Home/Tag: Cybersecurity

Cybersecurity

Webinar: Building A Framework-Based Managed Security Program in Your Business

Cybersecurity has become an even hotter topic over the last 12 months as businesses have accelerated their plans to operate in virtual and remote environments. Despite the growth of sophisticated techniques used by cyber criminals, we know that 98% of data breaches can be prevented by implementing the Center for Internet Security’s Top 20 Critical Security Controls correctly.

Surprisingly, most businesses have not implemented these Top 20 Controls. In this webinar, we discussed the different types of CIS security controls and explored a globally-recognized framework for assessing your business’ existing cybersecurity defenses. The webinar included two guest cybersecurity experts, Kevin Holmes and Eric Rockwell from MAP CyberSecure.

  • Kevin Holmes is the Audit and Assurance Practice Leader at Martini Akpovi Partners and has extensive experience in internal controls consulting. He holds the AICPA Internal Control Certification in the COSO Internal Control Integrated Framework. Kevin also holds an AICPA Certification in Cybersecurity Advisory Services.
  • Eric Rockwell has more than 17 years of leadership experience helping clients optimize their IT environment while aligning with business goals. A member of the Center for Internet Security, Eric is an expert in risk management, incident response, infrastructure protection, business continuity and disaster recovery.

Special thanks to our partner:

 

February 17th, 2021|

Executive Extortion: The Evolution of Ransomware

By now everyone knows that ransomware is a real threat with real risks to businesses of all sizes. What you may not know is that hacking techniques are evolving and ransom payments are going up. ZDNet reports a new trend where cybercriminals directly target the computers of top executives at small and mid-sized companies. Executive computers are much more likely to contain sensitive information about the company as well as personal information that a CEO would not want to see on the internet. Gaining access to these computers is highly valuable for pressuring management into approving high-dollar ransom payouts, which means that executives are even more of a target and should consider taking extra steps to secure their information. 

Cybercriminal groups are well aware that small and mid-sized businesses have generally not implemented cybersecurity best practices. This makes SMBs easy to infiltrate and allows cybercriminals to spend an average of 200 days inside a network undetected. While in the network, they can sift through executives’ files and emails in order to exfiltrate data that might be useful in threatening, embarrassing, or putting pressure on a company’s management. Cybercriminals might find proprietary company data, financial numbers, or compromising personal information and threaten to post them to online leak sites. They might also plan to disclose the data breach to authorities, which causes reputational damage and may also incur a fine from regulators. 

By now every business needs to conduct a cybersecurity assessment to understand their largest vulnerabilities. TechMD recommends following the NIST Cybersecurity Framework and the CIS Top 20 Controls. In the meantimehere are a few simple steps that every executive can take right now to protect themselves from cybercriminals:

1) Use complex and unique passphrases on your accounts 

Because trying to come up with and remember unique passwords for hundreds of different accounts is impossible, most people use one simple password for everything. However, this presents a huge security vulnerability: cybercriminals can easily breach accounts via brute force (working through a list of commonly-used password combinations) or find passwords in one data breach and reuse it to compromise unrelated accounts (since the password is likely to be identical). 

To address this issue, we recommend creating complex passphrases instead of a passwords. Passphrases are long strings of words that are easy to remember but hard to brute force—an example might look like George loves breakfast!”We also recommend using a password manager like LastPass or Dashlane to generate complex passwords and store them for you. This combination of a single master passphrase to access your password managers and automatically-generated complex passwords for all your other accounts should keep you safe from most simple password breach attempts. 

2) Set up Two-Factor Authentication on everything 

Even if you have a strong passphrase and unique passwords across all your accounts, you’re still vulnerable to a third-party suffering a data breach and releasing your information. To combat this, it is critical to enable Two-Factor Authentication (or 2FA) on all your accounts. 2FA works by creating an extra layer of security by validating your logins with a text message or app prompt on your smartphone. 

Symantec recently published a study that showed that two-factor authentication could have prevented over 80% of all account compromises. This makes 2FA one of the single most important things you can do to protect yourself and your business from cybercriminals. To see 2FA in action, you can check out our recent One-Minute Wednesday on how to get started with two-factor authentication. 

3) Understand how to identify and avoid phishing scams 

Phishing is a common cyberattack where a cybercriminal sends an email that looks like it’s from a legitimate institution or company in order to trick the recipient into divulging personal information, wiring money to an offshore account, or install malicious softwarePhishing emails usually mimic the logos, web addresses, and language from real companies in order convince you that the email is legitimate. Phishing emails can also be highly targeted—cybercriminals often do background research and send extraordinarily specific emails that appear to be from clients or close associates, which include information that you wouldn’t expect anyone else to know. 

Here are a few things to keep in mind about phishing: 

  1. Never click on links or open attachments from suspicious-looking emails, especially if they are asking you to enter login credentials. 
  2. Keep an eye out for unusual requests or other odd features about an email. Common phishing tactics include sending emails from a “personal email” because the sender is “locked out” of their work address, instilling a sense of urgency or claiming an emergency in order to bypass the recipient’s natural suspicion, and claiming to be too busy to discuss the email further or clarify the request. 
  3. If you’re not sure that an email is legitimate, always reach out to the sender directly. Call them to confirm they sent the email, or ideally discuss it with them in person. 

Stay Safe! 

Executives and management teams are increasingly the targets of highly sophisticated cybercriminals. If you’re in a high-level position in your organization, it’s critical that you take extra caution when it comes to cybersecurity. 

However, it’s not enough to protect yourself if your business doesn’t also have a robust cybersecurity strategy in place. The best way to find out how secure your business is today and get the best ROI on your cybersecurity spending is to perform a Security Maturity Level Assessment (SMLA). Developed to follow the globally-recognized NIST Cybersecurity Framework, the SMLA provides a big-picture look at your business’ cybersecurity along with specific, detailed recommendations about how to improve. 

If you have any questions, feel free to contact TechMD or check out our managed cybersecurity page! 

February 5th, 2021|

Top 3 IT Priorities for 2021

2020 was an unprecedented year, and businesses with inflexible IT solutions were caught off guard and had a rough time during the pandemic. And with continuing uncertainty, most organizations we talk to are trying to avoid getting surprised by sudden IT issues and costs over the upcoming year. 

In light of that, we’ve been looking at some new priorities as we discuss our clients’ IT strategies for the upcoming yearranging from budgeting to cybersecurity to cloud technologies. Here are three key priorities to make sure your business isn’t caught off guard by IT in 2021: 

1) Develop an IT budget 

With tight budgets and an uncertain economy, the last thing most businesses need is a big surprise IT expense in 2021. Believe it or not, IT budgets can be created and followed with the right team and good prioritiesYour IT budget should align with your goals, ensure you can invest in the technology you need to run your organization effectively, and plan to respond proactively to cybersecurity risks. It should also include plans for key expenses, such as: 

  • Large IT infrastructure projects 
  • IT support and maintenance agreements 
  • New hardware & licensing costs 
  • Telecommunication costs: ISP, VOIP, etc.
  • Cybersecurity Insurance 

During this process, make sure that you involve your organizations leadership team and stakeholders. If you don’t have a C-level IT employee at your company, you may want to look into engaging a fractional CIO or company like TechMD to help guide you through the process.  

2) Avoid Cybersecurity Surprises 

It seems unfair, but the reality is that ransomware attacks grew immensely during the pandemic. Cybercrime Magazine recently reported that a company was successfully attacked every 11 seconds in 2020. For that reason, 2021 has to be the year that your business creates a cybersecurity incident response plan. It’s critical to have a clear policy and procedure to follow when your organization is hit with a data breach or a ransomware attack.

If you feel lost creating that policy or are unclear about what your cybersecurity risk profile looks like, 2021 should be the year to invest in a cybersecurity assessment, which are not as expensive and impractical as you may think. All businesses should conduct a Security Maturity Level Assessment (SMLA) that follows the clearly published guidelines of the two cybersecurity authorities: the NIST Cybersecurity Framework (NIST CSF) and the Center for Internet Security (CIS)The SMLA process provides you with a clear picture of your organization’s most critical cybersecurity vulnerabilities, along with your official Security Maturity Level Score (ranging from 0 to 5). From there, you will be able to create a prioritized and customized action plan that will maximize the ROI of your cybersecurity program. You can learn more about the SMLA process here. 

3) Invest in Your Remote Workforce 

2020 was a mad rush to the cloud, as the pandemic forced businesses to find and implement remote workforce solutions quickly. Many organizations ended up with stop-gap solutions that left important details unchecked, which is both a cybersecurity risk and a drag on productivity. 

Cybercriminals have been specifically targeting remote employees this year, and taking steps to secure remote workforces should be a top priority for most businesses in 2021. Here are a few critical items to prioritize: 

  • Two-Factor Authentication (2FA) is one of the best cybersecurity tools or policies in terms of return on investment: a recent Symantec study found that over 80% of all data breaches could have been prevented by 2FA. If you’re not familiar with how 2FA works, you can check out our One-Minute Wednesday episode on 2FA. 
  • Single Sign-On (SSO) is a solution that allows users to log in once, using a master username and password, and then have those credentials provide access to all their other business apps. You can learn more about SSO by reading our recent article here. 
  • Secure your VPNs by enforcing complex password policies and requiring two-factor authentication. Additional policies such as blocking certain geographic regions from accessing your VPN is also a good idea. 

Remote work isn’t going anywhere, so 2021 will also be a good year to look at how to fine tune your company’s culture and increase engagement and productivity with your remote workforce. Here are a few tasks and tips to add to your list: 

  • Figure out how to communicate more effectively on platforms like Microsoft Teams. Use of Teams, Zoom, Slack and Google Chat/Hangouts all spiked to record levels in 2020, and in our experience, usage grew organically with little to no management oversight. 2021 will be the year to create standards for how messaging gets distributed throughout your organization. Take a look at the Teams, communication channels, and security user groups that exist today and think about how they can be organized more effectively.
  • Clean up and secure your cloud file storage platform. The remote workforce in 2020 also led to increased usage of apps like Dropbox, SharePoint, OneDrive, Box, Google Drive, etc. Does your company have policies and protections in place to clearly dictate what your staff can and cannot do with company data? Have you double checked your user and folder permissions to confirm that employees can’t access confidential company data or share sensitive information? Have your IT team take a look at the configurations and make sure data is separated and secured properly. 
  • Consider upgrading your old phone systemThe modern remote workforce requires the ability to take work calls from home in the same manner as at the office. Many businesses are still working off a legacy system that made transferring and answering calls a painful experience in 2020. Modern phone systems can be hosted from the cloud and soft phone apps can be added to mobile devices to make communication nimble, professional, and effective. Be sure this is on your budget and engage a VOIP consultant to help find the right solution. If you don’t know a good VOIP consultant, contact TechMD and we can refer you to someone 

Get Proactive in 2021 

2020 highlighted the importance of staying proactive about IT, and 2021 will likely be no different. Businesses will need to prioritize creating a budget for IT, developing a robust cybersecurity posture, and making sure their remote workforce is flexible and productive in order to stay ahead of the curve. If you are looking for help with any of these areas or feel like you could use some guidance about planning out your year, please don’t hesitate to contact us!

December 16th, 2020|

Cybersecurity Alert: Microsoft 365 Vulnerability Leads to US Treasury Breach

State-backed hackers use Microsoft 365 vulnerability to breach US Treasury

Reuters reported over the weekend that foreign state-backed hackers have breached Microsoft 365 accounts at the US Treasury Department, using their access to secretly monitor email accounts and email exchanges between the US Treasury and the National Telecommunications and Information Administration. The attack was extremely sophisticated and was able to bypass Microsoft’s authentication controls.

Microsoft has released guidance for how organizations can bolster security to attempt to avoid these attacks, and we suggest having your IT provider take a look at this document and make sure your organization is following the recommended best practices. In addition to Microsoft’s recommendations, here are 3 tools and tips to help protect both personal and business accounts from cybercriminals:

1) Set up Two-Factor Authentication (2FA)

Two-factor authentication is the one tool that provides the highest ROI in terms of protecting your accounts from unauthorized access. Microsoft has said that 2FA can prevent 99% of automated attacks on Microsoft 365 accounts, and a recent Symantec study found that 2FA would have prevented up to 80% of data breaches (of all types). If your organization is not currently securing all employee accounts with 2FA, then implementing it should be your top priority. You can also set up 2FA for most of your critical personal accounts (like online banking) in just a few minutes. In general, we recommend using an app-based solution like Duo or Google Authenticator rather than SMS-based text messages for both business and personal accounts. If you’d like to learn more about 2FA, you can check out our One-Minute Wednesday episode on how it works.

2) Improve your password hygiene

Never use the same password twice—if your password becomes compromised in a data breach, cybercriminals can (and will) attempt to use it on all your other accounts. For personal accounts, we recommend using a password manager (like LastPass) to help you 1) keep track of all your unique passwords and 2) create highly-complex, strong passwords. Good passwords should avoid using common words, uses as many characters as possible, and includes a variety of different character types (uppercase, lowercase, numbers, and special characters).

For business accounts, the best practice would be to implement Single Sign On, which allows you to use a single master username and password to access all your business applications, and then protect it with Two-Factor Authentication. You can learn more about SSO by checking out our recent article on it.

3) Learn to spot phishing scams

If you get an email claiming that one of your accounts has been breached and you need to login immediately, it is probably a phishing scam. Phishing is a type of attack where cybercriminals impersonate a person or organization you trust in an attempt to trick you into providing personally-identifiable information (PII) like passwords or credit card numbers. Phishing emails normally include a link to a malicious website or attachment.

The best way to avoid getting compromised is to know how to spot phishing emails. They often have misspelled words, involve a slightly misspelled website like (like microsoftsupport.ru or microsft.com), or include an urgent call to take action immediately. You can learn more about how to spot phishing emails by checking out one of our One-Minute Wednesday episodes on phishing. If you receive an email that seems suspicious, either delete it or forward it to the Anti-Phishing Working Group at phishing-report@us-cert.gov.

About TechMD

TechMD is an award-winning IT services firm that specializes in managed IT services in Orange County and Los Angelesmanaged cybersecuritycloud solutions, and strategic IT consulting. We are passionate about bringing enterprise-level productivity, scalability, and security to small and medium businesses.

December 15th, 2020|

Combining Security and Convenience in Your Business with Single Sign-On

In the modern workforce, managing passwords is tough. Most employees manage 85 different passwords, according to this year’s Annual Global Password Security Report by LastPass, and this presents a significant cybersecurity risk for businesses while also harming productivity and user experience.

Most business leaders are aware that maintaining a robust password security posture is more important than ever, as cybercriminals continue to target small and mid-sized businesses (and their employees). However, the rise of cloud adoption also means that most users expect to have seamless access to multiple applications from anywhere and on any device, and 2020’s exponential increase in work-from-home situations only exacerbates the issue by adding new applications and forcing users to enter passwords more often.

One of the best solutions to this security/productivity dilemma is called Single Sign-On (SSO). Single Sign-On means that users don’t have to sign in every time they need to use an application—instead, they log in using a master username and password and those credentials are used for all their other business apps. This solution perfectly combines security and simplicity, allowing your team to stick to a single master password while also improving your organization’s security posture. SSO also helps satisfy compliance requirements built on the NIST Cybersecurity Framework and CIS Top 20 Controls, making it a win-win for organizations subject to CMMC, HIPAA, CCPA, and others.

How SSO Improves Security & Increases Productivity

By allowing employees to use a single set of login credentials everywhere, SSO boosts productivity while also improving your overall cybersecurity posture. Here’s how:

Better Passwords

Employees at small and mid-sized businesses manage 85 different passwords on average. This presents a large security risk as users are likely to create simple passwords and reuse them across multiple logins. With SSO, users only need to remember a single password for all their applications, which means they are more likely to create a stronger passphrase that can’t be reused in multiple places.

Two-Factor Authentication on Everything

Enabling Two-Factor Authentication (2FA) is one of the single most important things you can do to improve your cybersecurity posture: a recent Symantec study found that over 80% of all data breaches could have been prevented by 2FA.

2FA and SSO are a match made in heaven: by enabling Two-Factor Authentication on each user’s master login, you effectively protect every application that your team needs to access, without forcing them to enter their 2FA code for every app. To learn more about how Two-Factor Authentication works, check out our One-Minute Wednesday episode.

Secure User Provisioning

Traditionally, when an employee leaves the company, the IT department needs to track down and change every single password that employee had access to. With an average of 85 passwords to update and (generally) a lack of documentation about which accounts were in use, this can present a major security vulnerability for most businesses.

SSO solves this issue by streamlining the user provisioning/deprovisioning process: when someone leaves the company, the IT team only needs to disable a single master account and/or update a master login. This can save a ton of time and, more importantly, means your IT team will never overlook an account that needs to be locked down.

Fewer Support Requests

Users often forget passwords and get locked out of important applications, and this usually necessitates a call to your IT department or IT provider to initiate a password reset. Enabling SSO means your employees only have a single password to remember, which means they’ll get locked out less often and the downtime associated with password reset requests will be significantly reduced. This frees up your employees to be more productive and your IT team to focus on important proactive work.

Improved User Experience

Single Sign-On is already a part of most people’s personal lives—we’re used to logging into a single Google login and then automatically having access to our Gmail, Google Drive, YouTube, etc. SSO extends this user experience to your employees’ work environment: your team won’t need to stress about password management or click through multiple login windows for every application, saving time with every login and boosting overall productivity.

Find Out How SSO Works For Your Business

With more people working from home and using cloud applications than ever before, it is increasingly important for businesses to develop a cybersecurity strategy. SSO is a powerful tool for securing your business from cybercriminals while also improving user experience and boosting productivity. If you have any questions about how SSO could work for your business, please don’t hesitate to contact us!

November 18th, 2020|

The One Cybersecurity Assessment Every SMB Needs

Most cybersecurity assessments today do not follow an authoritative framework, are incredibly expensive for what they provide, and (most importantly) fail to answer these three critical questions:  

  • How secure is our business today? 
  • What is the appropriate level of cybersecurity for our business? 
  • How can we improve cybersecurity practices to meet business objectives? 

TechMD’s Security Maturity Level Assessment (SMLA) process fully answers these three questions by following the nationally-recognized NIST Cybersecurity Framework (you can learn more about NIST framework here). And with an all-in flat-rate price of $6,000 for the entire SMLA process, our assessment is as cost-effective as we can make it. 

Here is an overview of how TechMD conducts the NIST SMLA and what we provide once we’re finished: 

Security Maturity Level Assessment (SMLA) 

Step 1: Confirmation of Business Cybersecurity Requirements 

The SMLA process begins with scheduling a complimentary meeting where TechMD will seek to understand your business cybersecurity needs, what your cybersecurity posture looks like today, and how your IT infrastructure, IT systems, and IT support are set upBy the end of this meeting, you’ll understand how the SMLA process works, you’ll know the all-in flat rate costs for the assessment, and you’ll have a high-level overview of how our process will impact your overall cybersecurity posture. 

If you want to move forward, we’ll sign an SMLA agreement and will begin the process of identifying the key personnel that will need to be interviewed as a part of the assessment process. Click here for a sample Statement of Work document for the SMLA. 

Step 2: Interviews with Key Personnel 

The SMLA is built to follow the NIST Cybersecurity Framework and the CIS Top 20 Cybersecurity Controls. Once we begin the assessment, we will sit down with key personnel, usually a C-level executive plus whomever manages IT and HR, to understand how your organization stacks up against the NIST framework and CIS Top 20 Controls. 

 

This is a highly-detailed, structured process where we assess the status of and execution on each of the CIS 20 controls and sub-controls one-by-one. The goal is to understand whether there is a policy or practice in place that satisfies each control, and if so, to what extent it satisfies the control. For each control, we’ll be looking for:  

  • Is there a verbal policy that satisfies this control? 
  • If yes, is there a written policy that satisfies this control? 
  • If yes, is the policy fully automated? 
  • If yes, is there a reporting process in case the policy fails to execute properly? 

Once we gather all the data for each of the CIS 20 Controls, we will make evidence requests to prove compliance. We will also be documenting everything along the way and maintaining an inventory of evidence provided. This is important because we are taking the position of an outside auditor—our job is to ensure that you can pass an independent audit, and we will stand behind you if and when you decide to engage one. 

Step 3: Review the Evidence 

Once the initial key personnel interviews and evidence-gathering process is completed, we will review the policies provided by the client and the technical evidence provided by the IT team, determine if each policy satisfies its corresponding control and would pass an audit, and finally analyze all the information to get a high-level overview of the organization’s cybersecurity compliance. 

After our analysis is complete, we normally expect to schedule follow-up meetings with key personnel to fill in any gaps in information. Once we have a complete picture, we’ll move on to the deliverables. 

SMLA Deliverables 

As a result of the SMLA process, you will receive: 

Official Security Maturity Level (SML) Score  

Your SML score will range from 0-5 and will include a full breakdown of the percentage to which each control has been satisfied, along with a comparison to other companies in your industry. 

Executive Summary Report  

This report contains high-level insights into how your cybersecurity policies fit together and an overview of your overall cybersecurity posture. This report is based on your cybersecurity goals and where you’re falling short in relation to those goals. Not every organization needs to have an SML Score of 4 or 5, so the analysis in this report will be highly dependent on your specific needs and goals. 

Full Detail and Risk Analysis Report  

This report includes a full breakdown of what is missing from each policy and what is needed to satisfy its corresponding CIS Control, along with an assessment of how much risk each policy presents to the organization. 

Customized System Security Plan 

The first three deliverables may paint a depressing picture about your cybersecurity posture, and if so, you probably already knew roughly how bad it was. But what you probably want to know is what you should do next, so the most important piece of the SMLA process is the customized System Security Plan (SSP) and its companion Timeline and Budget.  

 

The custom SSP will provide you with a step-by-step plan and budget for improving your SML score. This plan will be designed to satisfy your organization’s specific timeline, budget, and goals—normally we develop 1-year plans, but you may be willing or required to spend more and arrive at your targeted SML score sooner. Our SSP applies to any industry or compliance requirement and will be customized to fit your organization’s needs. For example: 

  • You may need to be HIPAA compliant, CMMC certified, or follow any number of other industry-specific compliance requirements 
  • You may need to meet the cybersecurity requirements of a large customer  

Once you receive your customized SSP, you’ll have the freedom to execute the plan yourself if you have in-house cybersecurity expertise, or we can help you drive that process forward through a Managed Security Services Agreement. 

Get Started Today 

It’s easy to get overwhelmed by all the different cybersecurity solutions out there, but it doesn’t have to be that way. We now have a nationally-recognized cybersecurity standard in the NIST Cybersecurity Framework and CIS Top 20 Controls. With the SMLA process built on that standard, TechMD can help you understand your cybersecurity risks and develop a customized action plan that will get you where you need to be, at your own pace and according to your budget. 

To learn more about the SMLA, contact us here! 

September 16th, 2020|

Tech Talk: NIST Cybersecurity Framework

Despite knowing how important cybersecurity is for their organization, many business leaders don’t have clarity about how secure their organization is today and what cybersecurity controls are the most important for their protection. On today’s Tech Talk, we discuss how the internationally-recognized NIST Cybersecurity Framework can help any organization understand where they are in terms of cybersecurity, where they should be, and how to get there.

About TechMD

TechMD is an award-winning IT services firm that specializes in managed IT services in Orange County and Los Angeles, managed cybersecurity, cloud solutions, and strategic IT consulting. We are passionate about bringing enterprise-level productivity, scalability, and security to small and medium businesses.

August 12th, 2020|

Tech Talk: Five Reasons To Consider Microsoft 365

In this Tech Talk, Sebastian Igreti explores the top five features within Microsoft 365 that your business needs to know to defend itself from growing security threats and improve its productivity. Let’s dive in!

  • #1 – Online Protection With Exchange Online Protection, you get an email filtering service that guards you from malware hiding in emails and attachments. This also comes with ATP or Advanced Threat Protection, a cloud-based solution that monitors and pinpoints cybersecurity threats lurking in your inbox.
  • #2 – Mobile Device Management Mobile Management is a feature that contains a Bring Your Own Device Policy, which lets your employees use their own devices to access company data. Your team members can work on their personal phones, laptops, or tablets while connecting to company files without the worry of getting breached. This gives your company the convenience to work flexibly while getting a robust security perimeter.
  • #3 – Built-In Security Features With Azure Information Protection, you can control who can access sensitive content housed in documents and emails, while blocking outside users. Also, files like spreadsheets or Word docs containing information like credit cards and social security numbers are kept from being shared with Data Loss Prevention.
  • #4 – Windows 10 Pro Windows 7 is approaching its end of life, which means that in 2020, support will be lost and it’ll be time to move to the latest system. So included with Microsoft 365 is an upgrade to Windows 10 Pro. This also gives you Windows Autopilot which ensures that new devices are business-ready right out of the box and contain apps installed from the cloud.
  • #5 – Microsoft Teams Finally, Microsoft 365 for Business comes with Microsoft Teams, a communication tool that allows you to collaborate with coworkers via phone calls, meetings and individual or group chats. It’s available on PC, Mac, phones, and tablets, giving you the convenience to connect and collaborate from wherever you are.

In conclusion, Microsoft 365 is packaged with all the applications you need for effective IT security and helps your company’s success with great productivity tools. So feel free to reach out to us as you explore how Microsoft 365 can benefit your organization!

About TechMD

TechMD is an award-winning IT services firm that specializes in managed IT services in Orange County and Los Angeles, managed cybersecurity, cloud solutions, and strategic IT consulting. We are passionate about bringing enterprise-level productivity, scalability, and security to small and medium businesses.

June 30th, 2020|

Top 5 Cloud Trends for SMBs in 2020 

The coronavirus pandemic has drastically accelerated the pace of cloud adoption, as organizations nationwide were forced to migrate to a fully remote workforce in a matter of daysEven as many organizations return to the office, remote work and cloud infrastructure is here to stay. 

Here are our top 5 cloud trends for small and medium businesses: 

1. Cybersecurity for Office 365 and G Suite Must Be Tightened 

The pandemic has radically accelerated the pace of cloud adoption—for example, Microsoft added 58 million new Office 365 licenses in Q1 of this year (a 29% increase). Predictably, cybercriminal attacks on Office 365 and G Suite have gotten even more aggressive with the increase in new usersThese cloud services were already the number one target for cybercriminals before the pandemic, so tightening up their security is more important than ever. 

The Department for Homeland Security recently released specific cybersecurity recommendations for Office 365, which are equally relevant for G Suite. Here’s the high-level summary: 

  • Use multi-factor authentication (MFA), also known as two-factor authentication (2FA). 
  • Protect Global Admins from compromise and use the principle of “Least Privilege.” 
  • Enable unified audit logging. 
  • Enable Alerting capabilities.
  • Integrate with organizational SIEM solutions. 
  • Disable legacy email protocols, if applicable, or limit their use to specific users. 

Two-factor authentication (2FA) is especially important, as it is the single most effective tool for fighting off cyberattacks. According to Microsoft, it can prevent up to 99% of automated account breaches. 

If you’re not sure whether your organization’s Office 365 or G Suite accounts are secure, check with your IT team or reach out to us for help. You can learn more about our cybersecurity offerings here. 

2. Exponential Growth in Cloud-Based Collaboration Tools 

Unified Communications platforms and cloud-based productivity suites have seen exponential growth over the last few months. For example, Microsoft Teams adoption grew from 32 million daily active users on March 11 to 75 million users on April 29, a 235% increase over a 7week period. G Suite’s Google Meet has seen similar growth, with Google reporting a “30-fold increase in usage since January”. 

In other words, remote work is here to stay, and businesses are looking to adapt to new communication and collaboration challengesUnified Communications platforms like Microsoft Teams are the perfect solution to fill in these gaps, allowing team members to seamlessly collaborate via voice, video, and chat no matter where they’re working. 

At TechMDMicrosoft Teams has replaced a significant amount of our day-to-day email correspondence, improving productivity and collaboration. During the pandemic, it has also enabled us to continue holding meetings with full video support, without exposing ourselves to the security risks associated with consumer-grade video platforms like Zoom. 

If you’re on Office 365 or Microsoft 365, you likely already have Teams licenses included with your subscription, and if so, you can get started right away. To learn more about Microsoft Teams, check out our recent Tech Talk covering what it can do, how it works, and how to get started. 

3. Mobile Workforce Creates Access, Identity, and Data Control Issues 

The mass adoption of cloud platforms like Office 365, Teams, and G Suite means that people are now using personal devices to connect to corporate networks on an unprecedented scale. Company data used to live in a controlled environment, where it was accessed primarily by company-managed devices, but this is no longer the case. The new distributed workforce will require a new approach to managing access, identity, and data governance. 

There are plenty of tools available to help sandbox personal devices and secure company data, but most businesses have not yet adopted them. We expect that this will change over the next year, with cybercriminals increasingly targeting personal devices as an entry point into sensitive corporate networks.  

For our money, Microsoft 365 is one of the best options for this, offering a full suite of security tools that allow organizations to implement secure bring-your-own-device (BYOD) policiescontrol how company data is accessed and shared, and remotely manage identity and mobile devicesFor example, you can prevent users from downloading or saving sensitive documents onto personal devices, and you can manage access permissions for those documents remotely. You can also sandbox company data on personal devices, allowing you to wipe data or revoke access remotely, without affecting any personal data on the device. For more on how this works, check out this quick video from Microsoft. 

Access, identity, and data governance tools will become a key feature of business cybersecurity strategies over the next year, allowing teams the flexibility to work conveniently without sacrificing a robust security perimeter. If you have any questions about this, you can contact us here. 

4. Big Players Begin to Dominate the Cloud Desktop Space 

Remote work is becoming the new norm, but many organizations still rely on legacy applications that are not yet cloud-native and cannot be easily accessed outside the office.  

This is where cloud desktop solutions from major players like Microsoft’s Windows Virtual Desktop or Amazon’s WorkSpaces come inThese solutions provide a feature-complete desktop that is fully hosted in the cloud, providing access to all your software applications, files, data, email, and contacts from any device, no matter where you are. This gives your team the flexibility to handle remote work without sacrificing productivity or access to critical line-of-business applications. 

Cloud desktops also reduce dependence on computer hardware during a time when it is difficult to support and replace company computers. When combined with the proper cybersecurity measures to protect company data, cloud desktops could allow organizations to migrate away from owning computers at all. Employees can bring their own device and access everything they need via their cloud desktop, while the company cut costs on computer hardware without sacrificing their cybersecurity posture. Learn more about cloud solutions here.

5. Cloud-Based Phone Systems Become the New Standard

The coronavirus pandemic has forced many organizations to reconsider their phone systems. We’ve talked to many businesses recently that ran into issues migrating to an all-remote workforce because their phone system required specific phone hardware and was inoperable from outside their office.  

For many organizationscloud-based VOIP has been the lynchpin holding business operations together under workfromhome requirements. It provides employees with the flexibility to make or take calls from anywhere on any device, ensuring businesses can remain available to their clients and coworkers without being tied to a desk in an office building. It also tends to be more cost effective than maintaining the telecom hardware and infrastructure associated with conventional phone systems. 

We were already seeing significant growth in adoption of cloud-based VOIP solutions before the pandemic, and the rapid adoption of remote work has only accelerated this trend. If you are looking for guidance on why and how to move to cloud-based VOIP, contact us and we can put you in touch with someone who can help. 

June 3rd, 2020|

Are all your IT eggs in one basket?

 

5 Principles to Eliminate IT Risk

Can you evaluate risk with your organization’s information technology? Unfortunately, many businesses that we speak with on a regular basis do not realize they are one unexpected circumstance away from a business disaster.

The story goes something like this: the keys to the IT kingdom are placed in the hands of one IT employee or IT consultant. They have full access to all the email, data, software, configurations, and credentials that run your business, and little to no contingency plan is put in place. Then something unexpected happens: they get sick, incur financial hardship, their service quality suffers, they place your data and systems in an IT “vault” where you have limited access, or you suffer a cybersecurity breach. Disaster strikes and now it is too late.

By now we are all aware that we’re living and running our businesses in uncertain times, but IT does not need to be a single point of failure situation. Here are 5 practical principles you can implement to ensure you spread out your IT eggs in more than one basket.

1. Have an IT Overflow Button

If your strategy for handling an increased IT workload is to make your IT manager work overtime and take less vacation, you’re in a tough spot. If put in that position, your IT manager will either quit or be forced to leave important work unfinished.

Every IT manager needs an overflow button and every company should consider an outside IT partner. This is especially important for small businesses, since their IT department normally consists of just one or two people, and it’s impossible for them to possess all the technical skill sets your business needs. For IT professionals: think about your workload today and ask yourself if you would be offended if an outside company took over the boring work of making sure backups are running properly or applying security patches outside of regular business hours. Wouldn’t it be nice to know that those tasks are automated and handled consistently?

Now is the time to address this major business risk and find an overflow button service. Setting up a backstop for your IT will ensure that your IT eggs are not all in one basket.

2. Improve Your IT Toolbox

If your IT support is not simple and automated, there is something wrong. Even if your staff are working from home, IT support should be able to immediately remote into their computer, view their screen, and fix the problem. If software needs to be installed or removed from company workstations, IT should not be required to sit down with every user to complete that task. Most of the time, you can create a script and push it out to all endpoints. Professional IT tools like IT support ticketing platforms, network monitoring tools, and IT documentation software all streamline and simplify IT so that you are not dependent on one individual to get things done. It’s much easier to navigate through complex times when your IT foundation is stable and your IT toolbox empowers IT professionals to maximize their effectiveness. What does your foundation and toolbox look like? If it’s not great, reach out to an IT partner for help.

3. Audit Your IT

You audit your books. You have your finances and taxes reviewed by a CPA or accounting firm. Your operations might go through an annual audit to meet an ISO certification standard. Businesses are used to auditing critical systems, but most fail to do so for their IT.

In 2020, IT can make or break your business just as easily as accounting or operations. The risk is there and the trends are shifting: data privacy and security regulations have increased; technology landscape is changing quickly and becoming more complex; cybersecurity threats are without a doubt a top risk for any business. Internal IT teams need guidance from outside professionals just like accounting departments. If your business has not completed an IT or cybersecurity audit recently, this needs to move up your priority list. Reach out to an IT consulting firm that offers this service and get the details.

4. Don’t Let Private Cloud Providers Trap Your Business

The cloud provider you choose can easily trap your business and steal your potential. Operating systems, databases, code and technology changes happen so quickly that a significant amount of capital is required to keep custom built IT systems secured and up to date with modern standards. Make sure your cloud providers are backed by well-established companies.

Public clouds like Microsoft Azure and AWS have an infinite amount of resources that will provide stability to your organization, and there are well-established exit strategies if their systems don’t perform to your expectations. Additionally, it’s easy to find IT providers to help manage your Microsoft Azure cloud infrastructure, but if you are working with a private cloud, you are stuck with one option and they know it. Getting out of private cloud providers tends to be costly and complicated, so avoid them if possible. If you’re already in a private cloud, double check your contract for exit terms.

5. Leverage the Public Cloud

Cloud-focused companies were able to quickly and easily adjust to work-from-home requirements when the pandemic hit. Most companies operating out of an all-cloud infrastructure probably didn’t even notice much of a change while companies with a more traditional IT stack hit the panic button. Solutions like Microsoft 365, Azure AD, Microsoft Teams, and Virtual Desktops are a good fit for a vast majority of businesses out there. Cloud is mobile by design and can easily scale up and down as businesses grow and shrink. Right now is a great time to evaluate your cloud strategy. Have an honest conversation about what didn’t work during this recent shift to work-from-home and see how to improve your position for next time. If all your IT resources are still on-premises at your office, all your IT eggs are in one basket.

Whether you’re an IT Director, IT Manager, CFO or CEO at a small business, these principles can help focus your attention on the risks that may exist within your information technology. Stay healthy, be smart, and strengthen your IT resources today. Who knows how long this crisis is going to last!

About TechMD

TechMD is an award-winning Managed IT Services Provider that is dedicated to making co-managed IT the most effective partnership for companies with under 500 employees. TechMD is an extension of internal IT departments. Our solution is effective, well-defined, and affordable. It offers both IT staff and business leaders the peace of mind that you have a partner that can help you weather storms like the current coronavirus pandemic.

Check out our reviews on Clutch or contact us today for more information on how TechMD can help eliminate IT risk in your business.

April 13th, 2020|

Does the new CCPA law apply to your business?

What is the California Consumer Privacy Act?



Many California businesses will need to address new compliance and privacy requirements this year due to the California Consumer Privacy Act (CCPA), which went into effect on January 1st, 2020. CCPA established new data privacy rights relating to how businesses handle consumers’ data. Companies that fall under CCPA have a six-month grace period before enforcement actions from the California attorney general begin in July.

Once enforcement begins, penalties being out of compliance are up to $7,500 per intentional violation and up to $2,500 per unintentional violation. Consumers also have the right to pursue individual actions against companies that mishandle their data.

Does CCPA apply to you?

CCPA regulates any company that does business in California (or has customers who live in California) and falls into at least one of the following categories:

  • Earns annual gross revenues over $25 million
  • Receives, buys, sells or shares the personal information of at least 50,000 California consumers
  • Derives at least half of annual revenue from selling the information of California residents

For more details on the CCPA standards, see Microsoft’s FAQ.

How to Prepare for CCPA Enforcement

If CCPA applies to you and your business, you’ll want to start taking steps to ensure you’re compliant now. Here are a few things to keep in mind:

1. Understand the scope of your obligations

First you need to understand what kind of consumer data you are collecting and storing. CCPA defines “personal information” as anything that “identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” This includes things like:

  • Personal identifiers (names, addresses, emails, social security numbers, driver’s license numbers, etc.)
  • Geolocation
  • Biometric information
  • Employment information
  • Educational information
  • Internet or network activity

If you don’t already have a good understanding of what data you’re collecting and how you’re storing it, you’ll want to get a compliance assessment. If you have a Microsoft 365 subscription, you already have access to the Microsoft 365 Compliance Center and the new Compliance Score. These tools will help you assess your current compliance posture and point out areas that require improvement.

2. Develop processes for responding to Data Subject Requests (DSRs)

CCPA gives consumers the right to control how companies use their information, including the right to access, delete, or transfer data. Consumers exercise these rights by submitting Data Subject Requests (DSRs) to companies, and businesses subject to CCPA will be obligated to review and respond to each DSR in a timely manner. The Microsoft 365 Compliance Center can help you streamline the DSR response process and is another reason why we recommend Microsoft.

3. Find and secure sensitive data

Most businesses are not taking steps to secure corporate data, and data breaches are becoming more common every day. Because CCPA imposes penalties for data breaches of consumer information, it’s important to have the right systems in place for securing sensitive data. Tools like Message Encryption, which enables users to encrypt messages going in and out of your organization, and Microsoft Information Protection, which blocks sensitive data from leaving the organization, are a critical part of your compliance stack.

4. Train your employees

CCPA requires all employees who are responsible for the company’s compliance or might find themselves handling requests related to data privacy (opting out, deleting or accessing information, etc) to undergo specific training about how CCPA works and what it requires. This training requirement most likely covers all customer service representatives along with the company’s legal/compliance team. You will want to make sure all employees who are required to undergo CCPA training complete it before enforcement actions begin later this year.

TechMD Can Help

If you have any questions about how CCPA might affect your business, please feel free to reach out to us!

February 11th, 2020|

Tech Talk: How to Develop an IT Strategy for the Coming Year

5 Things to Consider For Your IT Strategy


At this time of year many of our clients are finalizing their budgets and plans for the coming year. Part of our job at TechMD is to help them develop and implement a sound IT strategy that aligns with their business objectives. With that in mind, here are 5 things you should consider while developing your IT strategy for the coming year.

1) Develop a technology mission statement.

Consider how you want technology to support your organization’s goals. The basics like email and file storage are similar in all organizations but what you need to figure out is the unique way you want your technology to impact your specific business. In general, you need to determine where your company is going and how technology can help take you there.

2) Perform a technology SWOT analysis.

This is where you outline your company’s technology related strengths, weaknesses, opportunities and threats. Doing this will help you see areas where technology can help mitigate weakness and threats or provide you with the ability to capitalize on strengths and opportunities. A sober word of caution: just about all organizations should have cybersecurity in their threats column.

3) Review your short- and long-term goals.

Knowing what your organization is working to accomplish will help you think about which technologies are worth investing in and how they can bolster your team to better achieve those goals. The business world is rapidly moving towards cloud technology. If you haven’t considered this already, next year needs to be the year where you consider how the cloud will impact your business. The digital transformation is happening, and your response could make or break your business.

4) Address the training and development needs of your team.

You’ll want to prioritize cybersecurity training for your staff, because they are the number one target for cybercriminals. You’ll also want to consider what new skills need to be learned as you adopt new technologies and how you will educate your employees who utilize those skills.

5) Develop an IT budget.

Many businesses leaders we talk to consider an IT budget an oxymoron; they feel like IT costs are always surprises and investment is always out of control. But with the right focus and team an IT budget can be created and followed. The IT budget should align with your goals and ensure your company can properly invest in the technology you need to run your organization effectively.

The most useful IT budgets are based on a 3-year cycle and provide you with great visibility into the investments required for that time frame. During this process, make sure that you involve your organizations leadership team and stake holders. If you don’t have a C-level IT employee at your company, you may want to look into engaging a company like TechMD or an outside IT consultant to help guide you through the process.

We’d love to help!

If you have any questions about how to build your IT strategy for the coming year, we’d love to help. Please feel free to reach out to us here.

For more information about the cloud and cybersecurity, please check out the links below:

Further Reading

December 16th, 2019|

Tech Talk: 3 Practical Steps To Avoid Getting Hacked

In today’s technology landscape, cybercriminals are now primarily targeting individual users rather than breaking into systems. In today’s Tech Talk, we’ll review three best practices you can implement to protect yourself from cyberattacks, whether at work or home.

    1) Phishing Scams
    Understand how to identify and avoid phishing scams. Phishing occurs when a hacker sends an email that looks like it’s from a legitimate institution or company to trick users into giving up their personal information. They mimic real logos, web addresses, and language from real companies to prompt you into clicking malicious links, downloading harmful files and logging into fake websites. Once you enter your credentials to log in, the criminal on the other end steals your username and password to breach your account. Another common tactic is a CEO scam, where a fake email appears to come from a CEO or top executive asking employees to transfer money to them. To combat scams that invade your inbox, make sure you never click on links or open attachments that look suspicious. If someone asks you to transfer money or sensitive information via email, you should think twice and verify that request with the sender in person or on the phone.
    2) Password Discipline
    A good password strategy is also imperative to being connected online. The media is replete with headlines of data breaches where millions of accounts are compromised. Some of this can be attributed to the mistake of using simple, repeat passwords across different accounts. Thankfully, there are tools like LastPass and Dashlane which can generate complex passwords for your various accounts and house them in one location. Today’s password management isn’t complete without Two-Factor Authentication, or 2FA. 2FA works by creating an extra layer of security by validating login with a text message or app prompt on your smartphone. Implementing 2FA can prevent over 90% of security breaches.
    3) Phone Scams
    Lastly, cybercriminals are targeting smartphones for their attacks. This occurs when a hacker contacts you personally, such as pretending to be from the IRS or a law enforcement agency and will coerce you into paying back taxes or doing a wire transfer. The tactics you’d use against phishing emails should also be used here, so don’t give out sensitive information or send payments in response to unsolicited phone calls.

In conclusion, healthy cybersecurity is built on knowing how to spot phishing emails, improving your password management, and knowing when you’re receiving a call from a scammer. Make sure you follow these three principles to stay safe wherever you are!

October 22nd, 2019|

Cybersecurity Alert: SharePoint Phishing Attack Targets Office 365 Users

New PhishPoint Attack May Be Affecting As Many As 10% of Office 365 Users

Recently we have been seeing a new phishing attack called PhishPoint that is targeting Office 365 customers. In this scam, cybercriminals are inserting malicious links into SharePoint files and then sharing them with potential victims, ultimately allowing them to steal Office 365 user credentials.

This attack is particularly insidious because it bypasses Office 365’s built-in security. Microsoft automatically scans incoming emails for malicious links and attachments, but a link to Microsoft’s own SharePoint Online platform wouldn’t raise any red flags with their system. Because the malicious phishing link is hosted in the SharePoint file rather than the email itself, is goes unnoticed by Microsoft’s email security.

How to Spot A PhishPoint Attack

In a PhishPoint attack, the target will receive an email that looks exactly like the standard SharePoint invitation to collaborate:

an example PhishPoint email

Clicking on the link will automatically open up a SharePoint file. This SharePoint file will contain content that looks like a standard request to access a OneDrive file. However, the link to “Access Document” is actually a malicious URL.

A malicious SharePoint file

Clicking on the SharePoint link to access the document takes the user to a spoofed Office 365 login page. When the victim enters their username and password, their credentials will be recorded and stolen by the hacker.

PhishPoint ultimately leads to a spoofed Office 365 login screen

How Can You Protect Yourself?

Like many phishing attacks, PhishPoint is designed to perfectly imitate aspects of the Office 365 experience in order to lull users into a false sense of security. Here are a few things to keep in mind:

  • PhishPoint emails are unsolicited and usually have a generic subject line like “
    [name] has sent you a OneDrive for Business file”. If you are not expecting a file share from someone in your office, take the time to verify the email’s legitimacy by calling the sender directly or, better yet, talking to them in person.
  • Many PhishPoint emails attempt to manufacture a sense of urgency by including words like ACTION REQUIRED or URGENT in their subject lines. Don’t let the sense of urgency put you in a hurry—take the time to look closely at emails like this before clicking on them.
  • Always check the URL when you receive suspicious links! In PhishPoint’s case, when you finally make it to the login page, you can tell that it is not associated with the Office 365 domain by looking at the address bar in your browser.

To learn more about how to spot phishing attacks, check out this helpful video. As always, make sure you stay alert and think before you click!

August 21st, 2018|

Tech Talk: Five Essential Steps to Protect Yourself from Cybercriminals

Threats and attack vectors from cybercriminals continue to evolve, and businesses need to stay on top of the changing cybersecurity landscape to ensure their critical business and customer data is protected. On this episode of Tech Talks, Sebastian Igreti discusses five essential steps to keep your business safe from cybercriminals.

July 11th, 2017|

What You Need to Know About the WannaCry Breach

WannaCry Ransomware Causes Global Security Breach

You may have seen the news this weekend: cybercriminals released a new strain of ransomware that can automatically spread itself across all computers in a network. It’s been dubbed “WannaCry” and it’s causing a global epidemic. More than 40 hospitals in the UK were shut down over the weekend. Spanish telecommunications firm Telefonica reported 85% of their systems went down because of the cyberattack. And those are just a few of the victims: this monster has infected hundreds of thousands of systems in more than 150 countries.

This piece of malware is particularly dangerous because it only requires one person to make a mistake: if someone opens a phishing email attachment, it will not only infect their computer but will immediately spread to everyone else’s computer on their network.

The WannaCry Ransomware Payment Window

Each infection demands a $300 bitcoin payment to unlock that computer’s files, leading to massive downtime while breached companies attempt to make payments and wait for unlock keys to come back from the cybercriminals.

Steps TechMD Has Taken:

IT Security has always been a top priority at TechMD. We know there’s no silver bullet when it comes to IT Security, so we have invested in the following layers to protect our clients:

  1. Patch Management: we regularly update computers under our management with the latest security patches, and typically we do this work in the middle of the night while our clients are sleeping. Back in March, Microsoft released a patch to protect against the vulnerability exploited by WannaCry, and our team worked around the clock to deploy the update.
  2. Email Filtering: emails sent to our clients are filtered for spam and malware. We block thousands of emails every day from reaching our clients’ inboxes, helping to reduce the threat from these types of attacks.
  3. Antivirus: all the computers under our support have antivirus software that we install and manage. Our team monitors this critical layer of protection and work tirelessly to keep your antivirus software working and updated.
  4. Training and Awareness: individual users are by far the most important security layer in protecting themselves and their organization. Our weekly training videos and cybersecurity email alerts are helping to educate and train our 6,000 end users.
  5. Backup: we know there’s nothing anyone can do to guarantee security, and that’s why it’s critical that our clients have a robust backup strategy. In case all else fails we will use the backups to recover any lost data and reduce downtime.

In addition to these layers, TechMD has developed hundreds of best practices over the past 15 years. We have a team dedicated to deploying and managing these policies that are critical to keeping our clients safe from cyberthreats.

What Should You Do About This?

We have been working behind the scenes to protect your organization from this breach, but we still need your help. Here are a few things you can do to make sure WannaCry doesn’t infect your company network:

  • Remain Cautious with Email Attachments: be very careful when you get an email with an attachment or a link, especially if the email is unexpected. Opening attachments can immediately infect your computer, and following malicious links can give cybercriminals access to your computer and data. Remember: “When in doubt, throw it out!”
  • Don’t Wait, Alert TechMD: if you think you have been infected, or if you accidentally opened a suspicious-looking attachment in an email, don’t wait! Let us know ASAP by calling 888-883-2463.

For a quick refresher on how phishing attacks work and how to avoid them, check out this One-Minute Wednesday episode:

 


How Can You Protect Yourself at Home?

Although we only support the computers at your office, we want to share some steps you should take to make sure your personal computers are protected:

  • Patch Your Computer: the vulnerability exploited by WannaCry does not exist in Windows 10 however, the vulnerability is present in all prior versions. If you haven’t already done so, make sure your computer is patched with the latest security updates. Please refer to this article from Microsoft for more information.
  • Check Your Antivirus: check to make sure your antivirus software is working and fully updated. If you don’t have an antivirus on your home computer, here’s an overview of the top 2017 antiviruses.

All Quiet at TechMD

Although it’s too early to spike the football, as of today TechMD has had zero reported infections across the 6,000 workstations we manage. Our goal is to make sure your technology is seamless so you can stay focused on your day. That means we’ve made security a top priority, and we will continue working around the clock to respond to the ever-changing threats posed by cybercriminals. All that’s to say: don’t worry, we’ve got your back!

Have a productive week, and thank you for partnering with TechMD!

May 15th, 2017|