Home/TechMD

TechMD

About TechMD

This author has not yet filled in any details.
So far TechMD has created 59 blog entries.

Help Your Team Get Things Done with Microsoft Planner

How to Get the Most Out of Microsoft Planner

Microsoft 365 comes with a suite of productivity tools that seamlessly integrate with one another, allowing organizations to manage their workflow, communications, and storage all in one place. Microsoft Planner is Microsoft’s task management tool that makes it easy for teams to collaborate and organize their work visually.

Planner allows teams to create project plans, assign and organize to-dos, manage project timelines, and collaborate in real time. Planner also integrates seamlessly with Microsoft Teams and SharePoint, which means teams can store important links, files, and other content alongside their associated tasks. This ensures that everything related to a project is stored together and is never more than a click away.

Here are three best practices to help you get the most out of Microsoft Planner: 

1) Integrate Planner with Microsoft Teams

While you can access and manage Planner online, consider setting up plans and organizing tasks directly from within Microsoft Teams. This allows you to link up Planner’s project and task management system with Teams’ collaboration and communications platform, keeping everything in one place and dramatically improving your team’s efficiency. You can learn more by checking out our video on collaborating with Microsoft Teams. 

2) Organize Tasks by Action Priority

Consider organizing tasks by action priority: keep quick wins (high impact, low effort) separate from big projects (high impact, high effort) and fill ins (low impact, low effort). This allows your to prioritize activities based on time, importance, and effort.

3) Take Advantage of Views

Planner has three different views (board, chart, and schedule) that can be toggled between with a single click. The board view uses a kanban-style board to organize and structure your tasks, while the schedule view provides a high-level calendar view of a project’s timeline, and the charts view displays your progress visually. Learn more about views by checking out our One-Minute Wednesday video on organizing by view in Microsoft Planner.

For organizations already in Microsoft 365 and looking for a tool to help their team manage project timelines and organize and assign tasks, Microsoft Planner is the perfect fit. Its seamless integration with Microsoft Teams and the rest of the Microsoft 365 product suite allows teams to manage tasks, files, and communications all in one place, boosting productivity and efficiency across the organization.

April 15th, 2021|

Communicate Better with Microsoft Stream

How to Get Started with Microsoft Stream

Internal communications can be a headache—we’ve all received emails that were longer than they needed to be, and many of us have probably sent long emails that never got read. But there’s a better way: start sending short videos instead of long emails with a tool like Microsoft Stream. 

If you’re not already familiar, Microsoft Stream is a video app in Microsoft 365 that empowers users to create, manage, and share videos securely just as they would any other file. Stream makes it incredibly easy to record and share a short video with other team members, which saves time and headaches for everyone. 

Here are three ideas for effectively leveraging Microsoft Stream in your organization: 

1) New Employee Onboardings 

Rather than set up a series of time-consuming meetings whenever you hire a new team member, consider developing a suite of pre-recorded videos that can guide new hires through what they’ll need to know about your organization’s culture, processes, and day-to-day operations. This saves a ton of time and effort. 

2) Internal Training 

Training procedures, answers to common questions, and internal classes or meetings can be recorded and uploaded to Microsoft Stream for your team to reference later. This allows you to avoid scheduling redundant meetings to cover critical info when people in new roles need to get up to speed on how the company operates. 

3) Personalized Messages from the C-Suite 

Important communications from your executive team are more personable and high-impact when they come in the form of video recordings. Do away with long emails about the future of the company and get your CEO in front of the camera instead! This improves the quality of your communications and boosts employee morale. 

Stream videos are stored natively in SharePoint, which allows you to organize your content and provides you with all the access control features that apply to other files in Microsoft 365—you can manage who can view certain videos, set expiration dates on share links, and decide how widely you want to share content. 

To learn more about Stream, you can check out our One-Minute Wednesday episode on how to get started with Microsoft Stream. 

March 23rd, 2021|

TechMD is SSAE-19 Certified!

TechMD is proud to announce that we are now certified as operating under the Statement on Standards for Attestation Engagements (SSAE) No. 19, based on the Center for Internet Security’s (CIS) Critical Security Controls. TechMD is currently certified with a Security Maturity Level (SML) Score of 3.5, and we are working towards reaching SML 4.0 soon. We are one of the first Managed Service Providers in Southern California to have received this certification, and we are incredibly proud of all the hard work and effort that went into hardening our cybersecurity posture!

The CIS 20 Critical Security Controls and Benchmarks are global industry best practices endorsed by leading IT security vendors, governing bodies, laws, and regulations. SSAE 19 Cybersecurity Certification reports are the benchmark compliance report for MSPs and other organizations impacted by cybersecurity compliance and regulations, including CCPA, HIPAA, PCI, and SOX. TechMD follows the CIS 20 Controls in order to quickly and reliably establish the protections required to prevent the most common cyberattacks and safeguard our clients’ information.

March 16th, 2021|

Tech Talk: Get Started With Business Intelligence & Microsoft Power BI

How to Get Started with Power BI

On today’s Tech Talk, we’ll be discussing business intelligence (or BI for short), which is a process for discovering trends or patterns in your data and then presenting them in a visually-engaging way. Seeing your data fully visualized helps you understand what’s happening across your organization and helps informs your decision-making.

Implementing BI used to be a heavy lift, but tools like Microsoft’s Power BI have done away with the need for expert coding skills, and the process is now a lot simpler than most expect. Here’s how you can get started with Power BI in 5 simple steps:

#1 Download and Install Power BI

Power BI has a free version that you can easily download and start using. Be mindful that Power BI Pro licenses are included with a Microsoft 365 E5 or Ofice 365 E5 subscription, so may already have access through these plans.

#2 Data Sources

BI’s results will only be as good as the data you import, so ensure that your data is organized. With Power BI open, click on Get Data to start importing a data source. BI is flexible, allowing you to import data from multiple sources.

#3 Model Your Data

At this stage, you can begin building relationships between your data. Power BU allows you to drag and drop columns between tables and perform analytics with the data you’ve imported.

#4 Build Your Reports

Now, you can begin to create visualizations that present your data in an organized and fun way. Utilizing a menu of templates, you can drag and drop data to be presented in the way you wish.

#5 Ask Questions of Your Data

Power BI gives you the ability to ask questions of your data by typing into a query, similar to a Google search. It’s a great feature that uses machine learning and natural-language processing to navigate through your data and stay informed.

Power BI is essential to how TechMD functions every day. Here are a few examples of how we use data to provide the best IT experience possible:

SLA Dashboard:

This dashboard tracks our open support tickets and ensures efficiency when responding to our clients.

Customer Satisfaction Dashboard:

This dashboard contains our average NPS score across time, lets us compare ourselves against national NPS scores, and displays our team members with the best customer satisfaction score.

Hopefully now you have a better idea of what business intelligence is capable of, why your organization might want to use it, and how to get started with Power BI. You can find several resources for further learning about Power BI below. If you have any questions, don’t hesitate to reach out to us!

Further Resources

About TechMD

TechMD is an award-winning IT services firm that specializes in managed IT services in Orange County and Los Angeles, managed cybersecurity, cloud solutions, and strategic IT consulting. We are passionate about bringing enterprise-level productivity, scalability, and security to small and medium businesses.

March 11th, 2021|

Zero-Day Exploit Affects Microsoft Exchange Servers

Microsoft has announced that Hafnium, a Chinese-backed cybercriminal organization, has been taking advantage of four zero-day exploits to attack on-premises Microsoft Exchange servers. These newly-discovered vulnerabilities are being used to infiltrate networks and steal data, and they pose a serious risk to any organization running on-premises Exchange servers. We strongly recommend that any organizations with on-premises Exchange servers, including hybrid Office 365 setups, should apply Microsoft’s security updates immediately.

If you are a TechMD client and are using any version of Microsoft Exchange Server that was affected by this exploit, then we have already applied the relevant security updates.

This zero-day exploit affects the following versions of Exchange:

  • Microsoft Exchange Server 2019
  • Microsoft Exchange Server 2016
  • Microsoft Exchange Server 2013
  • Microsoft Exchange Server 2010

You can find links to Microsoft’s security updates below:

To ensure your organization is protected from data breaches, your IT team will need to apply the security updates above and follow Microsoft’s guidelines to secure your Exchange server(s). Again, it is vital that this patch is applied to any affected servers as soon as possible, even for organizations that have shifted email infrastructure to Office 365 but retain any on-premises Exchange servers.

For more information about migrating your email to Microsoft Office 365 the right way, or if you’d like to discuss how TechMD can help your organization be more proactive about cybersecurity, please contact us.

March 3rd, 2021|

Webinar: Building A Framework-Based Managed Security Program in Your Business

Cybersecurity has become an even hotter topic over the last 12 months as businesses have accelerated their plans to operate in virtual and remote environments. Despite the growth of sophisticated techniques used by cyber criminals, we know that 98% of data breaches can be prevented by implementing the Center for Internet Security’s Top 20 Critical Security Controls correctly.

Surprisingly, most businesses have not implemented these Top 20 Controls. In this webinar, we discussed the different types of CIS security controls and explored a globally-recognized framework for assessing your business’ existing cybersecurity defenses. The webinar included two guest cybersecurity experts, Kevin Holmes and Eric Rockwell from MAP CyberSecure.

  • Kevin Holmes is the Audit and Assurance Practice Leader at Martini Akpovi Partners and has extensive experience in internal controls consulting. He holds the AICPA Internal Control Certification in the COSO Internal Control Integrated Framework. Kevin also holds an AICPA Certification in Cybersecurity Advisory Services.
  • Eric Rockwell has more than 17 years of leadership experience helping clients optimize their IT environment while aligning with business goals. A member of the Center for Internet Security, Eric is an expert in risk management, incident response, infrastructure protection, business continuity and disaster recovery.

Special thanks to our partner:

 

February 17th, 2021|

Executive Extortion: The Evolution of Ransomware

By now everyone knows that ransomware is a real threat with real risks to businesses of all sizes. What you may not know is that hacking techniques are evolving and ransom payments are going up. ZDNet reports a new trend where cybercriminals directly target the computers of top executives at small and mid-sized companies. Executive computers are much more likely to contain sensitive information about the company as well as personal information that a CEO would not want to see on the internet. Gaining access to these computers is highly valuable for pressuring management into approving high-dollar ransom payouts, which means that executives are even more of a target and should consider taking extra steps to secure their information. 

Cybercriminal groups are well aware that small and mid-sized businesses have generally not implemented cybersecurity best practices. This makes SMBs easy to infiltrate and allows cybercriminals to spend an average of 200 days inside a network undetected. While in the network, they can sift through executives’ files and emails in order to exfiltrate data that might be useful in threatening, embarrassing, or putting pressure on a company’s management. Cybercriminals might find proprietary company data, financial numbers, or compromising personal information and threaten to post them to online leak sites. They might also plan to disclose the data breach to authorities, which causes reputational damage and may also incur a fine from regulators. 

By now every business needs to conduct a cybersecurity assessment to understand their largest vulnerabilities. TechMD recommends following the NIST Cybersecurity Framework and the CIS Top 20 Controls. In the meantimehere are a few simple steps that every executive can take right now to protect themselves from cybercriminals:

1) Use complex and unique passphrases on your accounts 

Because trying to come up with and remember unique passwords for hundreds of different accounts is impossible, most people use one simple password for everything. However, this presents a huge security vulnerability: cybercriminals can easily breach accounts via brute force (working through a list of commonly-used password combinations) or find passwords in one data breach and reuse it to compromise unrelated accounts (since the password is likely to be identical). 

To address this issue, we recommend creating complex passphrases instead of a passwords. Passphrases are long strings of words that are easy to remember but hard to brute force—an example might look like George loves breakfast!”We also recommend using a password manager like LastPass or Dashlane to generate complex passwords and store them for you. This combination of a single master passphrase to access your password managers and automatically-generated complex passwords for all your other accounts should keep you safe from most simple password breach attempts. 

2) Set up Two-Factor Authentication on everything 

Even if you have a strong passphrase and unique passwords across all your accounts, you’re still vulnerable to a third-party suffering a data breach and releasing your information. To combat this, it is critical to enable Two-Factor Authentication (or 2FA) on all your accounts. 2FA works by creating an extra layer of security by validating your logins with a text message or app prompt on your smartphone. 

Symantec recently published a study that showed that two-factor authentication could have prevented over 80% of all account compromises. This makes 2FA one of the single most important things you can do to protect yourself and your business from cybercriminals. To see 2FA in action, you can check out our recent One-Minute Wednesday on how to get started with two-factor authentication. 

3) Understand how to identify and avoid phishing scams 

Phishing is a common cyberattack where a cybercriminal sends an email that looks like it’s from a legitimate institution or company in order to trick the recipient into divulging personal information, wiring money to an offshore account, or install malicious softwarePhishing emails usually mimic the logos, web addresses, and language from real companies in order convince you that the email is legitimate. Phishing emails can also be highly targeted—cybercriminals often do background research and send extraordinarily specific emails that appear to be from clients or close associates, which include information that you wouldn’t expect anyone else to know. 

Here are a few things to keep in mind about phishing: 

  1. Never click on links or open attachments from suspicious-looking emails, especially if they are asking you to enter login credentials. 
  2. Keep an eye out for unusual requests or other odd features about an email. Common phishing tactics include sending emails from a “personal email” because the sender is “locked out” of their work address, instilling a sense of urgency or claiming an emergency in order to bypass the recipient’s natural suspicion, and claiming to be too busy to discuss the email further or clarify the request. 
  3. If you’re not sure that an email is legitimate, always reach out to the sender directly. Call them to confirm they sent the email, or ideally discuss it with them in person. 

Stay Safe! 

Executives and management teams are increasingly the targets of highly sophisticated cybercriminals. If you’re in a high-level position in your organization, it’s critical that you take extra caution when it comes to cybersecurity. 

However, it’s not enough to protect yourself if your business doesn’t also have a robust cybersecurity strategy in place. The best way to find out how secure your business is today and get the best ROI on your cybersecurity spending is to perform a Security Maturity Level Assessment (SMLA). Developed to follow the globally-recognized NIST Cybersecurity Framework, the SMLA provides a big-picture look at your business’ cybersecurity along with specific, detailed recommendations about how to improve. 

If you have any questions, feel free to contact TechMD or check out our managed cybersecurity page! 

February 5th, 2021|

Top 3 IT Priorities for 2021

2020 was an unprecedented year, and businesses with inflexible IT solutions were caught off guard and had a rough time during the pandemic. And with continuing uncertainty, most organizations we talk to are trying to avoid getting surprised by sudden IT issues and costs over the upcoming year. 

In light of that, we’ve been looking at some new priorities as we discuss our clients’ IT strategies for the upcoming yearranging from budgeting to cybersecurity to cloud technologies. Here are three key priorities to make sure your business isn’t caught off guard by IT in 2021: 

1) Develop an IT budget 

With tight budgets and an uncertain economy, the last thing most businesses need is a big surprise IT expense in 2021. Believe it or not, IT budgets can be created and followed with the right team and good prioritiesYour IT budget should align with your goals, ensure you can invest in the technology you need to run your organization effectively, and plan to respond proactively to cybersecurity risks. It should also include plans for key expenses, such as: 

  • Large IT infrastructure projects 
  • IT support and maintenance agreements 
  • New hardware & licensing costs 
  • Telecommunication costs: ISP, VOIP, etc.
  • Cybersecurity Insurance 

During this process, make sure that you involve your organizations leadership team and stakeholders. If you don’t have a C-level IT employee at your company, you may want to look into engaging a fractional CIO or company like TechMD to help guide you through the process.  

2) Avoid Cybersecurity Surprises 

It seems unfair, but the reality is that ransomware attacks grew immensely during the pandemic. Cybercrime Magazine recently reported that a company was successfully attacked every 11 seconds in 2020. For that reason, 2021 has to be the year that your business creates a cybersecurity incident response plan. It’s critical to have a clear policy and procedure to follow when your organization is hit with a data breach or a ransomware attack.

If you feel lost creating that policy or are unclear about what your cybersecurity risk profile looks like, 2021 should be the year to invest in a cybersecurity assessment, which are not as expensive and impractical as you may think. All businesses should conduct a Security Maturity Level Assessment (SMLA) that follows the clearly published guidelines of the two cybersecurity authorities: the NIST Cybersecurity Framework (NIST CSF) and the Center for Internet Security (CIS)The SMLA process provides you with a clear picture of your organization’s most critical cybersecurity vulnerabilities, along with your official Security Maturity Level Score (ranging from 0 to 5). From there, you will be able to create a prioritized and customized action plan that will maximize the ROI of your cybersecurity program. You can learn more about the SMLA process here. 

3) Invest in Your Remote Workforce 

2020 was a mad rush to the cloud, as the pandemic forced businesses to find and implement remote workforce solutions quickly. Many organizations ended up with stop-gap solutions that left important details unchecked, which is both a cybersecurity risk and a drag on productivity. 

Cybercriminals have been specifically targeting remote employees this year, and taking steps to secure remote workforces should be a top priority for most businesses in 2021. Here are a few critical items to prioritize: 

  • Two-Factor Authentication (2FA) is one of the best cybersecurity tools or policies in terms of return on investment: a recent Symantec study found that over 80% of all data breaches could have been prevented by 2FA. If you’re not familiar with how 2FA works, you can check out our One-Minute Wednesday episode on 2FA. 
  • Single Sign-On (SSO) is a solution that allows users to log in once, using a master username and password, and then have those credentials provide access to all their other business apps. You can learn more about SSO by reading our recent article here. 
  • Secure your VPNs by enforcing complex password policies and requiring two-factor authentication. Additional policies such as blocking certain geographic regions from accessing your VPN is also a good idea. 

Remote work isn’t going anywhere, so 2021 will also be a good year to look at how to fine tune your company’s culture and increase engagement and productivity with your remote workforce. Here are a few tasks and tips to add to your list: 

  • Figure out how to communicate more effectively on platforms like Microsoft Teams. Use of Teams, Zoom, Slack and Google Chat/Hangouts all spiked to record levels in 2020, and in our experience, usage grew organically with little to no management oversight. 2021 will be the year to create standards for how messaging gets distributed throughout your organization. Take a look at the Teams, communication channels, and security user groups that exist today and think about how they can be organized more effectively.
  • Clean up and secure your cloud file storage platform. The remote workforce in 2020 also led to increased usage of apps like Dropbox, SharePoint, OneDrive, Box, Google Drive, etc. Does your company have policies and protections in place to clearly dictate what your staff can and cannot do with company data? Have you double checked your user and folder permissions to confirm that employees can’t access confidential company data or share sensitive information? Have your IT team take a look at the configurations and make sure data is separated and secured properly. 
  • Consider upgrading your old phone systemThe modern remote workforce requires the ability to take work calls from home in the same manner as at the office. Many businesses are still working off a legacy system that made transferring and answering calls a painful experience in 2020. Modern phone systems can be hosted from the cloud and soft phone apps can be added to mobile devices to make communication nimble, professional, and effective. Be sure this is on your budget and engage a VOIP consultant to help find the right solution. If you don’t know a good VOIP consultant, contact TechMD and we can refer you to someone 

Get Proactive in 2021 

2020 highlighted the importance of staying proactive about IT, and 2021 will likely be no different. Businesses will need to prioritize creating a budget for IT, developing a robust cybersecurity posture, and making sure their remote workforce is flexible and productive in order to stay ahead of the curve. If you are looking for help with any of these areas or feel like you could use some guidance about planning out your year, please don’t hesitate to contact us!

December 16th, 2020|

Cybersecurity Alert: Microsoft 365 Vulnerability Leads to US Treasury Breach

State-backed hackers use Microsoft 365 vulnerability to breach US Treasury

Reuters reported over the weekend that foreign state-backed hackers have breached Microsoft 365 accounts at the US Treasury Department, using their access to secretly monitor email accounts and email exchanges between the US Treasury and the National Telecommunications and Information Administration. The attack was extremely sophisticated and was able to bypass Microsoft’s authentication controls.

Microsoft has released guidance for how organizations can bolster security to attempt to avoid these attacks, and we suggest having your IT provider take a look at this document and make sure your organization is following the recommended best practices. In addition to Microsoft’s recommendations, here are 3 tools and tips to help protect both personal and business accounts from cybercriminals:

1) Set up Two-Factor Authentication (2FA)

Two-factor authentication is the one tool that provides the highest ROI in terms of protecting your accounts from unauthorized access. Microsoft has said that 2FA can prevent 99% of automated attacks on Microsoft 365 accounts, and a recent Symantec study found that 2FA would have prevented up to 80% of data breaches (of all types). If your organization is not currently securing all employee accounts with 2FA, then implementing it should be your top priority. You can also set up 2FA for most of your critical personal accounts (like online banking) in just a few minutes. In general, we recommend using an app-based solution like Duo or Google Authenticator rather than SMS-based text messages for both business and personal accounts. If you’d like to learn more about 2FA, you can check out our One-Minute Wednesday episode on how it works.

2) Improve your password hygiene

Never use the same password twice—if your password becomes compromised in a data breach, cybercriminals can (and will) attempt to use it on all your other accounts. For personal accounts, we recommend using a password manager (like LastPass) to help you 1) keep track of all your unique passwords and 2) create highly-complex, strong passwords. Good passwords should avoid using common words, uses as many characters as possible, and includes a variety of different character types (uppercase, lowercase, numbers, and special characters).

For business accounts, the best practice would be to implement Single Sign On, which allows you to use a single master username and password to access all your business applications, and then protect it with Two-Factor Authentication. You can learn more about SSO by checking out our recent article on it.

3) Learn to spot phishing scams

If you get an email claiming that one of your accounts has been breached and you need to login immediately, it is probably a phishing scam. Phishing is a type of attack where cybercriminals impersonate a person or organization you trust in an attempt to trick you into providing personally-identifiable information (PII) like passwords or credit card numbers. Phishing emails normally include a link to a malicious website or attachment.

The best way to avoid getting compromised is to know how to spot phishing emails. They often have misspelled words, involve a slightly misspelled website like (like microsoftsupport.ru or microsft.com), or include an urgent call to take action immediately. You can learn more about how to spot phishing emails by checking out one of our One-Minute Wednesday episodes on phishing. If you receive an email that seems suspicious, either delete it or forward it to the Anti-Phishing Working Group at phishing-report@us-cert.gov.

About TechMD

TechMD is an award-winning IT services firm that specializes in managed IT services in Orange County and Los Angelesmanaged cybersecuritycloud solutions, and strategic IT consulting. We are passionate about bringing enterprise-level productivity, scalability, and security to small and medium businesses.

December 15th, 2020|

Combining Security and Convenience in Your Business with Single Sign-On

In the modern workforce, managing passwords is tough. Most employees manage 85 different passwords, according to this year’s Annual Global Password Security Report by LastPass, and this presents a significant cybersecurity risk for businesses while also harming productivity and user experience.

Most business leaders are aware that maintaining a robust password security posture is more important than ever, as cybercriminals continue to target small and mid-sized businesses (and their employees). However, the rise of cloud adoption also means that most users expect to have seamless access to multiple applications from anywhere and on any device, and 2020’s exponential increase in work-from-home situations only exacerbates the issue by adding new applications and forcing users to enter passwords more often.

One of the best solutions to this security/productivity dilemma is called Single Sign-On (SSO). Single Sign-On means that users don’t have to sign in every time they need to use an application—instead, they log in using a master username and password and those credentials are used for all their other business apps. This solution perfectly combines security and simplicity, allowing your team to stick to a single master password while also improving your organization’s security posture. SSO also helps satisfy compliance requirements built on the NIST Cybersecurity Framework and CIS Top 20 Controls, making it a win-win for organizations subject to CMMC, HIPAA, CCPA, and others.

How SSO Improves Security & Increases Productivity

By allowing employees to use a single set of login credentials everywhere, SSO boosts productivity while also improving your overall cybersecurity posture. Here’s how:

Better Passwords

Employees at small and mid-sized businesses manage 85 different passwords on average. This presents a large security risk as users are likely to create simple passwords and reuse them across multiple logins. With SSO, users only need to remember a single password for all their applications, which means they are more likely to create a stronger passphrase that can’t be reused in multiple places.

Two-Factor Authentication on Everything

Enabling Two-Factor Authentication (2FA) is one of the single most important things you can do to improve your cybersecurity posture: a recent Symantec study found that over 80% of all data breaches could have been prevented by 2FA.

2FA and SSO are a match made in heaven: by enabling Two-Factor Authentication on each user’s master login, you effectively protect every application that your team needs to access, without forcing them to enter their 2FA code for every app. To learn more about how Two-Factor Authentication works, check out our One-Minute Wednesday episode.

Secure User Provisioning

Traditionally, when an employee leaves the company, the IT department needs to track down and change every single password that employee had access to. With an average of 85 passwords to update and (generally) a lack of documentation about which accounts were in use, this can present a major security vulnerability for most businesses.

SSO solves this issue by streamlining the user provisioning/deprovisioning process: when someone leaves the company, the IT team only needs to disable a single master account and/or update a master login. This can save a ton of time and, more importantly, means your IT team will never overlook an account that needs to be locked down.

Fewer Support Requests

Users often forget passwords and get locked out of important applications, and this usually necessitates a call to your IT department or IT provider to initiate a password reset. Enabling SSO means your employees only have a single password to remember, which means they’ll get locked out less often and the downtime associated with password reset requests will be significantly reduced. This frees up your employees to be more productive and your IT team to focus on important proactive work.

Improved User Experience

Single Sign-On is already a part of most people’s personal lives—we’re used to logging into a single Google login and then automatically having access to our Gmail, Google Drive, YouTube, etc. SSO extends this user experience to your employees’ work environment: your team won’t need to stress about password management or click through multiple login windows for every application, saving time with every login and boosting overall productivity.

Find Out How SSO Works For Your Business

With more people working from home and using cloud applications than ever before, it is increasingly important for businesses to develop a cybersecurity strategy. SSO is a powerful tool for securing your business from cybercriminals while also improving user experience and boosting productivity. If you have any questions about how SSO could work for your business, please don’t hesitate to contact us!

November 18th, 2020|

TechMD Named Best Managed IT Service Provider of 2020 by Digital.com

TechMD recognized among the most proficient and cost-effective MSPs for small businesses and startups

We are proud to announce that Digital.com, a leading independent review website for small business online tools, products, and services, has named TechMD to its list of best managed IT service providers of 2020!

Experts at Digital.com conducted a 40-hour evaluation of over 150 managed IT companies across the web. TechMD and other providers were evaluated based on several key factors and customer feedback, and each managed service provider was required to offer a variety of services such as cloud consulting, cybersecurity, and IT support. The guide also examined company size to provide a broad selection and meet the needs of multiple small businesses. Only companies with diverse industry experience were considered for the final list.

To access the complete list and check out TechMD’s profile, please visit https://digital.com/managed-it-service-providers/#TechMD

November 2nd, 2020|

The One Cybersecurity Assessment Every SMB Needs

Most cybersecurity assessments today do not follow an authoritative framework, are incredibly expensive for what they provide, and (most importantly) fail to answer these three critical questions:  

  • How secure is our business today? 
  • What is the appropriate level of cybersecurity for our business? 
  • How can we improve cybersecurity practices to meet business objectives? 

TechMD’s Security Maturity Level Assessment (SMLA) process fully answers these three questions by following the nationally-recognized NIST Cybersecurity Framework (you can learn more about NIST framework here). And with an all-in flat-rate price of $6,000 for the entire SMLA process, our assessment is as cost-effective as we can make it. 

Here is an overview of how TechMD conducts the NIST SMLA and what we provide once we’re finished: 

Security Maturity Level Assessment (SMLA) 

Step 1: Confirmation of Business Cybersecurity Requirements 

The SMLA process begins with scheduling a complimentary meeting where TechMD will seek to understand your business cybersecurity needs, what your cybersecurity posture looks like today, and how your IT infrastructure, IT systems, and IT support are set upBy the end of this meeting, you’ll understand how the SMLA process works, you’ll know the all-in flat rate costs for the assessment, and you’ll have a high-level overview of how our process will impact your overall cybersecurity posture. 

If you want to move forward, we’ll sign an SMLA agreement and will begin the process of identifying the key personnel that will need to be interviewed as a part of the assessment process. Click here for a sample Statement of Work document for the SMLA. 

Step 2: Interviews with Key Personnel 

The SMLA is built to follow the NIST Cybersecurity Framework and the CIS Top 20 Cybersecurity Controls. Once we begin the assessment, we will sit down with key personnel, usually a C-level executive plus whomever manages IT and HR, to understand how your organization stacks up against the NIST framework and CIS Top 20 Controls. 

 

This is a highly-detailed, structured process where we assess the status of and execution on each of the CIS 20 controls and sub-controls one-by-one. The goal is to understand whether there is a policy or practice in place that satisfies each control, and if so, to what extent it satisfies the control. For each control, we’ll be looking for:  

  • Is there a verbal policy that satisfies this control? 
  • If yes, is there a written policy that satisfies this control? 
  • If yes, is the policy fully automated? 
  • If yes, is there a reporting process in case the policy fails to execute properly? 

Once we gather all the data for each of the CIS 20 Controls, we will make evidence requests to prove compliance. We will also be documenting everything along the way and maintaining an inventory of evidence provided. This is important because we are taking the position of an outside auditor—our job is to ensure that you can pass an independent audit, and we will stand behind you if and when you decide to engage one. 

Step 3: Review the Evidence 

Once the initial key personnel interviews and evidence-gathering process is completed, we will review the policies provided by the client and the technical evidence provided by the IT team, determine if each policy satisfies its corresponding control and would pass an audit, and finally analyze all the information to get a high-level overview of the organization’s cybersecurity compliance. 

After our analysis is complete, we normally expect to schedule follow-up meetings with key personnel to fill in any gaps in information. Once we have a complete picture, we’ll move on to the deliverables. 

SMLA Deliverables 

As a result of the SMLA process, you will receive: 

Official Security Maturity Level (SML) Score  

Your SML score will range from 0-5 and will include a full breakdown of the percentage to which each control has been satisfied, along with a comparison to other companies in your industry. 

Executive Summary Report  

This report contains high-level insights into how your cybersecurity policies fit together and an overview of your overall cybersecurity posture. This report is based on your cybersecurity goals and where you’re falling short in relation to those goals. Not every organization needs to have an SML Score of 4 or 5, so the analysis in this report will be highly dependent on your specific needs and goals. 

Full Detail and Risk Analysis Report  

This report includes a full breakdown of what is missing from each policy and what is needed to satisfy its corresponding CIS Control, along with an assessment of how much risk each policy presents to the organization. 

Customized System Security Plan 

The first three deliverables may paint a depressing picture about your cybersecurity posture, and if so, you probably already knew roughly how bad it was. But what you probably want to know is what you should do next, so the most important piece of the SMLA process is the customized System Security Plan (SSP) and its companion Timeline and Budget.  

 

The custom SSP will provide you with a step-by-step plan and budget for improving your SML score. This plan will be designed to satisfy your organization’s specific timeline, budget, and goals—normally we develop 1-year plans, but you may be willing or required to spend more and arrive at your targeted SML score sooner. Our SSP applies to any industry or compliance requirement and will be customized to fit your organization’s needs. For example: 

  • You may need to be HIPAA compliant, CMMC certified, or follow any number of other industry-specific compliance requirements 
  • You may need to meet the cybersecurity requirements of a large customer  

Once you receive your customized SSP, you’ll have the freedom to execute the plan yourself if you have in-house cybersecurity expertise, or we can help you drive that process forward through a Managed Security Services Agreement. 

Get Started Today 

It’s easy to get overwhelmed by all the different cybersecurity solutions out there, but it doesn’t have to be that way. We now have a nationally-recognized cybersecurity standard in the NIST Cybersecurity Framework and CIS Top 20 Controls. With the SMLA process built on that standard, TechMD can help you understand your cybersecurity risks and develop a customized action plan that will get you where you need to be, at your own pace and according to your budget. 

To learn more about the SMLA, contact us here! 

September 16th, 2020|

Tech Talk: NIST Cybersecurity Framework

Despite knowing how important cybersecurity is for their organization, many business leaders don’t have clarity about how secure their organization is today and what cybersecurity controls are the most important for their protection. On today’s Tech Talk, we discuss how the internationally-recognized NIST Cybersecurity Framework can help any organization understand where they are in terms of cybersecurity, where they should be, and how to get there.

About TechMD

TechMD is an award-winning IT services firm that specializes in managed IT services in Orange County and Los Angeles, managed cybersecurity, cloud solutions, and strategic IT consulting. We are passionate about bringing enterprise-level productivity, scalability, and security to small and medium businesses.

August 12th, 2020|

Tech Talk: Working Remotely With Microsoft Teams

In this Tech Talk, we’re going to overview Microsoft Teams. Teams is the ultimate collaboration tool for your organization, allowing you to conduct chats, video calls and more. Let’s take a look!

Collaborating Effectively

Microsoft Teams enables effective company-wide communication through a series of special features. Some of the functionality it includes are video meetings, instant messages, and multi-user document collaboration. Different conversations are conducted around Channels, which organize chats by different topics or departments.

Channels

These channels themselves have some important tabs. The first is the Posts or Conversations tab, which acts as a central component to house the history of chats across a channel. So here, you can see the full thread of messages and files that have been shared.

Conversations Tab

Secondly, we have the Files tab, which lets you upload and collaborate on different documents without having to switch between individual apps or windows.

Files Tab

The Wiki tab is a place where you can store information or links that are relevant to the Channel.

Wiki Tab

You can also add custom tabs to each Channel, which combines both Microsoft and third-party apps. Customizing a tab means you’ll have the best apps on hand for even better communication and workflows for your different channels.

Custom Tabs 01

Custom Tabs 02

Lastly, Teams houses several tools in its sidebar menu. The Calls tab replaces your company’s phone system, allowing you to make internal and external calls from within Teams.

Calls

The Chat feature is a great way to have 1 on 1 discussions without the need for sending emails back and forth.

Chats

You also have the power to schedule and conduct meetings inside Teams with the Meetings Tab as well.

Meetings

And finally, the Files tab lets you quickly find and access files from OneNote, OneDrive, and SharePoint.

Files Tab

So overall, Microsoft Teams gives your organization the productivity boost it needs by centralizing all your communication and collaboration needs into one package. Thanks for checking out this Tech Talk and reach out to us if you have any questions about how to get started with Teams!

About TechMD

TechMD is an award-winning IT services firm that specializes in managed IT services in Orange County and Los Angeles, managed cybersecurity, cloud solutions, and strategic IT consulting. We are passionate about bringing enterprise-level productivity, scalability, and security to small and medium businesses.

July 20th, 2020|

Tech Talk: Five Reasons To Consider Microsoft 365

In this Tech Talk, Sebastian Igreti explores the top five features within Microsoft 365 that your business needs to know to defend itself from growing security threats and improve its productivity. Let’s dive in!

  • #1 – Online Protection With Exchange Online Protection, you get an email filtering service that guards you from malware hiding in emails and attachments. This also comes with ATP or Advanced Threat Protection, a cloud-based solution that monitors and pinpoints cybersecurity threats lurking in your inbox.
  • #2 – Mobile Device Management Mobile Management is a feature that contains a Bring Your Own Device Policy, which lets your employees use their own devices to access company data. Your team members can work on their personal phones, laptops, or tablets while connecting to company files without the worry of getting breached. This gives your company the convenience to work flexibly while getting a robust security perimeter.
  • #3 – Built-In Security Features With Azure Information Protection, you can control who can access sensitive content housed in documents and emails, while blocking outside users. Also, files like spreadsheets or Word docs containing information like credit cards and social security numbers are kept from being shared with Data Loss Prevention.
  • #4 – Windows 10 Pro Windows 7 is approaching its end of life, which means that in 2020, support will be lost and it’ll be time to move to the latest system. So included with Microsoft 365 is an upgrade to Windows 10 Pro. This also gives you Windows Autopilot which ensures that new devices are business-ready right out of the box and contain apps installed from the cloud.
  • #5 – Microsoft Teams Finally, Microsoft 365 for Business comes with Microsoft Teams, a communication tool that allows you to collaborate with coworkers via phone calls, meetings and individual or group chats. It’s available on PC, Mac, phones, and tablets, giving you the convenience to connect and collaborate from wherever you are.

In conclusion, Microsoft 365 is packaged with all the applications you need for effective IT security and helps your company’s success with great productivity tools. So feel free to reach out to us as you explore how Microsoft 365 can benefit your organization!

About TechMD

TechMD is an award-winning IT services firm that specializes in managed IT services in Orange County and Los Angeles, managed cybersecurity, cloud solutions, and strategic IT consulting. We are passionate about bringing enterprise-level productivity, scalability, and security to small and medium businesses.

June 30th, 2020|

Top 5 Cloud Trends for SMBs in 2020 

The coronavirus pandemic has drastically accelerated the pace of cloud adoption, as organizations nationwide were forced to migrate to a fully remote workforce in a matter of daysEven as many organizations return to the office, remote work and cloud infrastructure is here to stay. 

Here are our top 5 cloud trends for small and medium businesses: 

1. Cybersecurity for Office 365 and G Suite Must Be Tightened 

The pandemic has radically accelerated the pace of cloud adoption—for example, Microsoft added 58 million new Office 365 licenses in Q1 of this year (a 29% increase). Predictably, cybercriminal attacks on Office 365 and G Suite have gotten even more aggressive with the increase in new usersThese cloud services were already the number one target for cybercriminals before the pandemic, so tightening up their security is more important than ever. 

The Department for Homeland Security recently released specific cybersecurity recommendations for Office 365, which are equally relevant for G Suite. Here’s the high-level summary: 

  • Use multi-factor authentication (MFA), also known as two-factor authentication (2FA). 
  • Protect Global Admins from compromise and use the principle of “Least Privilege.” 
  • Enable unified audit logging. 
  • Enable Alerting capabilities.
  • Integrate with organizational SIEM solutions. 
  • Disable legacy email protocols, if applicable, or limit their use to specific users. 

Two-factor authentication (2FA) is especially important, as it is the single most effective tool for fighting off cyberattacks. According to Microsoft, it can prevent up to 99% of automated account breaches. 

If you’re not sure whether your organization’s Office 365 or G Suite accounts are secure, check with your IT team or reach out to us for help. You can learn more about our cybersecurity offerings here. 

2. Exponential Growth in Cloud-Based Collaboration Tools 

Unified Communications platforms and cloud-based productivity suites have seen exponential growth over the last few months. For example, Microsoft Teams adoption grew from 32 million daily active users on March 11 to 75 million users on April 29, a 235% increase over a 7week period. G Suite’s Google Meet has seen similar growth, with Google reporting a “30-fold increase in usage since January”. 

In other words, remote work is here to stay, and businesses are looking to adapt to new communication and collaboration challengesUnified Communications platforms like Microsoft Teams are the perfect solution to fill in these gaps, allowing team members to seamlessly collaborate via voice, video, and chat no matter where they’re working. 

At TechMDMicrosoft Teams has replaced a significant amount of our day-to-day email correspondence, improving productivity and collaboration. During the pandemic, it has also enabled us to continue holding meetings with full video support, without exposing ourselves to the security risks associated with consumer-grade video platforms like Zoom. 

If you’re on Office 365 or Microsoft 365, you likely already have Teams licenses included with your subscription, and if so, you can get started right away. To learn more about Microsoft Teams, check out our recent Tech Talk covering what it can do, how it works, and how to get started. 

3. Mobile Workforce Creates Access, Identity, and Data Control Issues 

The mass adoption of cloud platforms like Office 365, Teams, and G Suite means that people are now using personal devices to connect to corporate networks on an unprecedented scale. Company data used to live in a controlled environment, where it was accessed primarily by company-managed devices, but this is no longer the case. The new distributed workforce will require a new approach to managing access, identity, and data governance. 

There are plenty of tools available to help sandbox personal devices and secure company data, but most businesses have not yet adopted them. We expect that this will change over the next year, with cybercriminals increasingly targeting personal devices as an entry point into sensitive corporate networks.  

For our money, Microsoft 365 is one of the best options for this, offering a full suite of security tools that allow organizations to implement secure bring-your-own-device (BYOD) policiescontrol how company data is accessed and shared, and remotely manage identity and mobile devicesFor example, you can prevent users from downloading or saving sensitive documents onto personal devices, and you can manage access permissions for those documents remotely. You can also sandbox company data on personal devices, allowing you to wipe data or revoke access remotely, without affecting any personal data on the device. For more on how this works, check out this quick video from Microsoft. 

Access, identity, and data governance tools will become a key feature of business cybersecurity strategies over the next year, allowing teams the flexibility to work conveniently without sacrificing a robust security perimeter. If you have any questions about this, you can contact us here. 

4. Big Players Begin to Dominate the Cloud Desktop Space 

Remote work is becoming the new norm, but many organizations still rely on legacy applications that are not yet cloud-native and cannot be easily accessed outside the office.  

This is where cloud desktop solutions from major players like Microsoft’s Windows Virtual Desktop or Amazon’s WorkSpaces come inThese solutions provide a feature-complete desktop that is fully hosted in the cloud, providing access to all your software applications, files, data, email, and contacts from any device, no matter where you are. This gives your team the flexibility to handle remote work without sacrificing productivity or access to critical line-of-business applications. 

Cloud desktops also reduce dependence on computer hardware during a time when it is difficult to support and replace company computers. When combined with the proper cybersecurity measures to protect company data, cloud desktops could allow organizations to migrate away from owning computers at all. Employees can bring their own device and access everything they need via their cloud desktop, while the company cut costs on computer hardware without sacrificing their cybersecurity posture. Learn more about cloud solutions here.

5. Cloud-Based Phone Systems Become the New Standard

The coronavirus pandemic has forced many organizations to reconsider their phone systems. We’ve talked to many businesses recently that ran into issues migrating to an all-remote workforce because their phone system required specific phone hardware and was inoperable from outside their office.  

For many organizationscloud-based VOIP has been the lynchpin holding business operations together under workfromhome requirements. It provides employees with the flexibility to make or take calls from anywhere on any device, ensuring businesses can remain available to their clients and coworkers without being tied to a desk in an office building. It also tends to be more cost effective than maintaining the telecom hardware and infrastructure associated with conventional phone systems. 

We were already seeing significant growth in adoption of cloud-based VOIP solutions before the pandemic, and the rapid adoption of remote work has only accelerated this trend. If you are looking for guidance on why and how to move to cloud-based VOIP, contact us and we can put you in touch with someone who can help. 

June 3rd, 2020|