Articles

MSPs (Managed Service Provider) have been around the IT service landscape since the early 2000s. IT service companies adopting this delivery model have grown to over 40,000 in the United States. MSPs now represent most outsourced IT services delivered to small and medium sized businesses—i.e., approximately two-thirds of IT service providers adopt some level of MSP services with the majority adhering to a strict MSP delivery model. For businesses and organizations that receive some level of outsourced IT support but are not sure if their support provider is an MSP, this thought piece will provide you the answer by giving insight into how MSPs operate and how they compare to service providers that adopt a hybrid approach to delivering IT services. If you are having misgivings about your MSP this thought piece may validate some of your concerns. How MSPs Operate The MSP delivery model is rooted in proactive preventative maintenance—i.e., finding problematic issues before they pose potential down time and remediating threats before they occur. MSPs evolved from the advent of remote application service provider platforms (ASPs) that made it possible for technology professionals to manage networks remotely. These platforms have evolved into full-service offerings with the ability to monitor, track, and execute tasks of critical technology infrastructure from afar that includes: Monitoring network infrastructure performance, i.e. network devices, endpoints, etc. Automated updates and patching Security Back-up and Recovery MSPs will typically bundle these monitoring services with scheduled routine onsite visits, which may be limited or unlimited, as well as typically unlimited remote support for day-to-day reactionary issues all at a flat rate (make note of the aforementioned). Contract agreements are typically tuned for reoccurring maintenance, which may include on-call remote emergency support with the option for out-of-scope onsite visits, infrastructure hosting, and applications management that can be built into the cost. This is often referred to in the industry as “all you can eat”.  MSPs hold their heads high on providing wrap around IT services. They will compare the benefits of the MSP delivery model against the shortcomings of traditional services that are often referred to as “break/fix”. Break/fix providers are often portrayed as fixated on meeting or exceeding hourly billable goals whether it be achieved through time and material billing, through guaranteed billable hours generated from regularly scheduled onsite maintenance, or both. It is true that billable hour work can be potentially an expensive endeavor. However, it is also true that the traditional break/fix model of IT services by and large is no longer widely practiced. To be fair to those few existing traditional break/fix providers, it would be disingenuous to assume the intentions of all break/fix shops are a part of a wider conspiracy to nickel and dime their clients as is often portrayed in MSP marketing materials and content. Most IT service professionals that do not adhere to the traditional MSP model follow a ‘hybrid’ model for delivering services. There can be real benefits from using an MSP for all you can eat services, particularly if a business is looking to completely outsource all Its technology responsibilities from network to endpoint to applications management. However, there are caveats to this. We’ll begin by going over the caveats of the MSP model and contrasting them to the hybrid practices of many non-MSP providers. To make sense of how MSPs provision and charge for services, think in terms of health insurance, i.e. being on either a gold or platinum tier health plan. Most MSPs will require all “you can eat” service which includes monitoring of your network, security, back-up, and unlimited remote and / or onsite support. A step above is when the MSP provides/leases hardware, hosts the network, and provides all the application licenses (e.g., M365, VMWare, etc.), operating network licenses, and company domain. For MSPs it’s a numbers game and the way to get ahead is through contract by volume—i.e. locking in clients to fixed fee contracts that are padded. Similar to the insurance model, the formula ensures that if a set of customers in any given month have support overages, the MSP is more than covered by the mere volume of contracts. Like an expensive health insurance plan, you are paying a premium for preventative care. Also, just like with any insurance plan there always going to be out pocket costs—e.g., network upgrade, cloud migration, disaster recovery scenario, etc. The MSP recipe rests on automated intervention and minimizing the necessity for human intervention as much as possible to maximize revenue. Standard MSP Practices Here are caveats associated with core standard practices of MSPs that all potential customers should consider carefully before signing a contract. MSPs charge a monthly flat rate and position this as more price advantageous to an hourly rate. The truth of the matter is an hourly rate is always a part of the equation in determining the fixed rate. The reality is the cost of doing business with an MSP can get expensive. (We’ll get more in to pricing later) Coat tailing on the last point, monthly fixed rate for services including unlimited remote and onsite support is not unlimited. It works just like the unlimited data plan for mobile phones. All mobile carriers have an unspoken limit on data. If you happen to meet that limit before the end of the month and go over the limit, there is no consequence of additional charges, but your performance will be throttled. Businesses on MSP contracts will experience a slowdown in response times if they happen to regularly require a high demand for support. MSPs try to work in all possible scenarios to make sure they have a healthy buffer to cover demand. Speaking of contracts, All MSPs require contracts. In some cases, for terms as long as 5+ years and at the very least annual contracts that require annual renewal. This is one way to keep their clients locked in. An MSP fixed fee/unlimited services contract is a textbook example of a bait-and-switch tactic. Many MSPs offer hosting services, lease … Read more

There is a new advanced phishing attack that has been wreaking havoc on businesses over the past several weeks called “EvilProxy. Here is a synopsis that explains EvilProxy and gives recommendations on how to protect your business from it. What is an “EvilProxy” Phishing attack? EvilProxy is an advanced phishing attack designed to steal users’ passwords and Multi-Factor Authentication (MFA) details.  MFA is the two-step verification method that requires a one-time code from a secondary device (such as your cell phone) to be provided when signing into an account on your computer or smart device. How Does an “EvilProxy” attack work? EvilProxy works by first sending phishing emails with links to a site that is masquerading as a branded or well-known sign-in page.  When a user enters their sign-in information and their MFA code, the hacker can capture the session information and utilize it for themselves.  This grants the bad actor full access to the user’s account that was previously protected with MFA. How to Defend Against an “EvilProxy” attack Along with advanced security policies to limit phishing attempts, defending against advanced phishing attacks that leverage toolkits like EvilProxy is to train users to remember the basics of safe email usage: Double-check the “from” email address of all messages that they receive. Do not open attachments or links that were not expected. Never provide usernames and passwords to anyone through links received from an e-mail or over the phone. Do not approve MFA requests if you are not actively signing into your account. Further Recommendations Continuing to use Multi-Factor Authentication (MFA) across your Microsoft 365 tenancy is core to protecting sensitive data or business-critical applications.  However, attackers will always be working to undermine the protections that we put in place.  However, attackers will always be working to undermine the protections that we put in place. Maintaining a proper awareness-based security posture requires that we are protected in multiple ways.  We need to reduce risk with advanced security policies and empower our users on how to recognize attacks.  With this in mind, here are two solutions that can be implemented to strengthen your security posture and augment your user’s awareness. 1. Hornet Security 365 Total Protection Enterprise Backup. https://www.hornetsecurity.com/en/services/365-total-protection-enterprise-backup/ Hornet Security combines the safety net of a total M365 backup, (including all mailboxes, Teams, SharePoint, OneDrive, and everything else) with powerful additional advanced security policies, (anti-spoofing with DKIM / DMARC, anti-phishing, AI driven Advanced Threat Detection, Live E-mail tracking, etc.), to create an augmented defense against attacks. 2. KnowBe4 Enterprise Security Awareness Training. https://www.knowbe4.com/en/products/enterprise-security-awareness-training/ KnowBe4 has rapidly become one of the most robust solutions for arming your users with the necessary knowledge to identify and prevent attacks before they even start.  The big bad Cyber Crime Lords of the Internet are certainly using your users against you!  To prevent our users from becoming weaponized, we need to ensure that we are properly training our users with the necessary knowledge to identify and shut these guys down!  Through fine-tuning and targeted simulations, we can identify the weak points in our users’ knowledge, put together enterprise-level reporting to measure progress, and ultimately create computer-based training programs from a massive library of content.  Simply put, Human Error – Conquered.

Ultimate Forms by Infowise is a SharePoint add-in that extends the functionality of SharePoint to improve SharePoint usability and enable a multitude of business processes.  Infowise Ultimate Forms is a codeless solution that enables the typical business user to create sophisticated forms and solve business needs in SharePoint by supercharging SharePoint lists. Ultimate Forms is easy to learn and does not require any programming knowledge.  Once installed as an app on your existing Microsoft 365 SharePoint site, Ultimate Forms becomes part of SharePoint, with the ability to design, automate, and customize any SharePoint or MS Teams list from within SharePoint via a single click. Ultimate Forms gives SharePoint and Teams lists the features they need to become fully–fledged, powerful business applications.  Ultimate Forms is a “no-code” system. All its design elements, layouts and other features are easily configured using via drag and drop and short ‘Excel-like’ formulas. Features include: Tabs and column permissions, wizard mode, custom input validation, attachments, data rules and view permissions. Drill-down and drill-around features to related SharePoint and Teams Lists so you can access more data, faster.  Automated Actions and workflows using a wide variety of advanced fully configurable rules and actions.   Reports and data can be printed, converted to various formats, and emailed with just one click. Robust notifications and alert capabilities including scheduled or on-trigger emails, reports, change advisories (in detail or summary), and more. Automatic import of emails, text messages and database items into various data sources to generate or update list items or documents. Easy-to-use configure lookups into external databases or web service-driven line-of-business applications. Ultimate Forms can serve as a single source platform for implementing solutions on your existing SharePoint tenant.  It can be customized to address business processes from different departments, replacing dozens of separate unintegrated applications. And because Ultimate Forms lives within SharePoint, it can utilize your existing Active Directory users, groups and permissions.Infowise even provides dozens of free, pre-built application templates that any Ultimate Forms subscriber can use as is or customize to better fit their needs.  Available templates include Project Management, HR Recruitment, Help Desk, Expense Reimbursement, Employee On/Off Boarding, Asset Tracking, Room and Equipment Reservations, Leave Requests, and many more. Subscribers can use as many templates as they like for no additional charge.  To understand the breadth of Ultimate Forms, here are a few examples of how it can be applied to different parts of day-to-day business operations. Accounting Example: Expense Report In Ulimate Forms you can create an expense report that gets automatically routed for approval. Your personal information, such as name, email, department, and manager name, are entered automatically from the Active Directory. Different categories of expenses are color-coded for clarity. All totals are calculated automatically. Manager is notified automatically once a report is submitted. You can optionally fill out reports for other people in their name. HR Example: Emergency Contact Information Here is an example of an emergency contact form created in Ulimate Forms. Ultimate Forms is very flexible and easily configurable where the form above example can be modified to collect additional important health information such as allergies, medications, etc. Sales Example: Sales Quote In this example a form has been created to generate a sales quote. Products and categories – You can manage your own product categories and products to be used in the quotes. Creating a quote for a new product or category? Add them right when you need them, directly from the new quote. You don’t need to stop in the middle and switch to a different list. When you select a category, the list of relevant products is filtered out automatically. Customers and contacts – You can manage your customers and their contact persons for use within quotes, view quotes associated with each customer. New customers and contacts can be added right when you need them, without leaving the context of the quote. Only relevant contacts are shown for selection when you enter a customer. Quotes and quote lines – You can create, manage, and print quotes. All totals are calculated automatically, including discounts. Quote lines are added directly from within the quotes. You don’t even need to save the quote before you can add lines to it. Print-outs – You can print or export the quote using a print template of your own design. Add your own details and logos, as well as any additional text. Print out the quote, save it as PDF or email it with a single click. You can even create multiple different print templates and choose the one you want for a particular print-out. Please note that Ultimate Forms is not a replacement for high transaction volume line-of-business systems—e.g., ERP systems and vertical software systems. Rather it is best suited as a business platform used to increase the efficiency of day-to-day internal business operations. But Ultimate Forms is a single source productivity app that can reduce the number of and consolidate multiple apps into the Microsoft 365 SharePoint platform that you already own.  Ultimate Forms is also much easier to use than Microsoft PowerApps which requires a certain degree of programming knowledge. So, with Ultimate Forms you avoid the large consumption of time, resources, and aggravation you get from having to code and script.  Why consider Infowise? Here’s a summary of the takeaways: 100% No Code Solution developed in SharePoint No programming skills required = saving time and money Affordability – sustainable cost averaging $4.00 to $8.00 per user User Friendly UIs – Easy to Navigate Drag and Drop and Drilldown Menu Features Ability to incorporate workflows, permissions, and rules, etc. Intuitive – No steep learning curve Easy Deployment Built-in support for solution templates – build once and re-use Mobile ready To learn more about Infowise, register for an upcoming webinar and see for yourself the power of Infowise Ultimate Forms.  

SharePoint is a web-based application that was introduced by Microsoft Corporation over 20 years ago—i.e., 2001. SharePoint is a platform that provides businesses, organizations, and institutions a place to access, share, and store information across different devices. SharePoint in its early iterations was intended to provide IT professionals an easier way of network provisioning and collaboration. As with any product in its infancy SharePoint had its share of bugs, quirks, and limitations. Microsoft took note of this and over time made improvements to it largely based on feedback from the user community. It was not uncommon in the past to see a business attempt a SharePoint deployment in one form or another to only see it abandoned. In fact, failure was often the result even after multiple attempts. Four major reasons for SharePoint falling short of expectations was frequently attributed to: The lack of a clear objective and vision resulting in poor design/development and rollout A lack of end user understanding of SharePoint, resulting in challenges with company/organizational wide buy-in Limited functionality and cumbersome to develop, especially with earlier iterations Costly to develop and maintain SharePoint was often seen as a nebulous concept to the typical end user. It was relegated as a back-end tool for IT personnel and to a lesser degree developed with a front-end that featured UIs (user interface) that were underdeveloped and not particularly user friendly. The challenge for the typical end user in relation to understanding the utility of SharePoint in its earlier existence was a consequence of its capacity for broad application to many different business needs and processes. Essentially, SharePoint was a blank canvas that required a business use concept, then built into an accessible application. The business uses SharePoint could be applied to abound. For example, Customer/Vendor Portal Employee Intranet/Portal Document library Dashboard Calendar and Bulletin Board Document Collaboration (e.g., projects, contracts, proposals, etc.) Notifications and Alerts Tool Business Intelligence Websites Forms SharePoint’s Building Blocks SharePoint can be viewed in three components; they are sites, pages, and web part. For Example, Microsoft 365 is the site, the Microsoft 365 homepage is the page, and all the accessible apps such as, OneNote, Visio, Lists, etc. reflect the web parts. To get an expanded explanation of SharePoint, here’s a link to an article that does a reasonable job at explaining the composition of SharePoint in simple terms. SharePoint’s Move Toward More Practical Use and Wider System Adoption As SaaS (Software as a Service) community and collaboration platforms such as Slack and Google Workspace (now Google Apps) gained momentum and made rapid advancement in the 2010s, the visibility of more third-party platforms connecting to or implemented on SharePoint began to evolve as well—e.g., Infowise, Trello, Zapier, Zendesk, etc. Microsoft released its own unified collaboration platform, Teams in 2017 as part of Microsoft 365 (formerly Office 365). Teams is the front-end application—i.e., user interface—and SharePoint is the mothership. SharePoint is the document library where the all the files, recordings, chats, images, and emails live and are retrieved from Teams as well as from other apps—e.g., Lists, Visio, etc. In a relatively short span, Teams has become a staple in the small, medium, and enterprise spaces as business has shifted to a hybrid and distributed workforce model. Its popularity and practical interface have led to the development and release of a slew of third-party Apps and integrations within the SharePoint sphere. SharePoint has become the leader in collaboration and document management bringing increased business productivty to a wider audience globally. Here’s a shortlist of how SharePoint drives productivity: Collaboration highly flexible, scalable, and easy to adminster across an organization Wide accessibility to any device conducive to sharing and communication Project Management using workflows syncing to Outlooks and Calendars leveraging SharePoint with Teams Management of Data oraginzed document storage and library easy accessibility to data Tightly Integfrated Microsoft 365 – access to the suite office tools and native Apps right from SharePoint–i.e., Word, Excel, etc. Access to Teams, One Drive, etc. Third party extentions–e.g., Infowise, etc.

Using forms is a great way to reduce cost and build efficiency into your business operations. Forms can be leveraged across an organization—e.g., admin/operations, human resources, marketing & sales, etc. Form building apps allow you to create a myriad of forms such as surveys, polls, job applications, contact forms, progress reports, and more. These apps are intended to be collaborative which allow for sharing, tracking, and the incorporation of approval processes. However, not all form building apps are created equal. Basic Form Apps Among the long list of form building apps, two familiar apps on the rudimentary end of the spectrum are Microsoft Forms and Google Forms. They are easy to use and free as a part of their respective collaboration platforms—i.e., Microsoft 365 and G-Suite. Microsoft Forms also includes some minor advanced feature capabilities at no extra cost. Another highlight of Microsoft Forms and Google Forms is they play nice with other native Apps within their sphere. For instance, Microsoft Forms can be easily exported to Excel and Microsoft Lists and all forms are stored automatically in the document library on the Microsoft 365 group SharePoint site just as Google Forms are automatically saved to Google Drive. These apps are great for creating basic online forms like tests/quizzes and surveys that you can invite people to and get responses in real time. The shortcomings with basic form building apps are their limitations with advanced features. Microsoft Forms has limited feature integration options outside of Microsoft 365’s native apps. For example, there is no available integration between Microsoft Forms with many of the widely used email marketing platforms like Mail Chimp and Constant Contact. When circumstances necessitate more template options, advanced formatting, field validation, applying time sensitive response rules, etc., Apps like Microsoft Forms and Google Forms may not be enough to fulfill the needs of the business. Advanced Form Apps When businesses require advanced level form building features, then solutions such as Zoho Forms, Cognito Forms, and Infowise may serve as good candidates to review for consideration. Examples of advanced features are but not limited to modifying templates, creating dynamic forms from scratch (e.g., sales quotes with electronic signature, equipment tracking, etc.), dashboards, incorporating charts, ability to pull data from large lists, applying rules to forms, configure business logic and workflow processes, and setting notifications and alerts. The drawback for many advanced form builders is there can be a steep learning curve, they tend be expensive, can be time intensive to manage and, in some cases, require knowledge in basic coding skills—i.e., for Apps that are LCDPs/Low Code Development Platforms. One exception among the advanced form builder apps is Infowise. Infowise Ultimate Forms (IUF) is feature rich yet easy to use and does not require intensive learning. IUF is a SharePoint Online / Microsoft 365 add-in that enables the business end user the ability to create smart dynamic forms without the need for custom coding; it is an entirely no code development platform (NCDP). It also has integrations with other data sources like Salesforce, ORACLE, Google, etc. Ultimate Forms was designed with the end user in mind, so it features highly intuitive UIs with drag and drop features, drill down capabilities, and includes dozens of pre-defined templates out of the box providing intelligent and sophisticated no code forms. The catch with IUF is since it is a SharePoint extension, it requires SharePoint. Discovery Checklist of Insights Here are 10 things to consider when preparing for discovery on a Form Builder App: ✓   Evaluate how much data your company collects, the business documents already being managed, and other forms being contemplated ✓   Be aware of the key players in your workforce—Are they savvy with Apps? Do they have any programming skills? ✓   Consider form builder apps that fit the size of your business (small, medium, large) if cost and resource capacity will factor heavily into the decision ✓   No code options that provide advanced functionality ✓   The degree of integration with other platforms ✓   Data exporting capabilities ✓   Conditional formatting –e.g., applying rules and calculations, etc. ✓   Security – does it have the capacity for encryption technology? ✓   Mobile Ready ✓   Ease of use Be committed to reviewing multiple form building apps that you determine will meet most of your business requirements so you can make an informed decision. Give thought to seeking assistance from a business technology professional to help in determining a suitable solution, to ensure the best possible deployment outcome, and successful outcome for company-wide user adoption.

  In the age of hybrid and remote work, Microsoft 365 has become a staple for business operations to thousands of companies across North America. Many businesses rely heavily on Microsoft 365 to the extent it has become a primary communication, collaboration, and operations hub–i.e., email, intra-company communications, video conferencing, calendars, file sharing, mission critical productivity apps, etc. Consequently, Microsoft 365 is also increasingly becoming the primary data receptacle for a large swath of businesses through the use of Microsoft Teams, document libraries in SharePoint, and OneDrive Sync to emulate the similar experience of an on premise file server. Making the move to the Cloud is not without a certain amount of risk.  Out of the box, Microsoft 365 is not setup for traditional backup or disaster recovery, when compared to how these very important practices are implemented within an on premise infrastructure.  Does Microsoft 365 backup your data?  Well, yes and no.  Microsoft 365 does in fact allow you to recover deleted items.  However, the native Microsoft 365 recovery tools are quite limited.  Restoring emails from the Deleted Items folder can assist with recently deleted emails by mistake, yet what about other scenarios?  Long-deleted or purged files, corrupted mailboxes, items lost due to cyber-attacks or incorrect migrations – these are just a few things Microsoft will not help you to restore.  Here are the limitations of the native recovery: Recovery is time-limited within Microsoft 365.  By default, items are kept around for up to 30 days.  Moreover, the purged items will be lost.  There may be a situation where you might need to restore deleted files and emails.  A good example would be for compliance or reporting purposes.  That is where having a proper backup solution will come into play No point-in-time recovery.  Let’s say an active user’s mailbox has become corrupted and the version history is either turned off or out of date.  The data becomes lost forever as there is no way to choose a “clean” version and restore from.  In this situation, recovering the mailbox would only be possible if the mailbox had been previously backed up. Recovery can be over complicated.  Unlike with a professional backup solution, Microsoft 365 is not setup for a one-click restoration solution.  For example, Microsoft 365 recovery via In-Place eDiscovery & Hold has many conditions and steps that can be very time-consuming and ultimately not always successful Microsoft 365 doesn’t follow data backup best practices, per industry standards.  It is widely known that there is a basic rule that should be followed for a safe backup.  In the Tech industry, this is commonly known as the 3-2-1 rule.  According to this practice, three backups should be stored on two forms of media, with at least one off-site copy.  Microsoft stores it’s form of cloud backup data, (versioning), in the same tenancy within the cloud as the source data.  To put it simply, the data copy in the Microsoft cloud is vulnerable to the same threats as the source data it backs up.  Should the Microsoft 365 tenancy fall prey to a malicious attack or become hijacked, all of the data contained within is subject to becoming compromised, lost, or otherwise inaccessible.  As a result, this makes the security of your data incomplete. Fortunately, there are a multitude of third-party back-up solutions available for Microsoft 365 that provide automatic data backup and recovery to different locations in the event of any of the previously stated scenarios.  Here is a summary of the compelling reasons why companies should deploy a backup solution for Microsoft 365 and what you can typically find with most solutions: Retention options are much better.  The backup data can be stored indefinitely for compliance reasons, archive, etc Point-in-time data restoration – Most professional backup solutions allow you choose the version to recover Source data and backup data are maintained separately -Your Microsoft 365 backup data will be stored in a separate location within the cloud, and many times can be customized to your preferred service of your choice, i.e. Amazon AWS, Wasabi, Backblaze B2, etc.  Many solutions also allow for backups to be copied to physical on-premise devices for a more Hybrid approach. Advanced options to monitor data storage and usage.  Professional backup solutions provide robust consoles and administrative dashboards to keep track of your backups Folder hierarchy of restored data is maintained as in your original file structure.  Restoration of items can be deposited directly to the folders that they were deleted from Protection from User errors and accidental deletion.  Mistakes happen and sometimes go unnoticed.  Having a backup solution can provide a recovery option for these types of situations Protection from external threats, hijacks, or malicious attacks like Ransomware.  Backup data is safely stored away from your tenancy, so that it can not be compromised in the event of an attack.  Many services allow for real-time access and temporary use while mitigation and repair of the aftermath of an attack takes place Protection from internal threats or sabotage.  With a proper backup solution, data integrity can be maintained free from a purposeful malicious intent internally, that can easily go undetected over time Three widely used backup solutions for Microsoft 365 are Veeam Backup for Microsoft 365, Microsoft 365 Total Backup from Hornet Security and Microsoft 365 Backup from Cove.  Any of these products will provide ample data backup with encrypted storage and recovery controls for all native 365 applications including Exchange Online, OneDrive, SharePoint, and Teams.

Late last week Microsoft issued a high alert warning for a vulnerability in Outlook. The vulnerability affects all currently supported versions of Microsoft Outlook for Windows. Microsoft has rated this exploit a 9.8 out of 10. CVE-2023-23397 is a Microsoft Outlook elevation of privilege vulnerability that, according to the Microsoft Security Resource Center (MSRC), has already been used by a “Russia-based threat actor” in targeted attacks against government, transport, energy, and military sectors in Europe. Using this vulnerability, an attacker can steal user login credentials and gain access your systems and data. Notable is that an attacker can exploit this vulnerability merely by sending the victim a specifically crafted email or message. Thus, making it a non-user interaction required exploit. Microsoft has released a critical update.

A recent UK study found that nearly half of employees (42 percent) cannot spot a scam email. These findings come from the cyber security firm OpenText Solution which surveyed 2,000 employees from small businesses. This research underlines the key issue that is exposing companies to cyber attacks, a lack of cyber security literacy among its employees. Despite the average business being targeted 28 times by cyber threats, most employees weren’t even aware that cyber attacks were an everyday threat to companies.  Over half of the surveyed employees stated that they had heard standard cyber threat terms such as DDOS (distributed denial-of-service) or BEB (business email compromise). With nearly half of large organizations reporting networking downtime lasting longer than one day to phishing attacks, basic cyber threat awareness training is growing in popularity and importance. Matt Aldridge, principal consultant at OpenText Security Solutions, comments,“Security awareness is critically important for all organizations, as the employee is always the first line of defense in cyber security. “There’s no use investing in sophisticated cyber security software if employees click on dangerous phishing links and grant cyber-criminals access to the business network or to confidential data. It’s like turning on a fancy home security alarm but leaving a window open – you’ll be left playing catch-up after the bad guys get in. “To ensure cyber resilience, employees need to be educated on the latest risks as soon as they are discovered – whether that’s the Royal Mail scam or the multitude of other threats. Organizations can achieve this by using templated phishing simulations that are reflective of the latest emerging scams. “These should be implemented alongside strong and robust communication to employees and adequate technical defenses, all of which will help to ensure cyber resilience.”

Deputy National Security Advisor for Cyber, Ann Neuberger alerted companies during a press briefing today that Russia may be planning cyberattacks against U.S. infrastructure and businesses as retaliation for the stiff sanctions placed on Russia for their actions in Ukraine. Neuberger has signaled for companies to prepare for potential attacks by listing a number of proactive steps to take in securing their networks including, updating/patching systems against known threats, backing up data, implementing multi-factor authentication if not already in place, and run practice drills. U.S. intelligence has picked up information that Russia may be preparing to stage cyberattacks but does not have knowledge of any specific targets or timeline. Earlier this month, The Cybersecurity and Infrastructure Security Agency (CISA) said any potential state sponsored cyberattacks can affect all business from large enterprises to small enterprises and home offices.