Have You Considered Skype for Business?

Standard

The following was published in the Sunday, July 9, 2017 Seacoast Sunday and Foster’s.

If you have not, you should. Skype for Business is the business version of the popular Skype service that many individuals use for chat and calling over the Internet. With Microsoft’s ongoing enhancement of the Office 365 platform, Skype for Business has been bundled into most of the business class subscriptions.
Skype_for_Business_Standard_Blue_CMYK1Skype for Business has become a very powerful collaboration platform for businesses. This is for both internal use within the company as well as collaborating with external business partners and customers. It is tightly integrated into the Office 365 platform and Office software applications, providing instant messaging, online meetings, meeting recording, screen sharing, Voice over IP (VoIP) calling, phone system functionality and recording.

In terms of collaboration features, Skype for Business is a powerful meeting platform, allowing you to share anything on your screen, collaborate on documents and presentations, conduct interactive polls, collaborate in real-time using whiteboard functions, manage questions throughout the meeting and facilitate public and private chat with meeting participants. During these online meetings, you are also able to make other participants presenters so that more than one person is able to present content to the meeting participants.

Security is forefront in Skype for Business. All communications, both audio and video, are encrypted. Skype uses both Transport Layer Security (TLS) and Advanced Encryption Standard (AES) to encrypt its audio and video traffic to ensure that if a Skype stream were to be intercepted, that they hacker would only see encrypted text and not the actual audio, data or video. Keep in mind, regarding calls that this only applies to VoIP calls. Calls made over the traditional phone network, often called the PSTN network, that part is not encrypted.

If your business is not yet using Skype for Business, especially if you are already using Office 365, you should really look into it. I see more and more organizations using Skype for increased collaboration and productivity and it has a very positive impact for those who use it.

The instant messaging features make it easy to see if a colleague is available or not. This is called presence and it’s tightly integrated into calendaring, so that Skype will let you know if someone is in a meeting, offline, available or on a call (if you are using the calling features). It’s helps to avoid phone and email tag, trying to connect with someone. This also works between organizations, so if you have a Skype contact that is at a customer of yours, for example, you can see if they are available when you wish to speak or message with them.

Another key benefit is that Skype for Business is a truly cross platform product. You can run it on a PC, Mac, iPhone, iPad, Android smartphone or tablet and even through a web browser. It truly facilitates communication between parties, no matter what each person is working on. When it comes to using the phone system features of Skype for Business, this also lets you make phone calls from the app on your smartphone, making it appear that you are calling from your office.

With most computers having built in webcams these days, video calls and meetings are becoming more common. Skype for Business fully supports video calls and meetings, so if you walk by an office and see someone on a video call, it’s quite likely it may be Skype for Business. There are several other tools that support this as well, but the key with Skype for Business is that it is all integrated into a single platform and subscription. This makes integration more efficient, so that people are more productive and also holds cost down. The infrastructure can be entirely Cloud hosted and features added to existing Office 365 subscriptions for as little as $2 more per month, for basic services.

As I mentioned earlier, if you are not currently using Skype for Business, check it out. I have yet to see a business that can’t benefit from implementing even just the basic features associated with messaging and presence. It’s a great way to employ technology that used to be reserved for only the largest companies that could afford to implement it. It’s now available to even the smallest businesses, so take advantage of the opportunity to increase your productivity. You’ll be glad you did.

Prime Day Phishing Examples

Standard

Yesterday, I posted a warning about scams associated with Amazon‘s upcoming Prime Day on July 11th.  Here are a few examples, to help you remain alert and avoid getting caught by the hackers trying to exploit this popular online shopping day.

AmazonPhish1

AmazonPhish2.jpg

AmazonPhish3

In each of these examples, you will notice the following:

  1. The sender address may look like it’s coming from Amazon, but if you take the time to look at the actual address within the <> symbols, you can clearly see that it’s not.  Some email programs will show you this like in these examples.  Others, you may have to hover your mouse over the “from” name to see what the underlying address is.
  2. The message contains only links.  DON’T CLICK.  These links will bring you to malicious sites that will load malware on your device.
  3. The messages all have an Unsubscribe link at the bottom.  As with #2, DON’T CLICK.

Hopefully these examples and warnings will help you enjoy Prime Day safely!

In case you missed my original post yesterday, about this, here is the link.

With Prime Day Comes Scam Days

Standard

Amazon Prime Day is coming and along with it, hackers are actively trying to scam users of the popular Amazon service.

What is Prime Day?  From Amazon’s web site: “This July 11 is the third annual PrimePrime Day Day. Prime Day is our annual deals event just for Prime members. We want Prime Day to be one of the world’s best days to shop, with awesome prices on everything you’re into. We’re bringing you hundreds of thousands of deals, new deals starting as often as every five minutes, and special offers across everything included with Prime—from music and video to reading and voice shopping.”

This year, hackers are really taking advantage of Prime Day, perhaps in part because Amazon has been more aggressively promoting Prime Day each year.  Prime Day deals are available for several days prior to the 11th.

Be on the lookout for phishing email messages, with subjects and sender names referencing Amazon Prime and Prime Day.  Even if you just placed an order, double check the sender address and hover over any links before clicking to be sure they are really from and going to amazon.com.  And don’t forget, never open an attachment.  Amazon doesn’t send them, so that would be a clear indicator of a potential phishing attack.

I have already seen numerous examples of phishing email messages that say they are from Amazon Prime or reference Amazon Prime Shipping in the subject or other similar names and subjects.  Be careful while enjoying Prime Day!

Cloud Computing Won the Preakness!

Standard

preakness-stakes-cloud-computing

That’s right, a horse named Cloud Computing won the prestigious Preakness Stakes, the second of the coveted Triple Crown.  Why is this of interest to a technology blogger?  Because it certainly says that Cloud Computing has arrived in the popular vernacular.

My daughters rode horses for over a dozen years, competing in both the English and Western styles, not racing fortunately.  Too dangerous for a father.  It was hard enough watching them compete and occasionally fall.  My girls enjoyed great success in their riding careers, reaching national finals at the collegiate and public school levels.  Each finished in 7th place on the same day at respective national finals.  Over their careers they rode horses named Bond, Dancer, Itchy, Johnny and more, but never one named for a technology.

So, if a horse winning a race as prestigious and well known as the Preakness Stakes is named Cloud Computing, what’s your winning strategy for harnessing the Cloud in your business?  Yes, the pun was intentional.

The Cloud has received a lot of hype over the years, as I have often written about.  Hype aside, every business I work with uses the Cloud, even if they don’t know it.  What’s important is how you use the Cloud and is it optimized to help you reach your business goals.  There are three primary types of Cloud Computing, in addition to the horse type, Private Cloud, Public Cloud and Hybrid Cloud.  Here is a quick, basic summary of what each means:

  • Private Cloud is when you host your own servers in a data center and make them available to users across the Internet or a private connection like a VPN tunnel or a dark connection (one that exists only between your office sites and the data center).
  • Public Cloud is when you leverage a company like Amazon Web Services, Microsoft, Google or one of several other companies that specialize in hosting virtual servers in their data center for you.
  • Hybrid Cloud is a mixture of both private and public and may also integrate servers on-premise in your office.  Often this involves a robust business continuity plan that leverages the geographic diversity of these options to provide high availability, regardless of issues that may be impacting any one of these options.

Cloud Computing is one of the hottest buzzwords in the IT industry and most businesses, across all industries.  Companies are still trying to determine how to best use the Cloud to help them be more competitive and profitable.  Whether this involved moving entire systems to the Cloud or just certain types of services, the goal is to provide a better internal user and customer experience, to help the business achieve its goals.

One of the ongoing risks with Cloud Computing is cost.  There remains a large misperception that Cloud often means lower TCO (Total Cost of Ownership).  This is not always the case.  In my experience, only the smallest of customers are able to move their entire IT infrastructure to the Cloud and also realize cost savings.  Most businesses may see increased costs when introducing robust Cloud solutions.  This is because Cloud moves expenses from the Balance Sheet to the Profit & Loss, so most businesses see an increase in monthly expense.  This is where the finance team needs to be involved, as this may not necessarily be a bad thing, even though it may first appear to be.

Like any technology, don’t jump to the latest and greatest without a well thought out evaluation of the benefits you expect to realize.  You also want to be sure to employ proper management solutions for your Cloud systems, just as you would if it were on-premise.  Of specific concern with Cloud solutions, especially those in the public Cloud, is managing cost.  Public Cloud price models are one of the most complex in the market today.  You will hear terms like compute cycle, IOPS and more.  These all add to your costs and need to be proactively managed so you don’t get an unpleasant surprise with your next monthly billing statement.

I know of one company that learned they were spending $400,000.00 more annually, than they needed to be.  Don’t let that be you!  There are tools that will help you understand, manage and optimize your configurations and utilization so you are not spending more than you need to be.

Cloud Computing is a winner and businesses are leveraging the Cloud for impressive wins.  Are you?

And just for the record, even Fortune Magazine picked up on this story idea 😉

Reflections on Kaseya Connect 2017

Standard

As I’m sitting here in McCarran International Airport awaiting my jetBlue Red Eye back to Boston, I’ve been reflecting on my week here in Las Vegas at the Kaseya KaseyaConnectConnect conference.  Kaseya is one of several technology partners that we have at Internet & Telephone, LLC.  Specifically, we use the Kaseya Virtual System Administrator (VSA) IT management platform as well as AuthAnvil two-factor authentication.  Both are part of our stack of specialized tools that we use to manage our customer infrastructures.

This was my first time attending Kaseya Connect and I’m impressed with the company and their roadmap for the future.  What’s significant about this is that a few years ago, it looked like the company was moving in the wrong direction and was no longer going to be a good partner for us.  That is no longer the case, at all.

We started the week off in the Customer Success Council meeting on Monday.  During this invitation only meeting, Kaseya executives shared details on upcoming product developments and new initiatives, including recent and planned acquisitions.  Following this meeting, Kaseya hosted a focused security symposium.

During the symposium, some interesting statistics were shared from the 2017 Verizon Data Breach Investigation Report.  This report has become the annual standard bearer for the state of cybersecurity in the commercial market space.

Some highlights from the report:

  • 62% of breaches involved hacking.
  • 81% of hacks used stolen or weak passwords.
  • 51% of hacks used malware to steal passwords.
  • Over 1 billion credentials were stolen in 2016.
  • It is recommended to deploy two-factor authentication to all users when feasible.

When considering two-factor authentication, consider that it meets these requirements:

  • HIPAA for healthcare organizations.
  • FFIEC for small banks and credit unions.
  • CJIS for law enforcement agencies.
  • The latest revision of the legal professional code of conduct requires it for remote access.

Following are some updated stats about data breaches, in terms of impact:

  • Every record breached costs a company $158.00, on average.
  • The average number of records breached, per data breach, is 3,000.
  • This is an average cost of $475,000 per data breach.
  • Short term impacts of a data breach are downtime, lost data and business interruption.
  • Long term impacts of a data breach include damage to the company’s reputation, customer loss and lost revenue.

On Tuesday morning, Kaseya CEO Fred Voccola kicked off the event with an engaging keynote that shared interesting stats that you may read more about in my post from Wednesday titled Small and Medium Size Business Stats from Kaseya Connect.

Fred also provided a comprehensive review of what Kaseya calls it’s IT Complete stack.  This includes the core feature set of the VSA platform that we use to manage our customers as well as new or updated modules focusing on network management, identity and access management, backup and disaster recovery, Office 365 management and backup and an impressive Cloud management module that will allow us to help our customers save money on their Cloud subscription costs.

I was also intrigued by some new initiatives around data analytics to help us manage our business better and deeper integration with our customer documentation system.

Kaseya did a very good job outlining the product roadmap and how we will be able to leverage these developments to help our technical team better manage our customers.

We have built our security offerings around the National Institute for Standards and Technology (NIST) Cybersecurity Framework.  I was very excited to see that Kaseya has built their security offerings around this same framework.  This will make aligning our security strategy with what Kaseya is and will be delivering to its partners a compelling benefit for our customers.

There was also a very interesting session on improving the user experience with IT.  Using something called persona modeling, it’s an intriguing model of better understanding the needs of IT users based on their role in the organization from an individual, departmental and overall company mission point of view.  I’m looking forward to testing this out to see what opportunities for improvement it may bring to the surface.

The conference wrapped up on Thursday with the entire Kaseya executive team sharing their thoughts on where the industry is moving, based on their individual areas of responsibility.  This touched on all aspects of the solutions that Kaseya brings to its partners.  I was particularly pleased to gain some insight into the companies Internet of Things (IoT) strategy.  These are the myriad of devices that now have an IP address and connect to the network.  As these devices become more prevalent and important to a company’s success, it is very important that they be managed, like every other device on the network and right now, there is no consistent model for accomplishing this and organizations need to be careful about deploying unmanaged devices onto their corporate networks.  As we saw several times in 2016, these devices, left unprotected and unmanaged, can be taken over and used to carry out a data breach or attacks on other organization.

We also had the opportunity to have a private meeting with several members of the senior team to discuss our business plans and the status of our partnership.  I was very pleased with the level of transparency and candor from everyone at this meeting and I am looking forward to working more closely with everyone at Kaseya to deepen our partnership for the benefit of our customers and our two companies.

 

 

Small and Medium Size Business Stats from Kaseya Connect

Standard

At this mornings keynote, Kaseya CEO Fred Voccola shared some interesting statistics connect-Las-Vegas-Board.pngabout how small and medium sized business (SMB) approach technology.

First, it’s important to define what constitutes a small business and what constitutes a medium sized business.  It seems like whomever you ask, they will have a different answer from the last person you asked.  I was glad to hear Fred provide context for how Kaseya defines these market segments.

A small size business is one that has no internal IT staff and between 1 and 300 employees.  A medium size business is one that has internal IT staff and between 300 and 3,000 employees.  This sets the stage realistically.

On to the stats:

  1. SMB’s have increased their technology investments over 400% in the last 3 years.  Among surveyed SMB’s, they feel that investing in technology is key to becoming more profitable through technology driven efficiencies.
  2. 57% of SMB’s believe that investing in technology is their single best business investment opportunity for growth.
  3. The number of technology services that SMB’s are outsourcing has doubled and continues to grow.
  4. The number of SMB’s wanting to implement two factor authentication (2FA) has grown by 70%.  The increase is being drive by regulatory requirements that have moved down-market and the fact that weak or compromised passwords are the number one cause of data breaches.
  5. 88% of SMB’s believe that if they use a public Cloud solution like Amazon Web Services (AWS), Google Cloud, Microsoft Azure or Office 365, that the Cloud company is fully managing and supporting them.  They are not.
  6. As a result, 73% of SMB’s are overspending on their Cloud subscriptions.

All of these data points confirm the opportunity and risk that technology holds for SMB’s.  As these companies invest more in technology, it’s more important than ever to work with a Managed Service Provider (MSP) like Internet & Telephone, LLC to help ensure you spend your dollars effectively.  Next generation services like network management, identity and access management (IAM), Cloud management and Office 365 management are services that we have been at the forefront of, helping our customers achieve first mover advantage without being on the bleeding edge.  I’m proud of our team and our service offerings as we are moving where the market want to go and doing so in a timely manner, assuring our customers that we are the best partner for their infrastructure technology needs.

What About Corporate Password Managers?

Standard

Following up on Wednesday’s post Why You Need a Password Manager, let’s talk about corporate password managers.  These are systems designed for use within a company, to manage the passwords across the enterprise.

Some of the password managers I mentioned in my Wednesday post also offer a business version, that allows you to share and manage passwords across groups of users.  Corporate password managers are a little bit different as they are typically geared more toward the IT user, not the average business user.

I divide corporate password managers into two categories, those for use within corporate IT departments and those for use by Managed Service Providers (MSP’s).  These are organizations, like Internet & Telephone, LLC, who provide IT services to their customers.

The features are designed for these environments and include all the basics you would expect from a robust password manager.  When I evaluate products like this, I look for several key features, among them appropriate encryption, identity management, user assurance auditing, change tracking, secure deployment and discovery, compliance, access control, least privileged access, self-service password reset, automatic password rotation, automatic password injection and more.  It all depends on defining your requirements and finding the solution that meets your needs.

In terms of my business, the solution I prefer most is Passportal.  This was built from the ground up by an MSP who understood the requirements most other MSP’s would have.  It also allows MSP’s to offer the service to their customers.  I find the feature set of Passportal to stand above the competition.  Consider this list of features:

Passportal.jpg

  • 1-Click Website Logins
  • Drag & Drop Data Imports
  • PSA Integrations
  • Multi-Factor Authentication
  • Personal Password Vaults
  • Role-based Permissions
  • Active Directory 2-Way Sync
  • Password Generator
  • Mobile Optimized Access
  • Password Data Analytics
  • Prebuilt Reports
  • Global Search
  • Co-Managed IT Password Collaboration
  • Password History Retention
  • Technician Disable Workflow
  • Password Rotation Management
  • Client and Password Access Requests
  • Windows Directory Services Control
  • Custom Security Groups
  • Temporary Access Rights
  • Scheduled Automated Data Exports
  • White Labelled / Rebrandable

Other worthy corporate solutions include BeyondTrust, ManageEngine Password Manager Pro and Thycotic to name just a few.

If you want to be absolutely, positively certain as to who accessed what password when and who used what password when and where, a corporate password management solution is a must.  Otherwise, you are simply leaving it to chance and trust that none of your employees will misuse a password or worse.  In today’s world of nearly daily breaches and cyber security issues, I believe these systems are a must in order to keep your passwords safe and in control.