In our last Blog we discussed what MFA was, along with its importance in keeping your data/online information secure.  In this Blog we will be discussing MFA in Microsoft 365 specifically.

Multi Factor Authentication is part of the Microsoft 365 Business and Office Plans.  This includes all online Microsoft 365 applications, along with OneDrive and Outlook – these applications are protection enabled via MFA.

Microsoft 365 offers MFA protection via features including the Microsoft Authenticator application (which download directly to your smartphone), Phone Call MFA, SMS MFA, App passwords for individuals in situations with devices and/or applications that don’t support MFA, and Remember MFA for trusted devices.  These authentication preferences can be set based on the organizations or individual’s preferences or particular situation. Keep in mind however, that in this scenario ONLY Microsoft 365 applications are MFA protected, while things like generally logging onto your computer are not protected via Microsoft 365’s MFA.  If you’re unsure of which plan you have or have questions on your plan, or questions in general, please don’t hesitate to contact your UniVista Account Manager.

When MFA is rolled out within your organization it’s important to notify your users well ahead of time to set up expectations, minimize confusion and ward off potential problems. After your administrator launches Microsoft 365’s MFA feature, upon the users next login they will be met with a screen that informs them that additional security measures are required. So, ensure you’ve informed your users upfront with a clear guide of steps they need to take.

Remember, you can always call your UniVista Account Manager with any questions!

A quick rundown introducing your users to Multi Factor Authentication feature in Office 365 is as simple as following the following instructions:

Sign into your Microsoft Account & Enter Your Password. When the screen pops up asking for a secondary factor for your account, enter next and follow the onscreen instructions using the Microsoft Mobile App on your smartphone (if you haven’t downloaded the app, do so prior to beginning the process).  A QR Code will appear on your computer screen, and you will be asked to scan it with your smartphone.  After the QR Code is finished processing, your new account will be added, which will prompt a verification code to be sent to your phone.  Enter the verification code and all that remains is adding and entering your phone number into the account in the event you lose access to your mobile app.  You can view a video of the process on this link: https://youtu.be/uWbkLuI4g30

Take advantage of the fact that Office 365 already comes with Multi Factor Authentication, there is no reason not to use it and numerous reasons why your organization would benefit from this additional layer of security within your IT environment.  The MFA setup in Office 365 is accomplished in a relatively short amount of time and, once they’re used to it, the user impact is minimal.

Again, if you have any questions or concerns about deploying Microsoft 365’s multi factor authentication for your organization, or questions on MFA in general, please do not hesitate to contact your UniVista Account Manager.

 

Look for our January Blogs featuring an introduction to UniVista’s Standards Alignment Specialist.

 

Multi-factor Authentication (MFA) is a security tool that requires 2 or more pieces of evidence – or “AUTHENTICATION” – to prove or identify a user’s identity.  MFA has become increasingly popular throughout a variety of devices, programs, applications, transactions, and systems.  You most likely have run into it with mobile banking or access to certain websites that require advanced security.  While for some, this extra step may seem annoying, needlessly time consuming or unnecessary, it is a critical component of a company’s and individuals online security.

MFA requirements can be controlled based on the security level required for a particular device application, transaction, or situation.  For high level situations, like financial transactions, a higher level of user authentication is typically preferred.  While a less critical or lower-level situation, like logging into a gaming App, may only require a lower level of user authentication. 

Traditional usernames and passcodes unfortunately can easily be compromised and are highly vulnerable to cyberattacks. It is likely that in the past one or more of an individuals or organizations passcode(s) have become compromised.  The premise behind MFA is that, while one source of identity authentication may become compromised, the likelihood of two or more independent forms of identification becoming compromised, is significantly much lower.  For individuals and consumers, MFA prevents unauthorized users in possession of an ill-gotten passcode and basic personal information (e.g. mother’s maiden name, etc.), from accessing accounts and information. For example: blocking individuals from accessing email, social media accounts or banking information.  For organizations, MFA helps to protect against unauthorized individuals, like former employees or cybercriminals, from accessing sensitive files.

Basic forms of MFA may include requiring an answer to a predetermined security question, or identifying a phrase or an image, in conjunction with a username and passcode to logon.  Stronger forms of MFA may require a passcode sent via an email, phone call, or text message be sent to a user with a one-time-use code to access the site, application, or information desired. Larger companies like Google and Microsoft have free applications that can manage multiple MFA accounts. In some cases, even biometrics (fingerprint or facial recognition) is utilized. Again, MFA and the level of security can be scaled up or down depending on the device, type of information, or nature of the access desired or required by an organization.

If you have any questions regarding Multi-factor Authentication, please contact your UniVista Account Rep or email [email protected]

Look for our upcoming Blog on Multi-factor Authentication and how it works in MS 365.

Business Continuity Plan – Implementing and Testing

Now that you’ve reviewed your infrastructure’s Business Continuity requirements, you’ve also discussed your needs with your UniVista Account Manager and you’ve allocated your budget accordingly, it’s time to implement and test the plan.

The Scenario: Systems are down.  Now what?

Documentation…

A key part to implementing and maintaining a Business Continuity Plan is documenting it.  Provide a Master Plan or User’s Manual for when the inevitable strikes your organization.  This will allow various members of your team to know how to proceed with the recovery.  Create a comprehensive, easy to understand and, most importantly, easy to follow document.  At a high level, you want your document to cover: Who, What, When, Where, Why & How.

WHO: Who will implement the plan? Identify your Recovery Team(s).

WHAT: What are your business’ Critical Functions. What infrastructure or service are they running on?

WHEN: When do you implement your recovery plan? How quickly after a loss is identified, do initiate the Disaster Recovery plan?

WHERE: Where does recovery happen and how do you connect to it? All your company’s efforts will be for nothing if no one can locate or access the recovery infrastructure!

WHY: Why are you initiating your Disaster Recovery plan? What acceptable loss factor has triggered the disaster flag?

Additionally, you will also need to identify how to access your plan in the event of a total loss of your data and email storage.  For example, in the event of a fire or flood, keep multiple copies of your Business Continuity Plan printed with key employees or stored online in Microsoft SharePoint.

Periodic Reviews…

Keep your plan up to date.  Schedule periodic reviews, both internally and with your UniVista Account Manager to ensure your plan remains viable and will work when you need it to.  There’s nothing worse than trying to recover from a scenario with a poorly implemented or outdated plan.

Nothing is worse than an “unwelcome surprise.” Schedule periodic reviews to ensure your Business Continuity Plan is still relevant. Run “fire drills” to be ready for anything!

Testing and why “Fire Drills” are important…
Your organization’s plan is documented, you have implemented backup solutions, now you must test your Disaster Recovery plan – essentially, run your “fire drill.” These “fire drills” are important to determine if you’ve covered everything and will help to identify where you may have weaknesses. Your initial Disaster Recovery test may uncover gaps in your plan which require attention. Work towards resolving those gaps, but more importantly: schedule your next test. Determine whether you’ll be testing quarterly, biennially, or annually.  If you need help determining how often to run your test, please feel free to consult with your UniVista Account Manager.

Evaluate your testing experience…
Regularly testing your plan keeps you, along with key members of your team, familiar and ready for when disaster strikes. However, you will also need to review and evaluate the recovery plan on a recurring basis. Evaluate and review these questions; Is your list of Critical Functions up to date? Is their hierarchy of importance weighted the same as when the plan was initially documented? Have you added, removed, or changed a service or team that needs to be reflected in the plan?

Moving forward with a plan…
Now that we’ve discussed key elements of implementing and testing your Business Continuity and Disaster Recovery Plan, what questions do you have? Are you able to understand the process, but aren’t sure how to get started? Are you unsure if your business has an additional compliance element that requires a Disaster Recovery plan? Do you have an old Disaster Recovery plan that needs revisiting? Let your UniVista Account Manager know. We can answer questions and create a project that fits your specific disaster recovery needs.

The Time to get Started is Now!

Following your Business Continuity Plan Assessment, naturally comes planning and implementation.  This is where the hard work begins. “This COVID economy has made money tight and my staff is already too busy”, you say. We understand your situation all to well. Human nature often causes us to put things off that we know we should deal with. Unfortunately, every now and then, that thing that we keep putting off becomes a situation we need to deal with NOW. When this invariably and eventually happens to your organization, your customers suffer because your business can no longer support or supply something they need. This exact scenario is why having a Business Continuity Plan is so critical. Don’t make the mistake of trying to put off implementing a plan due to current costs. The sooner you get starter the better and safer it will be – for you, your employees and your customers.

Luckily, getting a business continuity plan together is as easy as calling your UniVista Account Manager. Our project team will manage the entire continuity process for you, leaving you free to focus on your customers.

Technology Lead Times.

Often, your business continuity plan will require additional products to protect your current infrastructure. As a result of the current COVID-19 pandemic, the technology supply chain has become unpredictable, to say the least.  Lead times for technology products, even trivial products, frankly, are getting longer and trickier. Rest assured, our team is great at assessing and managing these lead times for you.

A good portion of technology is manufactured in countries like China, Mexico and India.  Unfortunately, not only has a great deal of their manufacturing either slowed or stalled, shipping times have increased, as well.  This means, without proper planning, replacing a critical system may take weeks and not days. When we create or revise your Business Continuity Plan, we’ll always keep current product availability and lead times in mind. 

 

There’s NO ESCAPE from the reality that, at some point, your systems may go down.
It’s critical to your business and customers to prepare accordingly
with a Business Continuity Plan.

What is the Cost of Your Business Being Down?  

Technology can be expensive and difficult to justify. “By buying something, will I end up saving money?”, is always one of the hardest questions any business can answer. We try to make this question easier for you to answer. Early in the business continuity planning process, we will help determine what the daily cost to your business is when critical functions are unavailable. This metric will make any purchase decision magnitudes easier. Suddenly, that tech becomes a cheap and an appropriate measure vs. the potential cost of your business being down.

When to Buy? Now vs. Later

Unfortunately, there is always a relationship between product availability and cost.  Since the start of the COVID pandemic, these relationships have become more complex and the cost of some items have increased. It’s important to consider these new technology costs, along with the increased lead times, when making a new Business Continuity Plan and factor those changing costs into your budget.

You’re not alone in making this assessment. Your UniVista support team will discuss what technology your organization requires, or may be lacking, and will weigh the risks of procuring, or not procuring, any required technology immediately as part of your Business Continuity Planning process

If you have any questions regarding proceeding with your Business Continuity Plan, please contact your UniVista Account Rep.  We are always here to help!

We last discussed the importance of having a Business Continuity Plan, along with the importance of regular assessments. Now, more than ever, it’s important to ensure your business processes will remain safe and viable irrespective of what may occur.  If you haven’t already, take advantage of our Business Continuity Assessment Quiz: https://univista.com/univista_dr_quiz/  If you need help answering any of these questions or making additional determinations, your UniVista Account Manager can help!

What are my Critical Business Functions?

To get started on your assessment you’ll first need to identify ALL your business’ critical functions.  Followed by rating each critical business function based on their importance in at least two critical areas:

What is your acceptable Maximum Data Loss?

You will need to decide how much backup data you can afford, or are willing, to lose. For example, If a disaster strikes at 11pm and your nightly backup isn’t scheduled until Midnight, your backup did not run… is this an acceptable amount of data loss to your organization?

What is your acceptable Maximum Time Loss?

Evaluate how long your business can be down before it becomes critically impacted. Is one day too long, maybe one week?… Whatever the acceptable time amount, determine a reasonable metric you feel is both reasonable to recover from, plus wont impact your overall business too severely.

Periodically evaluate and assess all your organizations critical business functions.

Assess your current backup situation…

Now that your better acquainted with what your critical business functions are, you can look at your current backup and recovery scenarios. Begin with an audit of your critical systems and their current backup scenario. It’s easy to determine what your critical systems are; they are the systems required by your critical busines functions. This list should include your phone system along with email to support customer communication, or your website to support online sales. Once you have your list, then consider and document 4 important questions about each system:

  • What is our location for backups?
  • Are both local and offsite backups included?
  • What is the retention period of EACH backup?
  • Who is your contact in the event a data recovery is needed?
  • Does my current backup scenario meet my Maximum Data Loss and Maximum Time Loss goals?
NOT SO FAST – you’re not quite done yet! After you initial assessment of critical business functions, you’ll need to assess other processes further.

Expect Surprises…..and quite a bit of work ahead.

If this is your first time through this process, I guarantee there will be surprises. Don’t worry, you are not alone. Everyone has a critical system, while though it may be thoroughly backed up, the recovery may take days and the potentially data loss may also be unacceptable.

How to make sense of your assessment?

If at any time during your audit or assessment you find yourself overwhelmed, or don’t know what processes to consider critical, please don’t hesitate to contact your UniVista Account Rep. Everyone needs a second set of eyes to doublecheck their work. UniVista is happy to help in any way we can.

If you don’t have time to get started, but you agree that business continuity is critical, then let us do it for you. After experiencing 2020 with all its challenges, we cannot stress strongly enough the importance of having a Business Continuity Plan IN PLACE for the inevitable.  Remember, as they say: when you fail to plan, you plan to fail.

Even if we completely set aside the COVID-19 Pandemic as a once-in-a-lifetime anomaly and just reflect on what other lessons 2020 has taught us, a key lesson is the importance of a Business Continuity Plan.  In just the past few months wildfires have ravaged homes and business out West, an unprecedented double hurricane followed by flooding occurred in the Southeast, a derecho in the Midwest damaged an entire year’s worth of crops, and numerous organizations around the country have experienced the adverse effects of civil unrest and the ever present Cyber Attack danger. Businesses and organizations throughout the nation have been affected, some irreparably. Now, more than ever it’s critical to ensure your business’ survival with a solid Business Continuity Plan.

What is Business Continuity Planning?

Business Continuity Planning is a preventative process an organization undergoes to create a recovery system from potential threats, both manmade and natural disasters, or even cyber-attacks. A Business Continuity Plan is designed to protect personnel and assets, then make sure they can function quickly when disaster strikes.  Basically, a Business Continuity Plan helps an organization mitigate its downtime, and ultimately its losses, when an issue occurs.

We have addressed the importance of Business Continuity in past articles here:

Are You Prepared?

Irrespective of the challenges you and your business, or organization, are dealt, have you considered whether you’re adequately prepared?  Is your data infrastructure protected, is it safely accessible from anywhere? Are Cyber Security measures up to date?  Should something happen, could you continue operations and keep your business going? We are only at the tail end of Q3 for 2020, who knows what else will get thrown at us in Q4?

Every organization no matter how big or small needs to review their ability to operate when unexpected issues arise. If you already have a Business Continuity Plan in place and have for some time, great!  However, just having a plan isn’t enough. Regular, periodic reviews of your existing plan are important to identify and address any holes or new issues and threats. Take our Business Continuity Assessment Quiz to see how ready your organization is: https://univista.com/univista_dr_quiz/

If you’ve never considered a Business Continuity plan for your business, it’s critical to do so – NOW – and get something in place immediately.  Please contact your UniVista Account Manager to schedule a consultation to review your organization’s needs, we can help you implement an effective plan to help keep your business safe during challenging times. 

The Benefits and Challenges of Working from Home.

PART 2 – Protecting Yourself

You’ve probably heard this a hundred times by now: COVID possibly has changed all of our business practices to the point that all of us may never go back to the way we all did business. These changes require that business processes are reevaluated and updated. For example, much like protecting yourself and your loved ones during COVID by social distancing, good hygiene and wearing a mask, during all challenging times it’s equally important to protect your business with good Security processes. 

Business on Business Computers Only

We have mentioned this previously, but it is certainly always worth repeating:  Counsel employees to limit their work exclusively to Business Computers.   While it may not always be convenient for the employee, your business systems contain the latest security technology and are updated/maintained regularly.  While some employees may be more diligent than others keeping their personal technology safe, it is not worth the risk with the ever-present dangers of hackers and malware, etc.  Home-based networks rarely contain the same level of security and oversight which organizational networks do.  Be very emphatic with this business policy.

New and Ongoing Cybersecurity Threats. Stay Vigilant.

Since we brought up hacking, it’s important to realize that COVID has unleashed a whole new level of hackers, hack bots and COVID-related scams. Unfortunately, this is our reality and it’s important that employees are aware these things are happening both online and via phone. Don’t get distracted by the daily challenges and changes with COVID and become lax with cyber threats and scams.  The U.S. Department of Homeland Security is a great resource which issues alerts and guidance on current attacks and vulnerabilities.  Hackers thrive during periods of crisis and chaos and your employee’s actions (or inactions) are your best and first line of defense.  If you haven’t already now is the time to clarify policies to employees regarding acceptable use practices. If you have any questions or concerns on how to mitigate cybersecurity issues in your organization, or if you would like us to run a home security network assessment please reach out to your UniVista Account Manager.

Device Management.

Even prior to employees working from home, organizations could find it challenging to manage all the devices allocated to their employees.  Microsoft Intune is a cloud-based mobile device manager which allows organizations to, not only control their devices, but also control the content on those devices.  Intune will manage Apps remotely as well as manage App permissions.  It will dictate backups on all devices and in the event a device is lost or stolen, the app will even allow organizations to remotely “wipe clean” all the content on the devices.  In Tune will help mitigate the concerns many organizations have about their private data winding up in the wrong hands.

 

Business Continuity

All the previously mentioned measures, technology and practices will help improve your business’ chances of surviving not only during our current crisis, but any future chaos which may occur. To improve your business viability during a disaster the next best step is to establish good Business Continuity processes. This month we will discuss how to establish and maintain a good Business Continuity plan that will grow with your business. We are also going to list a variety of services that you can incorporate into your business to make your Business Continuity Plan more powerful and easier to use.

If you’re like me, your personal finances and assets are linked in some manner directly to your business. This can be a potentially scary proposition during time like these. If the past few months have taught you some lessons about business continuity and you’re ready to begin working on your Business Continuity plan then please reach out to your UniVista Account Manager to schedule your Business Continuity Assessment.

Link: Department of Homeland Security – Alerts and Guidance on Current Attacks and Vulnerabilities.

https://www.dhs.gov/science-and-technology/cybersecurity

The Benefits and Challenges of Working from Home. 

PART 1 – Your Work Environment

Even prior to the COVID-19 outbreak and subsequent quarantine(s), there was already a segment of the workforce who worked remotely full or part time.  While the benefits of working in your pajama bottoms and avoiding a frustrating commute are real, there are also some drawbacks which include: working too much, lack of real socialization, falling into, or back into, poor health habits and more.  Below are some observations from long-time remote workers, along with some helpful strategies for yourself and your team.

Maintaining a Work-Life Balance

While the knee-jerk reaction of many managers and business owners may be that working from home leads to reduced productivity without constant managerial oversight, however, the contrary is actually true.  Individuals who work from home tend to work far more and far longer hours, especially if they’re managers or business owners.  While this may appear as a great boon for employers it can actually lead to burn out and job dissatisfaction, if not identified and managed properly.  To help mitigate this phenomenon it’s important to set concrete hours and stick to them.  If in your average office environment a work day would typically start at 9 AM and end at 6 PM, then an at-home work day should begin and end likewise.  At home there will always be a temptation to just “do that one last thing”, whether that be respond to an email or something else.  Once you start with “just that one last thing” you’ll find yourself two hours later with a whole new task list, or worse pulling an all-nighter trying to get ahead on a project. When the day is done, you’re done: turn off your laptop and turn off notifications. Walk away.

While setting time boundaries for yourself and your employees is important. E.g. I will be unavailable after 7PM.  It’s equally important to set boundaries for your house-mates, family and friends.  Explain that if they (family, etc) had a similar problem (e.g. I can’t find the duct tape) would they just show up at your office? Then while you’re working at home, unless it’s an emergency, you are not to be disturbed.  This is particularly important if a big portion of your day is on video or conference calls.   If there are young children at home, then someone must be tasked with managing their needs, whether that be a spouse, a hired sitter, or another family member. If both you and your partner are in a similar situation, with no outside support for the children – set a schedule to trade off days where one is responsible and works around the others schedule and vice-versa, but keep it fair. It’s critical to have boundaries established and set expectations from the onset – both for your employees, your colleagues and for your family.  Additionally, allocating a space that creates a physical boundary will help you and others get in the habit of respecting work and personal time.  Consider working in a separate room or a section of a room that is solely for the purpose of your job. Resist the temptation of entering that room or space when the day is over.

A great way to break the habit of working longer than you should is to set appointments for the end of the day.  This forces you to have things wrapped up accordingly.  Additionally, it’s important to take breaks.  Set break reminders on your watch or computer – that’s a great time to get up, get some fresh air, stretch your back and take your dog out for a walk.  Even a 15 minute break and a bit of movement will give you some renewed energy and will clear your head.

Prioritize Your Work

Procrastination can sabotage productivity.  We all have that one or two things in our job that we just put off.  Whether it’s because they’re tedious or require some extra effort, you can find yourself doing a myriad of other things around your home rather than just knocking that annoying or tedious thing out.  Don’t set out to do too much in any given day. Set a reasonable goal to just do that one, most important thing, get it out of the way first.  Not only will you enjoy a feeling of accomplishment, but you’ll also be better focused for the rest of your workday.   Additionally, don’t try and tackle all the hard things at once.  There’s a 1-3-5 rule managers, owners and employees should follow; do one big thing, 3 medium things and 5 small things each day. If everyone works off this plan, you’ll find that everyone manages to get through their task list.

Minimize Distractions

Technology and internet driven distractions can be a time-killer and productivity sucker.  Alerts from a phone or computer can set you down any number of unintended worm holes.  There are a number of apps (10 Apps to Help You Focus and Block Distractions:  https://zapier.com/blog/stay-focused-avoid-distractions/) available that can help minimize distractions.  Which apps to use is largely dependent on how strict your organizations wants to be.  But, internet distractions are very real and can range from being a mild bad habit to downright destructive and can also waste money (remember the Facebook ad compelled you to by that item you didn’t need?).  According to researcher Matt Killingsworth, distractions also make us less happy *.  Individuals who can focus on one thing at a time are much more satisfied than those who aren’t.  In short, distractions can be destructive.

Stay Social

If you’re single and live alone then start working from home, the lack of socialization can really become an issue.  While many introverts thrive in a work-from-home environment, humans are naturally wired to seek companionship, so it’s still important to encourage employees to get out of the house.  Recommend taking lunch at an alternative location, like a park, or encourage them to make it a point to meet with someone (from a safe social distance) like a friend, colleague or even a neighbor once a week.   If nothing else, order some take out and pick it up versus having it delivered.  Just the time chatting with fellow patrons or the counter person can be enough to offer some much needed social interaction, even if everyone is wearing a mask.  If the quarantine situation permits encourage employees to make an effort to join a networking group, Meet Up club or similar to get out of the house.

Staying Healthy

Keeping and maintaining a healthy lifestyle can be a challenge with the pantry and refrigerator only 50’ away from your work space.  Putting off exercising in favor of getting that last bit of the project done is also very real.  Encourage your employees to keep their refrigerator full of healthy ready-to-grab snacks, like sliced cucumber chips, to keep them away from that very real bag of potato chips.   When it’s break time, go for a walk rather than getting a snack.  During lunch break take the dog out and play fetch. Do some stretches.  In other words move and get active.   Learn to recognize when eating is from stress or boredom versus eating for hunger otherwise the pounds will start adding up quickly.  If you enjoy alcohol, limit it to after work hours only. Not only will this keep you from drinking during the day, but it will also help you to end your work day at a reasonable time if you assign yourself a “7PM Happy Hour.”  Try to get outside daily. If you have a dog, take it for a walk or a run.  Go for a bike ride or putter around your yard if you have one. Humans need some sunshine and vitamin D to stay healthy, especially if they’re stressed and in front of a computer screen all day.

For More Info, Please Visit:

https://greatergood.berkeley.edu/article/item/does_mind_wandering_make_you_unhappy?utm_source=zapier.com&utm_medium=referral&utm_campaign=zapier

Stay tuned for Part 2: “Working From Home & Managing Your Technology”

Don’t Take Popular Technology at Face Value – Ask Us First!

In our current Coronavirus-infused-work-from-home reality, the need to stay vigilant with respect to cyber-security remains high.  Multiple published sources have reported that hackers have become more active lately.  In fact, since January there has been a 15-20% increase monthly in overall hacking incidents.  Hackers have also begun utilizing terms like “coronavirus or COVID-19” to trick users into clicking on illicit websites or emails that are designed to steal sensitive information or install malicious software. 

Read More

With all the attention being paid to the CARES Act and the Paycheck Protection Program, it’s easy to forget about another important milestone that was enacted in the recent Corona Virus recovery legislation.

April 2 marks the date in which employers must comply with President Trump’s Families First Corona Virus Response Act.  This law includes the Emergency Family and Medical Leave Expansion Act, along with the Emergency Paid Sick Leave Act.  This Act takes effect on April 2nd and ends on December 31, 2020.

Read More