Three Ways To Avoid Work From Home Burnout

The lines between work and non-work have blurred for so many people. For those who are still working from home (WFH), they may now be in their sixth consecutive month where there’s little balance between what they do professionally and personally.

Because when the work is sitting there in your personal space, it’s far too easy to work early or late – or both. Accidentally spotting that “urgent” email just before you’re about to go to bed really is incredibly damaging.

Added pressures of childcare have made this worse. Some parents feel that working all hours is the only way they can make up for the perceived reduced quality in their work.

The stress of constantly working (or constantly thinking about work) is dangerous. Our bodies and minds simply aren’t designed to be “on” all the time.

This is bad for our mental health. Which can easily have a negative effect on our physical health too. As IT specialists, we’ve been working remotely for years. Here are our top 3 suggestions to avoid WFH burnout.

1) Have physical ways to transition from personal you to work you, and back again. The easiest way to do this is with a dedicated workspace that’s strictly only used for work.

Even a specific seat at a table can be dedicated to work, even if you sit in other seats to do other things, like eat or play games. Some people dress for work each day, so they can change their clothes to mark the end of the working day.

2) Set strict work hours and stick to them. 9 to 5 might be impossible, but you can still have set work times, even if they’re scattered throughout the day. Make sure your family knows when you’re working. This is where having a set physical space can really help. In your non-work hours, make sure you only do non-work things. And do not check your email!

3) Prioritize what really matters: The other downside of sitting surrounded by work all the time is that there’s always something else that can be done. There’s no point working on minor tasks at 11pm at night, because the chances are, you’re not actually achieving anything meaningful. Assume you have 3-4 hours of truly productive time each day. And make sure you get and stay organized to achieve the most important things in this time.

Emerging: A New Version Of Business In 2020

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Signs of hope are emerging across the globe as economies slowly begin to reopen, but the sad reality is there will never be a return to the “old normal.”

Re-opening phases will look different for each industry and business type. B2C will have different challenges in reopening than B2B. Different regions have been affected in different ways and some more than others.

There is no cookie cutter model to reopening
McKinsey and Company has developed the CEO’s guide to reopening (https://www.mckinsey.com/business-functions/strategy-and-corporate-finance/our-insights/the-restart) based on research they have done across the globe, specifically in Europe and Asia. One of the biggest differentiators will be if you are B2B or B2C.
[Read more…]

Remote Workforce Or Not – You Can Securely Protect And Back Up Your Corporate Information

Jason Cooley is Support Services Manager for Tech Experts.

One of the most common objections heard when talking with businesses about moving towards a remote work strategy is the supposed security risks posed by not having all data contained within the physical confines of the office building.

While this has widely been debunked, the myth still remains. But the tide may be moving in the other direction now that many businesses were forced to move to an entirely remote workforce during the COVID-19 shutdown.

CNBC has reported that 85% of businesses are now operating 50% of their workforce remotely, and with tech giants Twitter and Facebook both reporting plans to move towards a continued remote strategy, the reality is that remote work in a larger capacity is going to become the norm instead of the exception.

Now is the time to prepare for the “new normal” that will become our reality.

Sadly, along with the threat of COVID-19, cyberattacks have grown as attackers realize that home networks are not as secure as corporate networks. However, security and back up firm Acronis shares 5 things that you can do to protect your business data moving forward with a remote work strategy.

Five “must do’s” according to Acronis
Acronis is a leading cloud backup and security provider and one that we recommend widely to all of our customers. They list 5 “must do’s” as you set up your remote workforce, and as always, we are here to help you put these processes in place.

Must-Do #1: VPN – or Virtual Private Network
You have most likely heard of this technology as it has been around for a while. But if not, a VPN will encrypt all data while in transit to protect it from cyberattackers.

Must-Do #2: Keep an eye out for phishing
Hackers are known for taking advantage of highly stressful events and we have seen an increase of COVID-19 themed phishing attempts and we expect this number to continue to rise as businesses reopen.

The best and most reliable way to prevent a phishing attack from affecting your business is through effective employee training. As another protective measure, you can install URL filtering software on your employees laptop or home computer to further reduce the risks of falling victim.

Acronis says, however, that you should always ask yourself if you were really expecting that email before opening or clicking any links contained in the message.

Must-Do #3: Anti-Malware
Virus and malware protection has always been a standard recommendation, but with the wide net that is cast with remote work, it has become even more important that every endpoint that touches your corporate data has this protection installed on it.

Must-Do #4: Patch, patch, and patch
Regardless of your operating system, whether it be Microsoft or Apple, you need to ensure that you are operating under the most recent operating system. Many attacks occur by taking advantage of unpatched vulnerabilities.

Must-Do #5: Keep your password, and your workspace, to yourself
Just because the office location is at home does not automatically mean people can’t access sensitive information when you step away. Limit access to your computer even when you are at home and do not tell anyone your passwords.

Prepare for the future now
There is no question that the future we anticipated at the close of 2019 is different than the one that will ultimately surface.

By making the assumption that remote work will continue to be the norm instead of a return to the standard office environment will help your business be agile and meet challenges head-on.

The Latest Small Business Security SNAFU? Zoom

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

With everyone now working from home and finding new ways to collaborate and get things done, Zoom has become one of the most popular video conferencing applications, reporting growth of 378% over just one year ago.

As its popularity has grown, so has the allure for hackers. The FBI in Boston reported that two online high school classes had been interrupted by individuals who began yelling obscenities and the address of the teacher to another which displayed swastika tattoos. So how does this happen?

To start, most recurring meetings use the same meeting IDs. Someone, in an effort to make sure other attendees were aware of the event, would share it in an unsecured way, such as on Facebook or other social media.

Hackers can pick up this information, and even after the event was over, they could use the same information to gain access to the next meeting. Fortune Magazine has reported that dark web dedicated forums have popped up on popular sites like Reddit, and all a hacker would need to do on Facebook is search for “zoom.us” to find any public post containing the targeted words.

So what is a business to do to secure their meetings and avoid the potential sharing of sensitive corporate information during this time of extensive virtual meetings? First, and foremost, set your meeting to private. This means that there is a password required for each participant to enter. Although Zoom has now changed this setting to be the default setting, some users are still opting to make the meeting public for the sake of convenience.

As inconvenient as it is to have invitees enter a password to get into their meeting, it’s even more inconvenient to have sensitive corporate information released. Also… and this might seem to be stating the obvious but do not share your meeting invite over social media.

No matter our security settings on social media profiles, it’s best to assume that nothing you say on there will stay private. Another way to ensure the security of your zoom meeting is to use the feature of the waiting room. This means that each invitee who logs in will first be placed into a room where the meeting host then has to approve their entry and allowing the host to assess each attendee before they enter the room.

Also, never use your personal ID. Each zoom user has a personal virtual meeting room assigned when they create an account. Defaulting to using your assigned virtual meeting room can make it easier for hackers to enter in from old meeting announcements.

You know the phrase, what happens in Vegas stays in Vegas? Yeah. When it comes to Zoom (and any virtual meeting for that matter) assume what happens in Zoom does not stay in Zoom. If the information that is going to be shared is of such critical nature, you should find another medium where you have no chance of being overheard.

Covid-19’s Effects On The Tech We Use Every Day

Jason Cooley is Support Services Manager for Tech Experts.

As we all know, most of the world was basically shut down earlier this year. There was no planning or infrastructure in place to help ease the burden of entire populations staying home. Consequently, the domino effect hit hard.

People rushed out to stock up on essentials like toilet paper and sanitizer. Overbuying then created a new issue as supply chains struggled to keep up with demand. Shipping times overall started to slow.

Amazon, whose Prime subscription service is famous for its 1-2 day shipping time, prioritized essential items for their guaranteed delivery. From personal experience, I had an Amazon item that did not ship for two weeks after ordering. This was solely due to the de-prioritization of nonessential goods.

The United States Post Office has had severe delays as well, specifically in their larger Metropolitan areas, and have been buried under a Christmas season-like load with a much smaller workforce.

Manufacturing as a whole took an almost immediate hit. Most manufacturing facilities have a large number of employees in an enclosed area. This presented a huge risk for the spread of the disease, causing automobile manufacturers, food processing plants, and computer manufacturers to send their employees home and shut their doors.

Why does manufacturing being put on hold matter so much? Once again, it’s due to the struggle to meet demands.

While many industries did put a hold on their business, many others made a quick transition to remote work. Many companies, both big and small, scrambled to obtain laptops for their employees to allow them to work from home.

While companies worked out remote solutions for their employees, schools had also closed down all over the country.

Some schools had existing devices for their students, such as Chromebooks, but many schools did not. To continue the learning process during the pandemic, more computers were needed for students to do their work. All of these new needs for computers – primarily from online retailers – created a huge surge in PC sales, but also created a real issue. Inventory was running out all over the United States and a computer shortage began.

With no manufacturing, there was no inventory being created, including PC parts. This affected the entire sector and the shortage is on-going.

All faces of technology – from the big guys like Amazon to smaller companies – have felt the effects of the pandemic. They have also done their part to help.

Auto plants changed their lines over from making cars to making respirators. Amazon put a high priority on essential items and medical supplies. Many other industries and businesses have shifted their production to meet immediate needs such as masks.

There is some silver lining in all of this. Seeing companies band together for the good of people without thinking of profit has been reassuring. The phrase “unprecedented times” has been used more times than we can count, but now that we have that precedent, let’s hope we can learn from it.

Should I Go, Or Should I Wait? Re-opening Tips

Stay at home orders are being lifted, businesses are beginning to reopen. Our world is being turned on its head again, and normal will never be the same again.

As we begin to reopen our doors and essentially relaunch our businesses, here are some things to think about to get you started.

Be very careful about what and where you make cost cuts
Uncertainty naturally causes us to restrict, and this is by no means bad. You may have to make cuts in order to get things back on their feet. But Inc Magazine contributor, Graham Winfrey, cautions to you make those cuts wisely.

In his interview with Manny Cosme, the CEO and President of a CFO and Bookkeeping business, he was advised to make projections before you make cuts. Cosme said that businesses need to think about growing their way out of the crisis.

He said, “Every cut that you make is going to cut your ability to generate revenue or keep your business going, which is not something you want to be doing right now.” So think very carefully about what, and even if, you are going to make any cuts as you reopen.

Look closely at your business model
No matter how much we wish we could just go back to the way things were, we have all experienced significant changes over the last few weeks. Nothing feels better than returning to some sort of normalcy.

But one thing we have learned over this global health crisis is the ability of the entrepreneur and the business owner to pivot and meet their consumers’ needs where they are. Changing your business model in light of the pandemic just might be what saves your business.

Graham Winfrey suggests you ask yourself 3 questions:

● What should your business model be when you come out of this?
● Is your current business model viable? If so, how can you hang on until it’s viable again?
● Are there ways you can pivot all of your expertise into a better revenue stream?

Along with his panelist in the article on Inc, Cosme believes that it comes down to changing one or more of the following within your business model:

● What you sell
● Whom you sell it to
● How you deliver it

Evaluate local support options
Throughout this crisis, many federal and local supports have been extended to small business and their employees. Graham suggests that you look to your local chamber of commerce to see what local support programs may have been crafted to help you as you reopen your doors.

Create policies to ensure the safety of both your employees and customers
After you have completed the above steps, now you should create your communication plan for letting your customers know you will be open for business.

George Brandt in his article in Forbes suggests you approach it in three steps: Emotional, rational, and inspirational.

Be authentic
George suggests that you connect with your audience in an authentic, relatable and compassionate way.

Empathize with your consumer that you know this was difficult for them as well as for you. George quotes PrimeGenesis’ saying, “No one cares how much you know until they know how much you care.”

Lay out the facts
With calm composure, polite and authoritative, lay out the hard facts of the current situation. For them and for you.

George defines the facts as “things that any rational person would agree are true no matter what bias or perspective they bring to the situation – objective, scientific truths as opposed to subjective, personal, cultural or political truths, opinions or conclusions.”

Think ahead and paint an optimistic view
George recommends that you ground all your communication with Mayfield and Mayfield’s meaning-making and direction-giving language, meaning providing purpose and value: be – do – say.

The New Normal COVID-19 Office Security

With continued WFH policies and multiplied COVID-19 scams and threats, the importance of good cyber security stands out. Indeed, with a workforce that is highly dependent on digital services for the foreseeable future, the new normal COVID-19 office security is necessarily stronger, more vigilant, and more dispersed.

Yet, a lot of questions remain unanswered. For example, will behavioral surveillance be part of the new normal? As organizations plan to implement contact tracing, privacy advocates voice their concerns.

Given the uncertainty, we expect to see these non-intrusive measures with clearly defined benefits coming to the new normal.

Thermal cameras for passive temperature checking
The advantages of temperature detection for a business COVID-19 strategy include early discovery and reporting leading to early isolation and treatment.

Advanced temperature detection technology is not a substitute for medical grade FDA approved thermometers. The advantage of an advanced thermal camera system is that it can pick out personnel with abnormal body temperatures in heavy traffic areas to be assessed later by a professional with medically approved equipment.

These systems use an HD video camera and thermal camera side by side looking at the same field of view. The resulting video and metadata output, when combined with advanced artificial intelligence, gives sensible temperature data on multiple objects simultaneously.

Some systems employ facial detection technology paired with a face database and a high temperature detection alarm. They can identify up to 16 targets with a temperature accuracy of .54° F and come with an easy to use interface.

In-office security cameras
Also likely to become more common, in-office security cameras provide a video record of events. They function as a tool to answer concerns about what happened if a COVID-19 behavioral complaint surfaces. The societal resistance to surveillance will likely be counter-balanced by the desire to maintain a safe work environment.

Plexiglas barriers
Plexiglas® extruded acrylic sheets promote both worker and consumer safety to help control the spread of the virus.

Sneeze guards made from Plexiglas make sense. So, it is logical to see their use extended in the office to create barriers between closely seated workers. We’ll see them in other areas to promote social distancing.

Health questions
The CDC recently issued guidance recommending that employers actively encourage sick employees to stay home. Interpreting this guidance, the EEOC confirmed that the rules of the ADA and the Rehabilitation Act continue to apply but do not prevent employers from following guidelines from the CDC and other public health authorities regarding COVID-19.

Per the EEOC’s guidance, employers may ask employees who report feeling ill at work, or who call in sick, questions about their symptoms to determine if they may have COVID-19. In addition, they may require employees to stay home if they have COVID-19 symptoms, screen applicants for symptoms of COVID-19, delay the start date or withdraw the offer of an applicant with symptoms.

Thus, employers may find it necessary to ask employees about their symptoms. They might require notification of high body temperatures, and request disclosure of recent proximity to individuals who have tested positive for COVID-19. In doing so, they must be mindful to do it consistently and avoid discriminatory use of the results.

To simplify the process and avoid collecting unnecessary information, employers may simply ask employees to stay home if they show certain symptoms, rather than asking them about the specific symptoms they have.

Work from home security
The WFH new normal creates multiple security challenges that must be addressed. From simple provisioning issues like shredders for employees handling sensitive documents to updated incident response plans, new circumstances demand new security responses.

For example, the company’s business continuity plan should be updated to address new fail-over and backup procedures. Also, the difficulty of securing and verifying credentials in a remote environment will encourage the use of multifactor authentication.

In addition, with less physical oversight of employees, organizations may need to focus more on user activity. Access logs and user behavior analysis come to mind. Increased threats require increased employee education. And, employees also need to know how to report security risks or threats through all the currently used communication channels (in addition to email).

How To Set Up And Maintain A Secure, Remote Work Environment To Overcome The COVID19 Pandemic

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

“We are in this together.” We can’t say that enough. It’s not you, and I, but US.

Information technology and communications providers are considered essential services in this unprecedented time, and we take our role seriously. We are here to help, and we ask you (no, implore you) to reach out with any technology-related questions as you work to transition from a central office to a remote employee environment.

As you prepare (or maybe you already have transitioned) for remote work environments, many of which will need to be done by the individual who will be working there, we developed this list of 10 things to keep in mind to secure a remote work environment on the fly.

Invest in antivirus software for all employee devices
Yes, technically it is your employee’s devices and these are usually outside of the typical IT circle. But with these circumstances coming about quickly, there may not have been time to follow your normal procurement cycle to get the specific equipment your employees need to remain productive while working from home. That means they will be working from their own device, and they may or may not be as cognizant of your security measures.

So a good rule of thumb is to work to ensure that all employees utilize antivirus software. Many ISPs (Internet service providers) also offer free antivirus software with their service, and we would encourage you to take full advantage. There are several ways you can handle this and we invite you to give us a call to see what will work best for your organization. [Read more…]

Working From Home? Probably The “New Normal”

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

I hope that you and your family (and pets) are safe and sound and doing as well as can be expected. This is an extraordinary time for all of us, and the very embodiment of the ancient Chinese aphorism “may you live in interesting times.” We surely do.

Our team is mixed between working in the office and working from home, and everyone is doing a great job. We initially saw a huge increase in our ticket volume as our client’s teams prepared to work from home but that’s tapered off in the last week to a pretty normal level of activity.

If you had to wait for help, please accept my personal apology for the inconvenience – while we have plans to handle client disasters, I never anticipated something as far-reaching as the current pandemic.

The “new normal”

If the politicians and experts are to be believed, many of the changes we’ve had to make to slow the spread of this virus are going to be around for quite a while, at least until we have an effective vaccine for COVID-19. From an IT perspective, that means more of your team will probably be working remotely. And that presents a new kind and new level of security exposure for your company. [Read more…]

Designing A Comprehensive Security Plan For Your Company

After years of being in the industry and watching the evolution of cyberattacks, we feel that there are 13 critical pieces to any cybersecurity plan that we, as your managed service provider, should implement. They are:

Two-factor/Multi-factor authentication

Two-factor authentication is probably the most widely misunderstood security solution, but a critical and effective part of every cybersecurity strategy.

Two-factor authentication is just how it sounds: two separate layers of security. The first is a typical username and password log-in with the addition of a secondary level that looks for something you know, something you have, or something on your body (e.g., fingerprint).

Here are some stats you should know that describe the critical need for two-factor authentication:

  • 90% of passwords can be cracked in less than six hours.
  • Two-thirds of people use the same password everywhere.
  • Sophisticated cyberattackers have the power to test billions of passwords every second.

This sobering reality is why we require two-factor or multi-factor authentication for all of our employees and users of our system, and we highly recommend that you do too.

Password management

The main reason people use the same password everywhere is because it’s impossible to keep track of hundreds of usernames and passwords across various devices and systems.

A secure password is a unique, hard-to-guess one, so it’s understandable why users resort to the use of the same password for each site. This is why we have a password management program built into our procedures. The password manager program generates unique, complex passwords for each site or program then securely stores them in the management program.

When one of our staff needs credentials, they use the master password to open their database of passwords and obtain the login information they need, making it easy to “remember” a complex password and significantly reduce the risk of a breach.

Security risk assessment

A security risk assessment involves reviewing your technology and how you use it, followed by the implementation of security improvements and preventive measures.

The assessment should be performed at a minimum of one time per year, if not more. A full security assessment includes the following pieces:

Identification – When performing a security risk assessment, we first need to take inventory of all of your critical information technology equipment, then determine what sensitive data is created, stored, or transmitted through these devices and create a risk profile for each.

Assessment – This step takes identification to the next level. To complete the assessment step, we need to identify the security risks to each critical asset and determine the most effective and efficient way to allocate time and resources to mitigation.

Mitigation – This is where we solve problems. We have specifically defined a mitigation approach for each potential risk in our network and what security controls will be initiated in case of a breach.

Prevention – We have specific tools and processes to minimize the risk of threats against us and our network in order to help keep you safe.

Information security plan

There is a significant need to safeguard any information that is collected, transmitted, used, and stored within information systems, so the development of an information security plan is crucial. We take this very seriously. We have taken steps to document a plan and designed systems to secure our and our clients’ sensitive business data.

A security program is essentially about risk management, including identifying, quantifying and mitigating risks to computers and data. There are some essential basic steps to risk management:

Identify the Assets – Beyond generating a list of all the hardware and software within the infrastructure, assets also include any data that is processed and stored on these devices.

Assign value – Every asset, including data, has a value and there are two approaches that can be taken to develop the value: qualitative and quantitative. “Quantitative” assigns a financial value to each asset and compares it to the cost of the counter-measure.  “Qualitative” places the threats and security measures of the assets and sets a rank by use of a scoring system.

Identify risks and threats to each asset – Threats to the system go beyond malicious actors attempting to access your data and extend to any event that has the potential to harm the asset. Events like lightning strikes, tornados, hurricanes, floods, human error, or terrorist attacks should also be examined as potential risks.

Estimate potential loss and frequency of attack of those assets – This step depends on the location of the asset. For those operating in the Midwest, the risk of a hurricane causing damage is extremely low while the risk of a tornado would be high.

Recommend countermeasures or other remedial activities – By the end of the above steps, the items that need improvement should become fairly obvious. At this point, you can develop security policies and procedures.

Policies and procedures (internal & external) – A crucial part of an effective cybersecurity plan is the policies and procedures, both for internal assets and external assets. You can’t have one without the other. A general description can be thought of as this: a policy is the “rule” and a procedure is the “how.” With this in mind, a policy would be to effectively secure corporate data with strong passwords. The procedure would be to use multi-factor authentication.

Cybersecurity insurance and data breach financial liability – CyberInsureOne defines cybersecurity insurance as “a product that is offered to individuals and businesses in order to protect them from the effects and consequences of online attacks.”

Cybersecurity insurance can help your business recover in the event of a cyberattack, providing such services as public relations support and funds to draw against to cover any financial losses. It’s something that your MSP should carry as well as your own business.

And just like business liability and auto liability insurance, it is paramount that your business (as well as your MSP) covers themselves with data breach financial liability insurance to cover any event that may be attributed to their activities causing a breach.

Data access management – Access management is determining who is and who isn’t allowed access to certain assets and information, such as administrative accounts.

This is critical for your business as it enables control over who has access to your corporate data, especially during times of employee turnover. Other benefits include increased regulatory compliance, reduced operating costs, and reduced information security risks.

Security awareness training (with phishing training) – Phishing is the number one attack vector today with over 90,000 new attacks launched every month. If your provider is not actively participating in security and phishing awareness training, they will be unable to keep you up on the latest trends in how these malicious actors are attempting to gain access to your businesses data.

Data encryption – At its basic level, data encryption translates data into a different form, making it readable only by the starting and ending points and only with the appropriate password. Encryption is currently considered one of the most effective security measures in use as it is nearly impossible for an outside force to crack.

Next Gen antivirus and firewall – Antivirus is software designed to detect and neutralize any infection that does attempt to access the device and should be on every endpoint.

Many providers are marketing their software as “next generation,” but true next generation antivirus includes features such as exploit techniques (blocking a process that is exploiting or using a typical method of bypassing a normal operation), application whitelisting (a process for validating and controlling everything a program is allowed to do), micro-virtualization (blocks direct execution of a process, essentially operating the program in its own virtual operating system), artificial intelligence (blocking or detecting viruses the same way as a human user could), and EDR/Forensics (using a large data set from endpoint logs, packets, and processes to find out what happened after the fact).

Next generation firewalls also include additional capabilities above the traditional firewall, including intrusion protection, deep packet inspection, SSL-Encrypted traffic termination, and sandboxing.

Business continuity plan – This is a process surrounding the development of a system to manage prevention and recovery from potential threats to a business. A solid business continuity plan includes the following:

  • Policy, purpose, and scope
  • Goals
  • Assumptions
  • Key roles responsibilities
  • A business impact analysis
  • Plans for risk mitigation
  • Data and storage requirements that are offsite
  • Business recovery strategies
  • Alternate operating plans
  • Evaluation of outside vendors’ readiness
  • Response and plan activation
  • Communication plan
  • Drills and practice sessions
  • Regular re-evaluation of the current plan

Your MSP should be able to provide you with a copy of what is included in their plan and how it will affect your business if they do encounter a business continuity event, as well as their backup plan to maintain your critical business infrastructure.

Email security layers – In short, layers limit risk. Email security layers include tactics such as two-factor authentication and spam filters at the basic level (which give your employees time to evaluate a potential threat by removing the words “urgent” or “do right now” from internal subject lines).

As your managed service provider, we are dedicated to helping you maintain effective cybersecurity through these advanced tactics, as well as through a consultative, trusted advisor relationship. You are more than just a number to us and we will do everything in our power to help keep your business safe and running smoothly.