SpireTech Blog - Author: SpireTech
When starting a small business, there are a lot of things to think about. IT is often one of the last things on a small business owner’s mind, but it is one of the most important aspects of any business, especially in today’s digital landscape.
At SpireTech, we believe that every small business should have a comprehensive IT checklist to ensure that their business is running smoothly and efficiently.
We’ve put together a list of the 10 best SMB IT practices to help you get started. These will be areas of IT development, maintenance, and support that you should focus on in order to create a strong IT foundation for your business.
Today’s workstations have improved capabilities in terms of processing, graphics, and storage. Simultaneously, they’ve gotten significantly smaller, portable, stylish, and inexpensive over the years.
Considering all these benefits, it should come as little surprise that small- to mid-sized businesses are starting to consider workstations as an alternative to the consumer PCs they’ve traditionally favored. Read more...
Digital nomads and really remote workers have probably heard of Starlink – SpaceX’s satellite-based internet connectivity service. Designed as a high-speed connectivity option where no other wired or cellular options exist, Starlink is a good choice for people who have no other option for internet connectivity.
Service portability is a new feature rolled out this week that allows customers to move their dish to a new location (other than your home location) within the same continent for an extra $25/mo. For US workers, that means Canada and Mexico coverage areas are currently included.
Sorry Alaskans – nothing available that far north yet. Starlink plans to eventually have worldwide coverage. If you’ve ever traveled and tried to use cellular service to maintain internet connectivity, and run into data caps, speed issues, or no-service situations, you might be glad to fork over the extra money for this service.
It doesn’t come cheap though – Starlink’s service starts at $110/mo, and the portability option raises the fee to $135/mo – far more expensive than cellular. Read more...
We’re starting to hear from clients and insurance brokers that cyber insurance costs are on the rise, in some cases up to 200%. Of course, this comes with insurers cracking down on IT controls – making sure their insureds are operating as securely as possible.
Clients can expect increased scrutiny over their application or renewal. The length of the questionnaires vary greatly, but at a minimum, insurers will ask about and want to see the following things in place:
- Multi-factor authentication across all systems and accounts including email, remote access, vendor access, VPN’s, SAAS/cloud applications, etc.
- An enterprise-grade endpoint protection solution (antivirus and malware).
- Employee security awareness training, including phishing training.
- Email spam and phish filtering software.
- No end-of-life software.
- Closed remote access ports, including remote desktop protocol (RDP).
- Security patches applied in a timely manner.
- Offsite, tested, and monitored backups that are not accessible from your network.
Clients that implement all security best practices and tools will likely face lower Cyber insurance costs, easier renewals, and enjoy the benefits of increased security. Read more...
Let’s start by describing what an app registration is: An app registration happens when you allow an external program to integrate with your Microsoft 365 tenant. A common example might be allowing a scheduling tool like Calendly to access your companies’ calendars stored in M365.
What we are noticing more of is the requirement for mobile phones to require an app registration to be able to access company email if the employee is not using the mobile Microsoft Outlook app (eg, when using the mobile phone’s built in mail client).
It is also possible for these permissions remain after the application is no longer needed or in use. Because app registrations are persistent, they may present a security risk long after the permissions have been forgotten about.
Examples of things we’ve seen include: Zoom, Samsung email, Apple Business Manager, Quickbooks desktop (for email), Zapier, Smartsheet, Addevent, Calendly, Atlassian, LinkedIn, Polly, Doodle, and so on. Read more...
An interesting development came to light recently wherein the FBI intervened on behalf of people who had not updated their watchguard firewalls and had gotten hacked by Russian threat actors. In a clandestine takedown operation cloaked by a federal warrant, FBI agents remotely accessed infected WatchGuard firewalls, hacked in, kicked out the intruders, and closed the vulnerability.
Watchguard firewalls are used by some businesses to protect their networks. Although the vulnerability had been addressed in May of 2021, as recently as February of 2022 some people still hadn’t updated.
The botnet infecting the firewalls was dubbed “cyclops blink” and was controlled by the Kremlin, according to an advisory jointly issued by the UK’s National Cyber Security Centre (NCSC), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI).
SpireTech VIP Support Managed IT Service provider clients receive regular firewall updates, and emergency firewall updates when needed. Read more...
We’d like to take this opportunity to remind clients about the price increases to all Microsoft 365 packages on a monthly term and commitment effective July 1, 2022.
We wrote about this in our February blog post, please refer to that article for further explanation and information.
By now we hope that our clients understand that IT security is never “done”. It is a constantly evolving and maturing process involving additional tools, training, and knowledge. This image shows the journey many clients are on with us to improve and mature the security posture of your organizations. Some of you fall in different places on this journey – do you know where your company sits?
As mentioned in the previous article, we are now including Huntress threat hunting in our VIPSupport managed services packages. We are referring to the current iteration of our managed services plan as “version 3.5” or “v3.5”. We encourage all clients to be on at least v3.5 or better for security purposes.
This is an evolutionary journey, and some clients are hesitant to increase expense to further limit risk by implementing additional security services. Limiting the “included” security features, while we feel it is important, helps keep the base price affordable for cost-sensitive clients. Read more...
Moving forward in 2022 SpireTech VIPSupport managed services package renewals will have Huntress included in the base package.
Huntress is specialized Managed Detection and response software backed by humans that looks for persistent footholds, backdoors, and other sorts of malware that anti-virus technology misses. When we tested huntress on over 1000 computers, we found that 2% of those systems contained things that conventional anti-virus software missed, the most common problem was banking trojans – lying in wait to steal bank passwords.
Each threat detected gets analyzed by their ThreatOps team, a remediation plan is developed, and put into action – usually without needing any disruption of the person working. If ransomware is detected, Huntress will isolate the system from the internet and network to prevent spread.
Small and midsize businesses (SMBs) represent the majority of the market, but they often face unique challenges in the deployment of IT services.
Finding practical solutions for problems ranging from information security and data privacy to remote support and the development of integration technologies can be problematic due to a constrained market share and a lower pool of resources. This limitation means that investments into IT infrastructure are vital for SMBs.
As businesses increasingly rely on cloud-based and SaaS services, system complexity can increase dramatically, creating inefficiencies and increased operational costs. Lapses in operational performance can result from management bottlenecks, redundant processes, and improperly integrated systems. The increased efficiencies offered by distributed systems don’t solve every problem, and SMBs need expert management of systems to compete effectively.
What Is IT Infrastructure?
IT infrastructure involves the use of various IT tools, components, and strategies to ensure the delivery of services within an organization. Read more...
Multiple cyber news sources and email protection vendors have warned of increased phish and spearphishing activity coming from Russian hackers since the attack on Ukraine.
The strategies are largely the same as in the past: using phish emails or social networking with the intent of harvesting your credentials. However, the volume of the attacks has increased. Extra vigilance is encouraged at this time, because there is concern the methods employed will become more sophisticated or convincing.
SpireTech offers a security awareness training program for your employees – including micro trainings, “autophish” automated phish testing, employee secure score, dark web monitoring, and more. This program can also help meet certain cyber insurance employee awareness requirements. Please let us know if you are interested in learning more about strengthening your employee security posture.