Cyber-Insurance:How It Can Save You Long-Term

hacker-1944688_1280

It's likely you have insurance plans for all of the unforeseen circumstances in life: apartment fires, cell phone accidents and even getting sick. You may think of these plans as no-brainers, but have you considered whether you need the same insurance for your cybersecurity? 

According to a recent study completed by IBM in 2019, it’s estimated a data breach on average can cost a business roughly 3.9 million dollars. That number is still hard to pinpoint, given that many major companies may not report breaches due to PR concerns. Costs may vary for every business, but cyber-related security breaches are affecting organizations all over the world, large and small. 

 

computer-1591018_1920

A cyber-insurance policy, also referred to as cyber risk insurance or cyber liability insurance coverage, isn’t a tech solution, but it can be a fail-safe for your business when something goes wrong. A policy can help you decrease your risks by offsetting costs that are related to a cyber breach or event. 

There are a few aspects you need to discuss with your team, whether that’s your IT services provider or internal team, before purchasing cyber insurance and deciding what policy may best protect your organization:

  1. What it covers: Cyber insurance typically covers expenses related to first parties as well as claims by third parties. Common reimbursable expenses include: forensic investigations that were needed to determine what happened, remediation costs for recovering data and services, monetary losses due to business interruptions, required data breach notifications to notify customers and affected parties about the breach and even legal expenses associated with lawsuits or extortion. Your IT support team can also help you understand what it covers as well.
  2. Who needs it: If you have even a single computer in your organization, then you have electronica data or services that are important to your business operations. At Five Nines, we strongly believe that cyber insurance is a mandatory component of a complete business risk-management strategy.
  3. How to determine what you need: Consider how your business would be impacted if your data and IT systems were unavailable for a day or two. If you’re in a regulated industry, you likely have mandatory expenses if personal identification or health information is breached. Though it’s never recommended to pay the ransom if your data is held, the demand could be tens, hundreds or thousands of dollars – those costs can be colossal compared to a cyber insurance premium.

After you evaluate these areas, you should meet with an insurance agent to discuss coverage amounts, premium costs, and deductible or retention costs. Some providers have packaged ‘business policies’ with a small amount of cyber insurance included, but those coverage amounts are often far from adequate. While every business has different insurance needs, a few general indicators of a policy with good coverage are:

  • Look for a standalone cyber policy from a leading provider such as Chubb, Travelers, Hartford, Beazley, AXIS, Hiscox, Zurich, Liberty Mutual, or similar.
  • Consider a policy with a deductible/retention of $10,000 or more. Policies with lower deductibles may be an indicator of inadequate coverage or an excessively-high premium.
  • Line-item coverage limits should be in the hundreds of thousands or millions for specific cyber incident costs, such as Business Interruption coverage, Breach Notification and Remediation coverage, Crisis Management coverage, Extortion or Ransom coverage, and Data Restoration coverage.

    You won’t be able to 100% protect your company from cybercrime, but you can set yourself up for a best-case scenario ahead of time by obtaining cyber insurance. Take the first step by talking to your IT team to assess your insurance needs, then contact a reputable insurance provider to review policies.

    Need cyber insurance but don’t want to do it alone? Let’s chat.

Have questions on how this affects your business? 

LET'S CONNECT

Topics: Security, IT, Managed IT Services, Cybersecurity

The Difference Between Backups and Disaster Recovery — And How To Plan For Both

john-schnobrich-FlPc9_VocJ4-unsplash

As business owners, we typically prefer not to think about what would happen if we suddenly lost all of our company’s data and crucial information through a breach or accident. With client trust on the line and possible lack of compliance with regulation, there’s major potential for disaster. Ignoring this is a blind spot that puts our business, and our customers in jeopardy. While IT support can help, we still have to be mindful of planning ahead. 

If you’ve been through a personal data loss with your own computer or phone, then you know there are often ways to restore information, but that still takes time and effort. And the “disaster recovery process” only goes smoothly if you’ve completed backups.

 

priscilla-du-preez-XkKCui44iM0-unsplash

To take a step back, it’s important you understand there’s a distinction between a backup and what’s called “disaster recovery.” A “backup” is the process of creating an extra copy (or multiple copies) of data. You back up data to protect it. You might need to restore backup data if you encounter an accidental deletion, database corruption, or problem with a software upgrade.

Disaster recovery, on the other hand, refers to the plan and processes for quickly reestablishing access to applications, data, and IT support and resources after an outage. That plan might involve switching over to a set of servers and storage systems until your main data center is up and working again. Or, working with your IT support to develop more solutions. 

If you want your business to continue running smoothly after a breach or data loss, you have to have a master plan for recovery. Being from the state of Nebraska, we’ll use a simple football analogy to explain: If a quarterback fumbles the ball, how does the team pick it up as quickly and as efficiently as possible so they can make another touchdown? No teammate is pausing to ask each other, ”What should we do?,” they’re bobbing and weaving into the next play.

Remember, a backup strategy is different than your disaster recovery strategy.  Copying your data is the first step and creating a disaster recovery plan as an insurance that guarantees its recovery is the second one. To create your company’s disaster recovery game plan, what you should consider is the cost of downtime for your business (how long can you afford to be out of the game before your fans leave the stadium) and these three plays:

  1. How often are you currently completing back-ups without errors or exceptions? Include your personnel in the plan, your internal team members and your IT support, and determine how frequently backups should be performed, who will perform them and who will be on call to restore data in the event of an emergency. Also build a QA process into your plan to ensure the data that is backed up is consistent and free of errors.
  2. What are your data retention requirements? Backups are typically performed daily to ensure the data is retained. But, your team should consider what your RTO (recovery time objective) is in your overall plan, so there’s a baseline understanding of what the maximum amount of time is that YOUR business can be without IT systems.
  3. How would you recover if something happened? Would you have your IT support team ready to step in and help support new infrastructure if your hardware or resources became compromised? It’s important to consider the little details. How are you actually double checking the relevant data you need is backed up? Do you understand the type of files and whether that type needs to be backed up? What is your IT support team responsible for versus your internal staff? Building a complete disaster recovery plan means sitting down with your team and thinking about every scenario. 

By having a process in place, disaster recovery planning does become an integral part of your business’ IT strategy, and when you plan, you show your customers you truly care about keeping them safe too. 

Need help developing a disaster recovery plan and managing your backups? Let’s chat.

Have questions on how this affects your business? 

LET'S CONNECT

Topics: Security, IT, Managed IT Services, Cybersecurity

Strategic IT Planning for 2020

amy-hirschi-uwpo02K55zw-unsplash

2020 is quickly approaching and it’s already time to start strategically planning to hit next year’s IT goals. Our rule of advice is that your team should sit down and map out your technical environment for the next 18 to 24 months, and set a 3-year budget that goes hand in hand with your strategic planning. You won’t know what you’ll need to spend until you do your homework, so here’s what matters when it comes to building a successful IT plan for 2020.

 

mimi-thian-R_jYS09sBMU-unsplash

 

1. Identify what equipment is currently performing well versus what may need to be replaced.

This process is known as “IT asset management” and it typically involves gathering all of your company’s hardware and software inventory information and completing an audit. Your team will need to identify what needs to be replaced, what can be potentially reused and where the gaps are in your technology equipment. Your IT services provider can also help with an audit. You want to take note of how your equipment is currently performing, the age of the hardware and inventory all hardware or anything that has a renewal date such as a warranty, domain, or SSL certificate so you can budget for those costs as well.

 

2. Stay aware of end-of-life and end-of-support dates for your technology.

Your IT services provider should be alerting you about when these dates are fast approaching. To learn more about the difference between the two, you can read our previous post here. Essentially, end-of-support means that the product provider you work with has decided to no longer provide a support line. And, end-of-life date is a term used to describe when a product is no longer for sale. You should plan for both of these scenarios as businesses can experience compromised data security, decreased productivity, higher maintenance costs, non-compliance and problems with scalability.

 

3. Complete a risk assessment with your team.

Create a series of questions that assess your standards, guidelines and best practices and use the assessment on an annual basis to understand where the gaps were. Was there a data breach you weren’t technologically prepared for in 2019? Did you run into complications with equipment you’re currently using that cost you man-hours? Your team should look at what was effective and ineffective in your IT infrastructure. And, you can use cybersecurity standards such as NIST or ISO to understand what may be a priority for 2020 to protect your business.

mimi-thian-tPxHQIZU2OQ-unsplash

 

4. Consider if you have the right tech talent on your team.

Whether it’s an IT services partner or an internal hire, decide who you need on your team to execute the strategy you’ve developed for your business. If you’re needing to bring in an external partner or new hire, you’ll want to include this cost in your overall budget and consider what the return on the investment may be.

 

5. Prepare a budget that prioritizes your company’s needs. 

Your IT services team can be a resource to rely on when deciding where you want to allocate your dollars. As we said, map out a 3-year budget to go with your strategic plan. Consider what the top priorities are, what you have coming up in your IT pipeline (new projects where IT may be key), pay increases for your IT talent and all of the equipment and renewals that may need to be replaced. Even getting vendor proposals and recommendations ahead of time can help you better estimate what you'll likely need to spend on initiatives. Your team should look at your overall business structure and make budgetary decisions based on how IT can sustain, protect or considerably decrease your bottom line. 

While we know this process of IT strategic planning can take time and energy, it's worth it to eliminate future headaches that may come from lack of preparation.  If you’d like to better understand how to plan for IT in 2020, we are here to help. Contact us today.

 

Have questions on how this affects your business? 

LET'S CONNECT

Topics: Security, IT, Managed IT Services, Cybersecurity

Secure your data with these password tips

bruce-mars-FWVMhUa_wbY-unsplash

In 2018, billions of people were affected by data breaches and cyberattacks and not only did people lose money, but they also lost their security. We hear about these cyberattacks every day and it's easy to think, "Why should I protect myself if the stats are against me?"

Or are we against the stats?  52% of us use the same passwords for different online services. This means that half of us have decided we're happy to risk our financial security and personal identity, and that can be a costly mistake. It turns out, one of the easiest ways you can protect yourself from becoming just another statistic: use a password manager. At Five Nines, when a company comes to us for managed IT solutions, we consider how they can tighten up their data security. Let's talk about ways you can quickly improve your cyber-security habits so you avoid the risk and become less of a predictable target. 

 

World-Password-Day

 

1. Choose a password that's not obvious.

 According to the National Institute of Standards and Technology's updated guidelines as of 2019, your passwords should be user-friendly and memorable, but not easy enough for a stranger to guess. You can use longer phrases that are easier to remember than complicated passwords, such as “I support the NE Huskers.” You should also avoid overly simple passwords. Hackers take bad, commonly used passwords like "huskers1" and try to test it against lots of people to see who they can breach online. Since many people in Nebraska probably have a password like this, it's a good rule to avoid this style of password.

 

2. Use a password manager to track all of your passwords in one place.

At Five Nines, we recommend two password managers: LastPass and 1Password. LastPass has a free option and allows you to automatically save and fill passwords on Windows, macOS, Android, and iOS devices. It can automatically change passwords for you and even shows you how strong your passwords are on its platform. The Emergency Access feature also lets you pick one or more contacts who can access your passwords if anything were to happen to you.  

1Password is a great paid option for families or small businesses who want to store some of their passwords  and it's Watchtower feature lets you know if any of your passwords are known to be compromised. Bottom line: you can vary up your passwords more often when you have a place to put them. 

 

3. Be aware of data breaches.

Stay aware of when breaches are reported and when they do, double-check that your information wasn't compromised. Right now, according to a new report by Risk Based Security, 2019 is on track to being the “worst year on record” for data breach activity. Besides checking places like the Identity Theft Resource Center (a California based non-profit that puts out information on the latest data breaches), you can also use free tools, like Credit Karma. Their identity monitoring service will alert you about data breaches and exposed passwords so you're in the loop about a potential threat. Your managed IT solutions provider should discuss potential data breaches with you. 

As IT professionals, we know how cumbersome changing passwords can be, but these are the tools we use at Five Nines, and we hope by passing them along, your information stays safe and out of sight.  We’re here to help as your managed IT solutions provider.

 

Have questions on how this affects your business? 

LET'S CONNECT

Topics: Security, Cybersecurity, password, passwords

What is the future of SaaS?

It’s all too easy to forget how integral and pervasive software-as-a-service (SaaS) has become to modern business operations, given the efficiencies and flexibility benefits it provides users.

But like any sector, SaaS is constantly evolving as it incorporates new technologies and adapts to market forces. Some have even questioned if the entire SaaS concept is under threat as software becomes easier for businesses to build and run themselves.

Before we look at the current state of play, and whether SaaS really is ripe for disruption, let’s recap how SaaS operates, and what it looks like in its current form.

 

what_is_saas

 

What is SaaS and how does it work?

SaaS is on-demand software hosted in the cloud and accessed free or via a subscription. It has become synonymous with cloud computing given that the software resides on remote computers, not on-premises. The term has also come to be used interchangeably with other remote-based services such as infrastructure as a service (IaaS), platform as a service (PaaS) and managed software as a service (MSaaS). Notable SaaS providers include household names such as Amazon, Google and Microsoft, as well as specialized providers like Salesforce (CRM), Box (storage) and Twilio (web comms).

 

The benefits of SaaS for SMBs

Why did SaaS become so popular? Simple – out-of-the-box software solutions and ready-made tools are invaluable to businesses of all sizes, but are especially beneficial for smaller ventures and SMBs with limited resources. SaaS enables these operators to access powerful, enterprise-grade software without having to invest significant capital upfront or for them to purchase costly infrastructure or software licenses. Convenient and popular SaaS solutions for SMB’s include:

  • Cashless payment software
  • Digital accounting packages
  • Customer relationship management (CRM)
  • Supply chain management systems
  • Cloud-based data storage

So where is the sector going, and what will SaaS look like in the years ahead, particularly in the context of an SMB?

There is no doubt that SaaS – and cloud-based computing – will remain integral to enterprise of the future and will continue to play a dominant role in the market of the future.

 

Niches, mobility and big data

Providers of niche SaaS services – including for sectors such as health care, education and real estate – are likely to reap the benefits of widespread adoption as they design solutions for specific industries. This contrasts with more established, full-service SaaS providers who now face more market competition, and where growth is expected to be more modest.

The other growth area will be for SaaS solutions with a strong mobility presence, particularly via apps that allow SMB owners to conduct their operations remotely from their mobile devices. Here businesses are looking for streamlined mobile dashboards that can help them automate their mobile marketing, manage sales, and help them seamlessly enable social media integration, to name just a few. The rise of big data and analytics will also see players in this space become more prominent as SMBs look to leverage cloud computing to help them collect and analyze granular information on their users and competitors.

While it’s not easy to predict what’s likely to happen in such a dynamic market, all signs point to the SaaS cloud service delivery model evolving and growing as more businesses transition from on-premises private clouds to externally managed public clouds.

 

Have questions on how this affects your business? 

LET'S CONNECT

Topics: Saas

Five Nines Ranked Among Worlds most elite

image-2

Five Nines Ranked Among World’s Most Elite 501

Managed Service Providers

12th Annual MSP 501 Identifies Top Forward-Thinking Global MSPs & Leading Trends in Managed Services

June 20, 2019: Five Nines has been named as one of the world’s premier managed service providers on the prestigious 12th-annual Channel Futures MSP 501 rankings.

Every year, MSPs worldwide complete an extensive survey and application to report their product offerings, growth rates, annual total and recurring revenues, pricing structures, revenue mix and more. MSPs were ranked according to a unique methodology that weights revenue figures according to how well the applicant's business strategy anticipates trends in the fast-evolving channel ecosystem.

Channel Futures is pleased to name Five Nines to the 2019 MSP 501.

"It’s a great honor and validation of our team’s efforts to provide the highest level of service in Nebraska,” said Joel Friesen, President of Five Nines. "We will continue to work toward being a leader in the Managed Services space, and help our partners succeed knowing that their technology is taken care of.”

In the 12 years since its inception, the MSP 501 has evolved from a competitive ranking list into a vibrant group of service providers, vendors, distributors, consultants and industry analysts working together to define the growing managed service opportunity.

“The 2019 MSP 501 winners are the most elite, innovative and strategic IT service providers on the planet, and they stand as a model of excellence in the industry,” says Kris Blackmon, Content Director of Channel Partners and Channel Futures and lead of the MSP 501 program. “As the MSP 501 Community grows, leagues of managed service providers learn from the successes of these winning companies, gaining insight into the best practices, strategies and technologies that elevate an MSP to the level of the 501 winners. Our heartfelt congratulations to the 2019 winners and gratitude to the thousands of MSPs that have contributed to the continuing growth and success of both the 501 and the thriving managed services sector.”

In addition to deciding the rankings, the survey drives the creation of an annual in-depth study of business and technology trends in the IT channel, released each year at the Channel Partners Evolution conference. The full MSP 501 Report leverages applicant responses, interviews with industry experts and historical data to give a well-rounded picture of the managed services opportunity.

The complete 2019 MSP 501 list is available at Channel Futures.

 

About Five Nines

Founded on an intense desire to solve problems and build long-term relationships with clients, Five Nines leverages technology to drive business success. With offices in Lincoln, Omaha, Kearney & Central City Five Nines advises the best IT solutions for Nebraska based businesses, offering Managed IT Services. Through its unique service model, Five Nines’ clients experience reduced costs, accelerated growth, and increased productivity. Learn more at: www.gonines.com



 

Topics: Five Nines

Ensuring HIPAA Compliance With A Risk Analysis

Risk Analysis Blog

While you hear about the occasional breach of Protected Health Information (PHI) from large organizations, smaller medical offices often believe they are safe from a breach due to their size. When it comes to cybercrime, that is no longer the case. In fact, over three million patient records were compromised in 2017 across the medical industry, and small practices were breached, hacked, and ransomed just like the larger healthcare organizations. 

 

A GROWING TREND

The Office of Civil Rights (OCR) shows there is an upward trend in data breaches since they first published summaries of healthcare data breaches in 2009. Between 2009 and 2018, there have been 2,546 data breaches that involve more than 500 patient records. These breaches have resulted in the exposure of 189,945,874 patient records, which is more than 59% of the population of the United States.

The loss or theft of PHI were the top causes of data breaches from 2009 and 2015. These breaches could easily be prevented with device encryption, strong physical safeguard policies, along with annual staff training. The current statistics show that hacking/IT incidents have been the top causes of data breaches, which is why it’s important to discuss conducting a risk analysis with your IT team.

 

WHAT IS A RISK ANALYSIS?

In an effort to prevent these breaches of PHI, the HIPAA Security Rule requires that all covered entities must perform a risk analysis and implement a risk management plan.  This regulation is outlined in 164.308(a)(1)(ii)(A) “Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the [organization]”.

A completed risk analysis will provide your practice with a detailed understanding of the risks to the confidentiality, integrity, and availability of ePHI within your organization. A risk analysis also helps practices assess and mitigate risks to the security of PHI.

 

COMPONENTS OF A RISK ANALYSIS 

A risk analysis contains a detailed look at an organizations administrative, physical, and technical security measures utilized to protect PHI.

  • Administrative Safeguards: includes an organizations' current policies and procedures used to protect PHI. This includes current security-related policies and procedures, a contingency plan, staff training policies and procedures, Business Associate Agreements, and user access to ePHI.
  • Physical Safeguards: are current controls that limit access to PHI such as the facility security plan, visitor controls, media disposal, and remote access procedures.
  • Technical Safeguards: includes password and inactivity timeout settings, data storage, backup plans, and disaster recovery procedures along with encryption for PHI when necessary.

 

GOALS OF A RISK ANALYSIS

  • Identify how and where PHI is stored or sent: During a risk analysis, practices must determine where ePHI is stored, received, maintained or transmitted, and should also maintain documentation of this inventory.
  • Identify threats and vulnerabilities: Practices also must identify potential threats and vulnerabilities within their organization whether those threats are from internal sources such as untrained employees, environmental such as a flood or fires, or an adversarial threat such as a hacker trying to access PHI.
  • Determine likelihood, impact, and risk level: Once vulnerabilities are identified, practices must determine the likelihood and level of impact from each identified threat by considering how many people may be affected as well as what data will be affected. The risk level is determined by taking into account the likelihood and impact levels of each vulnerability.
  • Implement security measures: Practices will then need to implement reasonable security measures to protect PHI from those identified threats. The HIPAA Security Rule allows practices to tailor security polices, procedures, and technologies for safeguarding PHI based on the size, complexity, and capabilities of the practice, as well as technical, hardware, and software infrastructure.

 

WHY COMPLETE A RISK ANALYSIS?

A completed Risk Analysis will help your practice identify vulnerabilities within your organization that could lead to a data breach or loss of PHI at some level. This assessment is the first step to ensuring compliance with the HIPAA Security Rule, attesting to government incentive programs, and ensuring security of PHI within your organization.

Don’t allow your organization to fall behind, complete a risk analysis today to ensure your organization is not only compliant, but safe as well.

 

Five Nines Case Study: Click below to discover how Five Nines has been able to provide 24-hour support, improve the IT infrastructure, and find the right solutions for a critical access hospital in rural Nebraska.
Case Study: Supporting A Rural NE Hospital

 

ABOUT THE AUTHOR


Cindy B1 - Copy

Cindy Beach

Healthcare Consultant 

As the Five Nines Healthcare Consultant, Cindy is responsible for helping partners complete security assessments and provides HIPAA compliance expertise to Five Nines partners and staff.

Facts About Me

- My first car was a 1988 Buick Skylark.

- I am definitely a dog person! At one time, we had 25 German Short-Haired Pointers at our kennel.

- My favorite pizza topping is pineapple! I know that will spark a debate with the Five Nines staff.

- My first real job was a waitress at our local drive-in. I can still make a pretty great ice cream cone!

- The longest road trip I have ever been on was 22 hours. My husband and I drove to Orlando, Florida for our honeymoon and it rained the whole time!

 

 

 

Topics: Security, Healthcare, HIPAA, Compliance

The Ins And Outs Of An MSA

MSA-1

Change is hard.

Ask any business owner and they’ll tell you that the slightest change can cause ripple effects throughout an organization if not properly administered. Changing the way you manage and maintain your IT is no different, which is why it’s important to understand the details of your new relationship with a managed service provider.

MSP’s, like Five Nines, offer a varying degree of ways they deliver services to their clients. Because of this, understanding the agreements in place will ensure there are no surprises as the relationship progresses. Here are a few different things to keep in mind when reviewing a managed service agreement.

 

Service Model

Generally, there is a flat monthly fee you will pay all managed service providers. The recurring amount you pay covers a differing amount of service delivery models.

  1. Time & Materials (T&M): these agreements are generally a smaller (think retainer) monthly fee, with additional charges for support that isn’t considered regular maintenance or monitoring. You can expect an invoice, in addition to the monthly fee, at the end of the month for the amount of time that was spent supporting your environment.
  2. Select: in a select agreement, your monthly payment covers a specified amount of time allocated per month to your business. Any time that goes into supporting your network that goes over your allotted time will be charged at an hourly rate.
  3. All-You-Can-Eat: this monthly fee is determined either by the amount of employees at your business (Five Nines' model) or amount of devices that are being supported, and covers all support (both onsite and remote) with no additional fees.

What hardware do you own?

A common trend throughout the managed service industry is offering hardware-as-a-service (HaaS), which means MSP's will place hardware within the environment that offers an added benefit of security and manageability. They’ll do this charging a monthly fee for those services, which reduces the amount of capital needed up front to switch providers.

Always keep in mind what hardware is yours and what is your MSP’s. This is helpful if you ever decide to switch providers, knowing you’ll have to replace or buy that product from the provider.

 

Additional Monthly Services

Along with with the monthly support fee, there are some fairly common additional charges that will be on your managed service agreement:

  • Backups: backups are the most critical aspect of your environment and must be properly maintained in case of a data breach. Oftentimes, there is a separate charge for backup software and offsite storage costs, which are always worth the peace of mind to ensure 100% backups.
  • Additional Software: most MSP's are going to offer some variation of software that adds additional security benefits, such as antivirus and anti-spam tools. Five Nines includes both of those in their monthly support amount, but a tool like encrypted email is a service that you will be charged for.

These different pieces are generally what make up managed service agreements, but it’s always important to carefully review all charges on a proposal or invoice. Having a clear understanding of what you’re paying for will give you the peace of mind that your network has the proper tools to stay up efficient and secure.

 What does it look like when IT becomes an asset? Click below for the free Five Nines Power Hour "IT As An Asset", as we dive into IT responsibilities, service requests and security, as well as technology standards, budgeting, and IT training and knowledge.

Click Here For The Free Webinar

 

ABOUT THE AUTHOR


Scott Pulverenti2 - Copy

Scott Pulverenti

Account Executive 

As an Account Executive, Scott is responsible for building relationships, solving problems, and extending the Five Nines brand into new markets.

Facts About Me

- I've recently become an avid runner. My goal is to run a full marathon!

- I'm a huge baseball fan - Go Royals!

- If I'm ever feeling down, you can usually find me chowing down on some grilled hot wings from the Watering Hole.

- In my free time I really enjoy cooking! I like my eggs over-easy, peppered, and with Louisiana hot sauce.

- I'm a bit of a history nut and have been spending a lot of my time recently reading about the American Revolution. 

Topics: Outsourced IT, IT, Five Nines, Managed IT Services

Why Businesses Need Multi-Factor Authentication

Untitled design-7

Typing in a simple username and password is no longer enough to protect your data in the business technology world, which is why multi-factor authentication is such an important security measure. The cybercrime industry is after our most vulnerable information, and businesses are now forced to fight back with stronger cybersecurity practices.

According to the Verizon Data Breach Investigation Report, 81% of confirmed breaches involve weak, default, or stolen passwords. Multi-factor authentication is something that will benefit both your users and your organization. 

WHAT IS IT?

According to Yubico, there are plenty of opportunities available for hackers to take advantage of, as 55% of users do not use any form of multi-factor authentication at work.  While it is good to have a strong password, taking extra precautions is always recommended. When using multi-factor authentication, a user is only granted access into an account after completing extra steps to confirm that it is indeed their account. For example, if you are trying to access your email, instead of only entering your password for access, you may also receive a push notification on your mobile device to confirm that it's actually you. If the information doesn't match up, you don't receive access to the account.

How else does multi-factor authentication protect your personal information? If a hacker attempts to gain access to your account, you should receive a notification of some sort to complete the second step of logging in. If you are not attempting to access your account, and you are alerted by a notification, that is an immediate sign that someone could be trying to hack you. From there, you will have the ability to respond immediately by changing your passwords and contacting your IT provider. 

YOU HAVE OPTIONS

While any form of multi-factor authentication is a good start, here are some options you can consider:

  • Any multi-factor authentication that requires an SMS, email, or voice call with one-time codes.
  • "Push" prompts where users receive a notification on another device with an "approve" button as a way to confirm it is really them attempting to access their account.
  • Universal 2-factor security keys users can plug directly into their computer to confirm access.

A strong security tip is to ensure your accounts are protected with strong, unique passwords and the best multi-factor option you can reasonably use. There are plenty of multi-factor authentication platforms out there, so it's important to consult your IT team on an option that works best for your business. While you can make multi-factor authentication an optional security setting, many businesses decide to make this extra step required to ensure they are following the strongest security practices.

Want to learn more about how you can take your cybersecurity to the next level? Sit back, grab some popcorn, and watch this FREE Five Nines Power Hour Webinar: A Layered Approach To Cybersecurity.

Click Here To Watch The Webinar

Topics: Security, Cybersecurity, Multi-Factor Authentication

Navigating An IT Provider Change With Your Staff

NAVIGATING AN IT PROVIDER CHANGE


As a leader in your company, you’ve done the research and know that moving toward a managed IT services provider is what is best for the success of your business. The concern? Change is hard. Really hard sometimes. You have the advantage of seeing all the numbers and all the ways that this move makes sense. How do you explain that vision to your team, however, and make the transition as smooth and positive as possible without interrupting “business as usual”? We all know the struggles that come with change management.

Here are some key best practices to consider:

Stakeholder buy in

The first step in change management is to make sure that the key leaders in your organization are involved and understand the vision that supports the decision. They should be aware of and understand all the “why's” behind what made this the best direction for the company.

develop Clear process for implementation

Once your stakeholders are all in, work with them to develop the plan for implementation. This plan will need to be well thought out, and Five Nines can help! We have experience with the transition process and can point you in the right direction. You know your team best and will be able to adjust the process, so it makes the most sense for your company. The plan should have specific steps of implementation and key dates.

Recruit help from within

It’s important to determine who your A Players are so they can help in making the communication around this transition positive. There will undoubtedly be individuals that don’t like the change. Change is difficult for a lot of people and really difficult for others. These individuals could start conversations among employees that may spread negativity. If you can identify A Players who are respected by their peers and get them on board with the decision, they can be your boots on the ground to promote the positive aspects of the decision. Pull them in and explain some of the in-depth reasons for the change, and how it will help them be more successful in their role.

Communicate on all levels

You have your key players informed, Five Nines on your side, and you have a roll out plan that’s ready to go! The best way to communicate the plan is in person. Email is great for some things, but communicating big changes isn’t one of them. Incorporate the roll out in a staff meeting or at one of your department meetings. This is where the big picture should be communicated as well as how the switch will benefit them in their role. Only then should the plan for implementation be sent out via email, so everyone is aware of the process and key dates.

conduct normal check-ins with the team

Once the change has been rolled out, don’t “set it and forget it”. Touch base with some trusted employees to see how things are going. I always tell people when they ask the question “How are things going?” be prepared to listen! Be prepared to offer suggestions, but more importantly, listen. There may be some actionable items you could easily change that would make a big difference for them.

Give it time

Last but certainly not least, acceptance will take some time. Those that don’t like change will not see the positives right away. And that’s okay. You’ve taken the right steps to make the best decision for the company and your employees. They will grow accustomed to the new normal and ultimately see the new partnership as a positive.

Change can seem overwhelming at first, but it can be managed and built upon. Don’t let your fear of change keep you from making decisions that could move your company towards greater success and higher levels of productivity. The most successful companies positively embrace change, and Five Nines will be with you every step of the way.

Want to learn more about developing a company culture that drives operational success? We will cover what makes a culture, how technology can help your culture come to life, as well as formal best practices. Sit back, grab some popcorn, and watch this FREE Five Nines Power Hour Webinar presented by Taleena Stanbrough. 

Watch The Webinar

 

about the author


Taleena1 - Copy

Taleena Stanbrough

Director of Human Resources

As the Director of HR, Taleena’s goal is to do whatever she can to make living life to it’s fullest easier for each Five Niner. She achieves this, by fostering a culture of collaboration, trust and positivity!

Facts About Me

- I grew up on a farm outside of Red Cloud, NE, today, I live in Lincoln with my husband and two daughters.

- When I was a child I loved music and animals, so my dream job was a Zookeeper who listened to the radio all day!

- My spirit animal is Taylor Swift!

- I loathe doing laundry. Fortunately, my husband and I struck a deal when we got married that he does the laundry and I do the cooking.

- If I won $1 million I would buy a second home on a lake in the mountains for my family to enjoy! 

 

Topics: Culture, Managed IT Services, Collaboration, IT Provider Change