Tag: custom_blogging

5 Biggest MSP red flags to watch out for

Managed IT services providers (MSPs) in Salt Lake City offer varying levels of service. Some are thorough and will help you maximize your business’s IT systems, while others may cut corners and fail to deliver the results you need. Therefore, you must choose your MSP carefully. To help you make the best decision for your business, watch out for these red flags when choosing an MSP.

The MSP charges you for services you don’t need

Unless you belong to the tech industry yourself, it’s likely that you don’t have extensive skills or knowledge about IT. Some providers know this and will take advantage of you by pressuring you to sign up for services you don’t actually need. For example, they might say your system requires a certain type of software when the one you’re currently using is enough for your needs or that you need to purchase additional licenses when you don’t.

Make sure you have a rough idea of your business’s IT needs before consulting with a prospective provider so you aren’t caught off guard. Ask for a second or third opinion from other MSPs or IT experts if you’re unsure about the advice you’re getting. A reputable MSP will assess your needs first and will be upfront about which services are essential for your business and which ones can wait. They’ll also explain why certain upgrades are necessary so you can make the most informed decision possible.

A reputable MSP will assess your needs first and will be upfront about which services are essential for your business and which ones can wait.

They don’t communicate clearly and frequently

Ongoing communication is key to a successful relationship between your business and your MSP. After all, your MSP is responsible for keeping your business’s IT systems up and running, so they must be proactive in inquiring about the state of your IT infrastructure. If they don’t communicate with you, certain tech issues may not be discovered and resolved on time, if at all.

Ideally, an MSP should assign someone from their team to act as a dedicated point of contact for your company. It is this personnel’s job to regularly check on your company and coordinate all developments and issues that require attention.

They have few or negative customer reviews

Online reviews can tell you so much about an MSP, including how they treat their clients and whether their services match your business’s needs. Of course, very few or nonexistent reviews could simply mean that the MSP is new. However, you’d want to entrust something as important as your business’s tech to a provider with a track record of quality service, so choose an MSP with numerous and consistently positive reviews.

They respond too slowly

Downtime can have severe and costly consequences for your business, so your MSP must be able to mitigate or immediately resolve it. Before committing to an MSP, ask about their turnaround times and see how fast they can respond to your concerns over the phone.

On a related note, it might be better to choose a provider within your area. Although MSPs can manage most of your IT needs remotely, hardware issues and certain tech hiccups may require an on-site visit. In such cases, working with an MSP within your locale helps resolve problems quickly.

They can’t help you with cybersecurity insurance

Data breaches are occurring more frequently. In fact, the Identity Theft Resource Center’s 2021 Annual Data Breach Report shows that there were 68% more data breaches in 2021 than in the previous year. This makes it all the more important for your business to secure cybersecurity insurance, as it protects you from the financial risks associated with cyber incidents.

Ask your prospective MSP if they offer cybersecurity insurance. If they don’t, inquire if they can help you apply for the insurance policy. Reputable MSPs will at least know what you need to secure such a policy and point you to a trustworthy insurance provider.

Your IT systems are crucial to your business’s survival and success, so you need to leave them in the hands of an MSP like [company_short]. Our team of IT specialists has years of experience in addressing the needs of Utah businesses like yours. Talk to us today to get the best IT services for your business.

5 Ways Microsoft 365 enhances hybrid work environments

The hybrid work model not only helps employees become more productive, but it also promotes better work-life balance. Microsoft aims to further improve the experience through the Microsoft 365 suite of productivity tools. Let’s take a look at how the service benefits hybrid work.

Metaverse for immersive meetings

The metaverse is a virtual world that mimics aspects of the physical world using technologies such as virtual reality, augmented reality, artificial intelligence (AI), social media, and digital currency.

To enhance hybrid work environments, Microsoft is integrating its metaverse platform Mesh into its business communication platform Teams. With Mesh, Microsoft is making it possible for in-office and remote employees to be together in 2D and 3D virtual meetings. Companies will also be able to create immersive spaces that resemble physical spaces like conference rooms, design centers, and networking lounges. What’s more, users can create personalized avatars to mix and mingle, collaborate on projects, and have encounters that spark innovation.

Improved Teams meeting experience

Microsoft is also updating Teams to foster more inclusive and productive hybrid meetings. When setting a hybrid meeting, the host can use the scheduling form to assign roles to participants. For instance, they can assign one employee to be the timekeeper while another can be the facilitator. Teams also now has a feature that lets the host see the order in which participants raised their hands during a meeting. This ensures that everyone is called and heard.

Related article: How to protect your Microsoft 365 environment

Easier cross-organizational collaboration

Teams Connect allows employees to share private and shared channels and files with anyone, including those outside their organization. Thanks to a recent update, you can now schedule a meeting, collaborate in real time on apps, and share channels with up to 50 teams and as many organizations as needed. In the future, users will also be able to chat with third parties who have personal Teams accounts.

Better collaboration with Microsoft Loop

Let’s say you’re planning a team outing, so you want employees to send pictures of their suggested venues. Then you’d want everyone to vote. Doing this may require multiple apps, but Loop allows your team to do it all in one place.

The purpose of Loop is to centralize all tasks to improve the collaboration of a team in real time, even if employees are in different locations.

Loop has three elements: Components, Pages, and Workspaces.

  • Components: These are small productivity units that help you collaborate and complete work while you’re in chats, meetings, emails, documents, and more. You can build your own components or leverage preset ones, including:
    • Voting table: Makes it easy for teams to reach a consensus and finalize decisions together.
    • Status tracker: Helps you gather information from your team, track progress on all project aspects, and always maintain an updated view of a project across your team.
  • Pages: These are canvases where you can organize your components and obtain elements like links, files, or data that are relevant to your project.
  • Loop workspaces: These are shared spaces that allow your team to see and collate everything important to your project. Workspaces also make it easy for you to catch up on what everyone is working on, react to others’ ideas, and track progress toward shared goals.

Enhanced employee digital experience

Under the hybrid work setup, the employee experience is not limited to a physical location, as it also extends to the internet. In this environment, employees also need to learn and stay engaged. That’s where Microsoft Viva can help.

Viva is an employee experience platform that brings learning, insights, communications, and resources together in one platform. It spans four categories: connections, learning, insights, and topics.

  • Connections: Uses AI to offer innovative engagement experiences to keep all employees informed of company happenings
  • Learning: Allows team managers to assign courses or lessons to certain teams or individuals, fostering a culture of development and learning in the company
  • Insights: Allows companies to make data-driven improvements in their processes and policies to enhance employee well-being and productivity
  • Topics: Organizes content in the organization, allowing employees to easily find the information they’re looking for

Microsoft Viva can be purchased as a suite that includes all of these modules.

If you need assistance deploying Microsoft 365 for a better hybrid work experience, NetWize is here to help. We will analyze all of your needs, deploy the right solutions, and ensure that you are getting the most out of your investment. Talk to us today to learn more.

What is Ransomcloud, and what are its dangers to your business

Ransomware is one of the most dangerous cyberthreats today. In fact, a recent study found that businesses in the United States suffered 22 days of downtime on average after they were hit by a ransomware attack.

Normally, ransomware works by encrypting a computer’s local file system, preventing a user from accessing their data until they pay a ransom. A new strain called ransomcloud, however, can infiltrate cloud-based systems. In this blog, we will discuss how it works and what you can do to protect your systems.

What is Ransomcloud?

Ransomcloud is a ransomware variant that attacks cloud-based platforms such as Google Workspace and Microsoft 365.

Ransomcloud attacks leverage phishing emails, or messages that appear to come from trusted entities like banks, business partners, or colleagues to gain the victim’s trust. These emails typically contain a link to a web page that, when clicked on, will ask the user to log in to their account. The fraudulent web page will request permission to access the user’s data, sign into their accounts, and read their calendars and contacts.

Should the user grant these permissions, the ransomcloud will encrypt the user’s emails and files to make them unreadable. It will then demand a ransom for the user to regain access to their data.

What are the dangers of Ransomcloud to your business?

If one of your employees grants ransomcloud access to your systems, they can lose access to their email accounts, messages, contacts, and files. And when your workers cannot access their apps and files, their productivity suffers. Cybercriminals can even send emails as the victim to spread the malware even further across your IT network.

Cybercriminals can also threaten to leak your business’s sensitive data unless a ransom is paid. However, we at NetWize highly discourage you from paying the ransom, as there’s no guarantee that you’ll regain access to your cloud systems. Some cybercriminals may leak your data even if you paid the ransom. Paying also sets a bad precedent because it only encourages cybercriminals to victimize more individuals and businesses.

How can you protect your organization from Ransomcloud attacks?

Keep your business protected from ransomcloud attacks through the following best practices:

1. Deploy role-based access controls (RBAC)

If every employee in your company can access all of your files, cybercriminals will only need to infect one account with ransomcloud to compromise your data.

By implementing RBAC, you can regulate network access based on each employee’s role. This means that a worker can only access the files and applications needed to perform their tasks, thus minimizing the potential damage of ransomcloud.

2. Use multilayered security

Using multiple layers of cybersecurity solutions mitigates the risk of future ransomcloud attacks. Each layer provides an additional level of protection, making it harder for threat actors to infiltrate your cloud systems. Your security framework should include the following:

  • Email protection solutions: These must have a spam filter, data loss protection, and end-to-end encryption to protect your cloud systems from email-based cyberattacks.
  • Antivirus software: The best antivirus software should be able monitor your IT infrastructure round the clock to protect against malware.
  • Intrusion prevention system (IPS): An IPS regularly inspects network traffic to identify vulnerabilities and prevent threat actors from exploiting them.
  • Web content filtering: This prevents users from accessing malicious websites, thus reducing the risk of a malware infection.

3. Create offline backups

Back up your important data in external hard drives, DVDs, or flash drives, as they cannot be infected by ransomcloud. Alternatively, you can partner with a reliable managed IT services provider like NetWize. We will store your files in our secure off-site servers and monitor them round the clock to prevent any issues.

4. Educate your employees

Because ransomcloud attacks use phishing emails, teach everyone in your organization how to recognize these messages. For instance, you can train them to be wary of messages that ask for their login credentials or permission to access their data.

You should also teach your staff to use strong passwords and enable multifactor authentication. Lastly, conduct cybersecurity awareness training regularly to help your employees identify and avoid the latest cyberthreats.

NetWize offers reliable protection from cloud-based threats like ransomcloud. We will monitor your cloud systems 24/7 and make sure that issues are taken care of before they cause productivity-crippling downtime. Get your FREE IT assessment from us today.

What is Riskware, and what are the dangers to your business?

You use several computer programs every day to do work. But did you know that some of them can pose potential security risks? In this blog, we will talk about riskware, how it works, how you can spot them, and what you can do to prevent future riskware attacks.

What is riskware?

Riskware is any legitimate program that poses security risks due to software incompatibilities, security vulnerabilities, or legal violations. Most of the time, riskware is not inherently malicious, but only has functionalities that cybercriminals can exploit. When used with ill intentions, however, riskware can be considered as malware.

How does riskware work?

Computer programs typically have some level of system access to function properly. For example, they may have permission to monitor user activity or access the computer’s built-in microphone.

Some functions that can be abused by cybercriminals include:

  • Access to the system kernel, or the core component of an operating system (OS)
  • Access to data-gathering components such as the camera, microphone, and GPS
  • Access to critical system areas like the system registry and Internet Protocols
  • Program modification for changing program settings or modifying its code

How does riskware affect your business?

Riskware poses legality and security issues such as:

1. Privacy invasion

Cybercriminals can use riskware to spy on you. For example, some remote work monitoring apps use GPS data to record an employee’s location. If a cybercriminal exploits one of the app’s vulnerabilities, they could use it to spy on your workers’ whereabouts. They can also hijack conferencing programs like Zoom and Teams to commit corporate espionage.

2. Data breaches

Threat actors can use riskware to steal data or install malware onto an unsuspecting user’s system. This leads to significant security incidents, including well-known DDoS attacks as listed by CloudSecureTech, which highlight the importance of cybersecurity vigilance. For instance, if they find a program with File Transfer Protocol enabled, they can install a server that allows them to steal the user’s files. Cybercriminals can also exploit internet relay chat clients’ dialer programs and instant messaging features to create backdoors and deliver malware, such as ransomware.

3. Program exploits

Attackers can misuse and exploit programs like remote access software. This program allows IT personnel to access a user’s computer, then diagnose and fix technical issues. However, if the program has serious vulnerabilities, cybercriminals can use it to hijack the user’s OS.

How can you spot riskware threats?

Since riskware is harmless until used maliciously, spotting them can be difficult. To make finding them easier, take inventory of software programs installed on your computer and ask yourself the following:

1. How did this software end up on my system?

Riskware is typically installed on your OS and granted system access permissions by your IT administrator. If you find a program with permissions that you or your admins did not grant, that’s a red flag.

2. What permissions does this program have?

Check the authorizations your suspicious programs have. For instance, a calculator app should not have access to your device’s registry and contacts.

3. Is this program still supported?

Unsupported programs no longer receive security patches from their developer, so cybercriminals can easily exploit their vulnerabilities to steal sensitive information or install malware. If an app has not been updated in many years, it should be considered as riskware.

4. Does this program violate the terms of service for another app?

Many programs can interact with one another. However, you should avoid the ones that augment or disable the features of another app.

Tips to prevent riskware attacks

Here are some best practices you need to follow to protect your business from riskware attacks:

  • Limit the number of programs that have admin-level privileges.
  • Read all of your programs’ terms of service and privacy policies.
  • Uninstall programs that are preventing others from functioning properly.
  • Avoid using software that requests unusual permissions.
  • Download applications from trusted sources only, such as the developer’s website or official app stores.

 

Let NetWize protect your business from riskware and other potential cyberthreats. Our cybersecurity experts will help you identify vulnerabilities, and install firewalls and intrusion detection tools to protect your business from costly data breaches. Talk to us today to get a FREE IT assessment.

 

Avoid these 6 critical mistakes during disaster recovery

Disasters like fires and malware attacks can strike your business at any time. When they do, it’s crucial to have a disaster recovery (DR) plan in place to mitigate their impact on your business. Unfortunately, many businesses make critical mistakes that can significantly slow down the disaster recovery process. In this blog post, we’ll take a look at six of these blunders and how you can avoid them.

1. You don’t have a DR plan

If your business doesn’t have a DR plan, it will be difficult to recover from incidents. Your recovery teams won’t know what to do and will make last-minute assumptions, resulting in a longer and costlier recovery process.

By having a proper DR plan, you can better assess the scenarios that threaten your operations and how to combat them. Your plan provides specific recovery instructions so teams know what to do when disaster strikes. What’s more, it identifies technology solutions that facilitate the recovery process like cloud backups and provides directions on how they should be used.

2. The DR plan is outdated

Over time, the information in your DR plan may become outdated and key personnel may leave the company. You may also replace your IT systems and face newly emerged cyberthreats

For instance, if your DR plan didn’t include the threat of ransomware and such a malicious program infected your system, you may encounter issues recovering from the incident.

By regularly reviewing and updating your DR plan, you ensure that it’s always relevant and effective. Updated DR plans and briefings also guarantee your team is well versed in the latest disaster recovery procedures and know how to handle disruptive incidents.

3. You don’t test the plan

Some organizations make the mistake of creating a DR plan and then just setting it aside. By not testing the plan, no one knows if it will actually work and your team will not know what to do in the event of a disaster.

It’s vital to test your DR plan annually to determine the effectiveness of proposed procedures. One way to do this is by simulating recovery tests. For instance, you could stage a malware attack to see how well teams respond to it. You should also practice using technologies that support recovery procedures to see if they actually work as expected.

4. Your backups are stored in only one basket

Backups are a fundamental part of disaster recovery, as these ensure that you can recover your files and applications in case of data loss. However, storing all your backups in a single location is ill-advised because you can lose all your files if the backup facility becomes inaccessible or compromised.

Avoid this issue by implementing hybrid backups, which combine an on-site backup with replicated cloud backups. This way, if your on-site backup is destroyed or inaccessible, you can access another copy in another location.

5. Not getting everyone involved

It’s a big mistake to assume that only IT departments are responsible for disaster recovery. Instead, everyone on your team from senior management to rank-and-file employees should be aware of the security risks facing your business and play an active role in mitigating them.

Start by training your staff regularly in cybersecurity best practices. For example, teach them to be critical of every email or website they open and to refrain from downloading suspicious files. You can also simulate a cyberattack to test your employees’ reaction times. This will help you identify your teams’ strengths and areas for improvement to prepare your business for future cyberattacks. 

6. Not having a disaster recovery partner

Choosing the right disaster recovery partner can spell the difference between success and failure when recovering from disruptive events. Without one, your business will have to take responsibility for data restoration, systems replacement, and other critical processes that are beyond your expertise. And that’s all too much to take on alone 

Fortunately, reliable managed IT services providers like NetWize have extensive knowledge of disaster recovery. We can provide you with 24/7 technical support during disasters and help restore your operations quickly. Give us a call today

How to protect your Microsoft 365 environment

Microsoft 365 is one of the most reliable cloud platforms available for businesses today. It offers best-in-class productivity and communication tools while protecting your company’s data with multiple layers of security. Microsoft heavily fortifies its cloud platform with advanced threat protection systems, firewalls, physical security measures, and regular data backups. 

However, despite these protections, you and your staff must also take precautions to keep your valuable assets safe. Here are five best practices for securing your Microsoft 365 environment:

1. Implement multifactor authentication 

Multifactor authentication (MFA) is a security process in which users must provide more than just their passwords to prove their identity. This could be a one-time passcode generated by an authentication app, a USB security key, or a biometric scan. With MFA, you can prevent access to your company’s data even if cybercriminals somehow manage to get a hold of your passwords.

To enable MFA on Microsoft 365, you need to sign in to your company’s Azure Active Directory admin center. Then, go to Properties > Manage Security defaults, click Yes next to the enable security defaults option, and then press Save. The next time users try to log in to their accounts, they’ll be prompted to set up their secondary authentication method. For a more streamlined and secure login process, we highly recommend using the Microsoft Authenticator app to generate temporary passcodes on company-registered mobile devices. 

2. Limit access privileges

Not all employees need to have access to your entire Microsoft 365 environment. Graphic designers, for example, don’t need to see your company’s financial records and system administrator settings. In fact, giving users complete access to your Microsoft 365 environment increases your company’s risk exposure if cybercriminals manage to compromise just one account.   

To mitigate this risk, you must set access restrictions according to the user’s role in the company. With Microsoft 365 Admin center, you can appoint roles to different teams and determine what type of content they’re permitted to access. And with Microsoft Intune, you can limit access privileges based on a user’s location and device. 

You should also create dedicated admin accounts that are equipped with MFA and the highest levels of security. This ensures that only a select few IT administrators have the permission to access and configure Microsoft 365 settings. 

3. Enable email security features

Microsoft 365 comes with several email security features that prevent various types of phishing attacks. For starters, you can enable anti-phishing policies that block untrustworthy email domains, especially those impersonating a legitimate email address. Microsoft 365 Defender also features Safe Links, a feature that traces the real destination of URL links embedded in emails and documents. If you click on a suspected malicious link, Safe Links will redirect you to a harmless webpage warning you of the potential threat. 

What’s more, Microsoft 365 Defender offers Safe Attachments, which can detect and filter emails with malware-laced attachments. This security feature analyzes email attachments in isolated virtual environments to see how they behave without harming the user’s system. When Safe Attachments detects behaviors indicative of malware (e.g., unusually high traffic volume or ransomware encryption), it instantly blocks those inbound emails from reaching company inboxes. 

To enable these email security features, simply sign in as an admin to the Microsoft 365 Defender portal and go to Email & collaboration > Policies & Rules > Threat policies

4. Establish data loss prevention policies

Microsoft 365 prevents users from sharing classified information to anyone outside the organization using data loss prevention (DLP) policies. By enabling DLP policies, Microsoft 365 instantly scours your systems for sensitive content like financial records, proprietary documents, and Social Security numbers. From there, you can decide the protective action Microsoft 365 will take. For example, you can completely block outbound sharing of personal data or encrypt the data when it’s sent to the recipient. These significantly reduce the likelihood of internal leaks and data breaches in your company.    

5. Train users to develop good security habits

While technical solutions are important in safeguarding your Microsoft 365 environment, you shouldn’t overlook the human factor of cybersecurity. No matter how strong your defenses are, reckless employees can easily undermine your efforts by setting weak passwords or falling for phishing scams. This is why you need to regularly train your employees on security best practices. 

You can start by teaching employees to take precautions with every website, email, and link they see online. If an unsolicited email is urging employees to click on links, download attachments, or share sensitive information, they should immediately flag it as a phishing scam and report it to the IT department. It’s also important to teach employees the importance of setting strong and unique passwords as well as avoiding public Wi-Fi networks. Building these habits require quarterly training seminars, practical exercises, and impromptu phishing simulations to test everyone’s security awareness. 

If you need expert assistance with securing your Microsoft 365 environment, NetWize is the solution. Our consultants can help you customize your system to safeguard it from even the most prolific cybercriminals. Call us today at 801-747-3200.

Tips to make the most of Microsoft Teams

To maintain the efficiency of their remote and hybrid work staff, Salt Lake City businesses leverage all sorts of apps so that teams can work together and keep in touch with one another. A typical setup would have Google productivity apps like Google Docs for collaboration and Slack or Zoom for communication. But if your organization is using Microsoft 365, then there’s no need to use multiple platforms. In fact, when it comes to enhancing collaboration and communication, you just need one app: Microsoft Teams.

In case you don’t know, Microsoft Teams is a chat-based messaging platform where you and your staff members can chat, hold voice/video calls and conferences, and share and work on files. This seemingly simple and easy-to-use app is also packed with useful features. Here are a few tips and tricks you can try to maximize your use of Microsoft Teams.

Tips for admins and users with access to special features

Some features of Teams are only available to admins and to users granted usage permissions by admins. For example, regular staff can’t create their own teams (i.e., user groups that can have their exclusive chat channels, file sharing, and calendar events) unless permitted by company admins. Here are a few tips which are relevant to personnel with special privileges:

Create an FAQ

Set up a Microsoft Teams FAQ for your team to help guide them on how best to use the app. This could include things like:

  • What is Microsoft Teams?
  • Who can create a team?
  • How do I share a file with my team?
  • How do I invite someone to join my team?
  • What apps are available for Microsoft Teams? 

For help on making your FAQ (and on all of the tips we’re sharing with you here), turn to our Microsoft Teams experts at NetWize.

Always check for team duplication

Teams can be created based on organizational affiliation (e.g., a department) or on shared activities (e.g., a project). If managers are not careful, they may end up creating too many teams. When this happens, there will be too many active lines of communication to keep track of — and team members may eventually feel overwhelmed and start dropping the ball on important tasks. 

To avoid this, before creating a team, managers must always check if there’s already an existing team that can serve their purpose. They should also audit Teams every quarter or so to see if they can dissolve teams that are no longer in use. Just like with physical spaces, virtual spaces are much easier to use when they’re orderly and clutter-free.

Minimize the number of channels you create for a team

When a team project has many components, it’s a good idea to create separate communications channels for each component so that discussions and file sharing are limited to relevant members only. However, it’s best to begin with just a few channels and add more as needed. This is because each channel will have its own file archive, so the more channels you have, the more difficult it’ll be to find the documents you need.

Tips for everyone

Here are tips for all types of Microsoft Teams users:

Learn keyboard shortcuts

Keyboard shortcuts allow Microsoft productivity app users to work faster than if they were to rely on using a mouse. This is because shortcuts become a natural extension to touch typing, and no time is spent moving one’s hand from the keyboard to the mouse. And just like Word and Excel, Teams also has its own set of keyboard shortcuts. Here are a few essential ones you ought to try:

  • Execute the search function: Ctrl + E
  • Open files: Ctrl + 6
  • Blur your background: Ctrl + Shift + P
  • Mute/Unmute yourself: Ctrl + Shift + M
  • Turn your camera on/off: Ctrl + Shift + O 

For a comprehensive list, go to Keyboard shortcuts for Microsoft Teams.

Master the search function

The more everyone uses Teams, the more content your organization will collect in the app, which means that search will become your most-used function over time.

Beyond just typing what you want to look for, you can also utilize Keyword Query Language or KQL to do more advanced searches. Here are four KQL-powered search query formats that Teams supports:

  • From:[person’s name] + search keyword – Looks for the keyword among the messages a person sent
  • In:[channel or group chat name] + search keyword – Looks for the keyword within a channel or group chat
  • Subject:[keyword from a channel message that came with a subject line] – Returns all channel messages that have that keyword in their subject line
  • Sent:[Date] + search keyword – Looks for the keyword among the messages sent on the specified date

To learn more about KQL, go to Microsoft’s Keyword Query Language (KQL) syntax reference.

Here are two other tricks you can try to search like a pro:

  • To do an exact match search, enclose your search term in quotation marks.
  • If you can’t remember the exact word you used, type the first letters you can remember, then place an asterisk (*) at the end. For instance, entering “elec*” will give you results that contain words that begin with those letters, such as elections, electricity, and so on.

Save messages

To ensure that you don’t forget important items, save messages for easy access later on. To save a message, click More options (…) > Save this message.

View your saved messages by clicking on your profile picture, then Saved. Alternatively, you can go to the search box and enter /saved.

Translate messages

Teammates and business partners may send chat messages in a language that you or others don’t understand. To illustrate, non-native English speakers may have difficulty following message threads that are predominantly written in English. Thankfully, Teams users can just hover over a particular message, click on the ellipsis (…), then click Translate.

Teams’s translation capabilities also go beyond written text. The app can add captions to video calls and translate those captions live. As of this writing, you can share the videos in up to six languages. In a video call, just open the Translate to menu and choose the language(s) you prefer. Those watching the video can then click Subtitles On in the lower right-hand corner of their screen so that they can read the translated captions.

To fully leverage Microsoft Teams and other Microsoft products you’re using, rely on our experts at NetWize

Start the year right by giving your staff cybersecurity training

Non-IT personnel tend to believe that leveraging antivirus software and having an IT department is enough to ward off cyberattacks. Such staff lack cybersecurity awareness and a sense of responsibility to protect the company, both of which are weaknesses that cybercriminals exploit. For instance, your staff might not know that merely opening a malicious email attachment could lead to a devastating ransomware attack that causes protracted downtime, lost sales and productivity, and damage to your company’s reputation.

Providing cybersecurity training for everyone — from the rank and file to the C-suite — is therefore crucial for the continued survival and success of your business. Here are two training options to consider.

Internal cybersecurity training programs

Your company’s IT department can develop and deliver in-house training programs that cover the basics of cybersecurity awareness, such as how to identify phishing emails, malicious websites, and other common attacks. Since this type of training is internally generated, your staff can tailor it specifically to your organization’s specific requirements. For instance, if you’re a healthcare provider, your cybersecurity training program can focus more on HIPAA compliance.

However, creating such programs internally can be time-consuming and expensive. Moreover, developing and implementing training modules are entirely different skills that your IT personnel may lack. To illustrate, they might attempt to create something comprehensive to cover as many cybersecurity topics as possible, but some topics may not be relevant to everyone in your organization. In addition, as technology changes so quickly, your IT team might end up constantly updating your training program to keep it relevant, which isn’t the best use of their time.

Third-party cybersecurity training programs

Alternatively, you can outsource your cybersecurity training needs to a third party. There are many reputable providers of cybersecurity training courses and programs, both online and in-person, which can be tailored to meet the specific needs of your business. These programs usually cover a wide range of topics, from cybersecurity basics to more advanced issues, such as encryption and malware, with a strong focus on practical tips that your employees can easily apply.

Some third-party programs are delivered via a web platform or an app for ease of access from anywhere at any time, whereas others use a combination of online lectures and face-to-face seminars. 

Cybersecurity training providers generally offer programs for two types of learners, namely general employees and cybersecurity personnel. These are the types of programs that are suited for non-IT employees:

  • Awareness-only programs – These programs are focused on increasing employees’ knowledge of cyberthreats they’re likely to face, such as phishing campaigns and business email compromise attacks. Awareness courses may span a few days and are usually updated as the cybersecurity landscape changes, so employees must continually take these throughout their tenure.
  • Intensive programs – Instead of spreading out the training over a period of time, companies may opt to dedicate an entire working day for in-person training. Generic programs are useful for onboarding employees or as refresher courses, while special courses better address the needs of particular employees. For instance, C-suite executives will benefit from programs that cover whale phishing. Unlike awareness-only programs, intensive training programs also include practical tests and simulations so that trainees can better apply their learnings.

Cybersecurity personnel, on the other hand, will naturally require much more in-depth training. 

  • Free training programs – For small businesses with fledgling IT teams, free training programs are a godsend. IT staff members who are interested in starting a career in cybersecurity can turn to places like Cybrary, an online cybersecurity professional development platform that offers role-based learning, hands-on training, and industry certification courses.
  • Paid certificate programs – A cybersecurity certificate program is designed to get IT employees up to speed on the latest cybersecurity threats and how to protect your business from these. Paid courses are for achieving higher levels of specialization that free courses don’t cover.

Whichever cybersecurity training program you choose, one thing is for sure: providing your employees with regular cybersecurity training is an investment that will pay in terms of sizable savings from avoiding adverse cybersecurity incidents. And to completely protect your business against cyberthreats, leverage NetWize’s IT security solutions. Reach out to us today to learn more.

What are co-managed IT services, and does your business need it?

Many businesses rely on contractors and service providers to accomplish tasks they can’t or won’t do themselves. To illustrate, a restaurant in Salt Lake City can bake their own bread. However, the process takes up too much time, effort, and space in their small kitchen, so they source their bread from a nearby baker instead.

In the same manner, small- and medium-sized businesses (SMBs) like yours may have in-house IT staff. However, your team may be too busy with time-consuming tasks or too small to take on big projects that are critical to business growth. Fortunately, this is where co-managed services come in.

What are co-managed IT services?

Co-managed IT is a service model wherein a managed IT services provider (MSP) augments the capabilities of an existing internal IT team. If you have not yet established your own IT team or department, you can outsource all your IT to an MSP, which is a different arrangement altogether.

In a co-managed setup, both the MSP and your internal staff align themselves toward accomplishing the company’s goals. This means that the in-house team can dedicate itself to tasks that it can accomplish effectively and efficiently, while the MSP can fulfill any and all remaining business requirements.

When would your business need co-managed IT?

This service model is ideal for your business if:

Your IT department is short-staffed and/or lacks other resources

Your staff may already be swamped with tasks like addressing hardware and software issues, tweaking cloud configurations, and applying app updates and patches. If they don’t have the bandwidth for other tasks like designing and implementing a cybersecurity strategy, then turning to an MSP is more efficient and cost-effective than seeking, hiring, and training new staff. This is especially true if the need for additional personnel is only temporary.

Moreover, a top-notch MSP updates its tech resources to remain competitive. This means that you as a client can enjoy effective tech without having to completely invest in it yourself. For example, let’s say you need your network to be monitored. MSPs like NetWize can offer the latest and best monitoring tools for watching over your entire infrastructure.

In a co-managed setup, both the MSP and your internal staff align themselves toward accomplishing the company’s goals.

Your IT staff lacks the required expertise

Even if you’re not short on IT staff, their combined experience and expertise may still fall short of what your organization needs. For instance, they might not know how to create and implement backup solutions, business continuity strategies, and disaster recovery plans. Thankfully, reputable managed services providers have full rosters of IT specialists whose collective capabilities are both broad and deep. This means that they can cover any skills gaps your team may have.

You have a new project

Let’s say that you want your IT team to develop bespoke business applications for your company. To have bandwidth for app development projects, your team needs to let go of day-to-day responsibilities that your company relies on to operate smoothly. In scenarios like this, an MSP can take on those duties so that business operations can continue without a hitch.

What are the pros and cons of co-managed IT?

Here are the things you need to consider about co-managed IT services:

Pros

  • Quick implementation
    You get to fulfill business requirements faster than if you were to look for, hire, and onboard in-house IT staff. Furthermore, short-term projects are more feasible since you can procure IT services on an as-needed basis.
  • Fewer items to manage
    All you need to do is focus on your own deliverables and rely on your IT partner to deliver results. You don’t need to inspect their processes, manage their day-to-day productivity, or watch out for cyberthreats as you would on your own network.
  • Availability of new tech
    MSPs stay on top of the latest tech trends, which means that you, as their client, could benefit from their tech investments.
  • Round-the-clock support
    Unless your IT staff works in shifts, your IT department is only operational during office hours. This means that urgent problems that occur during off-hours will have to wait till shift starts. It’s also possible that some of your staff are on holiday or sick leave, so there are fewer people available to resolve your IT issues. Thankfully, you can avoid such scenarios by leveraging the 24/7/365 support provided by MSPs.
  • Improved morale of IT staff
    Bogging IT personnel down with rote and mundane IT tasks may bore them and provide no opportunities for learning new skills or progressing in their careers. By having an MSP handle those necessary but tedious tasks for you, you increase your IT team’s bandwidth to take on more challenging and rewarding tasks.

Cons

  • Upfront fees
    Availing of co-managed IT services does involve having to pay upfront fees. However, when you compare this to the costs you would incur if you were to hire your own IT professionals and purchase additional hardware and software, you’ll enjoy savings in the long-term. This is because you only have to pay for the IT resources and services you use.
  • Compatibility issues
    Differences in IT systems and methodologies may result in incompatibilities between your business and your MSP, though MSPs would normally identify and propose to rectify alignment issues prior to agreeing to a co-managed arrangement with your company.

Incompatibility may also take the form of a mismatch between what your business needs and what an MSP could offer in terms of tech tools, expertise, and bandwidth. To illustrate, an MSP startup with five technicians and only 10 years of experience between them might not be able to support the needs of a local eCommerce company that’s on the verge of going global.

If limited IT resources are keeping your business from growing, then you must turn to NetWize for co-managed IT services. Send our IT consultants a message or call 801-747-3200 today.

6 Ways to help your organization reach a collective understanding of cybersecurity

The way someone grasps cybersecurity affects how they handle it, and if they understand its aspects differently from another person, then both of them are likely to handle it inconsistently, too. For example, some people may still adhere to the old wisdom of continually changing passwords. They may argue that doing so shortens the validity of passwords, so even if others steal or break these, the risk of hackers breaching accounts is reduced.

However, some users may make only slight changes to their existing passwords since doing so is most convenient for them. This introduces predictability into the password creation process, which results in passwords that are easier to guess and are therefore less secure. That is, even if one password no longer works, a black hat hacker may try out variations of this password. Therefore, the closer the new password is to the old one, the easier it will be to crack.

While open-mindedness fosters diversity of ideas and allows the best ones to come out on top, you’ll also want everyone in your organization to have a common understanding of cybersecurity concepts and principles. Without this commonality, people may insist on cybersecurity practices that are detrimental to your business and implement cybersecurity strategies inconsistently or incorrectly. To achieve this common understanding, follow these tips:

1. Get buy-in from all members of the team

Showing everyone the dangers that cyberthreats pose to their livelihoods and investments can help them reach a baseline understanding of the value of cybersecurity. Buy-in from the rank and file means that they’ll do their part in keeping the company safe, whereas buy-in from executives and board members means that they’ll allocate the resources necessary to implement cybersecurity strategies. In short, convincing people to care is the first step toward leading them to a collective in-depth understanding of cybersecurity.

Without a common understanding of cybersecurity, people may insist on cybersecurity practices that are detrimental to your business and implement cybersecurity strategies inconsistently or incorrectly.

2. Create a common cybersecurity vocabulary

If employees conceptualize security terms like “ransomware” differently, then they are not likely to understand one another when they discuss such terms. Therefore, you want to create a shared functional reference that utilizes an agreed-upon definition and naming system.

By having a standardized glossary and taxonomy (i.e., way of naming things), misunderstandings may be reduced and discussing cybersecurity matters like network monitoring and risk assessment becomes much easier.

With this as the foundation, cybersecurity performance reports could also be standardized. As reports are generated over time and across departments, comparisons and historical analyses may reveal insights on where people may fall short in protecting data or which cybersecurity practices produce the best results.

3. Establish a clear cybersecurity risk rating system

Describing cybersecurity risks as “low,” “medium,” or “high” tends to be meaningless unless such ratings are substantiated. You must tie the ratings with reference points that people can relate to, such as how much costly downtime a cyberthreat can cause, how much data it can expose, or how much it can hurt your customers.

4. Set up and implement a risk-response framework

A risk-response framework lists the possible cyberthreats your company may face, their risk ratings, and the actions you must take when facing such threats. By employing the framework consistently across your organization, you make risk management a vital component of your company’s culture. The more adept your decision-makers become at managing risk, the more decisive and effective they’ll become.

5. Make risk management resources accessible to those who need it

If the company disseminates a newsletter conveying how the accounting department fended off a spear phishing attack, every staff member can refer to the shared glossary of terms, risk rating system, and risk-response framework to clearly understand the incident.

Managers in other departments may also want to look at the data gathered during cybersecurity incidents so that they’ll have a better idea of how they must respond during similar situations. That’s why they need to have easy access to such data.

6. Find people who’ll act as cybersecurity advocates

Despite having readily available resources, people may still need help grasping cybersecurity concepts and protocols. Here, a staff member who has expertise in cybersecurity can help increase their understanding of the subject. The advocates can also help managers who need to discern how data security processes may affect operations or how security investments align with the company’s goals.

Let our IT experts at NetWize be your cybersecurity advocates as well. Send us a message or call us at 801-747-3200 today to learn more.

© 2020 NetWize, Inc | Privacy Policy