Look Out Slack, Here Comes Teams

Standard

The following was published in the Sunday, July 15 editions of Foster’s and Seacoast Sunday.

Microsoft-Teams-vs-Slack

Several months ago, I wrote about new workplace communication tools, namely Slack. Slack is the market leader in this space, but Microsoft, true to form, is coming on strong with its tool called Teams. At the time I wrote the original article, Slack really owned the market. Fast forward five short months and the scale is swinging toward Teams.

So what is Slack and Teams? These are commonly referred to as workplace collaboration tools. Slack, from their website, says it is “Where work happens. When your team needs to kick off a project, hire a new employee, deploy some code, review a sales contract, finalize next year’s budget, measure an A/B test, plan your next office opening, and more, Slack has you covered.”

The Teams website is “The hub for teamwork in Office 365. Communicate through chat, meetings and calls. Collaborate together with integrated Office 365 apps. Customize your workplace and achieve more. Connect across devices.”

These tools are hubs of information and collaboration. They are places where people communicate in groups or teams, share information, use collaborative applications to drive productivity, host meetings, make voice and video calls and store information. This can be done in small groups of people, between departments, publicly, privately and most importantly securely.

Slack was first to market and Microsoft has followed with Teams. While the tools themselves are becoming more similar than different, Slack had a clear edge with its broad integration with a wealth of other apps that many businesses use. This integration allowed users to collaborate in one place, across multiple apps, projects and discussions. Initially, Teams lacked these same integrations, but that has changed. Teams now has as broad a set of integrations as Slack and because Microsoft includes Teams in all of its business Office 365 subscriptions, it has millions of users, almost overnight.

If you are a Microsoft Office 365 subscriber, you have Teams. If you are not using it yet, you likely will be soon. Skype for Business, Microsoft’s popular business chat, voice and video service is also bundled with Office 365 and had a very large subscriber base from before Microsoft’s acquisition of Skype several years ago. Skype for Business is being merged into Teams so if you are a Skype for Business user, you will eventually become a Teams user. Microsoft is not yet forcing this transition, rather allowing you to continue to use Skype for Business while you explore and plan your eventual transition to Teams.

One of the main benefits users tout for these platforms is the reduction in email volume. Instead of lengthy email exchanges, with people being added and removed from replies and topic being equally added and removed, these platforms organize these conversations into distinct threads. By moving conversations into these collaboration platforms, you remove the immediacy of interruption that is often associated with email. You are able to more finely control your alerting preferences and when and how you want to consume the information. You can share and collaborate on documents, spreadsheets and more, while maintaining more control over the original file and keeping the spread of the file living in numerous places.

With support for voice and video calling, these hubs become a single tool for all manner of communication within the business. Extensive search capabilities make finding current or past information far simpler than searching through email and server folders. Rich auditing and tracking as well as discrete permissions management also means you can control the flow of information and restrict access, to keep information secure.

If you have not yet looked into these collaboration tools, you should. Check out Slack at www.slack.com and Teams at www.microsoft.com/teams. You’ll be glad you did.

Roundup of Informative News

Standard

Here’s another roundup of some really informative articles that have been published on the Onepath web site.  I hope you will check them out as there is some truly great content here from some real industry luminaries.  Let me know what you think of these pieces.  We love feedback and knowing what we’ve done well and what you are interested in learning more about.  Enjoy!

The Business Side of Cybersecurity – Keynote Presentation to Georgia Construction Conference
Given by Greg Chevalier

InfoSec

With all the big companies in the news for data breaches or other cyber security “incidents,” does the average mid-size business really need to worry about cybersecurity?  In his keynote presentation to the 2018 Georgia Construction Conference at the Cobb Energy Centre in Atlanta last week, Greg Chevalier helped a group of finance and operations executives understand the answer is a definitive “yes,” and not just to protect yourself directly, but also indirectly through your trading partners.

Network traffic has grown rapidly; your cybersecurity needs to evolve with it.  Network traffic has grown exponentially over the last 20 years, driven not just by the adoption of smartphones and laptops for personal use, but by the explosive growth of machines on the network.  Not just servers, but firewalls, edge routers, webcams, wireless access points, vending machines and thermostats.  Each of these devices presents something that needs to be either protected or potentially defended.  In the ‘90s, intrusion prevention systems were largely sufficient to deal with the individuals who may be bad actors trying to attack a manageable number of machines using fairly common security frameworks.  But with the rise of so many different machines on the network, the number of security frameworks has grown just as fast.  This means your cybersecurity has to now solve for an exponentially greater number of potential issues than 10 years, or even 5 years ago.  As a business executive, you have to consider when was the last time you made a meaningful update to your IT security infrastructure?  In response, various industry groups and regulatory bodies have developed security regulations such as PCI (payment cards), HIPAA (healthcare), GLBA (banking), FINRA (financial services) as well as industry standards such as ISO 27001/2, SOC Type I/II,III, and NIST CSF to help companies keep their data and their networks secure. [Continue reading…]


MeetingSpace.jpg
10 Ways to Improve Your Conference Room Meeting Experience
By Michael Lane

The first 10 minutes of a 30 minute meeting all-too-often look like this:

“How do we connect my laptop to the TV?”

“Can someone get Sarah? She knows how to turn on the projector.”

“I think I have the wrong meeting link; here let me find that in my email.”

“While I’m looking, can someone go ahead and dial us in on the speakerphone?”

“There we go. Can everybody hear me? No? Here, I’ll slide over closer to the microphone.”

By the end of the meeting, you may not even realize you’ve run out of time until someone pops their head through the doorway because they’ve booked the room for the next block of time, and now you’re delaying the start of their meeting.

$37 billion dollars is lost annually to poor meetings, according to the U.S. Bureau of Labor Statistics.

Audiovisual (AV) has changed from a speciality area to a business-critical application. Businesses need to interact with remote workers, remote clients, and remote vendors, so presentation and collaboration technology is increasingly part of how we communicate. AV equipment is therefore becoming as central to running your business as other communications like phone or email. The shift to AV being business-critical in nature has in turn created a demand for reliable, sustainable, and repeatable AV solutions. [Continue reading…]


AtlantaAttack.png

Q&A: What Can We Learn from the Atlanta Cyberattack?
By Patrick Kinsella

In light of the recent and ongoing ransomware cyberattack affecting the City of Atlanta’s IT systems, we sat down with Onepath’s Senior VP of Engineering and Technology Patrick Kinsella, to get his perspective on the events of the last week. The ransomware attack began on Thursday, March 22, and affects almost half of the city’s systems, from Municipal Courts to Watershed Management. On Tuesday, March 27, city employees were advised to turn their machines back on. By Friday, a few systems were slowly starting to come back online, but a couple were still not back up.

Q: What is ransomware?

A: It’s the information technology version of someone breaking into your home, locking you out of it, and demanding a ransom to regain entry; all the while you hope your belongings are intact when you’re able to return. In the IT world, the items behind held captive could be personal health information (PHI), or other personally identifiable information (PII), which may actually belong to your business’s customers or stakeholders.

Q: When a ransomware cyberattack happens, what are the first things a business, or in this case a city, usually does to respond?

A: The first thing is, do everything you can to stop the bleeding. You determine what you need to shutdown, and what backups need to be stopped from running to avoid poisoning the last good copy, assuming you’ve been diligent in running backups. In a different incident, for example, Hancock Health shut everything off after being hit with ransomware—computers, backup scripts—within 90 minutes. For the City of Atlanta, they seem to have followed that procedure as well. [Continue reading…]


CSSAT.png

Onepath Launches Cybersecurity Self-Assessment Tool
Created by our Web Dev Team

Onepath has created a cybersecurity self-assessment tool to help businesses establish a baseline of their current security level and posture. The questions are around the basics – the blocking and tackling needed to establish an information security foundation. It may be just a start, but it could be that critical first step you take to get your business on a path toward cyber protection. [Take the assessment…]

Happy Independence Day

Standard

americas-celebration-4th-of-july-flag

“Government of the people, by the people, for the people, shall not perish from the earth.”

–Abraham Lincoln, Gettysburg Address, November 19, 1863

No matter what challenges lay in our path, the 4th of July is a time to remember what it means to be a citizen of these United States.

Wishing you all a safe and Happy Independence Day!

Client Engagement & vCIO Collaboration

Standard

The following article was published in the July 2, 2018 edition of Channel Executive Magazine:

In the world of MSP services, firms provide a range of proactive services to clients to help them make the most of their IT investments. Over the years, as the market has matured, the notion of the vCIO has become a key component of those services.

VCIOs act as the chief information officer for the client in a virtual capacity. This is because the vCIO is not an employee of the client company but of the MSP. By working with multiple clients, either in the same vertical or across several industries, this executive-level resource brings a wealth of experience to the client relationship. Often, the vCIO is responsible for the overall client relationship, coordinating technical services, project management, customer services, and more. The vCIO is often the most senior resource from the MSP assigned to the client.

THE ANATOMY OF THE vCIO / CLIENT ENGAGEMENT RELATIONSHIP

In recent years, a new resource has emerged with equal — if not more — importance to the client relationship sometimes referred to as client engagement or sometimes as client success. This department has one responsibility — the overall health and retention of the client relationship. In this capacity, client engagement can take on many of responsibilities that the vCIO would handle. Both are highly consultative while each may have different areas of responsibility within the overall client/MSP relationship. If not properly structured, there could be conflict between these two roles, but there does not need to be.

The vCIO will work with other C-level executives at the client to fully understand where IT sits within overall corporate priorities. The vCIO will also work with other executives to identify the areas where technology is a clear enabler and where it may be a bottleneck. The vCIO will also identify areas of opportunity to improve how technology serves the business as well as be the key MSP resource to keep the client apprised of technologies to be evaluated and the potential benefits of implementing new technologies to help the business reach their stated goals.

The client engagement role will typically have responsibility for managing the relationship with the appointed primary contact at the client. This may not always be the same person that the vCIO interacts most with, especially in larger clients, so having these two key roles in close communication and coordination is critical. Client engagement will typically have ultimate ownership for the relationship, so while the vCIO may seem to be the more senior resource, that person may actually be taking direction from client engagement. At the very least, everything must be in close coordination.

In a growing or midsize enterprise, the vCIO will typically work most closely with a peer, who could themselves be the CIO for the client company or at least an executive-level position like the CFO or a vice president. They will typically not be involved in the day-to-day of the working relationship. Things like help-desk tickets will typically not make their way to the vCIO with the exception of period trending on a quarterly basis. Instead, the vCIO will focus on the overall infrastructure and projects with significant impact to the infrastructure or workflows of the client.

Client engagement typically owns the more day-today relationship items, like managingclientengagement.jpg the replacement of equipment as it reaches its life expectancy, managing software subscriptions, warranty renewals, and the like. They will also typically become involved in escalations from the help desk to ensure the issue is carried through to resolution as quickly as possible and that the client is fully informed every step of the way.

When client engagement becomes aware of issues that point to more strategic need, this is when they will directly engage with the vCIO. The vCIO will, in turn, be sure that the issue at hand has the necessary visibility with the right management personnel at the client. This close coordination helps the client avoid unnecessary expenditures that either may not be necessary or could be better controlled with the right visibility. The last thing any MSP wants to see is a client spend money on short-term fixes when a longer term strategic conversation may help the client make the best choices for how their technology dollars are being spent.

This is especially true when it comes to projects that cross functional areas. It’s always a shame to see one department pursue an IT project that could benefit other departments without their involvement. All too often, if left to their own initiatives, organizations will allow departments to pursue their own objectives. When it comes to IT, this can lead to all manner of applications and systems being implemented with a singular focus. Deep engagement on the part of the vCIO and client engagement with the entire organization can help protect against this and ensure that initiatives are evaluated for possible benefits in areas of the organization that may not have otherwise been considered.

DIRECTIVES FOR EFFECTIVE CLIENT COMMUNICATION

These two critical functions help ensure that the right people at the client are engaged with the right resources at the MSP. Every relationship is a two-way relationship, and this structure helps ensure that the right people are engaged and the right communication is taking place at the right interval. The cadence of client communication and meetings with key stakeholders is very important. It’s very important to map to what works for your client. If talking to the client daily doesn’t make sense, don’t do it. All you will do is annoy your client and risk not getting attention when it’s needed most. Talk to your client about this at the beginning of your relationship. Let them know what you have seen work well with other clients in their industry or of their size. Set the cadence based on mutual agreement and adjust as necessary as you gain experience with one another.

Implemented properly, the concept of client engagement/ client success and the role of the vCIO will ensure a healthy, long-term, and mutually beneficial relationship. In the end, that should be everyone’s objective.

How Do You Assess Cyber Security Readiness?

Standard

The following was published in todays Foster’s and Seacoast Sunday.

Cyber security is a moving target, to say the least. The threats change all the time. Regulators continue to clamp down on companies to take the issue of cyber security seriously. The reputation of a well-known brand can be erased by a single report of a data breach.

SAWWe all know about the high-profile hacks that exposed millions of people’s information. Whether it was the breach of popular retailer Target or the credit bureau Equifax, it seems like we read about the latest data breach on a nearly daily basis. Even here in the Seacoast, the city of Portsmouth suffered a hacking incident that took months to recover from. The city informed residents not to open email messages that appear to come from city staff with attachments, especially ones that appeared to have a bill or invoice attached. This was not too long after the city of Atlanta suffered one of the most destructive and expensive municipal cyber incidents.

With large and small companies and governments being targeted, it can seem almost impossible to keep up with the threat, let along mitigate it. Your staff is your last line of defense and making sure they understand the risks and their role in defending the organization they work for is critical. But first, you have to understand your level of risk. How do you do that? A cyber security assessment.

There are numerous types of assessments. Some are free and some cost money. Free assessments run the range of usefulness and paid assessments can cost a lot of money and if not properly qualified up front, that money could be wasted. That’s why I am excited about a tool that the company I work for, Onepath, released this week. The Onepath Cyber Security Self-Assessment Tool is a completely free tool to help you get started understanding your level of risk. In fact, we don’t even ask for your contact information, unless you wish to provide it or contact us for more insight on the topic. That’s how committed we are as an organization to help everyone better understand cyber security and educate themselves on their risk and options to be safer.

The Self-Assessment asks 20 questions to help you evaluate your cyber security posture. Once you answer all the questions, you are presented with your results instantly. You don’t have to wait for someone to review your answers and take their call or respond to an email to get your results. We provide them to you immediately and you have the option to save them, if you want.

Key to this tool is the detailed explanations that come along with your responses. You will get a summary score, to give you an idea of your present state. The explanations to each answer will help you understand what you are doing well and what you need to improve, complete with suggestions of how to pursue improvement. This tool is designed to be a first step, to help you get started. Sometimes getting started is the hardest part of the process. I believe this tool will help countless organizations get over the hump of getting started.

Please check out my blog post about this new tool at https://mjshoer.com/21Fft. I encourage you to take the assessment and get a baseline on where you stand today.

Onepath Cybersecurity Self-Assessment Tool

Standard

Today, Onepath released our new Cybersecurity Self-Assessment Tool.  This simple, 20 question, tool will help you determine your organizations cyber-security posture, in plain English.

This was created by our marketing team, with expert oversight from Greg Chevalier, our VP, Information Security Practice.  Take the assessment and let me know what you think.  We think it’s a great tool to help our clients and friends understand the ever changing cybersecurity landscape and where they may be vulnerable.

Here’s the email announcement that went out this morning:

obe_email_banner_general24e2

There are many steps that companies need to take to defend themselves, their systems and their data. Those steps, however, and the degree of cybersecurity protection required depend on a number of factors, including the individual business’s risk assessment and tolerance.

Going through these processes can be complicated and overwhelming, leaving many businesses not knowing where to start. Even companies that have programs in place, and have taken steps to improve their information security position, are now left wondering if what they’ve done is right, or is enough.

Onepath has created a cybersecurity self-assessment tool to help businesses establish a baseline of their current security level and posture. The questions cover the basics – the blocking and tackling needed to establish an information security foundation. It may be just a start, but it could be that critical first step you take to get your business on a path toward cyber-protection.

startbutton28e2

Cyber Supply-Chain Attacks

Standard

I recently attended a webinar sponsored by the FBI‘s InfraGard program, which I am a member of.  I wanted to share some useful information from this webinar.

weaklink1-600x293Do you know what a cyber supply-chain risk is?  If not, you should.  Simply stated, a cyber support-chain risk is the risk of a hack or data breach from a 3rd party that you allow to access your secure computer network.  This could be anything from a consultant that works for you to your air conditioning or security system vendor, if they connect remotely into your network to manage these systems.

Here is some thought provoking informatin regarding cyber supply-chain risks:

  • 50% of data breaches are attributable to a 3rd party vendor.
  • 83% of organizations do nothing to manage third party risk.
  • 80% of data breaches are discovered by someone outside the breached organization.

So, what are some of the things you can do to mitigate your risk?

  1. Assess the risk before you allow a vendor access to your network.
  2. Understand your level of risk.  Is a large company a large risk and a small company a smaller risk?  Not necessarily.
  3. Perform an independent security assessment to understand your level of risk.  This assessment should include, at minimum:
    • Network/Perimeter Scan.
    • DNS Resilience.
    • Email Security.
    • Web Application Security.
    • Hacker Threat Analysis.
    • Breach Metrics
    • Patching Candence.

Keep in mind that doing an assessment is just the start.  It’s important to have the tools and processes in place to manage the assessment results.

If you life in a regulated world, you have even more to worry about.  If you take credit cards, you need to comply with PCI 12.8.  If you are in healthcare, you are governed by HIPAA and if you do business in or have employees who are residents of the EU, you much comply with GDPR.

It’s not a matter of if you will be at risk, it’s a matter of when.  You need to have a plan for dealing with a breach caused by a vendor.  Understand your communication and reporting responsibilities and develop your plan now, not after you have an incident.

Remote Workers Pose More Risk

Standard

Shred-it, the world leader in document destruction, has released their 2018 State of the Industry Report and it includes some interesting findings with regard to remote workers.  You may click on the link to request a copy of the full report from Shred-it, if interested.

us-sec-trackerThe stat that is most striking is that 86% of C-Suite executives believe that remote workers increase the company’s risk of suffering a data breach.  When looking just at small business owners, that number is 60%.

Employee negligence and a lack of information security is cited as the number one reason for this concern.  When employees work remotely, they may not be as careful as they are when working in the office.  This could be a result of using public WiFi or using devices other than company issued assets.

If you allow employees to work remotely, you should insist on several simple steps to help keep your business safe.  While not all inclusive, the following are six basics that should be considered a must for anyone who works remotely.

  1. Only allow company work to take place on company issued or managed devices.  While many companies now support a “BYOD”, Bring Your Own Device policy, those devices still need management, to ensure that company data is not stored inappropriately in locations that the company has no visibility to.
  2. Public WiFi should be avoided.  With nearly all mobile plans now supporting unlimited data, employees should use their mobile hotspot feature when not at their home or remote office.
  3. Only access company resources via HTTPS connections or over a company managed VPN.
  4. When in public spaces, be mindful of wandering eyes.  Whether at a cafe or on an airplane, nose neighbors and people sitting behind you are in easy sight of confidential information you may have on your screen.  Consider a privacy protector for these instances or sit in a location that prevents others from viewing your screen.
  5. Never let a friend of family member use a company issued or managed device.  You never know what they may expose you to.
  6. Report a lost or stolen device immediately!  If you suspect you may have exposed company data in any way, report it immediately!

Shred-it also released a great infographic that summarizes their report, which you may access here.

Stay safe out there!

I’m Still Blogging

Standard

My posts have not been as regular of late and I wanted to let you know why.  With summer getting in to full swing, I actually managed to take a little PTO.  At the same time, business has been booming and I’ve been extremely busy with work at Onepath.

I’m hoping to be back to regular blogging this week, so keep watch for new posts.  In the meantime, I’m enjoying the thrills of business travel.  This week it’s our Columbus office and wouldn’t you know it, my rental car upgrade sports a Cobb County, GA plate.  That’s where Onepath is headquartered.  I thought that was fitting.  I was also pretty tired, having arrived pretty late at night 🙂

Sharing My Colleagues Work

Standard

I am very fortunate to work with some great people.  Below is a selection of informative articles that some of them have written for our web site at 1path.com.  I think you’ll enjoy them and learn a few things as well.  These pieces highlight some of practice areas, including IT Services, Cloud Services, Application Management and Building Technologies.  Enjoy!

FistBumps.jpg

Five Signs You Should Invest in IT Support
by Eric Ellenberg

You’re a business owner and things are going well. Your customers are happy, your employees love their jobs, and your business is profitable and humming along. Congratulations! You’ve put in some long days and dealt with some tough problems to get here, so take a moment and celebrate your team’s accomplishments.

But increasingly, you’re getting questions about technology. The computers you bought a few years ago aren’t running so great, and your employees need help with them. Your accounting software is a few years old and needs an upgrade to keep up. You’re thinking it might be time to switch to a new customer relationship management system (or start using your first) to better track your current customers and reach out to new prospects. You’re getting emails about PCI compliance, but you’re not sure what the next step is. You’re getting a lot of email that looks a little off that’s actually trying to steal your confidential information. Some of your people have gotten a nasty virus that took them out of commission. That college grad in the office is telling you to move to the cloud, but you’re not exactly sure what that is or how to make it work for your business.

Continue reading…

Clouds.jpg

Your Cloud Security Is Only As Strong As Your Expertise
By Armon Aghaie

When your day-to-day is consulting with prospective clients in IT, you begin to get a feel for which technologies are having the biggest impact. Questions that are asked, articles that are published, etc. all give pretty clear indications about how technical markets are evolving over time. Naturally – it likely comes as no surprise – cloud and security are at the top of everyone’s mind.

Cloud has gone through an interesting evolution as it relates to security. Four years ago, you couldn’t convince most IT leaders that housing their highly important information on the same infrastructure as someone else would ever be a good idea. Makes perfect sense, right? When people share an office, they need only turn their head to see what others are working on. Why wouldn’t it be the same when people share servers?

Fast forward, and now we are talking about how cloud infrastructure has some of the highest levels of regulatory compliance including PCI, HIPPA, GDPR, multi-national, government, and many more.

Continue reading…

NewProd

Online Product Catalog Allows Firm to Monetize Their Data
Underwriters Laboratories (UL) Case Study
By Raquel Valdez

An industry-leader in certifying and validating products to be green certified wanted to re-platform their online product catalog, in order to monetize it and become the global source for green products. They wanted their new catalog to be an evolution of their older one, expanded to include data from other green partners and a complete network of green products across all markets. They also had an immediate, urgent need to complete the project by the end of the year and needed a trusted partner they could rely on.

The company approached Onepath. The Application Management Services team had previously built an online product catalog for a smaller company devoted to air quality testing, which had since been acquired. Once the acquisition took place, all IT was brought in-house, and they continued using the catalog that Onepath had built. When the need to update and revamp another product catalog arose, Onepath was the obvious choice.

Continue reading…

Firefighters

Emergency Response Radio Coverage (ERRC): Coming to a Building Near You
By Caleb Clarke

When emergency responders enter a building, they rely on radio equipment to communicate with one another and dispatchers, but within certain buildings, standard radio signals become impaired and stop working altogether. When time is most critical, first responders can be cut off from receiving further instructions, coordinating with one another, or requesting additional resources and equipment.

Various building structures and architectural materials can negatively impact the transmission of radio signals and prevent them from working. Standard radio signals have always had this problem, putting emergency responders and those needing rescue at risk, but fire codes weren’t really updated to require minimum performance requirements for emergency radio coverage until inadequate radio communication was determined to be a contributing factor in the death of 343 firefighters during 9/11. Both the National Fire Protection Act (NFPA 72) and the International Fire Code (IFC 510) updated their requirements to include Emergency Responder Radio Coverage (ERRC).

Continue reading…