About TechMD

This author has not yet filled in any details.
So far TechMD has created 62 blog entries.

Top 3 IT Priorities for 2022

2021 has been another year of “unprecedented times” as the COVID-19 pandemic has continued long past what many expected. With this continued level of uncertainty, it’s more important than ever that organizations have their IT in order and prioritized.

Our experts here at TechMD have put together three top IT priorities for 2022 to help you be prepared for the ever-changing IT landscape.

1) IT Security For A Remote Workforce

If there’s been any lesson from 2021, it’s that remote work (whether partial or full) is here to stay, not just a temporary fix for the pandemic. Even though it’s been nearly two years, many organizations are still using stop-gap solutions for remote work that leave them vulnerable to cybersecurity threats.

Secure your remote workforce against cybercriminals with these critical tactics:

  • Two-Factor Authentication (2FA) remains one of the best cybersecurity tools or policies in terms of return on investment: this Symantec study found that over 80% of all data breaches could have been prevented by 2FA. If you want to know more about how 2FA works, we have a quick and easy guide in our One-Minute Wednesday episode on 2FA
  • Single Sign-On (SSO) is a solution that allows users to log in once, using a master username and password, and then have those credentials provide access to all their other business apps. This is another easy solution to prevent what could be a major problem. You can learn more about SSO by reading our recent article
  • By enforcing complex password policies and requiring two-factor authentication you can better secure your VPNs. Additional policies, such as blocking geographic regions where you know your employees don’t work from accessing your VPN, are also a good idea. 

In addition to security measures, building a culture that’s conducive to and compatible with remote work will be important in 2022 and onward. Work communication tools like Microsoft Teams, along with cloud storage solutions like SharePoint and Google Drive will remain relevant for years to come.

2) Plan For IT Attrition

As you’ve probably heard, one of the biggest stories of 2021 has been the shortage of workers across the U.S. economy. The IT sector is no exception to “The Great Resignation”, where workers are quitting jobs en masse, sometimes without any plans to seek new positions. And a shortage of IT talent is not a new issue: even in a normal year, hiring an IT professional who can perform the job well and fits your team culture can be difficult. 

Every company should have a plan to mitigate the risks of losing critical IT team members in 2022. Here are a few important steps you can take to help retain IT employees and stay flexible in case you lose them:

  • Stay interviews rather than exit interviews: at TechMD, we have been scheduling regular stay interviews with our team members, where they can provide feedback on what is going well, what isn’t, and what would cause them to leave TechMD. This process has helped us learn about underlying issues ahead of time so we can address them before they come up in an exit interview instead.
  • Cross-training and documentation: losing an IT employee normally means losing most of their knowledge about your company’s infrastructure, systems, and processes. Developing a strategy for retaining that knowledge even if an IT team member leaves your company should be a big part of your 2022 IT planning, with initiatives like creating a robust documentation system to store important information and cross-training other employees on critical IT systems.
  • Partner with outside support: at the risk of sounding self-serving, partnering with an outsourced IT partner to provide flexible IT resources can help organizations adapt to business changes with less headaches. This can give your in-house IT team members better work/life balance, increasing internal retention and helping ensure continuity when they are unavailable.

3) Develop Your IT Plan & Budget

Every organization should have an IT budget that is monitored and updated every year. Especially with an uncertain economy, the last thing most businesses need is to be surprised by a large IT expense in 2022. Now is a great time to take a look at the technology you’re currently using and figure out if there are better alternatives or new investments you need to make.

Any good IT budget should align with your business goals, provide a plan to respond proactively to cybersecurity risks, and ensure you can run your organization efficiently. You’ll also want to plan for potential IT expenses, such as:

  • Large IT infrastructure projects 
  • IT support and maintenance agreements 
  • New hardware & licensing costs 
  • Telecommunication costs: ISP, VOIP, etc.
  • Cybersecurity Insurance 

We often hear from business leaders that creating and sticking to an IT budget is impossible, but it can be done with a good team and the right priorities. You’ll want to involve your leadership team and any other key stakeholders in the planning process, and consider engaging a fractional CIO or a company like TechMD for assistance if you don’t already have a C-Level IT employee.

We can help you prepare for the IT future

Staying proactive about IT and cybersecurity is more important than ever. Is your remote team fully secured on the cloud? Do you have a plan to mitigate IT attrition in 2022? Do you have a budget to address your IT needs over the next few years? If you are looking for help with any of these IT priorities or feel like you could use some guidance about planning out your year, please don’t hesitate to contact us!

December 15th, 2021|

TechMD Named on UpCity’s 2021 Local Excellence Awards!

We are excited to announce that TechMD has been recognized as one of the top B2B service providers of 2021 by UpCity!

UpCity helps businesses find high-quality B2B service providers they can trust. Their UpCity Recommendability Rating is used to determine a service provider’s credibility and recommendability, giving UpCity the confidence to recommend them to the more than 1.5 million businesses that visit their site. Each year, UpCity analyzes and scores more than 70,000 service providers based on their UpCity Recommendability Rating and acknowledges the top national and local providers with an UpCity Excellence Award.

This award is driven by our 5-star review rating on UpCity. Here are a couple of our favorite pieces of feedback we’ve received from our wonderful clients:

“TechMD is always on the cutting edge of technology. They stay on top of what’s new, what’s coming, and what’s changing. Anything to do with IT, the team has created a name for themselves. Anybody who chooses them as a vendor has chosen well. Shaun (vCIO) is our primary contact, along with him, I have worked with talented Professional Service Consultants, analysts, project managers, leads, help desk staff and in touch with their bookkeepers, and purchasing specialists regularly. Each one has a role that brings together an awesome team that allows us to function. Lets not forget their amazing leaders, Sebastian and Mark, that have a big heart for non-profits like ours. Aside from the technical knowledge, their personalities are great. They’re easy to talk to and they communicate in a way that helps us understand what their technical mind is saying. I truly admire all the work they do; the teams assigned to our agency work hard to please us and do it with a smile. There hasn’t been anything that TechMD hasn’t been able to resolve for us. They’ve been amazing at keeping our infrastructure running so that we’re able to provide our services to families in need.”
Maria Llamas

“Helped me get all the apps needed on my work laptop and track down old files from previous years! Thanks TechMD!”
Alexis Roundy

As an award-winning IT services firm in Orange County and Los Angeles, we are committed to protecting our clients from the latest cybersecurity threats while also providing best-in-class managed IT services. We are passionate about improving productivity and eliminating downtime by bringing enterprise-level IT solutions to small and medium-sized businesses, and we’re honored to be recognized by UpCity.

May 18th, 2021|

Webinar: Microsoft 365 and the Modern Workplace

Many organizations already have Microsoft 365 licenses but are not fully leveraging the productivity, collaboration, and security features that come built-in with Microsoft 365.

On May 6th at 11:30am, TechMD will be hosting a webinar on how to maximize ROI with Microsoft 365 and take advantage of some of the key features that most businesses overlook. You’ll come away from this webinar with some practical information about:

  • High-impact security features you should be implementing
  • How to maximize the effectiveness of Microsoft Teams in your organization
  • Best practices on how to securely share sensitive information
  • Collaboration and productivity tools you may not be taking advantage of
May 7th, 2021|

Help Your Team Get Things Done with Microsoft Planner

How to Get the Most Out of Microsoft Planner

Microsoft 365 comes with a suite of productivity tools that seamlessly integrate with one another, allowing organizations to manage their workflow, communications, and storage all in one place. Microsoft Planner is Microsoft’s task management tool that makes it easy for teams to collaborate and organize their work visually.

Planner allows teams to create project plans, assign and organize to-dos, manage project timelines, and collaborate in real time. Planner also integrates seamlessly with Microsoft Teams and SharePoint, which means teams can store important links, files, and other content alongside their associated tasks. This ensures that everything related to a project is stored together and is never more than a click away.

Here are three best practices to help you get the most out of Microsoft Planner: 

1) Integrate Planner with Microsoft Teams

While you can access and manage Planner online, consider setting up plans and organizing tasks directly from within Microsoft Teams. This allows you to link up Planner’s project and task management system with Teams’ collaboration and communications platform, keeping everything in one place and dramatically improving your team’s efficiency. You can learn more by checking out our video on collaborating with Microsoft Teams. 

2) Organize Tasks by Action Priority

Consider organizing tasks by action priority: keep quick wins (high impact, low effort) separate from big projects (high impact, high effort) and fill ins (low impact, low effort). This allows your to prioritize activities based on time, importance, and effort.

3) Take Advantage of Views

Planner has three different views (board, chart, and schedule) that can be toggled between with a single click. The board view uses a kanban-style board to organize and structure your tasks, while the schedule view provides a high-level calendar view of a project’s timeline, and the charts view displays your progress visually. Learn more about views by checking out our One-Minute Wednesday video on organizing by view in Microsoft Planner.

For organizations already in Microsoft 365 and looking for a tool to help their team manage project timelines and organize and assign tasks, Microsoft Planner is the perfect fit. Its seamless integration with Microsoft Teams and the rest of the Microsoft 365 product suite allows teams to manage tasks, files, and communications all in one place, boosting productivity and efficiency across the organization.

April 15th, 2021|

Communicate Better with Microsoft Stream

How to Get Started with Microsoft Stream

Internal communications can be a headache—we’ve all received emails that were longer than they needed to be, and many of us have probably sent long emails that never got read. But there’s a better way: start sending short videos instead of long emails with a tool like Microsoft Stream. 

If you’re not already familiar, Microsoft Stream is a video app in Microsoft 365 that empowers users to create, manage, and share videos securely just as they would any other file. Stream makes it incredibly easy to record and share a short video with other team members, which saves time and headaches for everyone. 

Here are three ideas for effectively leveraging Microsoft Stream in your organization: 

1) New Employee Onboardings 

Rather than set up a series of time-consuming meetings whenever you hire a new team member, consider developing a suite of pre-recorded videos that can guide new hires through what they’ll need to know about your organization’s culture, processes, and day-to-day operations. This saves a ton of time and effort. 

2) Internal Training 

Training procedures, answers to common questions, and internal classes or meetings can be recorded and uploaded to Microsoft Stream for your team to reference later. This allows you to avoid scheduling redundant meetings to cover critical info when people in new roles need to get up to speed on how the company operates. 

3) Personalized Messages from the C-Suite 

Important communications from your executive team are more personable and high-impact when they come in the form of video recordings. Do away with long emails about the future of the company and get your CEO in front of the camera instead! This improves the quality of your communications and boosts employee morale. 

Stream videos are stored natively in SharePoint, which allows you to organize your content and provides you with all the access control features that apply to other files in Microsoft 365—you can manage who can view certain videos, set expiration dates on share links, and decide how widely you want to share content. 

To learn more about Stream, you can check out our One-Minute Wednesday episode on how to get started with Microsoft Stream. 

March 23rd, 2021|

TechMD is SSAE-19 Certified!

TechMD is proud to announce that we are now certified as operating under the Statement on Standards for Attestation Engagements (SSAE) No. 19, based on the Center for Internet Security’s (CIS) Critical Security Controls. TechMD is currently certified with a Security Maturity Level (SML) Score of 3.5, and we are working towards reaching SML 4.0 soon. We are one of the first Managed Service Providers in Southern California to have received this certification, and we are incredibly proud of all the hard work and effort that went into hardening our cybersecurity posture!

The CIS 20 Critical Security Controls and Benchmarks are global industry best practices endorsed by leading IT security vendors, governing bodies, laws, and regulations. SSAE 19 Cybersecurity Certification reports are the benchmark compliance report for MSPs and other organizations impacted by cybersecurity compliance and regulations, including CCPA, HIPAA, PCI, and SOX. TechMD follows the CIS 20 Controls in order to quickly and reliably establish the protections required to prevent the most common cyberattacks and safeguard our clients’ information.

March 16th, 2021|

Tech Talk: Get Started With Business Intelligence & Microsoft Power BI

How to Get Started with Power BI

On today’s Tech Talk, we’ll be discussing business intelligence (or BI for short), which is a process for discovering trends or patterns in your data and then presenting them in a visually-engaging way. Seeing your data fully visualized helps you understand what’s happening across your organization and helps informs your decision-making.

Implementing BI used to be a heavy lift, but tools like Microsoft’s Power BI have done away with the need for expert coding skills, and the process is now a lot simpler than most expect. Here’s how you can get started with Power BI in 5 simple steps:

#1 Download and Install Power BI

Power BI has a free version that you can easily download and start using. Be mindful that Power BI Pro licenses are included with a Microsoft 365 E5 or Ofice 365 E5 subscription, so may already have access through these plans.

#2 Data Sources

BI’s results will only be as good as the data you import, so ensure that your data is organized. With Power BI open, click on Get Data to start importing a data source. BI is flexible, allowing you to import data from multiple sources.

#3 Model Your Data

At this stage, you can begin building relationships between your data. Power BU allows you to drag and drop columns between tables and perform analytics with the data you’ve imported.

#4 Build Your Reports

Now, you can begin to create visualizations that present your data in an organized and fun way. Utilizing a menu of templates, you can drag and drop data to be presented in the way you wish.

#5 Ask Questions of Your Data

Power BI gives you the ability to ask questions of your data by typing into a query, similar to a Google search. It’s a great feature that uses machine learning and natural-language processing to navigate through your data and stay informed.

Power BI is essential to how TechMD functions every day. Here are a few examples of how we use data to provide the best IT experience possible:

SLA Dashboard:

This dashboard tracks our open support tickets and ensures efficiency when responding to our clients.

Customer Satisfaction Dashboard:

This dashboard contains our average NPS score across time, lets us compare ourselves against national NPS scores, and displays our team members with the best customer satisfaction score.

Hopefully now you have a better idea of what business intelligence is capable of, why your organization might want to use it, and how to get started with Power BI. You can find several resources for further learning about Power BI below. If you have any questions, don’t hesitate to reach out to us!

Further Resources

About TechMD

TechMD is an award-winning IT services firm that specializes in managed IT services in Orange County and Los Angeles, managed cybersecurity, cloud solutions, and strategic IT consulting. We are passionate about bringing enterprise-level productivity, scalability, and security to small and medium businesses.

March 11th, 2021|

Zero-Day Exploit Affects Microsoft Exchange Servers

Microsoft has announced that Hafnium, a Chinese-backed cybercriminal organization, has been taking advantage of four zero-day exploits to attack on-premises Microsoft Exchange servers. These newly-discovered vulnerabilities are being used to infiltrate networks and steal data, and they pose a serious risk to any organization running on-premises Exchange servers. We strongly recommend that any organizations with on-premises Exchange servers, including hybrid Office 365 setups, should apply Microsoft’s security updates immediately.

If you are a TechMD client and are using any version of Microsoft Exchange Server that was affected by this exploit, then we have already applied the relevant security updates.

This zero-day exploit affects the following versions of Exchange:

  • Microsoft Exchange Server 2019
  • Microsoft Exchange Server 2016
  • Microsoft Exchange Server 2013
  • Microsoft Exchange Server 2010

You can find links to Microsoft’s security updates below:

To ensure your organization is protected from data breaches, your IT team will need to apply the security updates above and follow Microsoft’s guidelines to secure your Exchange server(s). Again, it is vital that this patch is applied to any affected servers as soon as possible, even for organizations that have shifted email infrastructure to Office 365 but retain any on-premises Exchange servers.

For more information about migrating your email to Microsoft Office 365 the right way, or if you’d like to discuss how TechMD can help your organization be more proactive about cybersecurity, please contact us.

March 3rd, 2021|

Webinar: Building A Framework-Based Managed Security Program in Your Business

Cybersecurity has become an even hotter topic over the last 12 months as businesses have accelerated their plans to operate in virtual and remote environments. Despite the growth of sophisticated techniques used by cyber criminals, we know that 98% of data breaches can be prevented by implementing the Center for Internet Security’s Top 20 Critical Security Controls correctly.

Surprisingly, most businesses have not implemented these Top 20 Controls. In this webinar, we discussed the different types of CIS security controls and explored a globally-recognized framework for assessing your business’ existing cybersecurity defenses. The webinar included two guest cybersecurity experts, Kevin Holmes and Eric Rockwell from MAP CyberSecure.

  • Kevin Holmes is the Audit and Assurance Practice Leader at Martini Akpovi Partners and has extensive experience in internal controls consulting. He holds the AICPA Internal Control Certification in the COSO Internal Control Integrated Framework. Kevin also holds an AICPA Certification in Cybersecurity Advisory Services.
  • Eric Rockwell has more than 17 years of leadership experience helping clients optimize their IT environment while aligning with business goals. A member of the Center for Internet Security, Eric is an expert in risk management, incident response, infrastructure protection, business continuity and disaster recovery.

Special thanks to our partner:


February 17th, 2021|

Executive Extortion: The Evolution of Ransomware

By now everyone knows that ransomware is a real threat with real risks to businesses of all sizes. What you may not know is that hacking techniques are evolving and ransom payments are going up. ZDNet reports a new trend where cybercriminals directly target the computers of top executives at small and mid-sized companies. Executive computers are much more likely to contain sensitive information about the company as well as personal information that a CEO would not want to see on the internet. Gaining access to these computers is highly valuable for pressuring management into approving high-dollar ransom payouts, which means that executives are even more of a target and should consider taking extra steps to secure their information. 

Cybercriminal groups are well aware that small and mid-sized businesses have generally not implemented cybersecurity best practices. This makes SMBs easy to infiltrate and allows cybercriminals to spend an average of 200 days inside a network undetected. While in the network, they can sift through executives’ files and emails in order to exfiltrate data that might be useful in threatening, embarrassing, or putting pressure on a company’s management. Cybercriminals might find proprietary company data, financial numbers, or compromising personal information and threaten to post them to online leak sites. They might also plan to disclose the data breach to authorities, which causes reputational damage and may also incur a fine from regulators. 

By now every business needs to conduct a cybersecurity assessment to understand their largest vulnerabilities. TechMD recommends following the NIST Cybersecurity Framework and the CIS Top 20 Controls. In the meantimehere are a few simple steps that every executive can take right now to protect themselves from cybercriminals:

1) Use complex and unique passphrases on your accounts 

Because trying to come up with and remember unique passwords for hundreds of different accounts is impossible, most people use one simple password for everything. However, this presents a huge security vulnerability: cybercriminals can easily breach accounts via brute force (working through a list of commonly-used password combinations) or find passwords in one data breach and reuse it to compromise unrelated accounts (since the password is likely to be identical). 

To address this issue, we recommend creating complex passphrases instead of a passwords. Passphrases are long strings of words that are easy to remember but hard to brute force—an example might look like George loves breakfast!”We also recommend using a password manager like LastPass or Dashlane to generate complex passwords and store them for you. This combination of a single master passphrase to access your password managers and automatically-generated complex passwords for all your other accounts should keep you safe from most simple password breach attempts. 

2) Set up Two-Factor Authentication on everything 

Even if you have a strong passphrase and unique passwords across all your accounts, you’re still vulnerable to a third-party suffering a data breach and releasing your information. To combat this, it is critical to enable Two-Factor Authentication (or 2FA) on all your accounts. 2FA works by creating an extra layer of security by validating your logins with a text message or app prompt on your smartphone. 

Symantec recently published a study that showed that two-factor authentication could have prevented over 80% of all account compromises. This makes 2FA one of the single most important things you can do to protect yourself and your business from cybercriminals. To see 2FA in action, you can check out our recent One-Minute Wednesday on how to get started with two-factor authentication. 

3) Understand how to identify and avoid phishing scams 

Phishing is a common cyberattack where a cybercriminal sends an email that looks like it’s from a legitimate institution or company in order to trick the recipient into divulging personal information, wiring money to an offshore account, or install malicious softwarePhishing emails usually mimic the logos, web addresses, and language from real companies in order convince you that the email is legitimate. Phishing emails can also be highly targeted—cybercriminals often do background research and send extraordinarily specific emails that appear to be from clients or close associates, which include information that you wouldn’t expect anyone else to know. 

Here are a few things to keep in mind about phishing: 

  1. Never click on links or open attachments from suspicious-looking emails, especially if they are asking you to enter login credentials. 
  2. Keep an eye out for unusual requests or other odd features about an email. Common phishing tactics include sending emails from a “personal email” because the sender is “locked out” of their work address, instilling a sense of urgency or claiming an emergency in order to bypass the recipient’s natural suspicion, and claiming to be too busy to discuss the email further or clarify the request. 
  3. If you’re not sure that an email is legitimate, always reach out to the sender directly. Call them to confirm they sent the email, or ideally discuss it with them in person. 

Stay Safe! 

Executives and management teams are increasingly the targets of highly sophisticated cybercriminals. If you’re in a high-level position in your organization, it’s critical that you take extra caution when it comes to cybersecurity. 

However, it’s not enough to protect yourself if your business doesn’t also have a robust cybersecurity strategy in place. The best way to find out how secure your business is today and get the best ROI on your cybersecurity spending is to perform a Security Maturity Level Assessment (SMLA). Developed to follow the globally-recognized NIST Cybersecurity Framework, the SMLA provides a big-picture look at your business’ cybersecurity along with specific, detailed recommendations about how to improve. 

If you have any questions, feel free to contact TechMD or check out our managed cybersecurity page! 

February 5th, 2021|

Top 3 IT Priorities for 2021

2020 was an unprecedented year, and businesses with inflexible IT solutions were caught off guard and had a rough time during the pandemic. And with continuing uncertainty, most organizations we talk to are trying to avoid getting surprised by sudden IT issues and costs over the upcoming year. 

In light of that, we’ve been looking at some new priorities as we discuss our clients’ IT strategies for the upcoming yearranging from budgeting to cybersecurity to cloud technologies. Here are three key priorities to make sure your business isn’t caught off guard by IT in 2021: 

1) Develop an IT budget 

With tight budgets and an uncertain economy, the last thing most businesses need is a big surprise IT expense in 2021. Believe it or not, IT budgets can be created and followed with the right team and good prioritiesYour IT budget should align with your goals, ensure you can invest in the technology you need to run your organization effectively, and plan to respond proactively to cybersecurity risks. It should also include plans for key expenses, such as: 

  • Large IT infrastructure projects 
  • IT support and maintenance agreements 
  • New hardware & licensing costs 
  • Telecommunication costs: ISP, VOIP, etc.
  • Cybersecurity Insurance 

During this process, make sure that you involve your organizations leadership team and stakeholders. If you don’t have a C-level IT employee at your company, you may want to look into engaging a fractional CIO or company like TechMD to help guide you through the process.  

2) Avoid Cybersecurity Surprises 

It seems unfair, but the reality is that ransomware attacks grew immensely during the pandemic. Cybercrime Magazine recently reported that a company was successfully attacked every 11 seconds in 2020. For that reason, 2021 has to be the year that your business creates a cybersecurity incident response plan. It’s critical to have a clear policy and procedure to follow when your organization is hit with a data breach or a ransomware attack.

If you feel lost creating that policy or are unclear about what your cybersecurity risk profile looks like, 2021 should be the year to invest in a cybersecurity assessment, which are not as expensive and impractical as you may think. All businesses should conduct a Security Maturity Level Assessment (SMLA) that follows the clearly published guidelines of the two cybersecurity authorities: the NIST Cybersecurity Framework (NIST CSF) and the Center for Internet Security (CIS)The SMLA process provides you with a clear picture of your organization’s most critical cybersecurity vulnerabilities, along with your official Security Maturity Level Score (ranging from 0 to 5). From there, you will be able to create a prioritized and customized action plan that will maximize the ROI of your cybersecurity program. You can learn more about the SMLA process here. 

3) Invest in Your Remote Workforce 

2020 was a mad rush to the cloud, as the pandemic forced businesses to find and implement remote workforce solutions quickly. Many organizations ended up with stop-gap solutions that left important details unchecked, which is both a cybersecurity risk and a drag on productivity. 

Cybercriminals have been specifically targeting remote employees this year, and taking steps to secure remote workforces should be a top priority for most businesses in 2021. Here are a few critical items to prioritize: 

  • Two-Factor Authentication (2FA) is one of the best cybersecurity tools or policies in terms of return on investment: a recent Symantec study found that over 80% of all data breaches could have been prevented by 2FA. If you’re not familiar with how 2FA works, you can check out our One-Minute Wednesday episode on 2FA. 
  • Single Sign-On (SSO) is a solution that allows users to log in once, using a master username and password, and then have those credentials provide access to all their other business apps. You can learn more about SSO by reading our recent article here. 
  • Secure your VPNs by enforcing complex password policies and requiring two-factor authentication. Additional policies such as blocking certain geographic regions from accessing your VPN is also a good idea. 

Remote work isn’t going anywhere, so 2021 will also be a good year to look at how to fine tune your company’s culture and increase engagement and productivity with your remote workforce. Here are a few tasks and tips to add to your list: 

  • Figure out how to communicate more effectively on platforms like Microsoft Teams. Use of Teams, Zoom, Slack and Google Chat/Hangouts all spiked to record levels in 2020, and in our experience, usage grew organically with little to no management oversight. 2021 will be the year to create standards for how messaging gets distributed throughout your organization. Take a look at the Teams, communication channels, and security user groups that exist today and think about how they can be organized more effectively.
  • Clean up and secure your cloud file storage platform. The remote workforce in 2020 also led to increased usage of apps like Dropbox, SharePoint, OneDrive, Box, Google Drive, etc. Does your company have policies and protections in place to clearly dictate what your staff can and cannot do with company data? Have you double checked your user and folder permissions to confirm that employees can’t access confidential company data or share sensitive information? Have your IT team take a look at the configurations and make sure data is separated and secured properly. 
  • Consider upgrading your old phone systemThe modern remote workforce requires the ability to take work calls from home in the same manner as at the office. Many businesses are still working off a legacy system that made transferring and answering calls a painful experience in 2020. Modern phone systems can be hosted from the cloud and soft phone apps can be added to mobile devices to make communication nimble, professional, and effective. Be sure this is on your budget and engage a VOIP consultant to help find the right solution. If you don’t know a good VOIP consultant, contact TechMD and we can refer you to someone 

Get Proactive in 2021 

2020 highlighted the importance of staying proactive about IT, and 2021 will likely be no different. Businesses will need to prioritize creating a budget for IT, developing a robust cybersecurity posture, and making sure their remote workforce is flexible and productive in order to stay ahead of the curve. If you are looking for help with any of these areas or feel like you could use some guidance about planning out your year, please don’t hesitate to contact us!

December 16th, 2020|

Cybersecurity Alert: Microsoft 365 Vulnerability Leads to US Treasury Breach

State-backed hackers use Microsoft 365 vulnerability to breach US Treasury

Reuters reported over the weekend that foreign state-backed hackers have breached Microsoft 365 accounts at the US Treasury Department, using their access to secretly monitor email accounts and email exchanges between the US Treasury and the National Telecommunications and Information Administration. The attack was extremely sophisticated and was able to bypass Microsoft’s authentication controls.

Microsoft has released guidance for how organizations can bolster security to attempt to avoid these attacks, and we suggest having your IT provider take a look at this document and make sure your organization is following the recommended best practices. In addition to Microsoft’s recommendations, here are 3 tools and tips to help protect both personal and business accounts from cybercriminals:

1) Set up Two-Factor Authentication (2FA)

Two-factor authentication is the one tool that provides the highest ROI in terms of protecting your accounts from unauthorized access. Microsoft has said that 2FA can prevent 99% of automated attacks on Microsoft 365 accounts, and a recent Symantec study found that 2FA would have prevented up to 80% of data breaches (of all types). If your organization is not currently securing all employee accounts with 2FA, then implementing it should be your top priority. You can also set up 2FA for most of your critical personal accounts (like online banking) in just a few minutes. In general, we recommend using an app-based solution like Duo or Google Authenticator rather than SMS-based text messages for both business and personal accounts. If you’d like to learn more about 2FA, you can check out our One-Minute Wednesday episode on how it works.

2) Improve your password hygiene

Never use the same password twice—if your password becomes compromised in a data breach, cybercriminals can (and will) attempt to use it on all your other accounts. For personal accounts, we recommend using a password manager (like LastPass) to help you 1) keep track of all your unique passwords and 2) create highly-complex, strong passwords. Good passwords should avoid using common words, uses as many characters as possible, and includes a variety of different character types (uppercase, lowercase, numbers, and special characters).

For business accounts, the best practice would be to implement Single Sign On, which allows you to use a single master username and password to access all your business applications, and then protect it with Two-Factor Authentication. You can learn more about SSO by checking out our recent article on it.

3) Learn to spot phishing scams

If you get an email claiming that one of your accounts has been breached and you need to login immediately, it is probably a phishing scam. Phishing is a type of attack where cybercriminals impersonate a person or organization you trust in an attempt to trick you into providing personally-identifiable information (PII) like passwords or credit card numbers. Phishing emails normally include a link to a malicious website or attachment.

The best way to avoid getting compromised is to know how to spot phishing emails. They often have misspelled words, involve a slightly misspelled website like (like microsoftsupport.ru or microsft.com), or include an urgent call to take action immediately. You can learn more about how to spot phishing emails by checking out one of our One-Minute Wednesday episodes on phishing. If you receive an email that seems suspicious, either delete it or forward it to the Anti-Phishing Working Group at phishing-report@us-cert.gov.

About TechMD

TechMD is an award-winning IT services firm that specializes in managed IT services in Orange County and Los Angelesmanaged cybersecuritycloud solutions, and strategic IT consulting. We are passionate about bringing enterprise-level productivity, scalability, and security to small and medium businesses.

December 15th, 2020|

Combining Security and Convenience in Your Business with Single Sign-On

In the modern workforce, managing passwords is tough. Most employees manage 85 different passwords, according to this year’s Annual Global Password Security Report by LastPass, and this presents a significant cybersecurity risk for businesses while also harming productivity and user experience.

Most business leaders are aware that maintaining a robust password security posture is more important than ever, as cybercriminals continue to target small and mid-sized businesses (and their employees). However, the rise of cloud adoption also means that most users expect to have seamless access to multiple applications from anywhere and on any device, and 2020’s exponential increase in work-from-home situations only exacerbates the issue by adding new applications and forcing users to enter passwords more often.

One of the best solutions to this security/productivity dilemma is called Single Sign-On (SSO). Single Sign-On means that users don’t have to sign in every time they need to use an application—instead, they log in using a master username and password and those credentials are used for all their other business apps. This solution perfectly combines security and simplicity, allowing your team to stick to a single master password while also improving your organization’s security posture. SSO also helps satisfy compliance requirements built on the NIST Cybersecurity Framework and CIS Top 20 Controls, making it a win-win for organizations subject to CMMC, HIPAA, CCPA, and others.

How SSO Improves Security & Increases Productivity

By allowing employees to use a single set of login credentials everywhere, SSO boosts productivity while also improving your overall cybersecurity posture. Here’s how:

Better Passwords

Employees at small and mid-sized businesses manage 85 different passwords on average. This presents a large security risk as users are likely to create simple passwords and reuse them across multiple logins. With SSO, users only need to remember a single password for all their applications, which means they are more likely to create a stronger passphrase that can’t be reused in multiple places.

Two-Factor Authentication on Everything

Enabling Two-Factor Authentication (2FA) is one of the single most important things you can do to improve your cybersecurity posture: a recent Symantec study found that over 80% of all data breaches could have been prevented by 2FA.

2FA and SSO are a match made in heaven: by enabling Two-Factor Authentication on each user’s master login, you effectively protect every application that your team needs to access, without forcing them to enter their 2FA code for every app. To learn more about how Two-Factor Authentication works, check out our One-Minute Wednesday episode.

Secure User Provisioning

Traditionally, when an employee leaves the company, the IT department needs to track down and change every single password that employee had access to. With an average of 85 passwords to update and (generally) a lack of documentation about which accounts were in use, this can present a major security vulnerability for most businesses.

SSO solves this issue by streamlining the user provisioning/deprovisioning process: when someone leaves the company, the IT team only needs to disable a single master account and/or update a master login. This can save a ton of time and, more importantly, means your IT team will never overlook an account that needs to be locked down.

Fewer Support Requests

Users often forget passwords and get locked out of important applications, and this usually necessitates a call to your IT department or IT provider to initiate a password reset. Enabling SSO means your employees only have a single password to remember, which means they’ll get locked out less often and the downtime associated with password reset requests will be significantly reduced. This frees up your employees to be more productive and your IT team to focus on important proactive work.

Improved User Experience

Single Sign-On is already a part of most people’s personal lives—we’re used to logging into a single Google login and then automatically having access to our Gmail, Google Drive, YouTube, etc. SSO extends this user experience to your employees’ work environment: your team won’t need to stress about password management or click through multiple login windows for every application, saving time with every login and boosting overall productivity.

Find Out How SSO Works For Your Business

With more people working from home and using cloud applications than ever before, it is increasingly important for businesses to develop a cybersecurity strategy. SSO is a powerful tool for securing your business from cybercriminals while also improving user experience and boosting productivity. If you have any questions about how SSO could work for your business, please don’t hesitate to contact us!

November 18th, 2020|

TechMD Named Best Managed IT Service Provider of 2020 by Digital.com

TechMD recognized among the most proficient and cost-effective MSPs for small businesses and startups

We are proud to announce that Digital.com, a leading independent review website for small business online tools, products, and services, has named TechMD to its list of best managed IT service providers of 2020!

Experts at Digital.com conducted a 40-hour evaluation of over 150 managed IT companies across the web. TechMD and other providers were evaluated based on several key factors and customer feedback, and each managed service provider was required to offer a variety of services such as cloud consulting, cybersecurity, and IT support. The guide also examined company size to provide a broad selection and meet the needs of multiple small businesses. Only companies with diverse industry experience were considered for the final list.

To access the complete list and check out TechMD’s profile, please visit https://digital.com/managed-it-service-providers/#TechMD

November 2nd, 2020|

The One Cybersecurity Assessment Every SMB Needs

Most cybersecurity assessments today do not follow an authoritative framework, are incredibly expensive for what they provide, and (most importantly) fail to answer these three critical questions:  

  • How secure is our business today? 
  • What is the appropriate level of cybersecurity for our business? 
  • How can we improve cybersecurity practices to meet business objectives? 

TechMD’s Security Maturity Level Assessment (SMLA) process fully answers these three questions by following the nationally-recognized NIST Cybersecurity Framework (you can learn more about NIST framework here). And with an all-in flat-rate price of $6,000 for the entire SMLA process, our assessment is as cost-effective as we can make it. 

Here is an overview of how TechMD conducts the NIST SMLA and what we provide once we’re finished: 

Security Maturity Level Assessment (SMLA) 

Step 1: Confirmation of Business Cybersecurity Requirements 

The SMLA process begins with scheduling a complimentary meeting where TechMD will seek to understand your business cybersecurity needs, what your cybersecurity posture looks like today, and how your IT infrastructure, IT systems, and IT support are set upBy the end of this meeting, you’ll understand how the SMLA process works, you’ll know the all-in flat rate costs for the assessment, and you’ll have a high-level overview of how our process will impact your overall cybersecurity posture. 

If you want to move forward, we’ll sign an SMLA agreement and will begin the process of identifying the key personnel that will need to be interviewed as a part of the assessment process. Click here for a sample Statement of Work document for the SMLA. 

Step 2: Interviews with Key Personnel 

The SMLA is built to follow the NIST Cybersecurity Framework and the CIS Top 20 Cybersecurity Controls. Once we begin the assessment, we will sit down with key personnel, usually a C-level executive plus whomever manages IT and HR, to understand how your organization stacks up against the NIST framework and CIS Top 20 Controls. 


This is a highly-detailed, structured process where we assess the status of and execution on each of the CIS 20 controls and sub-controls one-by-one. The goal is to understand whether there is a policy or practice in place that satisfies each control, and if so, to what extent it satisfies the control. For each control, we’ll be looking for:  

  • Is there a verbal policy that satisfies this control? 
  • If yes, is there a written policy that satisfies this control? 
  • If yes, is the policy fully automated? 
  • If yes, is there a reporting process in case the policy fails to execute properly? 

Once we gather all the data for each of the CIS 20 Controls, we will make evidence requests to prove compliance. We will also be documenting everything along the way and maintaining an inventory of evidence provided. This is important because we are taking the position of an outside auditor—our job is to ensure that you can pass an independent audit, and we will stand behind you if and when you decide to engage one. 

Step 3: Review the Evidence 

Once the initial key personnel interviews and evidence-gathering process is completed, we will review the policies provided by the client and the technical evidence provided by the IT team, determine if each policy satisfies its corresponding control and would pass an audit, and finally analyze all the information to get a high-level overview of the organization’s cybersecurity compliance. 

After our analysis is complete, we normally expect to schedule follow-up meetings with key personnel to fill in any gaps in information. Once we have a complete picture, we’ll move on to the deliverables. 

SMLA Deliverables 

As a result of the SMLA process, you will receive: 

Official Security Maturity Level (SML) Score  

Your SML score will range from 0-5 and will include a full breakdown of the percentage to which each control has been satisfied, along with a comparison to other companies in your industry. 

Executive Summary Report  

This report contains high-level insights into how your cybersecurity policies fit together and an overview of your overall cybersecurity posture. This report is based on your cybersecurity goals and where you’re falling short in relation to those goals. Not every organization needs to have an SML Score of 4 or 5, so the analysis in this report will be highly dependent on your specific needs and goals. 

Full Detail and Risk Analysis Report  

This report includes a full breakdown of what is missing from each policy and what is needed to satisfy its corresponding CIS Control, along with an assessment of how much risk each policy presents to the organization. 

Customized System Security Plan 

The first three deliverables may paint a depressing picture about your cybersecurity posture, and if so, you probably already knew roughly how bad it was. But what you probably want to know is what you should do next, so the most important piece of the SMLA process is the customized System Security Plan (SSP) and its companion Timeline and Budget.  


The custom SSP will provide you with a step-by-step plan and budget for improving your SML score. This plan will be designed to satisfy your organization’s specific timeline, budget, and goals—normally we develop 1-year plans, but you may be willing or required to spend more and arrive at your targeted SML score sooner. Our SSP applies to any industry or compliance requirement and will be customized to fit your organization’s needs. For example: 

  • You may need to be HIPAA compliant, CMMC certified, or follow any number of other industry-specific compliance requirements 
  • You may need to meet the cybersecurity requirements of a large customer  

Once you receive your customized SSP, you’ll have the freedom to execute the plan yourself if you have in-house cybersecurity expertise, or we can help you drive that process forward through a Managed Security Services Agreement. 

Get Started Today 

It’s easy to get overwhelmed by all the different cybersecurity solutions out there, but it doesn’t have to be that way. We now have a nationally-recognized cybersecurity standard in the NIST Cybersecurity Framework and CIS Top 20 Controls. With the SMLA process built on that standard, TechMD can help you understand your cybersecurity risks and develop a customized action plan that will get you where you need to be, at your own pace and according to your budget. 

To learn more about the SMLA, contact us here! 

September 16th, 2020|

Tech Talk: NIST Cybersecurity Framework

Despite knowing how important cybersecurity is for their organization, many business leaders don’t have clarity about how secure their organization is today and what cybersecurity controls are the most important for their protection. On today’s Tech Talk, we discuss how the internationally-recognized NIST Cybersecurity Framework can help any organization understand where they are in terms of cybersecurity, where they should be, and how to get there.

About TechMD

TechMD is an award-winning IT services firm that specializes in managed IT services in Orange County and Los Angeles, managed cybersecurity, cloud solutions, and strategic IT consulting. We are passionate about bringing enterprise-level productivity, scalability, and security to small and medium businesses.

August 12th, 2020|