Growing through a recession

Remaining profitable during a recession is difficult as it is, but growing may feel impossible. After all, if nobody wants to buy, nobody wants to buy what you sell. Right?

I am not a marketer. We pay people for that. But I do understand people and business, and how going the opposite way of others can lead to huge returns. If you are in danger of closing your doors within a month, you need cash. If you are set and can continue operating, you have an excellent opportunity to set yourself up as a market leader.  

Economic recessions have the fantastic effect of making you and your business quickly cut fat and push employees to deliver. Within weeks you realize how much unnecessary extras you were paying for, signed up for, or had hired. Services you thought you needed to get canceled, and your business seems as usual at the moment.

While I do advocate for cutting unnecessary expenses, there is one thing you should never do. NEVER (did I say never?) cut any service you will be taking back on as a business owner that has a lower value than what you do. Don’t cut janitorial if you will be spending 10 hours a week scrubbing a toilet. I wouldn’t even give it to a staff member unless they are in danger of being laid off, and you otherwise would like to keep them. But, you may think, I have extra time, so why not fill it with something I am already paying for to reduce cost? It seems perfectly rational in hard times to pull up your bootstraps and get to work.

With Office 365, it seems common sense has finally prevailed, giving business the changes they actually want. It’s still Office, and your staff will still know exactly how to work it, but they’ll get so much more done.

1. The whole Mac/Windows drama is over
Office 365 brings with it a stack of benefits, but perhaps the most relieving is the in-built file compatibility across all platforms. No more converting (or corrupting) files back and forth, productivity black holes have essentially been eliminated.
2. It’s always ready to go
Microsoft is so confident in their cloud-based software and data storage; they’re giving a 99.9% uptime guarantee. You can even call a real life human for support.
Work online, offline or mobile – the choice is yours.

The executives of your company are the big fish in your sea. Yet cybercriminals think of them as whales. In fact, whaling is a new cybersecurity threat targeting the C-suite level.
You’ve likely heard of phishing attacks. Phishers use scam emails or spoofed websites to obtain user credentials or financial information. This might be an email that looks like it is from your bank asking you to log in and update your details, or a supposed tax alert needing immediate action.
A vishing attack is another fraudulent attempt to steal protected data, but the cybercriminals are going to use the phone to make contact. They might pretend to be a vendor needing to confirm account details for bill payment.
There’s also spear phishing. In these cases, the attackers do their homework first and target a specific company. They scour directories and employee social media to gather information to gain credibility.
Now, there are whaling attacks, too. The high-value target is a senior-level employee. The fraudster typically also impersonates one of the target’s C-suite counterparts.
What You Need to Know About Whaling
A whaling attack uses the same methods as phishing but focuses on top-level targets. The goal is to get “whales” to reveal sensitive information or transfer money to fraudsters’ accounts.
Whale attacks are intentional. Phishing can see attackers baiting hundreds of hooks to get nibbles. In whaling, information gathered in advance adds credibility to the social engineering. The target has higher value, so it’s worth their time to appear knowledgeable and make a request to and from someone important.
The sender’s email address will look convincing (e.g. from smithj@companyx.co instead of smithj@companyx.com). The messages will have corporate logos and legitimate links to the company site. Because humans want to help, the communications typically involve an urgent matter.
Whaling attacks are on the rise. In 2016, Snapchat admitted compromising employee data after receiving an email, seemingly from its CEO, asking for payroll information.
In another high-profile example, Mattel nearly transferred $3 million to a Chinese account. Company policy required two signatures, but the attackers (taking advantage of a recent shakeup) faked the new CEO’s signature. The second executive went ahead and added a signature. The only thing that saved the company was that it was a Chinese bank holiday.
Protecting Against Whale Attacks
As with phishing or vishing, the primary way to protect against whaling attacks is to question everything. Train your key staff members to guard what they share on social media. Encourage them to question any unsolicited request. If they weren’t expecting an attachment or link, they should follow up. If a request is unusual, they should trust their spidey-sense and proceed with caution.
It’s also a good idea to develop a policy for handling requests for money or personal information. By requiring that two people must always weigh in, you're more likely to catch a scam before it’s too late.
Also, train all your employees to look carefully at email addresses and sender names. They should also know to hover over links (without clicking on them) to reveal the full URL.
Security awareness is crucial. It’s also a good idea to test your employees with mock phishing emails.
Need help training employees or testing social engineering? Contact our experts today, call us at 520-355-7553.

Let’s address the (ahem …) hippo in the room. HIPAA compliance continues to be a real challenge for small and midsized businesses.
HIPAA is an acronym for the Health Insurance Portability and Accountability Act, which has very specific rules and regulations around a patient’s health information.
Larger healthcare organizations – hospitals and insurance companies – have in-house information technology teams, but smaller businesses don’t have the same depth of IT help on hand. Yet they must abide by the same rules.
Risking a HIPAA violation can be costly. Fines reach up to $50,000 US dollars per occurrence.
Common violations include:

• Keeping records unsecured. WellPoint didn’t secure an online health database and paid $1.7 million
• Not encrypting data. The Massachusetts Eye and Ear Infirmary failed to encrypt physicians’ laptops, which led to a $1.5 million fine.
• Loss or theft of devices containing personal health information (PHI). A pediatric practice in Massachusetts lost a flash drive and settled for a $150,000 fine.
• Failing to train employees in HIPAA compliance. A Walgreens in Indiana breached a single patient’s privacy and paid her $1.44 million.
• Disposing of records improperly. Affinity Health Plan paid $1.2 million after failing to erase the photocopier drives before returning them to the leasing company.
• Releasing information without authorization. Phoenix Cardiac Surgery posted a patient’s appointment on an online calendar and paid $100,000.
• Disclosing PHI to third parties who do not have access rights. A medical practice in Phoenix sent patient data over insecure email and was fined $100,000.

Tips for HIPAA Compliance
Be aware of HIPAA requirements. Smaller businesses can have a tougher time remaining up to date on technology and guidelines. But that doesn’t make them any less accountable for understanding HIPAA compliance. It’s important to do the research and get educated, or partner with an IT provider with the expertise to prevent possible violations.
Embrace encryption. If your business deals with any confidential information, encryption and firewalls are necessary. Prevent outside traffic from accessing your systems. Ensure data can’t be read if there is unauthorized access. If there is a breach, or a lost or stolen device, the HIPAA penalties are reduced if encryption is used.
Protect all your endpoints. Any mobile devices that have access to patient data need to be secured. With mobile device management, for instance, you can lock down and wipe lost or stolen devices.
Err on the side of caution. Employees gossiping over coffee in a dentist’s office could share patient information, or someone might be sending an email with unencrypted data, or a health announcement with recipient names visible. All these are HIPAA violations. Humans will make mistakes, yes, but it’s less likely if you educate about regulations and the importance of being careful.
Get a HIPAA Check-Up
HIPAA has been around since 1996. In 2005, regulators got more serious about electronic versions of PHI. Yet there are still some businesses out there with only a vague idea of what it means to be compliant.
Heavy hitters in healthcare already take HIPAA seriously. You should, too. So, you haven’t been audited yet, but that doesn’t mean you won’t be. A $50,000 HIPAA fine could make the difference in your business staying afloat another year.
HIPAA compliance is critical for many organizations. Set policies and procedures. Put in place security awareness training. Start using encryption, and assess for risks.
Be proactive with your IT management. By working with IT experts, you can stay on top of HIPAA and remain complaint. A managed services provider can assess risk, identify improvement areas, and propose new tech.
Call us at 520-355-7553 to get your IT and access management policies in healthy shape.

How to Make Computer Issues A Thing of the Past
We repair many computers and laptops each week, but unfortunately this is often ‘closing the barn door after the horse has bolted’. Computers have a habit of dying at the worst possible time – like when an important project is due tomorrow, or before you copy family photos to a backup. We’ve combined our repair services with preventative measures to ensure this doesn’t happen to you. Our managed IT services can remotely take care of all the computers in your house, protecting you against both threats and system failure.
Anti-virus always up-to-date:  While many homes have anti-virus software installed, they don’t often have the latest virus and threat definitions. These systems are at risk every minute they spend online, as the anti-virus simply will not pick up and stop an unknown threat.
New viruses and hacking threats arise every day, and there are entire companies dedicated to creating anti-virus updates to catch them. We can make sure your anti-virus definitions are always up-to-date, keeping your computer secure against even the newest viruses.
Software patches: Hackers like to spend their time figuring out new ways to break into computer systems. Software companies like Microsoft and Apple release regular patches to close these security holes. The patches are supposed to be applied automatically, but we often find that isn’t the case – patches didn’t download, were canceled or produced an error. Our services involve remotely checking that each patch has been applied successfully, and troubleshooting if required. As an added advantage, any time new features are packaged into an update, you’ll find them already installed for you.
Early failure detection: Some parts in your computer send out alarm bells when they’re about to die. Unfortunately, they’re not literal alarm bells (that would be too convenient), but information in the background that needs to be interpreted or manually checked. We can monitor these and advise repairs as required.
Data protection: Hard drives which store your information do eventually wear out, but they’re one of the parts that send out early failure warnings. We can monitor this and give you ample warning so that you have time to back up your important files. When it’s time, we’ll work with you to arrange drive replacement, making sure to either clone or re-install your operating system, whichever suits your needs best.
Tune-ups: Even the most cared for computer will slow down over time. Hard drives become cluttered, operating systems corrupt and ghosts of uninstalled programs still remain. We can remotely schedule and run a regular maintenance routine that will keep your system running in top condition and lightning speeds.
Our managed IT service happens entirely behind the scenes, so there is no disruption to your experience. You simply enjoy the benefits of having your own IT specialist team at one flat, low cost. You and your family continue to use your computer/s as normal, the only difference is problems are fixed BEFORE they happen and your system has the very best security against threats.

To Backup or To Archive? ’Tis The Question
Hamlet worried about whether to be or not. You may be more preoccupied with whether backup or archiving is better for your business. You know you need to secure your data, but how? This article examines the different benefits of both options.
Back in the day, businesses kept important information on paper. They stored important records and notes in nearby filing cabinets for easy access.
When there were too many files to close the cabinet drawers any longer, someone would do a big clean out. Older, important documents would get boxed for the basement or other storage area. They might still be needed for tax, or compliance, or other reasons. But you didn’t need those files readily accessible any longer.
A similar scenario is true of digital business data. You can back it up to recover from hardware failure, cyberattack, or disaster event. Or you might archive the data for space management and long-term retrieval.
Deciding Between Backup and Archive
When it comes to the right form of data storage you’ll need to weigh:

• the period of time you need to keep the data;
• what protections from loss or illicit access your method offers;
• whether the data can be easily restored or retrieved;
• how accessible, searchable, and quickly available the data will be;
• any industry or compliance standards that need to be met.

The backup is a copy of your data. On a regular basis you’ll make a copy of the business data to provide you with a starting point in the event of a disaster. You'll decide how often to backup based on how often the data changes and the importance of data currency.
Backing up data, an operating system, or application files, doesn't delete the originals. However, your older backup may be deleted when you make the new copy. If not, the backup can have another use. It can allow users to go back and review or recover earlier versions.
It’s not a bad idea to have several backups. We recommend the “3-2-1” backup strategy. You’ll have three copies of your business data. One would be on the cloud, the other two on different devices (e.g. on your local computer and on a backup drive).
Archiving puts a copy of business data into long-term storage. This is the data equivalent of moving that box of files to the basement. Typically, the archived version becomes the only available copy of that data.
The archives’ permanent record of data may prove useful in future legal disputes. Archived data is often tagged to enable streamlined search down the road. Moving information to archive can also improve processing speed and storage capacity.
While a backup may be overwritten, archived data is generally not altered or deleted. In fact, it’s often physically disconnected from the computer or network. So, you’ll turn to a backup to restore your data if necessary, and to archives to retrieve information data.
Key Takeaway
Both backup and archive can prove useful. It’s not going to happen every day, but entire digital archives can be lost if a server is drowned by a flash flood. All the paper backups can be burnt to cinders in an electrical fire. That external hard drive could be stolen or crushed by falling debris in a hurricane.
It’s best to avoid having a single point of failure. Both backing up and archiving business data is a smart precaution. Ensure business continuity by preparing for the worst. Our computer experts can help you backup, archive, or both. Start securing your business data with our support today! Call us at 520-355-7553.