A Labor of Love

Standard

If you regularly follow my blog, you know I love technology.  You know that I also post an occassional personal thought and in this post, I’m combining both.

My wife Jennifer Shoer is a professional genealogist.  Her business, Reconnecting Relatives, helps answer questions that families have been asking for generations and reconnects lost family members with one another.  This is her labor of love, as technology is mine.  The most important thing I do, is support her research and be sure her technology is always doing what she needs it to do.

Technology has had a huge impact on the world of genealogical research.  The digitization of centuries of records, some becoming available for the first time since the end of the Cold Way, has revolutionized this research and lead to discovers that have impact beyond words.

My cousin Michael Shoer is another member of my family who has had the good fortune to pursue labors of love, first from his impressive career on the ground floor of CNN to his latest venture, Creative Word and Image, Inc. in Atlanta and his @boomzoom video channel on YouTube.  Michael creatively leverages technology to bring important messages and stories to life in effective ways.

Michael and Jennifer recently leveraged video technologies to bring an incredible missing piece of our family history to not just our family, but the world.  The ability to find this missing evidence was a breakthrough that Jennifer has been working on for years.  It’s an amazing discovery that has brought joy and sadness to our family in a profound way.  Most importantly, technology has allowed Michael and Jennifer to preserve this important historical record for generations to come.

This is why we all love what we do…

Look Out Slack, Here Comes Teams

Standard

The following was published in the Sunday, July 15 editions of Foster’s and Seacoast Sunday.

Microsoft-Teams-vs-Slack

Several months ago, I wrote about new workplace communication tools, namely Slack. Slack is the market leader in this space, but Microsoft, true to form, is coming on strong with its tool called Teams. At the time I wrote the original article, Slack really owned the market. Fast forward five short months and the scale is swinging toward Teams.

So what is Slack and Teams? These are commonly referred to as workplace collaboration tools. Slack, from their website, says it is “Where work happens. When your team needs to kick off a project, hire a new employee, deploy some code, review a sales contract, finalize next year’s budget, measure an A/B test, plan your next office opening, and more, Slack has you covered.”

The Teams website is “The hub for teamwork in Office 365. Communicate through chat, meetings and calls. Collaborate together with integrated Office 365 apps. Customize your workplace and achieve more. Connect across devices.”

These tools are hubs of information and collaboration. They are places where people communicate in groups or teams, share information, use collaborative applications to drive productivity, host meetings, make voice and video calls and store information. This can be done in small groups of people, between departments, publicly, privately and most importantly securely.

Slack was first to market and Microsoft has followed with Teams. While the tools themselves are becoming more similar than different, Slack had a clear edge with its broad integration with a wealth of other apps that many businesses use. This integration allowed users to collaborate in one place, across multiple apps, projects and discussions. Initially, Teams lacked these same integrations, but that has changed. Teams now has as broad a set of integrations as Slack and because Microsoft includes Teams in all of its business Office 365 subscriptions, it has millions of users, almost overnight.

If you are a Microsoft Office 365 subscriber, you have Teams. If you are not using it yet, you likely will be soon. Skype for Business, Microsoft’s popular business chat, voice and video service is also bundled with Office 365 and had a very large subscriber base from before Microsoft’s acquisition of Skype several years ago. Skype for Business is being merged into Teams so if you are a Skype for Business user, you will eventually become a Teams user. Microsoft is not yet forcing this transition, rather allowing you to continue to use Skype for Business while you explore and plan your eventual transition to Teams.

One of the main benefits users tout for these platforms is the reduction in email volume. Instead of lengthy email exchanges, with people being added and removed from replies and topic being equally added and removed, these platforms organize these conversations into distinct threads. By moving conversations into these collaboration platforms, you remove the immediacy of interruption that is often associated with email. You are able to more finely control your alerting preferences and when and how you want to consume the information. You can share and collaborate on documents, spreadsheets and more, while maintaining more control over the original file and keeping the spread of the file living in numerous places.

With support for voice and video calling, these hubs become a single tool for all manner of communication within the business. Extensive search capabilities make finding current or past information far simpler than searching through email and server folders. Rich auditing and tracking as well as discrete permissions management also means you can control the flow of information and restrict access, to keep information secure.

If you have not yet looked into these collaboration tools, you should. Check out Slack at www.slack.com and Teams at www.microsoft.com/teams. You’ll be glad you did.

Roundup of Informative News

Standard

Here’s another roundup of some really informative articles that have been published on the Onepath web site.  I hope you will check them out as there is some truly great content here from some real industry luminaries.  Let me know what you think of these pieces.  We love feedback and knowing what we’ve done well and what you are interested in learning more about.  Enjoy!

The Business Side of Cybersecurity – Keynote Presentation to Georgia Construction Conference
Given by Greg Chevalier

InfoSec

With all the big companies in the news for data breaches or other cyber security “incidents,” does the average mid-size business really need to worry about cybersecurity?  In his keynote presentation to the 2018 Georgia Construction Conference at the Cobb Energy Centre in Atlanta last week, Greg Chevalier helped a group of finance and operations executives understand the answer is a definitive “yes,” and not just to protect yourself directly, but also indirectly through your trading partners.

Network traffic has grown rapidly; your cybersecurity needs to evolve with it.  Network traffic has grown exponentially over the last 20 years, driven not just by the adoption of smartphones and laptops for personal use, but by the explosive growth of machines on the network.  Not just servers, but firewalls, edge routers, webcams, wireless access points, vending machines and thermostats.  Each of these devices presents something that needs to be either protected or potentially defended.  In the ‘90s, intrusion prevention systems were largely sufficient to deal with the individuals who may be bad actors trying to attack a manageable number of machines using fairly common security frameworks.  But with the rise of so many different machines on the network, the number of security frameworks has grown just as fast.  This means your cybersecurity has to now solve for an exponentially greater number of potential issues than 10 years, or even 5 years ago.  As a business executive, you have to consider when was the last time you made a meaningful update to your IT security infrastructure?  In response, various industry groups and regulatory bodies have developed security regulations such as PCI (payment cards), HIPAA (healthcare), GLBA (banking), FINRA (financial services) as well as industry standards such as ISO 27001/2, SOC Type I/II,III, and NIST CSF to help companies keep their data and their networks secure. [Continue reading…]


MeetingSpace.jpg
10 Ways to Improve Your Conference Room Meeting Experience
By Michael Lane

The first 10 minutes of a 30 minute meeting all-too-often look like this:

“How do we connect my laptop to the TV?”

“Can someone get Sarah? She knows how to turn on the projector.”

“I think I have the wrong meeting link; here let me find that in my email.”

“While I’m looking, can someone go ahead and dial us in on the speakerphone?”

“There we go. Can everybody hear me? No? Here, I’ll slide over closer to the microphone.”

By the end of the meeting, you may not even realize you’ve run out of time until someone pops their head through the doorway because they’ve booked the room for the next block of time, and now you’re delaying the start of their meeting.

$37 billion dollars is lost annually to poor meetings, according to the U.S. Bureau of Labor Statistics.

Audiovisual (AV) has changed from a speciality area to a business-critical application. Businesses need to interact with remote workers, remote clients, and remote vendors, so presentation and collaboration technology is increasingly part of how we communicate. AV equipment is therefore becoming as central to running your business as other communications like phone or email. The shift to AV being business-critical in nature has in turn created a demand for reliable, sustainable, and repeatable AV solutions. [Continue reading…]


AtlantaAttack.png

Q&A: What Can We Learn from the Atlanta Cyberattack?
By Patrick Kinsella

In light of the recent and ongoing ransomware cyberattack affecting the City of Atlanta’s IT systems, we sat down with Onepath’s Senior VP of Engineering and Technology Patrick Kinsella, to get his perspective on the events of the last week. The ransomware attack began on Thursday, March 22, and affects almost half of the city’s systems, from Municipal Courts to Watershed Management. On Tuesday, March 27, city employees were advised to turn their machines back on. By Friday, a few systems were slowly starting to come back online, but a couple were still not back up.

Q: What is ransomware?

A: It’s the information technology version of someone breaking into your home, locking you out of it, and demanding a ransom to regain entry; all the while you hope your belongings are intact when you’re able to return. In the IT world, the items behind held captive could be personal health information (PHI), or other personally identifiable information (PII), which may actually belong to your business’s customers or stakeholders.

Q: When a ransomware cyberattack happens, what are the first things a business, or in this case a city, usually does to respond?

A: The first thing is, do everything you can to stop the bleeding. You determine what you need to shutdown, and what backups need to be stopped from running to avoid poisoning the last good copy, assuming you’ve been diligent in running backups. In a different incident, for example, Hancock Health shut everything off after being hit with ransomware—computers, backup scripts—within 90 minutes. For the City of Atlanta, they seem to have followed that procedure as well. [Continue reading…]


CSSAT.png

Onepath Launches Cybersecurity Self-Assessment Tool
Created by our Web Dev Team

Onepath has created a cybersecurity self-assessment tool to help businesses establish a baseline of their current security level and posture. The questions are around the basics – the blocking and tackling needed to establish an information security foundation. It may be just a start, but it could be that critical first step you take to get your business on a path toward cyber protection. [Take the assessment…]

Happy Independence Day

Standard

americas-celebration-4th-of-july-flag

“Government of the people, by the people, for the people, shall not perish from the earth.”

–Abraham Lincoln, Gettysburg Address, November 19, 1863

No matter what challenges lay in our path, the 4th of July is a time to remember what it means to be a citizen of these United States.

Wishing you all a safe and Happy Independence Day!

Client Engagement & vCIO Collaboration

Standard

The following article was published in the July 2, 2018 edition of Channel Executive Magazine:

In the world of MSP services, firms provide a range of proactive services to clients to help them make the most of their IT investments. Over the years, as the market has matured, the notion of the vCIO has become a key component of those services.

VCIOs act as the chief information officer for the client in a virtual capacity. This is because the vCIO is not an employee of the client company but of the MSP. By working with multiple clients, either in the same vertical or across several industries, this executive-level resource brings a wealth of experience to the client relationship. Often, the vCIO is responsible for the overall client relationship, coordinating technical services, project management, customer services, and more. The vCIO is often the most senior resource from the MSP assigned to the client.

THE ANATOMY OF THE vCIO / CLIENT ENGAGEMENT RELATIONSHIP

In recent years, a new resource has emerged with equal — if not more — importance to the client relationship sometimes referred to as client engagement or sometimes as client success. This department has one responsibility — the overall health and retention of the client relationship. In this capacity, client engagement can take on many of responsibilities that the vCIO would handle. Both are highly consultative while each may have different areas of responsibility within the overall client/MSP relationship. If not properly structured, there could be conflict between these two roles, but there does not need to be.

The vCIO will work with other C-level executives at the client to fully understand where IT sits within overall corporate priorities. The vCIO will also work with other executives to identify the areas where technology is a clear enabler and where it may be a bottleneck. The vCIO will also identify areas of opportunity to improve how technology serves the business as well as be the key MSP resource to keep the client apprised of technologies to be evaluated and the potential benefits of implementing new technologies to help the business reach their stated goals.

The client engagement role will typically have responsibility for managing the relationship with the appointed primary contact at the client. This may not always be the same person that the vCIO interacts most with, especially in larger clients, so having these two key roles in close communication and coordination is critical. Client engagement will typically have ultimate ownership for the relationship, so while the vCIO may seem to be the more senior resource, that person may actually be taking direction from client engagement. At the very least, everything must be in close coordination.

In a growing or midsize enterprise, the vCIO will typically work most closely with a peer, who could themselves be the CIO for the client company or at least an executive-level position like the CFO or a vice president. They will typically not be involved in the day-to-day of the working relationship. Things like help-desk tickets will typically not make their way to the vCIO with the exception of period trending on a quarterly basis. Instead, the vCIO will focus on the overall infrastructure and projects with significant impact to the infrastructure or workflows of the client.

Client engagement typically owns the more day-today relationship items, like managingclientengagement.jpg the replacement of equipment as it reaches its life expectancy, managing software subscriptions, warranty renewals, and the like. They will also typically become involved in escalations from the help desk to ensure the issue is carried through to resolution as quickly as possible and that the client is fully informed every step of the way.

When client engagement becomes aware of issues that point to more strategic need, this is when they will directly engage with the vCIO. The vCIO will, in turn, be sure that the issue at hand has the necessary visibility with the right management personnel at the client. This close coordination helps the client avoid unnecessary expenditures that either may not be necessary or could be better controlled with the right visibility. The last thing any MSP wants to see is a client spend money on short-term fixes when a longer term strategic conversation may help the client make the best choices for how their technology dollars are being spent.

This is especially true when it comes to projects that cross functional areas. It’s always a shame to see one department pursue an IT project that could benefit other departments without their involvement. All too often, if left to their own initiatives, organizations will allow departments to pursue their own objectives. When it comes to IT, this can lead to all manner of applications and systems being implemented with a singular focus. Deep engagement on the part of the vCIO and client engagement with the entire organization can help protect against this and ensure that initiatives are evaluated for possible benefits in areas of the organization that may not have otherwise been considered.

DIRECTIVES FOR EFFECTIVE CLIENT COMMUNICATION

These two critical functions help ensure that the right people at the client are engaged with the right resources at the MSP. Every relationship is a two-way relationship, and this structure helps ensure that the right people are engaged and the right communication is taking place at the right interval. The cadence of client communication and meetings with key stakeholders is very important. It’s very important to map to what works for your client. If talking to the client daily doesn’t make sense, don’t do it. All you will do is annoy your client and risk not getting attention when it’s needed most. Talk to your client about this at the beginning of your relationship. Let them know what you have seen work well with other clients in their industry or of their size. Set the cadence based on mutual agreement and adjust as necessary as you gain experience with one another.

Implemented properly, the concept of client engagement/ client success and the role of the vCIO will ensure a healthy, long-term, and mutually beneficial relationship. In the end, that should be everyone’s objective.

How Do You Assess Cyber Security Readiness?

Standard

The following was published in todays Foster’s and Seacoast Sunday.

Cyber security is a moving target, to say the least. The threats change all the time. Regulators continue to clamp down on companies to take the issue of cyber security seriously. The reputation of a well-known brand can be erased by a single report of a data breach.

SAWWe all know about the high-profile hacks that exposed millions of people’s information. Whether it was the breach of popular retailer Target or the credit bureau Equifax, it seems like we read about the latest data breach on a nearly daily basis. Even here in the Seacoast, the city of Portsmouth suffered a hacking incident that took months to recover from. The city informed residents not to open email messages that appear to come from city staff with attachments, especially ones that appeared to have a bill or invoice attached. This was not too long after the city of Atlanta suffered one of the most destructive and expensive municipal cyber incidents.

With large and small companies and governments being targeted, it can seem almost impossible to keep up with the threat, let along mitigate it. Your staff is your last line of defense and making sure they understand the risks and their role in defending the organization they work for is critical. But first, you have to understand your level of risk. How do you do that? A cyber security assessment.

There are numerous types of assessments. Some are free and some cost money. Free assessments run the range of usefulness and paid assessments can cost a lot of money and if not properly qualified up front, that money could be wasted. That’s why I am excited about a tool that the company I work for, Onepath, released this week. The Onepath Cyber Security Self-Assessment Tool is a completely free tool to help you get started understanding your level of risk. In fact, we don’t even ask for your contact information, unless you wish to provide it or contact us for more insight on the topic. That’s how committed we are as an organization to help everyone better understand cyber security and educate themselves on their risk and options to be safer.

The Self-Assessment asks 20 questions to help you evaluate your cyber security posture. Once you answer all the questions, you are presented with your results instantly. You don’t have to wait for someone to review your answers and take their call or respond to an email to get your results. We provide them to you immediately and you have the option to save them, if you want.

Key to this tool is the detailed explanations that come along with your responses. You will get a summary score, to give you an idea of your present state. The explanations to each answer will help you understand what you are doing well and what you need to improve, complete with suggestions of how to pursue improvement. This tool is designed to be a first step, to help you get started. Sometimes getting started is the hardest part of the process. I believe this tool will help countless organizations get over the hump of getting started.

Please check out my blog post about this new tool at https://mjshoer.com/21Fft. I encourage you to take the assessment and get a baseline on where you stand today.

Onepath Cybersecurity Self-Assessment Tool

Standard

Today, Onepath released our new Cybersecurity Self-Assessment Tool.  This simple, 20 question, tool will help you determine your organizations cyber-security posture, in plain English.

This was created by our marketing team, with expert oversight from Greg Chevalier, our VP, Information Security Practice.  Take the assessment and let me know what you think.  We think it’s a great tool to help our clients and friends understand the ever changing cybersecurity landscape and where they may be vulnerable.

Here’s the email announcement that went out this morning:

obe_email_banner_general24e2

There are many steps that companies need to take to defend themselves, their systems and their data. Those steps, however, and the degree of cybersecurity protection required depend on a number of factors, including the individual business’s risk assessment and tolerance.

Going through these processes can be complicated and overwhelming, leaving many businesses not knowing where to start. Even companies that have programs in place, and have taken steps to improve their information security position, are now left wondering if what they’ve done is right, or is enough.

Onepath has created a cybersecurity self-assessment tool to help businesses establish a baseline of their current security level and posture. The questions cover the basics – the blocking and tackling needed to establish an information security foundation. It may be just a start, but it could be that critical first step you take to get your business on a path toward cyber-protection.

startbutton28e2

Cyber Supply-Chain Attacks

Standard

I recently attended a webinar sponsored by the FBI‘s InfraGard program, which I am a member of.  I wanted to share some useful information from this webinar.

weaklink1-600x293Do you know what a cyber supply-chain risk is?  If not, you should.  Simply stated, a cyber support-chain risk is the risk of a hack or data breach from a 3rd party that you allow to access your secure computer network.  This could be anything from a consultant that works for you to your air conditioning or security system vendor, if they connect remotely into your network to manage these systems.

Here is some thought provoking informatin regarding cyber supply-chain risks:

  • 50% of data breaches are attributable to a 3rd party vendor.
  • 83% of organizations do nothing to manage third party risk.
  • 80% of data breaches are discovered by someone outside the breached organization.

So, what are some of the things you can do to mitigate your risk?

  1. Assess the risk before you allow a vendor access to your network.
  2. Understand your level of risk.  Is a large company a large risk and a small company a smaller risk?  Not necessarily.
  3. Perform an independent security assessment to understand your level of risk.  This assessment should include, at minimum:
    • Network/Perimeter Scan.
    • DNS Resilience.
    • Email Security.
    • Web Application Security.
    • Hacker Threat Analysis.
    • Breach Metrics
    • Patching Candence.

Keep in mind that doing an assessment is just the start.  It’s important to have the tools and processes in place to manage the assessment results.

If you life in a regulated world, you have even more to worry about.  If you take credit cards, you need to comply with PCI 12.8.  If you are in healthcare, you are governed by HIPAA and if you do business in or have employees who are residents of the EU, you much comply with GDPR.

It’s not a matter of if you will be at risk, it’s a matter of when.  You need to have a plan for dealing with a breach caused by a vendor.  Understand your communication and reporting responsibilities and develop your plan now, not after you have an incident.

Remote Workers Pose More Risk

Standard

Shred-it, the world leader in document destruction, has released their 2018 State of the Industry Report and it includes some interesting findings with regard to remote workers.  You may click on the link to request a copy of the full report from Shred-it, if interested.

us-sec-trackerThe stat that is most striking is that 86% of C-Suite executives believe that remote workers increase the company’s risk of suffering a data breach.  When looking just at small business owners, that number is 60%.

Employee negligence and a lack of information security is cited as the number one reason for this concern.  When employees work remotely, they may not be as careful as they are when working in the office.  This could be a result of using public WiFi or using devices other than company issued assets.

If you allow employees to work remotely, you should insist on several simple steps to help keep your business safe.  While not all inclusive, the following are six basics that should be considered a must for anyone who works remotely.

  1. Only allow company work to take place on company issued or managed devices.  While many companies now support a “BYOD”, Bring Your Own Device policy, those devices still need management, to ensure that company data is not stored inappropriately in locations that the company has no visibility to.
  2. Public WiFi should be avoided.  With nearly all mobile plans now supporting unlimited data, employees should use their mobile hotspot feature when not at their home or remote office.
  3. Only access company resources via HTTPS connections or over a company managed VPN.
  4. When in public spaces, be mindful of wandering eyes.  Whether at a cafe or on an airplane, nose neighbors and people sitting behind you are in easy sight of confidential information you may have on your screen.  Consider a privacy protector for these instances or sit in a location that prevents others from viewing your screen.
  5. Never let a friend of family member use a company issued or managed device.  You never know what they may expose you to.
  6. Report a lost or stolen device immediately!  If you suspect you may have exposed company data in any way, report it immediately!

Shred-it also released a great infographic that summarizes their report, which you may access here.

Stay safe out there!

I’m Still Blogging

Standard

My posts have not been as regular of late and I wanted to let you know why.  With summer getting in to full swing, I actually managed to take a little PTO.  At the same time, business has been booming and I’ve been extremely busy with work at Onepath.

I’m hoping to be back to regular blogging this week, so keep watch for new posts.  In the meantime, I’m enjoying the thrills of business travel.  This week it’s our Columbus office and wouldn’t you know it, my rental car upgrade sports a Cobb County, GA plate.  That’s where Onepath is headquartered.  I thought that was fitting.  I was also pretty tired, having arrived pretty late at night 🙂