The Benefits of Office 365 Services

2019-08-14/in IT Best Practices /by Ryan McNeal

If you’re thinking about migrating your organization’s productivity platform to the cloud, there’s no better option in today’s marketplace than Office 365. In this post, we’ll explore a few of the benefits that businesses are enjoying by transitioning to Office 365, so you can decide if the platform may be a good fit for your team’s needs.

Device Agnostic

Although developed and hosted by Microsoft, Office 365 is compatible with any of the devices your team already uses. That includes PC, Mac, iOS, and Android devices. No matter which devices they prefer using, your team will be able to create, edit, and share critical documents and data in real time. At the same time, because you don’t have to download anything, they’ll be able to access files from any device with a network connection.

A Professional Toolkit

Office 365 empowers the Microsoft productivity applications your team likely already uses, including Word, PowerPoint, Outlook, and Excel, with cloud capabilities. By integrating these productivity tools with the latest collaboration features, such as team chat and video conferencing, you can give your team a professional toolkit to prepare for the challenges of tomorrow. With robust Office 365 functionality, every member of your team will be able to prioritize collaboration with co-workers while taking client engagement to the next level.

Real-Time Collaboration

If your organization has struggled with tracking document revisions and versions in the past, Office 365 makes it easy to keep everyone on the same page. Because files are stored and shared online, your team can share them with anyone and set specific permissions for document editing and viewing. Any changes made to documents are updated in real time, so you don’t have to worry about employees working with outdated or inaccurate information.

Straightforward Setup

If the thought of the downtime that comes with transitioning to a new technology platform has prevented you from making an upgrade, the migration tools offered by Office 365 give you a reason to rethink that. Microsoft makes it easy to transition your existing servers and devices to the Office 365 platform and minimize downtime. Depending on the scale of your operation, your team can migrate services to Office 365 in a matter of days.

Intuitive Management

Office 365 gives you a centralized, intuitive admin center to manage all your services from one place. That means you can quickly scale your services as your organization’s needs evolve. Because Microsoft oversees updates and upgrades, you take a hands-off approach with the confidence that your services remain up-to-date while maximizing performance.

The Office 365 Migration Experts

If you’re interested in exploring the possibilities of Office 365 for your organization, get in touch with the experts at PCR Business Systems today. We’ll work with you to clarify your technology goals, understand your team’s workflows, and help you decide if Office 365 is a good fit for your needs. From there, we can make the Office 365 migration experience as seamless as possible, so your team can access the tools they need to succeed with minimal downtime for your business.

Best Outdoor Apps for Kids this Summer

2019-06-28/in best apps, IT Best Practices, kids apps, technology and kids /by PCR Business Systems

As parents, limiting a child’s screen time can be a difficult task (to say the least). Despite our best intentions most of us have given into a tantrum by turning on cartoons, or allowed a few extra minutes of video game play to keep a son or daughter occupied while we hop on that important call.

While it’s perfectly fine to use technology as a diversion tactic from time to time, it’s important to remember that technology can also provide wonderful learning opportunities for our little ones. But it’s up to us to find a balance between a child’s screen time and time spent socializing with other kids or spending quality family time outside.

This is especially important in the summer months when our children get a break from online research and homework assignments that will put them in front of a computer for many hours during the school year. In addition, during summer we get to take advantage of warmer weather (let’s just hope the rain doesn’t come back) and all of the wonderful recreational opportunities we have in our backyards.

So how can we ween our children off of screens this summer while still using technology for good? Well, how about a compromise? There are several apps that let us combine technology, science and the great outdoors. Below is a list of five of our favorite apps that promote positive learning and family together time outside of the house and classroom.

SkyView : Have you ever looked up at the stars and wondered what exactly you were looking at? Is it a planet or a star? What constellation is that? Simply point your phone at the stars and the SkyView app will tell you what you’re seeing. This is a great app for kids and adults as you explore together what’s out there in our solar system.

Meet the Insects- Forest Edition: We are fortunate to be surrounded by miles of forests and park systems, including the Cuyahoga Valley National Park which is the only National Park in the state of Ohio. This educational app is full of photos, videos and descriptions of the various insects you may encounter during a hike or picnic. Plus there’s an observation journal and quizzes. This is a great resource for making those creepy crawlers seem not so creepy.

Geocaching: Who doesn’t love a good treasure hunt? The Geocaching app syncs with geocaching.com and let’s you go on scavenger hunts using your smartphones. Note that geocaching should only be done when adults are present as caches may be stored in rough terrain or off-the-beaten-path. But that’s just another reason this is a great activity for the whole family to do together.

Audobon Birds : It’s amazing how aware children are of their surroundings and natural world- especially when it comes to birds. The Audobon app lets you identify and keep track of the various bird species you see flying around your yard or park. It also lets you explore nearby hotspots where you may be able to catch a glimpse of a rare species!

Strava: While this isn’t an app for kids, it is a great tool for us adults to log our exercises. As parents, we are often the reason our kids don’t get outside enough. If we aren’t active, how can we expect our kids to be? Set a goal to log a certain amount of time each week to either hike with a child in a backpack, ride bikes, or simply walk around the neighborhood. By setting your our fitness goals, you’ll be able to spend more quality and healthy time outdoors with your children.

What are your favorite apps for getting kids outside this summer?

What We Can Learn From One Of The Largest Cyberattacks In History.

2019-06-03/in cyber security, IT Best Practices, Small Business Resources /by PCR Business Systems

It started with a single computer—one of tens of thousands from over 130 countries that were connected to the Maersk Network. It ended with the Danish shipping giant losing an estimated $300 million in a matter of days.

In the summer of 2017, in an office in Odessa, Ukraine, a port city on the Black Sea, a Maersk executive asked a member of his IT team to install the accounting software M.E.Doc (Ukraine’s version of TurboTax) on his office computer. Within seconds, NotPetya, one of the most costly and crippling cyberattacks in history began its reign of terror over Maersk—instantly turning computer screens black and completely shutting down the company’s network.

As the chaos quickly escalated, Maersk operations were halted throughout the world. Ships went dead in the water and tons of precious cargo (much of which was perishable) was stuck in shipping containers with nowhere to go.

But Maersk was only one of a number of companies and individuals who were devastated by the Russian-developed malware that was initially created to be used as a cyber weapon against Ukraine. Pharmaceutical giant Merck was believed to lose over $800 million, FedEx $400 million, and parts of Ukraine went weeks without power, food, or a working infrastructure—all as a result of NotPetya.

So what went so terribly wrong, and could companies have been able to prevent the NotPetya attack from occurring in the first place? To find an answer we must look at how NotPetya operated and how it was able to infiltrate computers in the first place.

It all began when Russian hackers hijacked the servers of a Ukrainian software firm that was in charge of providing updates for the M.E.Doc program. Going unnoticed, the hackers gained access into the update servers and thus also into the backdoors of all computers that had M.E.Doc installed. Once the malware was released, it was able to pull passwords and hack into other machines and applications using those same credentials, as well as spread throughout any company computer connected on a multi-network server. Once NotPetya infiltrated an operating system there was nothing the user could do. NotPetya was designed for one purpose only—to destroy everything in its path.

But what could Maersk and others have done to prevent the attack, and what can we do to protect ourselves from becoming victims of cybercrimes?

1- Multi-Factor Authentication: By now you should be familiar with and using Multi-factor authentication on all your connected devices. If you are not, Multi-factor authentication simply means that you must present multiple credentials (in addition to just a single password) in order to gain access to a machine, account, transaction, application, etc.

By requiring all users to provide Multi-factor authentication you help safeguard your business against the leading cause of data security breaches- stolen credentials. In the case of Maersk, if employees were using Multi-factor authentication, NotPetya would likely not have been able to simply use passwords stored in each computer’s RAM to spread to other applications and computers.

Multi-factor authentication may seem like a time-consuming step, but trust us, a few seconds of added security could be the difference between being protected and becoming a victim. Just ask the executives at Maersk.

2. Timely updates, patches & upgrades: It is believed that many Maersk computers were still operating obsolete system software at the time of the cyberattack. A common misconception is that with how rapidly technology is changing you don’t need the “latest and greatest” software. As far as network security goes, this is a huge mistake.

As we wrote about in our piece “End of the Road for Windows 7 and Windows Server 2008 and 2008 R2,” once a software manufacturer ends support it doesn’t just mean you don’t have anyone to call if you run into a problem. You are also no longer provided with regular security updates or patches, leaving your IT vulnerable and unprotected.

Because Maersk was using an outdated operating system on some of their machines, those machines were never updated with the necessary security patches that could have protected them from NotPetya.

It is imperative that you stay up-to-date with all of your software and program updates, not just with your operating system patches. Once a critical piece of your network loses support–whether it be Windows or any other application vital to your business–you must upgrade. There is no other choice.

3. Employee Best Practices: It’s extremely important to provide your staff with user-awareness training to mitigate the risk of a member of your team accidentally providing hackers with a backdoor into your system. Know your risks and review your security practices at least once a year to remind employees on what they need to be doing. Schedule periodic reviews of accounts, permissions and don’t allow access if it is not needed.

In addition, one of the key data breach vulnerabilities we come across is when companies allow users admin rights. Do not allow admin access where it is not absolutely necessary. With Maersk, all it took was a single employee in the finance department at one of Maersk’s hundreds of offices asking to download the M.E.Doc software. You must have the proper restrictions in place to prevent your employees from downloading software to their work computers that is not essential to your business and has not been reviewed by a credible IT firm or IT administrator.

Read more about Data Security Best Practices here.

4. Trusted IT Provider: There has been an increasing and alarming trend in which cyber criminals are shifting their focus away from individual companies and going after their IT Providers. The reason? IT Service firms hold the keys to the castle. In other words, they have access to your company’s and your client’s most sensitive data. This is a dangerous combination if your IT Firm or in-house IT team doesn’t have the ability or knowledge to provide your business with the level of service and security you require.

Less than two months ago, Wipro, one of the largest information technology providers in the world was hacked. After being hacked Wipro’s systems were then used to target at least a dozen of their clients!

You need to have a conversation with your IT Service Provider or IT manager to make sure they are not your weakest link when it comes to cyber security. Ask them questions like: are you truly maintaining critical security updates for your IT systems? Are my backups configured properly to keep downtime to a minimum? Do you have the resources to keep up with the growing IT demands of my business?

Keep in mind, the IT industry is highly unregulated. You must do your homework before hiring an outside IT firm or in-house IT manager.

5. Don’t think it can’t happen to you: The story of Maersk and NotPetya should serve as a reminder that all it takes is one corrupt file or program to allow hackers access to your network and to possibly bring down your entire company–no matter how large or small your business is. Don’t think for one moment that you are not a target because of the industry your work in or the size of your payroll.

Furthermore, one of the scariest things about NotPetya is the intent behind the attack, and the growing trend of cyber-warfare and cyber-terrorism– where the goal isn’t to collect a ransom or steal data or blueprints on product design, but to simply destroy. It doesn’t matter who you are or what you do. We are all targets. We all must fight to stay ahead of hackers and keep from becoming victims.

In business since 2004, PCR Business Systems is the leading IT Service Provider in Northeast Ohio- and one of (if not the only) to be SOC 2 certified. That means we have been audited to ensure that we provide the highest level of service and security for our clients.

The Wild West of IT Services

2019-05-14/in IT Best Practices, Small Business Resources /by PCR Business Systems

In 1878, William Bonney, aka “Billy the Kid,” along with a posse of gun-toting outlaws known as the “Regulators,” wreaked havoc in New Mexico as they fought for control of dry goods and cattle interests in Lincoln County. You may be familiar with the gang and their story from the movie Young Guns (and from the Warren G and Nate Dogg song, of course).

Many words come to mind when we think about the Old West and the era Young Guns depicted including lawless, wild, and dangerous. The gang took the name “Regulators” because they believed the lawmen in their county were corrupt. Despite their violent behavior they considered themselves “good guys” and sought to regulate the cattle monopoly and make sure justice was served.

Today, there are regulators in just about every industry we work with. None of them carry around side-arms or ride into our client’s offices on horseback, but they do instill fear with threats of legal actions and heavy fines if companies aren’t compliant.

Our clients are governed by laws and regulations such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA); the Payment Card Industry Data Security Standard (PCI DSS), and the Federal Information Security Management Act (FISMA), just to name a few.

But strangely, the one industry we are most familiar (and the one in which we work) is the one that isn’t regulated at all—Information Technology Services, or IT Support.

There are no regulations or regulators in the IT Industry. IT service providers are not governed by compliance laws. It’s almost as if the IT industry is its own Wild West. For fly-by-night companies, having little or no regulations is a wonderful thing. Any kid with a laptop can create a website and offer IT Services for Akron businesses. There’s no one looking over their shoulder to see what they’re doing with your passwords or client’s most sensitive information.

For businesses, this is a terrifying proposition. For all you know your remote IT guy is eating Cheetos and playing video games while he claims to be monitoring your network. There is really no way of knowing for sure.

Who’s watching over your IT service provider?

So what can you do to make sure you hire the right IT Provider?

1-Make sure you only work with an established company who has earned the trust of their clients over the years. PCR has been in business since 2004 and has partnered with over a hundred Akron area businesses during that time.

2-Have a conversation with your IT Service Provider. Can they answer the following questions?

Are they truly maintaining critical security updates for your IT systems? Have you outgrown their ability to adequately support you?
Are your IT systems truly secured from hackers, viruses and rogue employees?
Are your backups configured properly to ensure that you could be back up and running again fast in a disaster?
Are you unknowingly exposing your company to expensive fines and litigation under Ohio data breach laws?
Does your cybersecurity program conform to the new Ohio Data Protection Act.

3-***MAKE SURE THEY ARE SOC 2 CERTIFIED*** PCR Business Systems made the choice to get SOC 2 audited in order to give our clients peace of mind.

We are one of—if not the only— IT Service Provider in Northeast Ohio to be SOC 2 audited. That means we’ve spent the time and money to ensure what we promise to our clients—both in terms of the privacy and data protection protocols we follow, as well as the services we offer—is exactly what we deliver.

For more information schedule a FREE IT Discussion with me.

Pat Carroll

President, PCR Business Systems

Email me Directly

Ohio’s Data Protection Act: What you need to know

2019-04-04/in IT Best Practices, Small Business Resources /by PCR Business Systems

We’ve written a lot about cybersecurity and why it’s so important to protect your customer’s sensitive data from cyber-attacks. We don’t write these articles with the intent to scare you, or to try and get you to purchase software you don’t need or implement data security plans that don’t match the scale of your business.

The goal of these articles is to help you prepare and defend your business against these attacks.

The Ohio Data Protection Act

If you still haven’t taken the necessary steps to protect your data, maybe Ohio’s new Data Protection Act (DPA) will offer the additional (legal) motivation you need. The DPA “provides a safe harbor against data breach lawsuits for businesses that implement and maintain cybersecurity programs that meet certain industry-recognized standards.”

What does this mean? In its simplest form, if your business implements and maintains an effective cybersecurity program, as outlined by the DPA, you may receive special protection from litigation in the event of a security incident or breach.

Why is this important to my business? Some cyber-attacks may be unavoidable. However, if your cybersecurity “reasonably conforms” to the Ohio Data Protection Act standards it can protect your business against lawsuits from customers (and other companies) whose private data was accessed by unauthorized third parties.

What are the DPA standards? To take advantage of the safe harbor provision, your cybersecurity program must:

Protect the security and confidentiality of personal information
Protect against any anticipated threats or hazards to the security of that information
Protect against unauthorized access to that information

In addition, the DPA recognizes there is no one size fits all approach to data security, and a small mom and pop craft store, for example, should not have to meet the same level of cybersecurity as a bank which is responsible tons of highly sensitive data. Thus, the DPA says that an effective program takes into account:

The size (and complexity) of the business
The nature of the business and its activities
The sensitivity of the information that needs to be protected
How expensive it is and the tools available to improve security and protect against attacks
Business resources available

Finally, your business must reasonably conform to one of eight cybersecurity frameworks:

NIST
HIPAA or HITECH
FedRAMP
GLBA
CIS Controls
FISMA
ISO 27000 Family
PCI DSS

What’s the next step for my business? Implement a cybersecurity program immediately!

We can’t stress this enough. Cyber-attacks destroy businesses every day. A proper cybersecurity program not only can prevent these attacks from happening, but in the rare event attackers still find a way past your security, you can be protected from lawsuits that can bankrupt your business.

If you or your IT department are familiar with the above frameworks, great! Get started implementing your plan today.

If you need any help creating your cybersecurity plan, or simply want more information on the new Data Protection Act, please give me a call directly at 330.572.7575, or email me at pat@pcrbusinesssystems.com.

I’ll be happy to answer any questions you may have, or we can schedule a Free IT Discussion to chat about you current cybersecurity program to see if it meets the DPA standards.

Pat Carroll

President, PCR Business Systems

What To Look For In A Cybersecurity Training Program

2019-03-19/in IT Best Practices /by ktodd

Today’s society is dominated by virtual technology. Information technology ultimately dictates the way that most businesses operate. To succeed in the current business world, organizations must have the support from the right hardware and software. A high-quality IT infrastructure is almost a surefire way to maintain a competitive edge. For many businesses, it is the backbone of their entire operation. An IT system is comprised of an arsenal of tools like phone systems, desktop PCs, laptops and other mobile devices, along with cloud-based platforms to keep your data secure.

If you are a business owner, you need to take a proactive approach to protect your intellectual property, because this is a critical way to keep your workforce safe. Firewall systems, disaster recovery, and data backup plans are all great sources of security, but they can only do so much. This is why it’s important to educate all staff members about lingering cyber threats such as ransomware, phishing scams, and unpatched software systems. Cybersecurity awareness training is a great way to teach your employees how to defend against these treacherous dangers. Fortunately, there are many online security awareness training programs that make it easier to do this.

Over the years, PCR Business Solutions has engineered cyber training platforms to help businesses successfully mitigate handfuls of cyber risks like data breaches and malware invasions. Our comprehensive curriculum is full of useful training content that effectively covers each of these critical areas:

Data Management

We emphasize the nature of data security and the responsibilities that each employee has in order to protect the network. Administrators and leaders may have more capabilities granted, but all staff members will have the same obligation to respect and protect the equipment.

Passwords Protection

One of the most important aspects of cybersecurity is password protection. It’s important for employees to select strong, cryptic passwords. This means that they cannot be easily guessed or remembered by others. Passwords should be updated after an extended length of time to make sure your company sends periodic reminders when it’s time to change this login credential.

Email Use

Data theft often stems from irresponsible email use. Make sure that your employees are trained to recognize email scams. Your training program needs to educate people on phishing scams, virus threats, and other email dangers. Make sure that the training program is adjusted with the latest safety practices.

Unauthorized Software

Unlicensed software should not be installed on any company computer. This needs to be addressed in company training. If an employee downloads unauthorized software, then your company may be susceptible to malicious attacks that can further corrupt your business model.

Social Media Policies

Social media should be limited to a minimum use at most. If your employee spends an extended amount of time of social media while on the job, then this can hinder their performance. Make sure this is addressed in the training program. Also, include policies that pertain to the use of any company-sponsored social media engines.

Mobile Device Policies

Employees pose a bigger risk of enduring security breaches when they access networks through their own mobile devices. The training program must effectively communicate the details of a company’s mobile device policy. If there is a bring your own device policy in place, then this is a must needed topic to cover.

The Anatomy of Cyber Attacks

Cyber attacks can strike networks from any angle at practically any point in time. You need to break down the anatomy of certain cyber dangers and discover the reason for the attack. Some might call this hacking forensics. This can help teach you how to discover vulnerabilities in your network so you know how to act when threats are discovered on the horizon.

Computer Protection Methods

There are copious amounts of protection strategies that will keep your computer safeguarded from external hazards. Train your employees to lock their computers when they are not in use. Additionally, you need to promote routine backups and storage security. Encourage your employees to also continually update the virus protection software that’s stored on their computers.

How PCR Can Help

The experienced team at PCR Business system can help audit your current IT infrastructure and identify the areas in need of improvement. Once we have patched your network, we will continue to monitor for cyber threats and work with your team to develop policies that your team can follow to be more secure. We will also create a plan for recovery in case a cyberattack is ever carried out. Contact us today to learn more about how we can help!