on the Downloads

When you download things, especially programs, you need to make sure that they’re completely safe. Installing a malicious program on your computer could spell doom for not just you, but anyone connected to your computer on your network. When downloading files, make sure that they come from a trusted source.

 

Don’t get your download privileges removed.

6. Check That WiFi

Often a company will allow their employees to connect to an office WiFi network. This network is typically secured and comes with various built-in security protocols. Malicious cybercriminals can (and will) create open WiFi networks with a similar name as the real one. This means that you might connect to their network, which would allow them access to all of your data on the connected device.

 

Don’t give hackers your data through WiFi.

End User Security with Diverge IT

So there you have it. Six perfectly good security tips to help your end users navigate the dangerous internet a little bit better. With those tips in use, you’ll see greatly reduced numbers of successful cyberattacks.

And if you thought those were useful, you should see what we can do for your company. Reach out to us and we’ll work out a detailed security plan that will keep your business more protected than ever before.

Should have virtualized

The Man Who Should Have Virtualized (A Short Story)

The computer screen went completely blank. Joe blinked, and sighed deeply.

 

“Not again”, he muttered, as he got up from his chair.

 

He excused himself from the meeting. After weeks of preparation, it was all falling apart. Michelle glared at him as he got up. Clark shot him a sly grin.

 

Joe pretended not to notice either.

 

“Sorry, everyone. I gotta go check on the server. Hunk of junk is acting up again.”

 

Hastily he walked out of the conference room and began the long trek over to the server. With each step he took, Joe’s stomach knotted further. He worried about how much the repairs were going to cost, and how long it would take for the server to come back on.

 

If it would even come back on, at all.

 

Before he knew it, his hand was on the doorknob to the server room. The smell of burnt plastic and musty air surrounded him immediately. He glanced at the screen for activity.

 

Nothing.

 

Joe quickly deduced that a cheap cable had fried the power supply to the server. He begrudgingly dialed the product support line, and was greeted by an enthusiastic man named David.

 

“Hello, Mr. Phillips. How may I help you today?” David said, with boundless cheer.

 

“I need a new power supply to my server. This one is totally wrecked. Looks like there might be other damage, too.”

 

“We can absolutely do that for you! We’ll need to schedule a technician to go out there and assess any further damage. I see that you’re no longer covered by our warranty, so this will be an independent charge. Is that okay?”

 

Joe froze.

 

Unsure of what to do, he racked his brain for options.

What Should Joe Do?

Joe could very well pay for a replacement part for his server. But, would it be worth it?

 

The answer is that it would not.

 

Joe’s next action should be to look into virtualizing his server. For him, that means that his precious data is stored in a secured facility. He can access it from anywhere, and he can avoid annoying (and potentially embarrassing) situations like his failed meeting.  

 

Aside from simply accessing his data, Joe would also save lots of money. Without the need for repairs, he could allocate funds to other areas of the business. Additionally, not having a server would save him a considerable amount on energy costs and help the company go green too.

 

As an added bonus, Joe would also eliminate the need for tedious updates and constant support. His IT team could focus on other areas of his organization, improving overall infrastructure instead of focusing on a defunct server.

 

The benefits of moving to a virtualized server are clear. But, Joe would need an experienced partner to virtualize all of his data.

 

Who could possibly help him with the task?

Virtualization with Diverge IT

Partnering with Diverge IT makes virtualization a breeze. Joe should partner with us to experience minimum downtime during his transition to the virtualized server. He’ll receive support along the way, and save money in the process.

 

If you and your company are like Joe, you should chat with us today. We’ll work with you to determine how to go about virtualization, and we’ll build a plan that will outline your path to success.