ChannelCon 2018 is Here!


The first week of August each year is one of my favorite weeks of the year.  It’s when CompTIA members gather for the annual ChannelCon IT industry conference.  ChannelCon is the most valuable event I attend each year.


If you are a regular reader of my blog, you know that I am highly engaged in CompTIA and a big proponent of CompTIA’s work.  The key to this organization is the diversity of its membership and the breadth of what this organization does in the IT industry.  This will also be my last ChannelCon as a member of the Board of Directors.  It’s been a true privilege to serve this amazing organization as a member of the Board.  I’ve had the distinct honor to serve three years as Board Chair and am finishing up my term as Immediate Past Chair.

ChannelCon brings together the best of the business for three intense days of networking and educational opportunities.  This event is not about one company or one technology, it’s about the entire IT industry, from A to Z, from the Channel to upstart business application vendors, from certified IT professionals to drones, small cities and emerging technology.  It’s about educational opportunities to provide insight into where the indsutry is heading and what any business in the IT industry needs to be aware of to remain relevant in one of the most dynamic and ever changing industries in the world.

It’s also about philanthropy and giving back.  From the Creating IT Futures Foundation, that helps all manner of individuals gain access to exciting careers in technology to the Advancing Women and Advancing Diversity Communities that are striving to break through artificial barriers in our industry.  It’s also about helping our colleagues improve themselves and their businesses, based on real world experience, in the field.

From household name technology brands to the newest startup in the field, over one thousand professionals will be in DC this week, talking about the Business of Technology and the bright future we all have ahead of us.  Here’s to a great week.

Tech Talk: Sextortion is the Latest Email Scam


SextortionThe following article was published in today’s editions of Foster’s and Seacoast Sunday.

The headline is racy, Sextortion. It’s the latest email scam circulating the internet and it certainly raises some eyebrows and causes anxiety for many recipients. The good news is it’s an email scam that sounds a lot worse than it is.

Here’s how it works. You receive an email with a subject containing a username and password you are either currently using or have used in the past. The message goes on to say that you recently visited an adult website and while you were there, the sender of this email installed malware on your computer. This malware allowed them to take control of your webcam and record you. Unless you agree to send a ransom in Bitcoin, the sender threatens to release the videos they have of you and the adult websites you have visited to your contact list.

The sender also employs a little odd humor, commenting on your good taste in adult videos you watch. That aside, there is nothing funny about this. This scam plays on your sense of privacy and prudence. It attempts to shame you into paying a ransom to protect your reputation. It’s just the latest example of extortion attempts via email.

So where are the bad guys getting your username and password? The first thing to confirm is whether the password is one you use currently. It may be. It may also be one you have not used for years.

So where are the bad guys getting your username and password?  The first thing to confirm is whether the password is one you use currently.  It may be.  It may also be one you have not used for years.  Most security researchers believe that the usernames and passwords are being obtained from databases on the Dark Web that have millions of compromised credentials, gathered from numerous data breaches that have taken place over the last ten or more years.  The problem is that many people don’t change their passwords often or use a unique password for each site you need a login for.  So, it’s quite likely that the password may still be in use, on at least some of the web sites that you visit.

The good news is there are no reports that anyone has actually had the threats in the email carried out. But the threat is what gets people to take action and in some cases, actually pay the demanded Bitcoin ransom. You should never do this as it just fuels these scams. All indications are this is an automated scam, mining data on Dark Web and crafting these email messages. If the bad guys behind this receive even a small fraction of the ransom they are demanding, they will make out pretty well. Don’t fall for the scam and help them make money.

So, what can you do to help protect yourself against email scams like this? Use a strong password, preferably a passphrase that consists of several words put together to create a strong passphrase that will be very difficult to hack. I recommend a bare minimum of 12 characters, mixing upper and lower case letters, numbers and symbols. Don’t use the same password on more than one website. This is probably the most difficult thing to do, with all the username and password combinations you have. If you struggle with this one, look into a password manager to help you manage all the usernames and passwords you have. If you are not familiar with password managers, Google them and read user reviews to see if one may be good for you. Also, be sure to enable two factor authentication whenever it is an option, to further secure your logins.

Most importantly, if you get one of these messages, don’t panic and absolutely do not reply or send the ransom. The worst thing you can do is engage in an exchange with a hacker like this. Or pay them.

Surviving a Crippled Smartphone


While on vacation this week, my iPhone X developed a perplexing and crippling fix-iphone-x-unresponsive-screen-498x800problem.  My wife and I were walking down the beach, taking pictures from time to time with my phone.  I had it in the back pocket of my swimsuit and I was not wet, nor was the phone.  I would take it out of my pocket, tap the camera widget on the lock screen, take a picture and put it back.

One time doing this, the widget was greyed out, as if the camera didn’t exist.  At the same time, I noticed that the touchscreen was completely unresponsive.  I was unable to unlock the phone using Face ID, nor was I able to tap in the passcode to manually unlock it.  Not thinking much more that the phone was acting up, I used the camera app on my Apple Watch to take pictures of things we wanted to capture as we walked.  Sure enough, that worked and the photo’s uploaded to iCloud as I could see them on my iPad and PC.

But the touchscreen would not work.  Multiple soft resets would not resolve the issue.  I was unable to hard reset the phone as I could not connect to iTunes on my PC because I was not able to acknowledge the prompts on the screen.  The iPhone X was unresponsive, except it was working.  I just couldn’t control it at all.

The next morning, I went to local Verizon store, hoping they would be able to hard reset it and perhaps bring it back to full functionality.  Unfortunately, they could not and my only option was a warranty replacement.  If I had been close to an Apple Store, I would have been able to go there and get it replaced the same day.  Unfortuantely, I was not and was heading home the next day, so opted to have Verizon overnight me the warranty replacement.

Fortunately, becuase I have an Apple Watch and an iPad, I was able to limp along while I waited for a new phone to be overnighted to me under warranty.  I could take calls and send and receive texts on either device.  Takeing calls on the Apple Watch is still a little humorous and definitely gets interesting looks, but it works.  I was also lucky, because the iPhone still paired to my car and I was able to operate it using the steering wheel controls to make and take calls on the drive home, to meet my new iPhone, which is now easily up and running thanks to iCloud backup restoring nearly all of my apps and settings.

About the only thing I was not able to do was receive pictures and videos via text on the Apple Watch.  When those would come in, it would tell me I needed to view the message on my iPhone.  That wasn’t happening, so I had to wait to get back to my iPad on WiFi, but all in all, for a pretty crippling event, I was able to stay in touch and functional and was back to full operation in under two days.  Not bad.

Sextortion, the Latest Email Scam


sextortion-caution-signHave you received an email with your password in the subject line?  If you have, you may be the latest victim of “sextortion,” the latest email scam making its way around the internet.

Here’s an example of what the email you may receive might look like:

Subject: yourusername – yourpassword
I am well aware yourpassword is your pass. Lets get straight to point. You may not know me and you are probably thinking why you’re getting this email? Not one person has paid me to investigate you.
actually, I installed a malware on the X videos (pornography) web site and guess what, you visited this web site to experience fun (you know what I mean). While you were watching videos, your internet browser initiated operating as a Remote control Desktop that has a keylogger which provided me accessibility to your display screen as well as cam. Just after that, my software obtained your entire contacts from your Messenger, Facebook, as well as e-mail . After that I created a double-screen video. 1st part shows the video you were viewing (you have a nice taste : )), and 2nd part displays the view of your cam, & it is you.
You got only 2 choices. Let us explore these types of choices in aspects:
1st solution is to just ignore this email. In this situation, I will send your actual recorded material to every one of your contacts and just consider about the awkwardness you can get. And consequently if you are in a committed relationship, how it will affect?
In the second place alternative should be to compensate me $7000. We are going to call it a donation. Then, I most certainly will asap remove your video recording. You can keep on your life like this never happened and you will not ever hear back again from me.
You’ll make the payment through Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google).
BTC Address: 1MVikLH1GbsvYa8bXVGScgZLXP1tVNH9o4
[case-sensitive so copy & paste it]
Should you are planning on going to the police, anyway, this email message cannot be traced back to me. I have taken care of my steps. I am not attempting to demand a whole lot, I simply want to be paid. You have one day to make the payment. I have a unique pixel within this e-mail, and at this moment I know that you have read through this e-mail. If I do not get the BitCoins, I will, no doubt send your video recording to all of your contacts including family members, co-workers, etc. Nevertheless, if I receive the payment, I will destroy the recording right away. If you want proof, reply Yea! then I will send your video recording to your 7 friends. This is a nonnegotiable offer and thus do not waste mine time and yours by responding to this e-mail.

Despite the dire warning, this is a harmless scam.  The sender is trying to intimidate you into sending them a Bitcoin payment, plain and simple.  Numerous, credible security researchers have determined that the hackers of getting your username and password from databases on the Dark Web that sell stolen credentials.  In some cases, these passwords may be years old.

You can check to see if your information has been exposed on the Dark Web by checking the Have You Been Pwned? web site.  The link is to a post I wrote about that some time ago.

If you get a message like this, delete it and ignore it.  This is just the latest email scam going around, but due to its selatious nature, it’s garnering a lot of concern.

The following is an email alert the Onepath, my employer, put out earlier today on this matter.  There are some prudent recommendations in this message, to help maintain your online safety.  Stay Safe Online!

Onepath Alert

We have become aware of a new scam making the rounds that we want to alert you to.  You or your colleagues may receive an email that includes a password that you may currently use or have used in the past. This email may make reference to you having visited an adult web site or that the hacker sending the email may have installed malicious software on your computer. In some instances, the email may also state that the hacker has activated your webcam and captured video of you. The email will ask you to pay a ransom, in Bitcoin, to avoid any embarrassing information about you being leaked to your contact list. Rest assured that this is a scam. At this point in time, Onepath is not aware of this being a valid threat.

Research suggests that this is just the latest type of automated email scam that seeks to scare the recipient in to making a payment. Onepath urges you to never make payments to hackers as a result of an email like this. Multiple security researchers feel that the password emailed to you was obtained from a database of hacked passwords that were obtained from one of the large hacks that have taken place over the last several years. In other words, this is not a current threat. That said, we still recommend you do the following, to help ensure that your accounts are as safe as possible:

  1. Do not use the same password across multiple online accounts.
  2. Instead of a password, consider using a passphrase, a collection of words and make them complex, replacing letters with numbers and symbols and mixing upper and lower case.
  3. Where you can, enable two factor authentication to further protect your account.
  4. Consider use of a password manager to make managing your online accounts a bit easier and more secure.

Onepath recommends that our clients have an information security game plan that focuses on the following:

  1. Take steps to protect your company, customers and suppliers data.
  2. Regularly discuss data protection and system access with your employees.
  3. Implement incremental steps to mitigate data breach and system access risk in your environment.

Your Onepath Client Engagement Manager can help evaluate your present security posture and recommend testing and training solutions to help your employees maintain a proactive defense against many threats. Onepath’s Information Security Division also provides a full suite of services that can assist you with the development of a more complete security game plan. If you have any further questions please contact your Client Engagement Manager.


A Labor of Love


If you regularly follow my blog, you know I love technology.  You know that I also post an occassional personal thought and in this post, I’m combining both.

My wife Jennifer Shoer is a professional genealogist.  Her business, Reconnecting Relatives, helps answer questions that families have been asking for generations and reconnects lost family members with one another.  This is her labor of love, as technology is mine.  The most important thing I do, is support her research and be sure her technology is always doing what she needs it to do.

Technology has had a huge impact on the world of genealogical research.  The digitization of centuries of records, some becoming available for the first time since the end of the Cold Way, has revolutionized this research and lead to discovers that have impact beyond words.

My cousin Michael Shoer is another member of my family who has had the good fortune to pursue labors of love, first from his impressive career on the ground floor of CNN to his latest venture, Creative Word and Image, Inc. in Atlanta and his @boomzoom video channel on YouTube.  Michael creatively leverages technology to bring important messages and stories to life in effective ways.

Michael and Jennifer recently leveraged video technologies to bring an incredible missing piece of our family history to not just our family, but the world.  The ability to find this missing evidence was a breakthrough that Jennifer has been working on for years.  It’s an amazing discovery that has brought joy and sadness to our family in a profound way.  Most importantly, technology has allowed Michael and Jennifer to preserve this important historical record for generations to come.

This is why we all love what we do…

Look Out Slack, Here Comes Teams


The following was published in the Sunday, July 15 editions of Foster’s and Seacoast Sunday.


Several months ago, I wrote about new workplace communication tools, namely Slack. Slack is the market leader in this space, but Microsoft, true to form, is coming on strong with its tool called Teams. At the time I wrote the original article, Slack really owned the market. Fast forward five short months and the scale is swinging toward Teams.

So what is Slack and Teams? These are commonly referred to as workplace collaboration tools. Slack, from their website, says it is “Where work happens. When your team needs to kick off a project, hire a new employee, deploy some code, review a sales contract, finalize next year’s budget, measure an A/B test, plan your next office opening, and more, Slack has you covered.”

The Teams website is “The hub for teamwork in Office 365. Communicate through chat, meetings and calls. Collaborate together with integrated Office 365 apps. Customize your workplace and achieve more. Connect across devices.”

These tools are hubs of information and collaboration. They are places where people communicate in groups or teams, share information, use collaborative applications to drive productivity, host meetings, make voice and video calls and store information. This can be done in small groups of people, between departments, publicly, privately and most importantly securely.

Slack was first to market and Microsoft has followed with Teams. While the tools themselves are becoming more similar than different, Slack had a clear edge with its broad integration with a wealth of other apps that many businesses use. This integration allowed users to collaborate in one place, across multiple apps, projects and discussions. Initially, Teams lacked these same integrations, but that has changed. Teams now has as broad a set of integrations as Slack and because Microsoft includes Teams in all of its business Office 365 subscriptions, it has millions of users, almost overnight.

If you are a Microsoft Office 365 subscriber, you have Teams. If you are not using it yet, you likely will be soon. Skype for Business, Microsoft’s popular business chat, voice and video service is also bundled with Office 365 and had a very large subscriber base from before Microsoft’s acquisition of Skype several years ago. Skype for Business is being merged into Teams so if you are a Skype for Business user, you will eventually become a Teams user. Microsoft is not yet forcing this transition, rather allowing you to continue to use Skype for Business while you explore and plan your eventual transition to Teams.

One of the main benefits users tout for these platforms is the reduction in email volume. Instead of lengthy email exchanges, with people being added and removed from replies and topic being equally added and removed, these platforms organize these conversations into distinct threads. By moving conversations into these collaboration platforms, you remove the immediacy of interruption that is often associated with email. You are able to more finely control your alerting preferences and when and how you want to consume the information. You can share and collaborate on documents, spreadsheets and more, while maintaining more control over the original file and keeping the spread of the file living in numerous places.

With support for voice and video calling, these hubs become a single tool for all manner of communication within the business. Extensive search capabilities make finding current or past information far simpler than searching through email and server folders. Rich auditing and tracking as well as discrete permissions management also means you can control the flow of information and restrict access, to keep information secure.

If you have not yet looked into these collaboration tools, you should. Check out Slack at and Teams at You’ll be glad you did.

Roundup of Informative News


Here’s another roundup of some really informative articles that have been published on the Onepath web site.  I hope you will check them out as there is some truly great content here from some real industry luminaries.  Let me know what you think of these pieces.  We love feedback and knowing what we’ve done well and what you are interested in learning more about.  Enjoy!

The Business Side of Cybersecurity – Keynote Presentation to Georgia Construction Conference
Given by Greg Chevalier


With all the big companies in the news for data breaches or other cyber security “incidents,” does the average mid-size business really need to worry about cybersecurity?  In his keynote presentation to the 2018 Georgia Construction Conference at the Cobb Energy Centre in Atlanta last week, Greg Chevalier helped a group of finance and operations executives understand the answer is a definitive “yes,” and not just to protect yourself directly, but also indirectly through your trading partners.

Network traffic has grown rapidly; your cybersecurity needs to evolve with it.  Network traffic has grown exponentially over the last 20 years, driven not just by the adoption of smartphones and laptops for personal use, but by the explosive growth of machines on the network.  Not just servers, but firewalls, edge routers, webcams, wireless access points, vending machines and thermostats.  Each of these devices presents something that needs to be either protected or potentially defended.  In the ‘90s, intrusion prevention systems were largely sufficient to deal with the individuals who may be bad actors trying to attack a manageable number of machines using fairly common security frameworks.  But with the rise of so many different machines on the network, the number of security frameworks has grown just as fast.  This means your cybersecurity has to now solve for an exponentially greater number of potential issues than 10 years, or even 5 years ago.  As a business executive, you have to consider when was the last time you made a meaningful update to your IT security infrastructure?  In response, various industry groups and regulatory bodies have developed security regulations such as PCI (payment cards), HIPAA (healthcare), GLBA (banking), FINRA (financial services) as well as industry standards such as ISO 27001/2, SOC Type I/II,III, and NIST CSF to help companies keep their data and their networks secure. [Continue reading…]

10 Ways to Improve Your Conference Room Meeting Experience
By Michael Lane

The first 10 minutes of a 30 minute meeting all-too-often look like this:

“How do we connect my laptop to the TV?”

“Can someone get Sarah? She knows how to turn on the projector.”

“I think I have the wrong meeting link; here let me find that in my email.”

“While I’m looking, can someone go ahead and dial us in on the speakerphone?”

“There we go. Can everybody hear me? No? Here, I’ll slide over closer to the microphone.”

By the end of the meeting, you may not even realize you’ve run out of time until someone pops their head through the doorway because they’ve booked the room for the next block of time, and now you’re delaying the start of their meeting.

$37 billion dollars is lost annually to poor meetings, according to the U.S. Bureau of Labor Statistics.

Audiovisual (AV) has changed from a speciality area to a business-critical application. Businesses need to interact with remote workers, remote clients, and remote vendors, so presentation and collaboration technology is increasingly part of how we communicate. AV equipment is therefore becoming as central to running your business as other communications like phone or email. The shift to AV being business-critical in nature has in turn created a demand for reliable, sustainable, and repeatable AV solutions. [Continue reading…]


Q&A: What Can We Learn from the Atlanta Cyberattack?
By Patrick Kinsella

In light of the recent and ongoing ransomware cyberattack affecting the City of Atlanta’s IT systems, we sat down with Onepath’s Senior VP of Engineering and Technology Patrick Kinsella, to get his perspective on the events of the last week. The ransomware attack began on Thursday, March 22, and affects almost half of the city’s systems, from Municipal Courts to Watershed Management. On Tuesday, March 27, city employees were advised to turn their machines back on. By Friday, a few systems were slowly starting to come back online, but a couple were still not back up.

Q: What is ransomware?

A: It’s the information technology version of someone breaking into your home, locking you out of it, and demanding a ransom to regain entry; all the while you hope your belongings are intact when you’re able to return. In the IT world, the items behind held captive could be personal health information (PHI), or other personally identifiable information (PII), which may actually belong to your business’s customers or stakeholders.

Q: When a ransomware cyberattack happens, what are the first things a business, or in this case a city, usually does to respond?

A: The first thing is, do everything you can to stop the bleeding. You determine what you need to shutdown, and what backups need to be stopped from running to avoid poisoning the last good copy, assuming you’ve been diligent in running backups. In a different incident, for example, Hancock Health shut everything off after being hit with ransomware—computers, backup scripts—within 90 minutes. For the City of Atlanta, they seem to have followed that procedure as well. [Continue reading…]


Onepath Launches Cybersecurity Self-Assessment Tool
Created by our Web Dev Team

Onepath has created a cybersecurity self-assessment tool to help businesses establish a baseline of their current security level and posture. The questions are around the basics – the blocking and tackling needed to establish an information security foundation. It may be just a start, but it could be that critical first step you take to get your business on a path toward cyber protection. [Take the assessment…]

Happy Independence Day



“Government of the people, by the people, for the people, shall not perish from the earth.”

–Abraham Lincoln, Gettysburg Address, November 19, 1863

No matter what challenges lay in our path, the 4th of July is a time to remember what it means to be a citizen of these United States.

Wishing you all a safe and Happy Independence Day!

Client Engagement & vCIO Collaboration


The following article was published in the July 2, 2018 edition of Channel Executive Magazine:

In the world of MSP services, firms provide a range of proactive services to clients to help them make the most of their IT investments. Over the years, as the market has matured, the notion of the vCIO has become a key component of those services.

VCIOs act as the chief information officer for the client in a virtual capacity. This is because the vCIO is not an employee of the client company but of the MSP. By working with multiple clients, either in the same vertical or across several industries, this executive-level resource brings a wealth of experience to the client relationship. Often, the vCIO is responsible for the overall client relationship, coordinating technical services, project management, customer services, and more. The vCIO is often the most senior resource from the MSP assigned to the client.


In recent years, a new resource has emerged with equal — if not more — importance to the client relationship sometimes referred to as client engagement or sometimes as client success. This department has one responsibility — the overall health and retention of the client relationship. In this capacity, client engagement can take on many of responsibilities that the vCIO would handle. Both are highly consultative while each may have different areas of responsibility within the overall client/MSP relationship. If not properly structured, there could be conflict between these two roles, but there does not need to be.

The vCIO will work with other C-level executives at the client to fully understand where IT sits within overall corporate priorities. The vCIO will also work with other executives to identify the areas where technology is a clear enabler and where it may be a bottleneck. The vCIO will also identify areas of opportunity to improve how technology serves the business as well as be the key MSP resource to keep the client apprised of technologies to be evaluated and the potential benefits of implementing new technologies to help the business reach their stated goals.

The client engagement role will typically have responsibility for managing the relationship with the appointed primary contact at the client. This may not always be the same person that the vCIO interacts most with, especially in larger clients, so having these two key roles in close communication and coordination is critical. Client engagement will typically have ultimate ownership for the relationship, so while the vCIO may seem to be the more senior resource, that person may actually be taking direction from client engagement. At the very least, everything must be in close coordination.

In a growing or midsize enterprise, the vCIO will typically work most closely with a peer, who could themselves be the CIO for the client company or at least an executive-level position like the CFO or a vice president. They will typically not be involved in the day-to-day of the working relationship. Things like help-desk tickets will typically not make their way to the vCIO with the exception of period trending on a quarterly basis. Instead, the vCIO will focus on the overall infrastructure and projects with significant impact to the infrastructure or workflows of the client.

Client engagement typically owns the more day-today relationship items, like managingclientengagement.jpg the replacement of equipment as it reaches its life expectancy, managing software subscriptions, warranty renewals, and the like. They will also typically become involved in escalations from the help desk to ensure the issue is carried through to resolution as quickly as possible and that the client is fully informed every step of the way.

When client engagement becomes aware of issues that point to more strategic need, this is when they will directly engage with the vCIO. The vCIO will, in turn, be sure that the issue at hand has the necessary visibility with the right management personnel at the client. This close coordination helps the client avoid unnecessary expenditures that either may not be necessary or could be better controlled with the right visibility. The last thing any MSP wants to see is a client spend money on short-term fixes when a longer term strategic conversation may help the client make the best choices for how their technology dollars are being spent.

This is especially true when it comes to projects that cross functional areas. It’s always a shame to see one department pursue an IT project that could benefit other departments without their involvement. All too often, if left to their own initiatives, organizations will allow departments to pursue their own objectives. When it comes to IT, this can lead to all manner of applications and systems being implemented with a singular focus. Deep engagement on the part of the vCIO and client engagement with the entire organization can help protect against this and ensure that initiatives are evaluated for possible benefits in areas of the organization that may not have otherwise been considered.


These two critical functions help ensure that the right people at the client are engaged with the right resources at the MSP. Every relationship is a two-way relationship, and this structure helps ensure that the right people are engaged and the right communication is taking place at the right interval. The cadence of client communication and meetings with key stakeholders is very important. It’s very important to map to what works for your client. If talking to the client daily doesn’t make sense, don’t do it. All you will do is annoy your client and risk not getting attention when it’s needed most. Talk to your client about this at the beginning of your relationship. Let them know what you have seen work well with other clients in their industry or of their size. Set the cadence based on mutual agreement and adjust as necessary as you gain experience with one another.

Implemented properly, the concept of client engagement/ client success and the role of the vCIO will ensure a healthy, long-term, and mutually beneficial relationship. In the end, that should be everyone’s objective.

How Do You Assess Cyber Security Readiness?


The following was published in todays Foster’s and Seacoast Sunday.

Cyber security is a moving target, to say the least. The threats change all the time. Regulators continue to clamp down on companies to take the issue of cyber security seriously. The reputation of a well-known brand can be erased by a single report of a data breach.

SAWWe all know about the high-profile hacks that exposed millions of people’s information. Whether it was the breach of popular retailer Target or the credit bureau Equifax, it seems like we read about the latest data breach on a nearly daily basis. Even here in the Seacoast, the city of Portsmouth suffered a hacking incident that took months to recover from. The city informed residents not to open email messages that appear to come from city staff with attachments, especially ones that appeared to have a bill or invoice attached. This was not too long after the city of Atlanta suffered one of the most destructive and expensive municipal cyber incidents.

With large and small companies and governments being targeted, it can seem almost impossible to keep up with the threat, let along mitigate it. Your staff is your last line of defense and making sure they understand the risks and their role in defending the organization they work for is critical. But first, you have to understand your level of risk. How do you do that? A cyber security assessment.

There are numerous types of assessments. Some are free and some cost money. Free assessments run the range of usefulness and paid assessments can cost a lot of money and if not properly qualified up front, that money could be wasted. That’s why I am excited about a tool that the company I work for, Onepath, released this week. The Onepath Cyber Security Self-Assessment Tool is a completely free tool to help you get started understanding your level of risk. In fact, we don’t even ask for your contact information, unless you wish to provide it or contact us for more insight on the topic. That’s how committed we are as an organization to help everyone better understand cyber security and educate themselves on their risk and options to be safer.

The Self-Assessment asks 20 questions to help you evaluate your cyber security posture. Once you answer all the questions, you are presented with your results instantly. You don’t have to wait for someone to review your answers and take their call or respond to an email to get your results. We provide them to you immediately and you have the option to save them, if you want.

Key to this tool is the detailed explanations that come along with your responses. You will get a summary score, to give you an idea of your present state. The explanations to each answer will help you understand what you are doing well and what you need to improve, complete with suggestions of how to pursue improvement. This tool is designed to be a first step, to help you get started. Sometimes getting started is the hardest part of the process. I believe this tool will help countless organizations get over the hump of getting started.

Please check out my blog post about this new tool at I encourage you to take the assessment and get a baseline on where you stand today.