Microsoft Office 365 includes a wide range of cloud applications that can revolutionize productivity, collaboration, and work mobility. In this Tech Talk, Sebastian Igreti tours Office 365 and discusses how it can transform the way businesses leverage the traditional Office software stack.
If you’re looking for a better way to do employee performance reviews, consider taking a look at Trakstar. In this Tech Talk, Sebastian Igreti covers how we use Trakstar to measure, track, and report on employee performance, and why we love how it helps us manage performance reviews and maintain a customer-focused company culture.
You can learn more about Trakstar on their website: https://www.trakstar.com/
At TechMD, we believe that finding the right people for the job is central to the success of our business. On this episode of Tech Talks, Sebastian Igreti discusses how we leverage SparkHire to streamline our hiring process and help us find the right candidates. SparkHire allows you to reduce the need for time-consuming phone screens, gather quality information about candidates before meeting them in person, and easily collaborate between hiring managers.
You can learn more about SparkHire at https://www.sparkhire.com.
TechMD Ranked #5 among Best Places to Work in Orange County
At TechMD, we care about investing in others, doing IT right, and creating a fun-loving and positive environment for our team. This mindset has been a major contributor to our success, as it has allowed us to hire and retain excellent people and, in turn, take great care of our clients.
This approach to doing IT right has paid off again: we are excited to announce that TechMD has been named as one of 2017’s Best Places to Work in Orange County in the Medium-Sized Employer category!
About Best Places to Work
The Best Places to Work award was created in 2009 as a project of the Orange County Business Journal and Best Companies Group. The county-wide survey and awards program was designed to identify, recognize, and honor local companies that benefit the county’s economy, its workforce, and its businesses.
Organizations from across the county entered the two-part process to determine the Best Places to Work in Orange County. The first part consisted of evaluating each employer’s workplace policies, practices, and demographics. This part of the process was worth approximately 25% of the total evaluation. The second part consisted of an employee survey to measure the employee experience. This part of the process was worth approximately 75% of the total evaluation. The combined scores determined the top organizations and the final ranking. Best Companies Group managed the overall registration and survey process in Orange County and also analyzed the data and used their expertise to determine the final ranking.
The ranking of the winning organizations will be released via a special section of the Orange County Business Journal’s July 24 issue.
Looking for a better way to facilitate employee engagement and improve morale? In this Tech Talk, Sebastian Igreti covers how OfficeVibe enables businesses to capture feedback from team members, provides improved visibility over employee engagement and morale, and helps business leaders address festering issues before they affect company culture.
Threats and attack vectors from cybercriminals continue to evolve, and businesses need to stay on top of the changing cybersecurity landscape to ensure their critical business and customer data is protected. On this episode of Tech Talks, Sebastian Igreti discusses five essential steps to keep your business safe from cybercriminals.
Microsoft recently announced their Azure Virtual Desktop Solution, which allows organizations to move their entire IT infrastructure into Microsoft’s first-class cloud environment. If you’re interested in learning more about what’s on the IT horizon and how it can benefit your organization, check out this episode of Tech Talks, where Sebastian Igreti discusses the latest in cloud technology.
MSP Mentor Recognizes TechMD
We are excited to announce that TechMD was ranked among the world’s top 501 managed service providers by MSPMentor!
The MSP 501 companies ranked this year include organizations from around the world and from diverse technology and business backgrounds. Collectively, they amassed $14.48 billion in total revenue (based on 2016 results), up more than 15 percent from a year earlier. We are proud to be included among these companies, and we are looking forward to continuing to innovate ways to help our clients protect their business from cybersecurity threats and move into the cloud the right way.
“On behalf of MSPmentor, I would like to congratulate TechMD for its recognition as an MSP 501 honoree,” said Aldrin Brown, Editor in Chief of MSPmentor. “The managed service provider market is evolving at a rapid pace and the companies showcased on the 2017 MSP 501 list represent the most agile, flexible and innovative organizations in the industry.”
The complete 2017 MSP 501 list is available at MSPmentor.net.
WannaCry Ransomware Causes Global Security Breach
You may have seen the news this weekend: cybercriminals released a new strain of ransomware that can automatically spread itself across all computers in a network. It’s been dubbed “WannaCry” and it’s causing a global epidemic. More than 40 hospitals in the UK were shut down over the weekend. Spanish telecommunications firm Telefonica reported 85% of their systems went down because of the cyberattack. And those are just a few of the victims: this monster has infected hundreds of thousands of systems in more than 150 countries.
This piece of malware is particularly dangerous because it only requires one person to make a mistake: if someone opens a phishing email attachment, it will not only infect their computer but will immediately spread to everyone else’s computer on their network.
Each infection demands a $300 bitcoin payment to unlock that computer’s files, leading to massive downtime while breached companies attempt to make payments and wait for unlock keys to come back from the cybercriminals.
Steps TechMD Has Taken:
IT Security has always been a top priority at TechMD. We know there’s no silver bullet when it comes to IT Security, so we have invested in the following layers to protect our clients:
- Patch Management: we regularly update computers under our management with the latest security patches, and typically we do this work in the middle of the night while our clients are sleeping. Back in March, Microsoft released a patch to protect against the vulnerability exploited by WannaCry, and our team worked around the clock to deploy the update.
- Email Filtering: emails sent to our clients are filtered for spam and malware. We block thousands of emails every day from reaching our clients’ inboxes, helping to reduce the threat from these types of attacks.
- Antivirus: all the computers under our support have antivirus software that we install and manage. Our team monitors this critical layer of protection and work tirelessly to keep your antivirus software working and updated.
- Training and Awareness: individual users are by far the most important security layer in protecting themselves and their organization. Our weekly training videos and cybersecurity email alerts are helping to educate and train our 6,000 end users.
- Backup: we know there’s nothing anyone can do to guarantee security, and that’s why it’s critical that our clients have a robust backup strategy. In case all else fails we will use the backups to recover any lost data and reduce downtime.
In addition to these layers, TechMD has developed hundreds of best practices over the past 15 years. We have a team dedicated to deploying and managing these policies that are critical to keeping our clients safe from cyberthreats.
What Should You Do About This?
We have been working behind the scenes to protect your organization from this breach, but we still need your help. Here are a few things you can do to make sure WannaCry doesn’t infect your company network:
- Remain Cautious with Email Attachments: be very careful when you get an email with an attachment or a link, especially if the email is unexpected. Opening attachments can immediately infect your computer, and following malicious links can give cybercriminals access to your computer and data. Remember: “When in doubt, throw it out!”
- Don’t Wait, Alert TechMD: if you think you have been infected, or if you accidentally opened a suspicious-looking attachment in an email, don’t wait! Let us know ASAP by calling 888-883-2463.
For a quick refresher on how phishing attacks work and how to avoid them, check out this One-Minute Wednesday episode:
How Can You Protect Yourself at Home?
Although we only support the computers at your office, we want to share some steps you should take to make sure your personal computers are protected:
- Patch Your Computer: the vulnerability exploited by WannaCry does not exist in Windows 10 however, the vulnerability is present in all prior versions. If you haven’t already done so, make sure your computer is patched with the latest security updates. Please refer to this article from Microsoft for more information.
- Check Your Antivirus: check to make sure your antivirus software is working and fully updated. If you don’t have an antivirus on your home computer, here’s an overview of the top 2017 antiviruses.
All Quiet at TechMD
Although it’s too early to spike the football, as of today TechMD has had zero reported infections across the 6,000 workstations we manage. Our goal is to make sure your technology is seamless so you can stay focused on your day. That means we’ve made security a top priority, and we will continue working around the clock to respond to the ever-changing threats posed by cybercriminals. All that’s to say: don’t worry, we’ve got your back!
Have a productive week, and thank you for partnering with TechMD!
Make sure you change duplicate passwords immediately!
On Thursday of last week, website security provider Cloudflare announced a major security vulnerability affecting their service. This vulnerability has caused sensitive user data to be exposed across a number of popular websites, like Yelp, Uber, and others.
To protect yourself, make sure you are not reusing any passwords on multiple accounts. If you are reusing passwords, we suggest changing them to unique passwords immediately. People often get into trouble when a breach compromises one of their passwords, and they also use that password for their bank account, credit cards, or other sensitive logins.
We know it’s tough to make sure every single password is unique, so we recommend using a tool like LastPass. To learn more about LastPass, check out this article and One-Minute Wednesday video on our favorite password manager. You can also watch the video below:
Tax season kicks off with W-2 phishing and wire transfer scams
These days, most of us are probably aware of CEO fraud, where cybercriminals impersonate high-level executives and trick employees into wiring company funds to an external account. And you may remember hearing about W-2 phishing during last year’s tax season, where scammers impersonated CEOs to extract employee tax forms from unsuspecting finance employees.
Recently we’ve been seeing these two scams combined into a one-two punch. The IRS has released a security alert warning that scammers have started W-2 phishing much earlier than normal this year. Scammers have already extracted W-2 data from a number of U.S. companies, which have subsequently been used to file fraudulent tax returns. What’s worse is that these scammers are following up on their W-2 scam emails with a second set of phishing attacks, where they send a spoofed “executive” email to someone in the finance department demanding an urgent wire transfer.
“This is one of the most dangerous email phishing scams we’ve seen in a long time,” IRS Commissioner John Koskinen said. “Although not tax related, the wire transfer scam is being coupled with the W-2 scam email, and some companies have lost both employees’ W-2s and thousands of dollars.” A recent Federal Trade Commission report indicated that tax fraud contributed to a 50% increase in identity theft in 2015, and we think the upward trend will likely continue.
What should you do about this?
Most importantly, we suggest you send this email to anyone you feel may be at risk, whether employees, friends, or family. Feel free to modify the email to fit your needs:
[ALERT] Cybercriminals are starting their tax scams early this season! They are now combining two scams into a strong one-two punch. First, they ask you to send them the W-2 forms for all employees, with the email looking like it comes from the CEO or a C-level executive. Next, they follow up with an urgent request to transfer a large sum of money to a bank account controlled by these cybercriminals.
Remember: requests like this should raise a red flag. You should verify that the request is legitimate by calling the sender directly or, better yet, talking to them in person. These scam emails are often pushy and urgent, but don’t be afraid to spend five minutes verifying them, even if it’s the CEO making the request!
To learn more about how to spot phishing attacks, check out this helpful video. Cybercriminals are out in force this tax season, so make sure you stay alert and think before you click!
After educating your team, make sure you report any suspicious emails. According to the IRS, organizations receiving a W-2 phishing email should immediately forward it to firstname.lastname@example.org with “W2 Scam” as the subject line. Anyone receiving phishing scams or falling victim to one should also file a complaint with the FBI’s Internet Crime Complaint Center (IC3).
If you think your W-2 form has been stolen: you should review the Federal Trade Commission’s recommendations at www.identitytheft.gov or the IRS’s steps at www.irs.gov/identitytheft. If your tax return was rejected because of a duplicate (likely stolen) Social Security number, you should immediately file a Form 14039 Identity Theft Affidavit with the IRS.
Finally, we suggest filing your taxes as soon as you can this year—a fraudulent tax return will be rejected if you beat the cybercriminals to the punch.
If you’re not sure whether your company is protected from the latest cybersecurity threats, we’d love to help you assess your vulnerabilities and then work with you to take action. Click here to make an appointment to discuss your security assessment. And don’t forget to stay safe out there!
Orange County Register Recognizes TechMD
At TechMD, we believe in investing in others so they may prosper. For our employees, this means developing a hard-working, fun-loving company culture and investing in their careers.
This approach has been a key factor in delivering our exceptional customer experience: we hire passionate, friendly employees and treat them like family, and in turn everyone is excited about their work and takes great care of our clients.
We’re proud to announce that our work has paid off again, and we’ve been named one of Orange County’s Top Workplaces by the Orange County Register.
This is our second year on the OC Register’s Top Workplaces list, and our fifth year being named to one of Orange County’s “best workplace” lists. We are excited about this award and are looking forward to placing again next year!
Shop Smart and Secure This Holiday Season!
Christmas is just around the corner, and while you might have all your shopping done already, most of us are still looking around for the perfect gift! And like many people, you’ll do a good portion (or even all) of your shopping online.
However, is your financial data protected? Have you taken the proper measures to make sure your online purchases are protected? Finding the perfect gift may be stressful, but cybersecurity doesn’t have to be too—here are a few tips for staying safe while shopping online:
#1: Create Secure Passwords
- Checking out online can be a tedious process. You often have to sign-up for an account, fill out your name and shipping information, and choose a username and password to log in to your account.
A crucial part of this process is making sure you choose a secure password. While choosing a password you’ve already memorized is often the easiest route, it is not the safest way to do things. If a cybercriminal breaches an online vendor and gains access to your username and password, they will test those login credentials against more sensitive websites, like you bank or credit card.
The best way to prevent this is to use a different password for every website. This can quickly become overwhelming—to manage all those passwords, we highly recommend our favorite password management tool: LastPass.
#2: Shop on a Secure Website
- Shopping on websites through a secure HTTPS connection is one of the most important things you can do to stay safe during the holiday season. A website with HTTPS enabled means that any information you submit will be encrypted rather than being sent over the network in plain text. This helps keep you protected from cybercriminals intercepting and stealing your credit card data.
One way to tell if a website is secure is to look for a padlock icon to the left of the website address in the navigation bar, and “https” at the beginning of the web address. Most common web browsers, including Chrome, Firefox, and Safari, will display this icon.
You can learn more about secure HTTPS connections here.
#3: Avoid Shopping on Public Wi-Fi Networks
- Public wi-fi networks are convenient, allowing you to browse the internet for free while on the go. However, public wi-fi networks are rarely secure, and purchasing gifts or logging into online accounts while connected to one can be a huge risk. Any data sent through a free public connection is vulnerable to being observed and captured by malicious cybercriminals.
If you’d like to learn more about some best practices for browsing on public wi-fi networks, don’t miss our One-Minute Wednesday episode on wi-fi security!
#4: Just Say No to Unsolicited Email Offers
- Getting deep discounts on your purchases is always exciting, but you should be wary of any email offers coming from stores you don’t commonly shop with. This is a big red flag that could indicate a phishing attempt.
Scammers often send out emails posing as online shopping outlets, tempting consumers to click on malicious links with “can’t-miss” deals and offers. Clicking on these links will allow cybercriminals to steal any information you submit, including usernames and passwords as well as credit card data. If you’ve received a suspicious email like this and have clicked on the link, close the window and type in the online store’s web address directly, just in case.
To learn more about phishing scams and how to spot them, check out our One-Minute Wednesday episode covering the Target Data Breach.
#5: Use a Credit Card, Not a Debit Card
- Even if you follow all the best practices outlined above, there’s always a small chance that your financial data will be compromised. Because of this, it’s a smart idea to use a credit card rather than a debit card for online purchases, since most credit cards are covered with fraud protection and credit card companies are incentivized to resolve any fraudulent activity quickly.
Fraudulent activity on your credit card is also better for you because there’s no immediate impact to your cash flow—if someone steals $1000 from your checking account, you’re out of luck until you get it back. But if someone charges up $1000 on your credit card, you aren’t obligated to pay off the charges while you wait for them to be reversed.
Above all, Christmas is a time to celebrate and enjoy your loved ones. Avoid having to worry about your cybersecurity and privacy during the holiday season by following our tips and tricks above.
TechMD Acquires Local Managed Services Provider
We are excited to announce that we have acquired StoneHill Technical Solutions, an established managed services provider with a strong client base in South Orange County.
Since 2003, we have offered managed IT services to small and medium businesses in Southern California. It is our mission to revolutionize the way our partners leverage technology and empower them with the best strategy to fulfill their goals. With that in mind, we are eager to pursue this opportunity to bring our perspective and our industry-leading services to new clients in Southern California.
TechMD and StoneHill have a long history of collaboration. For nearly five years, we compared notes as we grew side-by-side, developed many of the same service offerings, and cultivated very similar company cultures. After a while it became obvious that joining forces would allow us to provide maximum value to our clients and partners.
With this acquisition, StoneHill CEO David Bryden will be transitioning into an active role on our leadership team. We are looking forward to his contributions as we improve our services and grow our company.
“I have known David for nearly five years now, and we’ve always talked about joining forces. By acquiring their managed services business, we’ll be able to expand our reach throughout Southern California,” said Mark Perez, TechMD CEO. “We’re also excited about leveraging David’s expertise to provide enhanced offerings around network security, the cloud, and other emerging technologies—a huge win for our existing clients. We’re really happy to see StoneHill finally join the TechMD family.”
A Refined Focus on Emergent Technologies
The technology landscape is rapidly changing, particularly in the cyber security arena, and we are excited to refine our focus on emerging technologies to meet new threats and opportunities. Our strategic acquisition of StoneHill will allow us to leverage their knowledge and expertise to pursue enhanced service offerings around cutting-edge technologies. For example:
- Cyber Security: rest easy with your network security and business continuity in good hands
- Cloud Services: increase system reliability while reducing ongoing hardware replacement costs
- Unified Communications: remove barriers to team collaboration and efficient communication
And we’re excited about the possibilities: as the technology landscape continues to develop, we believe we’ll be able to arm small and medium-sized businesses with the tools to compete on an enterprise level.
By teaming up with StoneHill, we will be able to refine and expand our services as we help many more Southern California businesses achieve their technology goals. And from instant support and security solutions to cloud integration and strategic consulting, our team will continue to provide world-class IT support to our clients and partners.
We look forward to a day when small business technology meets enterprise-level reliability, allowing anyone to compete with even the largest corporations. With a world-class team and our fantastic clients, we’re excited to work together toward our vision of a world where technology is nothing less than perfectly seamless.
On Thursday, Yahoo announced a massive security breach involving user account credentials for its services.
According to Yahoo’s investor relations page, “a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor”. The account information in question includes names, email addresses, passwords, birthdays, telephone numbers, and some potentially-unencrypted security questions and answers”. Yahoo says it does not believe any credit card or bank account information was included in the breach.
Initial accounts from Yahoo indicate that at least 500 million user account credentials were stolen, making this the largest security breach of all time. If you use any of Yahoo’s services, we strongly recommend changing your password and security answers as soon as possible.
To learn more about creating strong passwords and protecting them from hackers, check out our One-Minute Wednesday episode by clicking here or watching below:
You can watch our One-Minute Wednesday episode on LastPass here.
See below for the full message from Yahoo’s investor relations page:
A recent investigation by Yahoo! Inc. has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected. Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter.
Yahoo is notifying potentially affected users and has taken steps to secure their accounts. These steps include invalidating unencrypted security questions and answers so that they cannot be used to access an account and asking potentially affected users to change their passwords. Yahoo is also recommending that users who haven’t changed their passwords since 2014 do so.
Yahoo encourages users to review their online accounts for suspicious activity and to change their password and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account. The company further recommends that users avoid clicking on links or downloading attachments from suspicious emails and that they be cautious of unsolicited communications that ask for personal information. Additionally, Yahoo asks users to consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password altogether.
Online intrusions and thefts by state-sponsored actors have become increasingly common across the technology industry. Yahoo and other companies have launched programs to detect and notify users when a company strongly suspects that a state-sponsored actor has targeted an account. Since the inception of Yahoo’s program in December 2015, independent of the recent investigation, approximately 10,000 users have received such a notice.
Additional information will be available on the Yahoo Security Issue FAQs page, beginning at 11:30 am Pacific Daylight Time (PDT) on September 22, 2016.
For the third consecutive year, TechMD has been featured on the Inc. 5000 List. This year, we were named the 3028th fastest-growing company in the United States, with 113% three-year growth. For more than 30 years now, Inc. Magazine has been ranking the fastest-growing private US businesses across all industries. We are honored to be featured on their list three years in a row!
2016 has been a big year for us. After months of renovation work, we finally finished our new building and moved in. We have grown to 48 team members, launched a new website, and continued to refine and perfect our services. And, of course, we’ve partnered with several new clients and are looking forward to serving them for years to come!
And with our new building comes new opportunities: we’ve already hosted a Lunch and Learn in our awesome kitchen and lounge space, and we’re looking forward to hosting many more. Stay tuned for more information about workshops on network security, business intelligence, and many other important topics!
We look forward to being included on the Inc. 5000 list for a fourth year in a row in 2017!