Technology Advisor Blog

We all know what we "should" do about passwords, but reality is quite a bit different as a recent report by LogMeIn shows, in collaboration with the National Cybersecurity Alliance.  At Ekaru we're on a mission to help Small Businesses stay strong in the face of cyber threats.  The more you know about the threats you face, the better your chances of keeping your data safe an your name out of the headlines.

As more and more people work and socialize exclusively online, protecting your digital identity is more important than ever. Most people believe they are knowledgeable about the risks of poor password security; however, they're not using that knowledge to protect themselves from cyber threats.  Good password hygiene is one of the most important steps you can take to secure your data.  

Gerald Beuchalt of LogMeIn and Dan Eliot of the National Cybersecurity Alliance put together a great program this week on the Psychology of Passwords and here are some of the key take away's.  Many in our community will recognize Dan from our in-person lunch and learn event several months ago.

• 91% of computer users know that using the same or variation of a password is a risk, but 66% do it anyway.
• 54% of computer users try to keep track of passwords by memorizing them and its not working.  24% of them need to reset passwords monthly after forgetting.
• The old advice of 8 characters for a strong password is out of date - the longer the better and eight is not enough.
• 52% of computer users haven't changed their password in a year even after learning of a breach!
• Don't re-use passwords.  Keep in mind that hackers can use "credential stuffing" to try to use your password at all the other sites you may use it.  Don't re-use passwords.  With automated tools, now starting to be powered by AI, this is a quick task!
• Use MFA - Multi Factor Authentication - whenever available.  Yes, it can be an inconvenience, but you will drastically increase your security with this simple step.

One question we hear a lot came up during the presentation. Is it okay to store passwords on paper stored in a secure location?  It is possible to very safely store the paper, but it's important to consider Protection vs Availability.  When we see users doing this, typically they end up keeping the paper with them, making it a lot less secure.

Also, the typical 90-day forced password reset policy actually can make passwords less secure.  Why?  Users will fear forgetting their password and will quickly take on some other bad habits like writing them down, re-using passwords, or creating passwords that are too simple.  The current advice is to keep a password that's strong until you have reason to change it (like a publicized breach). 

What can you do?  Educate your team.  Talk about security during your staff meetings and make sure everyone is on board.  Help create a culture of security in your organization.  You can get fancier with a formal training program, but even just a conversation will help.   Using a password manager like LastPass helps solve a lot of problems around keeping passwords strong and secure, but daily behavior improvements can go a long way.

Contact us at 978-692-4200 if you'd like a demo of LastPass or want to learn more. 

Also, here's a link to the video, report, and infographic from the National Cybersecurity Alliance:   View the Video and Get the Report. 

Subscribe to the Ekaru Technology Advisor Blog for more SMB technology advice by entering your email in the sign up box on the upper right of this page.

As countries, states, and cities begin to ease lock-down restrictions, this checklist for reopening businesses can help you jump-start your return.

You and your employees have been quarantined for the past few months at this point, and now authorities are looking to lift restrictions and open up.  Here is Massachusetts we're already on "Phase 2".  With no vaccine, universally effective treatment, or significant immunity, we will still face nervous times, but things are starting to be a bit more "normal".

Now is the time to prepare.  There are so many areas to consider:  people, workplace, technology, and your customers.  With proper preparation, you can alleviate many concerns for your employees enabling them to focus on work, not the global crisis. 

Here are a few highlights, and at the bottom of the page you can download the entire checklist.

People:

• Over communicate to your staff about returning to the workplace.  Make sure they understand what precautions you have taken and assure them they can return safely.
• Establish an ongoing Work From Home (WFH) policy.  This will help the workplace from getting too crowded, and will accommodate those who can't quickly return.  

Workplace:

• Establish guidelines for any visitors for entering your establishment.  Post the guidelines to ensure visitors understand and comply
• Remind your employees of the recommended social distancing guidelines.  Place posters in your workplace to remind employees to stay diligent.  It's human nature to want to be connected with co-workers, but don't get complacent to safety guidelines.

Technology:

• Schedule a meeting with your IT team.  Schedule a time to review all IT related matters and cybersecurity.  Cybersecurity threats increased dramatically over the past few months as workers were displaced.  It takes just one bad click to potentially put a business out of business.  
• Evaluate any new technology deployed during the crisis.  What worked?  What didn't work?  What do you want to permanently deploy?

Your Customers:

• Maintain an open line of communication with your customers.  Create a stream of communications to ensure you address their questions, comments, and concerns.  
• Survey your customers.  Survey your customers about what worked, what didn't work, and what changes they would like to see.

The abrupt change to work from home left many businesses scrambling.  As they say, necessity is the mother of invention and we've entered an age of technology dependence at this point. Many changes are here to stay, but the return to the office, or a change to "work from anywhere" will require ongoing, focused planning.  

These are challenging times for all, and 2020 hasn't gone as planned for anyone.  But there are still seven months left to the year!  This week we hosted a guest speaker at our webinar to help our community step up to the challenge and do our best in 2020.  Herb Cogliano of Aspire Growth Advisors walked us through the Scaling Up methodology, based on the best-selling books Scaling Up and The Rockefeller Habits, by Verne Harnish, to get refocused on 2020.  Herb is a former INC 5000 CEO, multi-year recipient of the Boston and South Florida business Journal Best Places to Work award, and serves on the Carroll School of Management Board of Advisors at Boston College.

At Ekaru, working in IT and cybersecurity, our days in normal times are full of change, interruptions, and unexpected events, like a lot of small businesses.  In today's time with the pandemic and unrest, it's even harder to stay focused.  We feel a strong responsibility and commitment to our clients, employees, suppliers, and our community to do our best work.  We've stepped up communications with our team and community, increased our daily huddles to twice a day to deal with rapid changes, and we've completed over 200 hours of training just during the month of May!  

There's a saying I've recently heard that applies to the time:  Be the Buffalo.  Charge the Storm.  The metaphor is that when a storm rolls in, cows tend to move slowly away from the storm but actually travel with the storm, the net effect being that they wind up in the storm longer and suffer more damage.  Buffalo's move towards the storm, and fare better.  I've thought of that metaphor a lot recently.  There are many things we can't control, but we CAN control our own effort, and our willingness to face challenges.

Herb's presentation covered a lot of strategies that apply to business owners, managers, and individual contributors.  Here are some of the key take-away's, and the full recording is linked at the end of this blog post.  

• Companies can't succeed with just a great leader - it takes a team
• Although it may not feel like we are scaling up right now, being in a pandemic, we can focus on what we CAN do to build our people and leaders, and bring back revenue and profit.
• In the US, there are over 28 million businesses, and only 4% have revenues over 1 million.  Only 0.4% of businesses reach the $10M mark.  It's easier to start a business than to scale up a business.
• Herb opened with a classic example of a pivot -  Cars vs the Horse and Buggy industry.  The equine industry is a $300 Billion industry.  Businesses that were able to pivot away from transportation, to entertainment for example, had a big opportunity ahead.  Don't blame the industry you're in.
• People, Strategy, Execution, Cash - your biggest challenge will be one of these.  Cash and Strategy right now are typically on the top of the list right now for many businesses.
• Think of your strategic plan as the cover of a jigsaw puzzle.  A vision of what you're trying to create makes it that much easier to achieve success. A 30 page plan isn't as powerful as a one page plan you can more easily visualize.
• Strategic Pivots to consider:  Product Category, Business Model, Market Pivot, Offering Pivot.
• What is the ONE THING?
• Get real about managing cash and pricing.  That is the oxygen of your business. 

Herb closed with a powerful example of the historical rebounds after recessions.   The average 5-year rebound was 110%!   We'll all get through this.

Here's a link to the full video:

For those fortunate enough to be able to make the move to work from home during the pandemic, the rapid change has been a lot to handle.  Cybersecurity threats increased sharply while users are adjusting to a new way of work.  Last week we hosted security expert Jay Ryerse, CISSP, of Connectwise to speak to our community about the impact on small business.  Ekaru wants the cybersecurity culture of our community to transcend the office walls to protect you, your family, and your business.

Here are a few of the key take-aways from his presentation, and the full video is linked below.

• Prior to COVID-19, remote workers make up only 3.2% of the entire workforce and 44% of companies had policies that don't allow remote work.  All of that changed overnight!  The current pandemic is unprecedented.
• Malware is round on 45% of home office networks
• Cyberattacks now cost small businesses $200,000 on average, putting many out of business.
• A new ransomware attack occurs every 14 seconds
• 46% of SMBs have been targeted by ransomware
• In cybersecurity, what you don't know will hurt you
• Trust your team, but verify!

The return to the "new normal" will be just as challenging for businesses.  Some states are already re-opening, and it will be a long time before we get some semblance of normalcy. 

Work from home is likely to be a big part of our future.  Many affordable and secure solutions are available for smaller businesses to make the shift, and Ekaru is here to help.

Contact us to schedule a risk assessment to better understand the impact of COVID-19 and cyber threats to your business.

The full recording of the webinar is now available:

Zoom meetings have become so popular these days that the word has become a verb!  There are many great collaboration tools (GoToMeeting, Microsoft Teams, etc), and Zoom has emerged as a crowd favorite with huge growth resulting from their popular free version.  

If you've been on a call, you've probably seen someone with a fancy custom background - a scene from a beach, a view from space, or some other fun background (or maybe a serious one like a company logo).  If you'd like to give custom background a try, it's easy!

First, a couple of notes on using video in meetings.  When you start your Zoom meeting, you'll see that video is "muted" by default.  Just click on the video icon in the lower left to turn on the video. 

I like to use a web cam cover on my laptop so my camera is also physically covered when not in use.   Your laptop may already have a built in cover.  I like the extra peace of mind that I can control camera access.

As for custom backgrounds, If you've got a working webcam, getting a custom background is easy!

1.  Choose Virtual Background - Click on the little arrow to the right of the video camera icon, then select "Choose Virtual Background"

2.  Upload Your Background Image - Click on the "+" icon to add an image or video  (I have a few already loaded).  You can pick your favorite vacation photo, your company logo, or go on line to find some images.  

3.  Select the Virtual Background - pick the one you'd like to use for the current meeting.  Also, a heads up that that will be the default image for your next meeting, so if you're going on a virtual happy hour, you may want to change back at the end of the meeting so it doesn't load by default during your management meeting the next morning.

A few tips on video image quality - The Zoom virtual backgrounds work quite well even without a green screen.  For best results, a solid color wall behind you works best and don't wear colors that are in the virtual background image.  Why?  A lot of computing is needed to subtract your real background and display the virtual one.  If you match the image, your computer will get confused.  We received a help desk call this week from a user who reported a "fuzzy" image - she was actually blending into the background.  Test drive different images for the best results.

For more advanced troubleshooting, Zoom has some detailed info on technical requirements - https://support.zoom.us/hc/en-us/articles/210707503-Virtual-Background

A few tips on Security - Security is always on our minds.  Zoom has been in the news for security issues.  A few notes on security to stay safe on line:

• Use unique meeting codes for all meetings
• Set a password
• Use the Green Room function to know who's online
• Don't record meetings unless you have some important reason to do so.
• If you're the host, know how to mute users and end the meeting quickly if you need to.

One of the nice features of Zoom is that virtual background are "native" to the application.  You don't need any extra software.  For example, if you want to try this with GoToMeeting, you'll need an add on like ManyCam to do the same thing.  Its easy, but it requires an extra step.

Have some fun on your next meeting!   

Cyber criminals are working overtime to take advantage of the disruption and confusion caused by the pandemic.  The FBI reports a four fold increase in cyber threats recently and its more important than ever to stay alert, and talk to your team about cybersecurity.  The most common attack vector these days is eMail, and an unknowing employee may click on the wrong link thinking they're getting important safety information.  Think before you click!

Check out the infographic for more information on what to look out for, and please share with your team.

20 Seconds to better email hygiene:

1. Watch for overly generic content and greetings - Cyber criminals will send a large batch of emails. Look for examples like “Dear valued customer.”
2. Examine the entire "from" address - The first part of the email address may be legitimate but the last part might be off by letter or may include a number in the usual domain.
3. Look for urgency or demanding actions - “You’ve won! Click here to redeem prize,” or “We have your browser history pay now or we are telling your boss.”
4. Carefully check all links - Mouse over the link and see if the destination matches where the email implies you will be taken.  (But keep in mind some advanced hackers have ways even to hide the true destinations!)
5. Notice misspellings, incorrect grammar, and odd phrasing - This might be a deliberate attempt to try to bypass spam filters.
6. Check for secure websites - Any webpage where you enter personal information should have a url with https://. The “s” stands for secure. (But keep in mind some advanced hackers can hide behind encrypted sites!)  
7. Don't click on attachments right away - Attachments containing viruses might have an intriguing message encouraging you to open them such as “Here is the Schedule I promised.”

It takes just ONE employee to click on a bad email to cause a lot of potential harm to your business.  Ask us about affordable ongoing cybersecurity training, testing, and simulated phishing tests to help keep your organization safe!

Cybercrime instances appear to have jumped sharply since the beginning of the coronavirus pandemic, according to the FBI. The bureau’s Internet Crime Complaint Center (IC3) reported last week that it’s now receiving between 3,000 and 4,000 cybersecurity complaints each day, up from the average 1,000 complaints per day the center saw before the pandemic. 

There are many types of threats, and many ways to stay more secure, but one simple thing is to use strong and unique passwords, facilitated by a password manager.

Can you memorize 50-80 different passwords?  The average person may use 50-80 applications that require passwords (or more!).  Each password should be strong and unique.  A strong password contains uppercase and lowercase letters, with numbers, and symbols.  The longer the password, the better.  In addition, a different password should be used for every site you visit (banking, business applications, social media, etc).  The problem is that the average person simply can't remember that much information, and what ends up happening is corners are cut.  If one site gets breached and your password ends up on the Dark Web, if you use that same password ten different places, hackers can do "credential stuffing" to gain access to other accounts.

Beware of Social Media quizzes on line.  Answering fun questions about your high school mascot, year of graduation, etc can also be used by hackers.  If you rely on dates and places to compose your passwords, they may easily be cracked.

Get a Password Manager.  With so much change pushed upon us suddenly, one simple thing you can do to gain control is to use a password manager.  A password manager assists in generating and retrieving complex passwords, potentially storing such passwords in an encrypted database or calculating them on demand. This makes it easy to store passwords securely, and you'll be able to change passwords and "remember" them.  

With the current pandemic, so many workplaces have been disrupted.  For those of us fortunate enough to have jobs that we can work from home, the hasty move to a home office has typically resulted in a less than ideal work environment.  For a week or two, we can all manage with working from the kitchen counter, but with longer shutdowns, it's time to pay more attention to a proper work set up.   

Over time, an improper work environment can result in:

• back pain
• neck pain
• shoulder pain
• eye strain
• wrist pain - carpal tunnel syndrome can be caused by repetitive motions like typing, and can become severe enough to require surgery.  

If you've ever worked at a large corporation, you've probably gone through some ergonomics training.  At a small business, you probably didn't get formal training. 

Workplace ergonomics aims to reduce risk factors that lead to musculoskeletal injuries and allow for improved human performance and productivity.

Things to think about:

• Your monitor should be at eye level directly in front of you.  
• Arrange your lighting to limit glare.
• Your chair height should be adjusted so that your knees bend at about a 90 degree angle and your feet can rest of the floor or a foot stand.
• Your keyboard height should be adjusted so that your lower arms are approximately parallel to the floor when typing.   Your shoulders should be relaxed.

Some of the other things we recommend:

• Set up a second monitor if you can.  Staring at a 14 inch laptop all day is not ideal for your eyes, and two monitors will greatly enhance your productivity.
• Attach a real keyboard to your laptop.  It will be a lot easier to type all day.
• Get up and walk around every 25 minutes, and do some stretches. Your body needs movement.
• Consider a table top converter from VariDesk to create a stand-up work environment.  This will enable you to raise and lower your desk throughout the day.  I've been doing this for years, and I've noticed improved back health.  

Looks like work from home will be the new normal for a while.  Take some time to pay attention to your work environment to stay as productive and healthy as possible.

For more work from home tips including security and technology recommendations, visit www.ekaru.com.  

Over the past several weeks, Ekaru has helped many businesses in the greater Boston area set up remote offices.  As businesses scrambled to set up a remote workforce, the initial focus was on business continuity - trying to continue operations after leaving the physical office.  Now as employees have settled in, security needs attention.  Major events like the Coronavirus pandemic create new opportunities for cybercriminals to exploit, but smart defense doesn't let them.  These tips can help keep systems and data safer in uncertain times.

1. Get the facts.  Stay away from the rumor mill and use information from reliable sources to make business decisions in chaotic times.  There's been a big increase in emails for fake news, health information, and cures.  Go direct to trusted websites for information.
2. Think twice before clicking links.  Make sure staffers are on the lookout for suspicious links that can lead to ransomware.   It's very easy for scammers to "spoof" a link that looks legit, but takes the user to a different location.  In fact, many dangerous emails don't even look suspicious until they're studied closely.  
3. Be suspicious of unexpected attachments.  Ensure users only open attachments from proven, trusted sources no matter how "official" that attachment looks.  Attachments can hide computer code that can harm your system and lead to security breaches.
4. Automate compliance.  Have one less thing to worry about by choosing a dynamic web portal system that keeps track of everything.
5. Protect those passwords.  Encourage safe password practices like using a password manager and not writing them down on sticky notes.  The MA Data Security law requires strong passwords that are stored in a safe way.  No one can simply memorize the 50-80 passwords that typical users require these days.
6. Beware of strange networks.  Make staffers aware of the dangers of logging in from insecure public and home WiFi networks and how to use them safely.    Watch for accidentally connecting to the wrong network, and make sure your network has a strong password, especially if you live in a crowded area.  When you click on the wireless networks symbol on your computer, you can see all the networks around you, and guess what - all of those people can see your network too.  Make sure your network is protected by a strong password.
7. Use two-factor authentication.  An extra layer of security keeps passwords and data safe.  Typically you'll be prompted to enter a random numeric code generated on your smart phone after entering your password.  If anyone gets your password, they can't access your systems without the extra code.
8. Keep an eye on the bad guys.  Monitor the Dark Web to watch for company data so a problem can be addressed before it becomes a crisis.  This is an early warning system that can save you from a lot of risk.
9. Stay current on threats.  Work with a partner that's on top of today's challenges.  Awareness goes a long way to help protect your network.  
10. Ask for help.  Consult a security expert to plan effective strategies and get innovative solutions.  There are many great options that are budget friendly.  Too many small businesses are intimidated by security.  Learn about your options.

With modern technology, we can work together to stay productive during this pandemic.  With all the disruption and anxiety, cybercriminals are sadly taking advantage of the situation, but with a focus on security, you can help protect your business.  Download the infographic.

Here's what you need to know about video conferencing: