What Is Third-Party Vendor Management?

Third-party vendor management refers to the checks and balances established between an organization and its vendors. It clearly identifies the key players, defines their roles, and outlines general responsibilities for each party. In addition, it delves into the monitoring and compliance mechanisms that safeguard an organization against threats.

Key Elements of Effective Third-Party Risk Management

Third-party risk management essentially adapts the current regulatory standards to your organization’s individual processes. As you piece yours together, consider the following categories.

Governance Documents

Governance documents establish formal rules and day-to-day procedures, and they should be written for internal reference and outsiders (e.g., auditors, stakeholders, etc.) alike. So, if a natural disaster occurs and your physical machinery is wiped out, a governance document would detail the full data recovery plan, including who’s in charge of relaunching operations.

Senior Management and Board Involvement

Oversight for critical and high-risk vendors should be done at the highest level. Your risk management reports must be regularly reviewed to assess the viability of the program, and you’ll need a clear hierarchy of decision-makers. For example, an IT professional may make a recommendation to cut ties with a vendor, but only the CEO can officially sever the relationship.

Risk-Based Due Diligence

Due diligence comes down to research. To assess inherent risks, you should triage your vendors based on their access levels. For example, if you hire a vendor to optimize your networks, like a Managed Service Provider (MSP), your due diligence will be far more involved than, say, a SaaS provider for non-critical services.

Contract Management

Contracts define the working relationship between parties and often serve as the key piece of evidence in a dispute. After negotiating and executing the contract, the service level agreements (SLAs) should be clear to both parties and regularly reviewed (and, if necessary, amended) throughout the working relationship.

Offboarding

Vendor termination should be explicitly spelled out under third-party management. Without the right oversight or systematic review, you risk anything from process disruptions to data breaches. Tasks like data handling and notifications should be delegated to authorized parties who understand the nature of the contract.

How to Implement a Comprehensive Vendor Management Strategy

An organization’s implementation framework should be adapted based on the staff and scale of operations. However, all successful implementations should include the following:

• Specifics: The more detailed you are, the fewer questions and miscommunications. Paperwork, contracts, and reporting should be as detailed as possible to prevent misinterpretations of the vendor agreement.
• Background checks: All vendors, regardless of risk profiles, should be vetted for compliance and quality.
• Metrics: Your rating systems should establish a benchmark for quality, so it’s easy to see whether the vendor lives up to expectations. For example, the vendor must have strong client satisfaction ratings to back up their promises.

Regular reporting, structured offboarding, and rating systems can all help you implement vendor management, particularly for the most high-risk vendors.

How to Categorize Third-Party Vendors

Categorizing third-party vendors can be broken down into the following basic steps:

1. Identify and list all vendors with access to sensitive or customer information.
2. Detail the vendor’s services, contact information, and any other pertinent data needed for risk assessments (e.g., security protocols, etc.).
3. Label vendors as critical-, significant-, or non-essential based on confidentiality of information, access to information, volume of assets, and general data availability. For instance, if there are several barriers in place before a vendor can access sensitive data of any kind, you might label them as non-essential.
4. Administer security questionnaires or conduct direct assessments of each vendor (e.g., business continuity, overall governance, etc.) Develop a risk matrix to analyze the information and identify both inherent and residential risks.
5. Develop an attack surface monitoring solution and assign ratings of the vendor’s security posture.
6. Audit vendors via site visits, penetration testing, and comparative risk scores to verify their security standards. Schedule regular reassessments of vendor risk and adjust ratings as necessary.

To ensure proper categorization, consult with finance, legal, marketing, and procurement leaders to align risk management processes and ensure consistency. We recommend collaborating with all relevant departments to establish risk thresholds to pre-screen, onboard, and monitor vendors.

As you work with legal and compliance, ensure that you’re aware of the regulatory measures that apply to your industry (e.g., healthcare, finance, etc.). In addition, consider how protocols might change in the near future based on the ongoing compliance trends.

You can adjust security assessments and compliance controls based on the vendor’s individual risks, and you should have the express approval of legal and compliance departments before finalizing your governance documents.

How to Leverage Technology for Efficient Risk Management

Leveraging technology can reduce the amount of legwork on your end and streamline vendor risk management. Adopting comprehensive approaches to manage your digital ecosystem can be highly effective. Additionally, utilizing specialized methods to gain a deep understanding of both vendor capabilities and risks can provide valuable insights, making in-depth control assessments an excellent choice for your most important vendors.

These systems can immediately expose cyber risks during onboarding, thereby accelerating decision-making and optimizing resource allocation. By assessing the vendor’s operational continuity, data privacy, financial stability, and compliance obligations, you can be more confident with every recommendation and SLA.

After onboarding the vendor, you can use tools to continuously monitor an individual vendor’s security posture. These tools will also alert you to any threshold breaches, which is why it’s so important to clearly define what your thresholds are. The more stringent, the more likely you’ll waste time with false alarms. If they’re too lax, a threat is more liable to go undetected.

AI-driven analytics platforms and AI tools, can analyze troves of data and detect anomalies, so you can quickly complete questionnaires, assessments, and compliance checks. These tools automatically generate responses for basic compliance and security questions, so you can focus your time on more complex matters.

Risk management platforms can also help an organization monitor and manage risks. Comprehensive and user-friendly dashboards reveal real-time data analysis and risk scoring, so you can identify threats more efficiently. Predictive analytics forecast potential risks based on historical data and provide geographic visualizations, so there are fewer gaps between when a threat emerges and when it’s mitigated. Choose compliance management software that automates updates based on regulatory requirements, so the organization enjoys both constant compliance and a simplified audit process.

With the right technology, IT professionals have the insights they need to have data-driven conversations and collaborative risk remediation. With the right monitoring tools, you can establish risk domains that break down each category, so you’re less likely to miss a critical detail.

Documentation Practices

Detailed records accelerate both internal and external audits. We recommend third-party risk management software to ensure data is logged and easily retrievable, so it’s possible to verify monitoring practices, compliance checks, threat alerts, etc. Whether you have quarterly or annual evaluations for a vendor, the paperwork and reporting is as clear to internal players as external auditors or stakeholders.

As regulations change, you may need to update your monitoring processes and documentation practices to comply with the latest standards. Ensure that you’re proactively communicating with vendors, updating them of any recent changes or emerging threats. For instance, if a new virus sweeps onto the scene, there should be ongoing, documented conversations about whether your organization is at risk and what can be done to prevent an attack if so.

Your incident response and predictive planning should detail the procedures for all immediate threats, including interference and escalation. As you list the protocols and procedures, consider how to implement mitigations in a way that disrupts operations as little as possible.

How Dataprise Can Help

A robust third-party risk management strategy is invaluable to organizations that can’t afford operational shutdowns, compliance fines, and reputation loss. With better strategies and monitoring tools, you can lean on third-party vendor relationships while still safeguarding against vulnerabilities. If you’re unclear which tools are right for your organization, how to integrate them into your current systems, or even how to justify the expense to a budget-conscious CFO, the right MSP can work under even the strictest compliance controls. If you’re interested, contact us to see how we can help!

The post The IT Professional’s Handbook to Third-Party Vendor Risk Management Excellence   appeared first on Dataprise.

On March 31, 2024, Microsoft will begin the process of sunsetting classic Teams and pushing all users to the New Teams experience. 

New Teams has a whole new look and feel and is equipped with more powerful abilities to help drive seamless collaboration. Are you and your users ready to make the switch?

If you and your users haven’t been testing out New Teams yet, don’t be caught off guard. Prepare for the mandatory update with this educational session from Dataprise. 

During this on-demand recording, you’ll gain insights from seasoned educational professionals. Learn how to…

• Navigate New Teams to find familiar spaces and also discover new options, views, and features. 
• Find and use the new default applications available in New Teams to organize your contacts, meetings, and files. 
• Take advantage of streamlined multi-account and guest account access in New Teams. 

Join us to discover how you and your users can make the switch to New Teams without a disruption to your business:

• Jess Schneider, End User Training Specialist at Dataprise, and
• Stephanie Hamrick, Marketing Manager at Dataprise.

The post What’s New in New Teams: A User Guide for the Upcoming Switch appeared first on Dataprise.

Why Good Prompts Matter

The way you interact with Copilot through prompts plays an important role in the quality of the output you receive. While search engines like Bing or Google rely on simple keywords, Copilot requires more context and a conversational approach. Think of prompting as having a dialogue with an assistant, where clear and detailed instructions are key.

“Prompts are how you ask Microsoft 365 Copilot to do something for you – like creating, summarizing, editing, or transforming. Think about prompting like having a conversation using plain but clear language and providing context like you would to an assistant.” – Microsoft Copilot

Crafting Effective Prompts

To get the most out of Copilot, it is important to craft prompts that are precise, friendly, and provide the necessary details. Here are some do’s and don’ts to consider when writing prompts:

Do’s for Microsoft Copilot Prompting

1. Be Precise
   • Clearly state the topic, purpose, tone, and desired length for the content you want Copilot to generate.
   • Provide specific instructions to help Copilot understand your requirements and deliver the best possible content.
2. Keep it Friendly
   • Engage with Copilot in a conversational manner.
   • Offer feedback on its responses to help it learn and adapt to your preferences, creating a more personalized interaction.
3. Provide Examples
   • Use specific keywords or phrases when requesting text from Copilot.
   • This helps Copilot generate more relevant and creative content by understanding the context of your request.
4. Seek Feedback
   • Ask Copilot for feedback to better understand your needs and preferences.
   • This will help you receive more helpful and tailored responses from Copilot.
5. Write Clearly
   • Use proper punctuation, capitalization, and grammar when writing prompts.
   • This will assist Copilot in producing high-quality text and responses.
6. Verify Accuracy
   • Always check Copilot’s responses for accuracy, grammar, and style.
   • Watch out for irrelevant or inappropriate content to ensure the quality of the generated content.
7. Provide Context
   • Give Copilot contextual details to help it generate more accurate and consistent responses.
   • For example, provide the genre, characters, and plot of a story to guide Copilot in creating relevant content.

Dont’s for Microsoft Copilot Prompting

1. Avoid Vague Language
   • When prompting Copilot, be clear and specific to receive better-quality responses.
2. Respect Legal and Ethical Standards
   • Ensure that your requests align with local laws, rules, and the rights of others.
   • Copilot is not responsible for the content or the consequences of your writing.
3. Use Formal Language
   • Refrain from using slang, jargon, or informal language as it may lead to low-quality, inappropriate, or unprofessional responses from Copilot.
4. Provide Clear and Consistent Instructions
   • Avoid giving conflicting instructions in the same request to prevent confusion and ensure higher quality responses from Copilot.
5. Maintain Continuity in Topics
   • Avoid abruptly changing or interrupting topics as this could disrupt Copilot’s writing process.
   • Close or finish a task before starting a new one, clearly indicating the shift in topic when necessary.

Enhancing Prompt Quality

While following the do’s and don’ts is essential, there are additional techniques you can employ to improve the quality of your prompts and the resulting output.

Including Details for Context

In addition to stating your goal, providing context and specific instructions can greatly impact the quality of Copilot’s response. For example, compare these two prompts for writing a blog post about sustainable practices in agriculture:

1. Prompt 1: Write a blog post about sustainable practices in agriculture.
2. Prompt 2: Craft a 1500-word blog post for a general audience interested in sustainability, focusing on the significance and benefits of sustainable agricultural practices like organic farming and agroforestry. Include real-world examples, innovative technologies, and insights from reputable sources. Conclude with a reflection on the importance of these practices and a call for collective efforts to embrace them.

By adding context and specific requirements, you provide Copilot with the necessary information to generate a more comprehensive and concise blog post draft.

Structuring Microsoft Copilot Prompting for Optimal Response

The order of instructions in a prompt can influence the emphasis Copilot places on certain aspects of the response. Experimenting with different prompt structures can yield varied results. For example, consider these two prompts about writing a blog post on the benefits of meditation:

1. Prompt 1 (Instruction-Context-Example): Craft a blog post outlining the benefits of meditation. Meditation has been a practice for centuries and is known for reducing stress. For instance, mindfulness meditation has shown positive effects on mental health.
2. Prompt 2 (Context-Example-Instruction): Meditation has been a practice for centuries and is known for reducing stress. Mindfulness meditation, for example, has shown positive effects on mental health. Given this, craft a blog post outlining the benefits of meditation.

By altering the order in which the instructions, context, and examples are presented, you can observe the impact on Copilot’s response.

Positive Instructions and Iteration

Copilot is designed to take action, so providing positive instructions on what to do is more effective than focusing on what not to do. Using “if-then” instructions can guide Copilot in the desired direction. Additionally, don’t hesitate to iterate and regenerate prompts if the initial response doesn’t meet your expectations. Refining and adjusting the prompt can lead to substantial improvements in the output.

Reviewing and Verifying Copilot’s Responses

While Copilot is a powerful tool, you need to review and verify its responses. Large Language Models (LLMs) like Copilot rely on predicting the next words and phrases, which can occasionally result in biased, offensive, or incorrect content. Regularly reviewing and validating the responses for accuracy and appropriateness is necessary.

Get expert guidance with Dataprise!

Want to learn how Dataprise can help? Contact us today to speak to one of our IT experts!

Want to learn more about Microsoft Copilot? Watch our webinar on it here!

The post Copilot Prompting: Mastering the Art for Optimal Results appeared first on Dataprise.

Our recent webinar, How Workforce Analytics, Physical Planning & Technology Are Shaping the New Workplace, covered the many changes workplaces will see in the near future and how organizations can prepare as this new paradigm takes place. In this blog article on hybrid collaboration tools and hybrid analytics technology, we’ll cover how to:

• Use workforce data analytics to inform decision-making, increase productivity and improve end-user experiences.
• Create physical office environments that support your workforce and complement your culture.
• Enhance the physical and digital workplace with hybrid collaboration technology while safeguarding the expanded perimeter through security layers.

What Does the ‘New Normal’ for Workplaces Mean?

The past eighteen months have changed the workforce more drastically than ever. Now, 73% of employees want flexible remote options to continue, but at the same time, 67% of employees want more in-person work or collaboration in the post-pandemic world. Employee interaction and collaboration is a key motivator for employers moving forward. 63% of leaders say their company is considering redesigning office spaces for hybrid work and hybrid collaboration to create the best environment for remote and in-office employees.

Hybrid Workforce Model: Benefits and Challenges

A Hybrid Workforce model is a flexible work arrangement that incorporates employees working onsite, employees who work remotely, and employees who alternate between the two.

The benefits are:

• Additional flexibility, which leads to increased employee satisfaction
• Decreased overhead and hiring costs
• Increased revenue and productivity

The challenges are:

• Committing to both employee experiences
• Space management
• Shared ownership and trust

Hybrid Analytics: Understanding & Utilizing Workforce Analytics

Workforce Analytics are used to measure the behavior of employees and analyze data points to improve business performance. This is crucial in making sure that you’re optimizing your organizations’ strengths. The first step to incorporating workforce hybrid analytics is identifying your organizations’ key goals. These can be:

• Cutting costs
• Increasing productivity
• Harnessing automation
• Tightening cybersecurity
• Transitioning to a hybrid work environment

Some questions you as an organization might ask yourself while examining your productivity and cost analysis are:

• Whether employees are more productive working remotely vs in an office?
• Which employees are at risk of burnout?
• How much time is spent focused on work?
• Can we consolidate tools that employees use?
• Which software tools are used consistently, and which can we discontinue?
• Are unapproved applications being used that could introduce compliance and/or data risks?

Once your organizational goals and key considerations are determined, the next step is determining which workforce technology platform and collaboration tools for remote teams are right for your organization and developing a plan for implementation. An IT service provider can work with you to determine the right fit for your organization.

Building and Planning the Hybrid Workforce Experience

To build your hybrid workplace for success, you need to use a data-driven approach to define the hybrid workforce model with better hybrid analytics. There is no cookie-cutter, one size fits all approach that your organization can take because all employees are unique. Developing Pilot programs to test and demonstrate value is key in this aspect.

Planning the experience involves defining HR and IT offerings to enable both remote and in-office employee experiences. By monitoring the hybrid work experience and hybrid analytics — and continuously improving based on successes and feedback, you can foster new forms of hybrid collaboration that were not previously available.

Creating a Physical Office Environment

With employees wanting to have a flexible work schedule between remote and the physical office, it is paramount for employers to create a physical office environment that caters to both groups of employees.

The new workspace should emphasize the qualities that employees cannot get from remote work. Organizations need to repurpose the office space for a more thoughtful shift to a variety of workspaces to support the diverse needs of the workforce. Organizations need collaboration areas and social spaces, quiet spaces, and meeting spaces with seamless technology integration and collaboration tools for remote teams that are easy to use.  

Here are some elements that will to foster a collaborative culture:

• Modern Audiovisual Capabilities Across the Space
• Mobile Spaces
• Modern Employee Hardware
• Unified Communications-as-a-Service
• Easy File Sharing
• Intuitive Knowledge Management

Organizations need to keep in mind that hybrid collaboration does bring additional security threats, so it’s important to assess risks associated with Bring-Your-Own-Device. This is where user and entity behavior analytics tie in as well, and why your HR and IT need to be aligned with secure collaboration tools for remote teams.

Final Thoughts on Hybrid Collaboration & Analytics

The successful workplace of the future will rely on workforce analytics and collaboration tools for remote teams. These hybrid analytics are providing data that drives business decisions forward. Also, giving people a choice about how they best they get their work done, and figuring out how to set up your physical workplace for that collaboration is going to propel your organization to excel.

This transition can be made easy with managed cyber security and managed collaboration services. Dataprise can ensure that your environment is effective and secure. Get in touch with our team today to learn more about our hybrid workforce solutions.

Learn even more about hybrid analytics and collaboration tools for remote teams by clicking through our Return to Workplace IT Guidebook down below.

The post Hybrid Collaboration & Analytics: Technology in the Hybrid Workforce appeared first on Dataprise.

Legacy on-premise communication systems like landline phones create obstacles, especially for businesses looking to streamline operations and address the needs of the modern workforce. That is why there are several benefits of unified communications platforms.

On-Premises Legacy Communication Systems Don’t Work

1. Legacy phone systems don’t offer flexibility: Whether they are in an office or remote, employees need communications tools that allow them to do their best work anywhere and everywhere work takes them. These traditional business phone systems often lack the agility, scalability, and security businesses need to allow employees to work off-site.
2. Legacy systems don’t offer scalability: The rapid transformation of businesses during the pandemic demonstrated the need for unified communications and IT systems to be both scalable and flexible. As businesses rolled out headcount reductions, those with cloud-based tools simply reduced their services to match their headcount and achieved cost savings. As those businesses recover and hire more staff – some in remote locations – they will need to scale up their cloud services to meet growing demands.
3. Legacy systems can cost more. When evaluating the true cost of a legacy phone system, IT leaders must consider one-time expenses like wiring and hardware as well as ongoing expenses like upgrades, maintenance, and dedicated support personnel. Adding to the cost and complexity are standalone solutions for video, conferencing and even faxing.

The Modern Workplace Requires a Unified Cloud Communication Platform

As employees move back to physical offices, the need to collaborate through multiple channels will not dissipate. Employees want options in how they communicate regardless of location.

1. Phone: Calling colleagues across multiple devices
2. Video: Live on-demand face-to-face communication
3. Chat: One-on-one and group chats
4. Message: Text-based messages to colleagues and groups in real time

And they want to be able to do this across a range of devices. Gone are the days of every employee having a desk phone – Headsets, Airpods or earbuds are the future. Plus, they are full transportable so employees can work from anywhere with the right cloud communications platform.

Selling Your CXO on the Benefits of Unified Communications Platforms

As an IT leader you understand the advantages of a unified communication solution, but your C-Suite peers may still need convincing to prioritize the switch on the long list of priorities. Here are six benefits of unified communications platforms, and why your business should make the switch now:

1. Unify business communication on one cloud communication platform  
2. Increase flexibility for your business and support the hybrid workforce seamlessly
3. Reduce infrastructure and management costs
4. Ensure security and compliance needs are met
5. Gain continuous feature enhancements
6. Simplify multi-location management

Where Do We Start? Finding the Right Cloud Communication Platform

By partnering with Dataprise on Managed Communication and Collaboration, we can assist your organization with:

• Finding the communication solution that meets your business requirements
• Optimizing your communications solution and network availability
• Leveraging vendor relationships to obtain better pricing and eliminating the need to go direct
• Implementing your optimal solution into your environment

Benefits of Unified Communications Platforms

Want to learn more about the benefits of unified communications platforms? Dataprise has been a leading provider of communication and managed collaboration services for over two decades, and has been a cloud solutions provider to hundreds of midmarket organizations. We can ensure that your business is always connected with a unified cloud communication platform.

Equipping Your Workplace with Cloud Communication Platforms

Do you know how your business will prepare to Return to Workplace from the isolation/stay-in-place orders enacted to combat the spread of COVID-19? Discover useful strategies for building a cloud communication platform in our “Return to Workplace IT Guidebook”. Find out more below!

The post Benefits of Unified Communications Platforms for Cloud Business Ops appeared first on Dataprise.

Perimeter defense has long been an important component of managed security and a hallmark of cybersecurity strategy. By controlling access between the public internet and your internal systems and data, you establish the foundation for a strong cyber defense. But, while perimeter defense security may seem like a simple task to the uninitiated, it’s far more complex in practice.

1. How do you separate your internal systems from the external?

This often starts with your firewall. Firewalls can provide advance warning of suspicious traffic as it enters or exits your network; it’s the first and last safeguard between your trusted systems and the untrusted.

However, this is where most companies start (and end) their cybersecurity strategy. A firewall is a fantastic tool for deterrence, but simply creating protocols to filter traffic does not guarantee that a hacker won’t breach the defense.

These tactics remain valuable as long as your employees are confined to your internal network, which isn’t the case in today’s remote work world. Additionally, with more and more employees utilizing their own devices to access vital internal systems, how can you possibly hope to create a uniform perimeter defense security solution?

2. How do you defend your systems and data for users outside of your network perimeter?

Trust no one. It’s your duty to ensure you have taken the appropriate steps to keep your data secure, including from your own employees. One-in-three cybersecurity attacks involve internal actors, intentional or not. With zero-trust, there is a significantly smaller likelihood of a security incident occurring.

The perimeter defense security tactic of zero-trust provides your business with the ability to maintain your most important data, regardless of who, what, when, where, why, and how, because you control that access.

In a zero-trust model, no one is trusted by default and verification (preferably multi-factor authentication) is required from everyone in order to gain access to data and network resources from inside or outside the network.

3. What security layers are needed to protect users at the edge and the new distributed perimeter?

One of the first steps is to build a strong perimeter with a third-generation firewall, but it goes far beyond that. You must also ensure edge devices are fully patched and monitored, scan the edge periodically for vulnerabilities, and ensure timely remediation. Remember, a single critical vulnerability in your perimeter defense security can be a direct backdoor from the public internet into your local network.

24×7 security monitoring of the perimeter devices, SaaS applications, servers, and network traffic is also necessary to ensure that your organization is ready to respond to any would-be attackers that may want to bring you down.

Improve Your Perimeter Defense Security with Dataprise Managed Cyber Services

The traditional concept of the perimeter continues to evolve and so must the strategies used to defend an organization. Contact us to discuss your cyber strategies or keep reading for more actionable guidance:

Not All Two-Factor Authentication Methods Are Created Equal

Note: This article was originally published in October 2019 and has been updated for accuracy and comprehensiveness.

The post Securing the Perimeter in a Remote Work World appeared first on Dataprise.

What is Remote Access Technology?

To begin, it’s important that we define what remote access technology means in the context of this article. Remote access technology refers to any IT toolset used to connect to, access, and control devices, resources, and data stored on a local network from a remote geographic location. This is different from using a cloud solution, as it provides access to an on-premises environment rather than being hosted offsite in a shared environment and available via the internet. This makes remote access crucial for businesses of all sizes which have not moved to a cloud-first model, or which require access to on-premises machines or resources. Three of the most common remote access technologies – Remote Desktop Services, Remote Access Software, and Virtual Private Networks – are examined in detail in this article.

What Are Remote Desktop Services?

Remote Desktop Services (RDS), also known as Terminal Services, is one of the most common methods used by SMBs to enable remote work. By using RDS, individuals can remotely connect to an endpoint device or server which supports Remote Desktop Protocol (RDP) via a Terminal Server.

The connection can be made over a local network or internet connection and gives the user full access to the tools and software installed on the machine they connect to. This method is frequently used by IT departments to remotely access servers, or to provide easy local software access to multiple employees.

One common business application which is frequently used with RDS is Intuit Quickbooks. Many companies install the application on a central Terminal Server instead of individual computers, allowing multiple users to connect to the software on a remote device via RDS and access the toolset.

Remote Desktop Services and the SMB

Though RDS can be used on a local network to facilitate shared access to devices and resources, organizations need to access RDS services over the internet to be an effective remote working tool. However, this is becoming increasingly risky as the cybersecurity landscape evolves and is now one of the most common methods cyber attackers use to identify and breach networks.

Terminal servers typically only require a username and password to access, and are easily identifiable over the internet, meaning that attackers can more easily use lost or stolen credentials to gain access to the system. Additionally, RDS has several unique vulnerabilities which can allow an attacker to bypass the login system altogether.

The workaround to use RDS securely over the web requires using an additional dedicated server – often called a Remote Desktop (RD) Gateway – to broker the connection. RD Gateways use tunneling protocol to send private, secure communications over a public network like the internet, making the process of using RDS over the internet much more reliable.

This type of solution is ideal for larger organizations which have multiple Terminal Servers and can tolerate the relatively high cost of the additional server but can often be cost-prohibitive for SMBs with leaner infrastructure.

What Is Remote Access Software?

Remote Access Software offers an alternative to RDS and leverages a dedicated software to remotely connect users to an endpoint device from anywhere in the world via the internet. This method of remote access is typically the easiest to implement, as it only requires the user to install the software on the computer to be accessed. This type of remote access is especially useful when most of the organization’s endpoint devices are desktops.

Remote Access Software and the SMB

Many SMBs opt to use Remote Access Software to receive a secure RDS-like experience to computers that are already in the office. While an attractive solution, this can prove more expensive and intricate to manage with several users compared to alternatives. All workstations must remain powered on for users to connect to them, which can lead to increased power consumption and discourage regular rebooting of systems.

Remote Access Software also adds an additional layer of complexity to patching strategies, as the software can be exploited to provide a hacker with unauthorized access to the network if not properly updated. Some Remote Access Software vendors offer automatic updates, which are highly encouraged for any business planning to leverage this technology.

What Is a Virtual Private Network?

A Virtual Private Network (VPN) is a technology which creates a smaller, private network on top of a larger public network – most commonly the internet. By logging into the VPN, users can gain internet-based access to applications that would otherwise only work on local networks. The goal of any client-based VPN solution is to provide remote employees with the same level of access as onsite. However, this is functionally different from an RDS session, as it does not allow full access to an entire desktop, but only specific applications, software, and other resources which the user has been given access to.

Virtual Private Networks and the SMB

Organizations of all sizes frequently use VPN technology to securely access remote resources from multiple locations. Unlike RDS, VPN connectivity does not require additional dedicated hardware to function securely over the internet and is designed to be particularly secure. Most VPN connections are encrypted using either Secure Sockets Layer (SSL) or Transport Layer Security (TSL) to ensure that the data cannot be read by malicious third parties.

Most SMBs use their existing firewall to provide VPN connectivity, as many firewalls contain a VPN server and client. While this solution offers a relatively inexpensive method of connecting a remote machine to a central location, it also comes with security challenges.

VPN connections essentially allow endpoint devices to remotely enter the central environment, meaning that devices which are not configured to the same security standards as the rest of the central network can present security risks. Therefore, VPN is an ideal solution for organizations which provide end-users with laptops controlled by the business and configured according to organizational standards.

Authentication Security

Organizations of all sizes must take all possible precautions to prevent malicious parties from accessing corporate resources and networks. To do so, practicing basic password security to control authentication for all users on corporate resources is an important first step. Basic password security guidelines include:

• At least eight characters
• The longer is better
• Add complex symbols
• Change at least every 90 days

In addition to the guidelines described above, additional authentication methods are strongly encouraged. Check out our recent article on multi-factor authentication systems for more information and recommendations.

Setting Access Limits

It is up to each individual organization to determine which users can access which resources remotely and for how long. However, it is unlikely that any organization will find all employees requiring the same level of access, and many common compliance regulations specifically prohibit this.

Many common professional tools and applications such as email, Microsoft Office Suite, and major line of business applications are now cloud-based and accessible via the web, reducing organizations’ dependence on remote network access solutions like those outlined above. Similarly, many modern file sharing/storage platforms like SharePoint, OneDrive, and Egnyte provide users with secure access to personal and shared files over the internet, eliminating the need to remotely access an on-premises file server.

For organizations whose employees do require remote access to the network, it is crucial to ensure that all access permissions are properly evaluated before being assigned and properly documented once given. It’s as simple as logging those permitted to access remotely, using what method, and for how long.

The Takeaway

Now more than ever, organizations of all sizes are turning to remote access technology to ensure business operations can continue, even when access to a physical office is limited or impossible. Increasing access to your network to your employees comes with the risk of unauthorized access by cyber-miscreants who may use this as an opportunity to gain access or infect you with ransomware. However, by taking the correct precautions and selecting the right remote access solutions for their specific needs, organizations can minimize their risk while maximizing their ability to work effectively in remote-only or remote-first conditions.

The post Remote Access Technology and You: A Guide for the SMB appeared first on Dataprise.

When COVID-19 first spread across the world earlier this year, it was impossible to predict how much our lives would change. For companies across the United States, one of the most impactful changes has been the transition to remote work and virtual meetings. However, we are now more than six months into this “new normal,” giving us an opportunity to step back and take stock of how the transition is going and how we can improve it.

Since the transition to work-from-home, virtual meetings via Zoom, Teams, Google Hangouts, and other video conference platforms have become the primary tools employees use to collaborate face-to-face. Dataprise recognized the growing importance of this technology, and our strategic consulting team collaborated with our marketing team to survey over 125 coworkers, clients, friends, and family to capture the thoughts, feelings, and challenges we are all experiencing when it comes to virtual meetings.

Policy is the Best Policy

Working as a vCIO at Dataprise, the most important part of my job is helping customers solve problems. So, I decided to approach the challenges associated with virtual meetings, and the data we collected, with my vCIO thinking cap on. As with many technology challenges, the best place to start is with a good policy. Just as organizations need policies governing disaster recovery, security, and other operations-critical technologies, they can also benefit from established rules of engagement and formal written guidance around virtual meetings to maximize their benefits. So, I took our poll results and a little of my own research and started to dig deeper to see what we could learn.

All Zoomed Out

As an extrovert, I love virtual meetings. They give me a great opportunity to interact with my coworkers and customers without risk to anyone involved. But, as a human being with limited energy, I also prefer not to have them all day long. And I’m not alone; we asked the individuals we polled how long they spent on virtual meetings before and after the pandemic. Before the pandemic, the average answer was 8 hours or less per week; since the pandemic, many responded with 8 hours or more per day.

Aside from begging the obvious question as to when in the day these individuals are supposed to work, the advent of overpacked video conference calendars has given rise to a new phenomenon known as “Zoom fatigue.” This refers to the feel of mental, physical, and emotional exhaustion many of us feel after a long day of virtual meetings, and the results of our survey show how real this feeling can be. 

Organizations can help eliminate Zoom fatigue and burnout by setting policies which enable employees to cut down on unnecessary meeting time. For example, organizations can designate specific hours to remain virtual meeting free – setting aside the hours from 12:00 PM to 3:00 PM, for example, ensures that employees get time to eat lunch and catch up on work before launching into afternoon meetings. Similarly, organizations can create a policy against booking meetings at the half hour, giving employees the chance to recharge and do work when virtual sessions end in less than an hour. Lastly, our study suggested that many employees are either ambivalent about or against company Zoon happy hours due to Zoom fatigue. These types of meetings provide a great opportunity for employees to connect and here company news in an informal setting but making sure to keep them at reasonable intervals can help with burnout.

Call Me… Maybe

Though virtual meeting software has become increasingly prevalent, it is by no means the only option. Our survey showed that just over 50% of respondents have participated in a virtual meeting conducted over the phone in the last week, and many organizations still seem to prefer phone calls, either due to tradition or force of habit. But consider: which is more engaging? Virtual meetings offer the option to interact with coworkers face-to-face, and usually chat and file-sharing options as well, while a phone call is much more limiting as a medium.

The results of our survey back this approach; when asked, 88% of the 125 people surveyed found meetings to be more productive when virtual rather than over the phone. To keep meetings as productive as possible, then, organizations can set a policy requiring that a virtual meeting link be sent out, either on its own or alongside a phone number, with all remote meetings.

Lights, Camera, Action

Even if we accept that virtual meetings tend to work better than phone calls, virtual meetings can be carried out either with or without video. When asked whether they prefer their coworkers to have their camera on or off during virtual meetings, 41% of those we surveyed said they prefer cameras on and 40% said they have no preference, while a mere 11% preferred cameras off. This seems to suggest that most people either prefer to use the video option or at least have no preference against it.

Our study also suggested that teams can achieve more in meetings when everyone has video on; over 85% of respondents found video meetings productive, and over 40% found video meetings more productive than virtual conferences with cameras turned off. Keeping cameras on enables team members to replicate in-person conversations as closely as possible and communicate using facial expressions as well as words. Even your background, whether real or virtual, can provide a catalyst for conversation and connection. Furthermore, our survey indicated that most participants were not deterred from using their camera by concern over revealing their personal space at home.

Organizational or departmental leadership can provide guidelines on how employees handle the camera decision on a day-to-day basis through policy and precedent. Everyone needs a break from the camera sometimes (see: All Zoomed Out) but encouraging employees to participate with video during particularly important meetings, or simply whenever they feel comfortable, has the potential to boost productivity and engagement.

All-In-One, One for All

An organization’s technical capabilities are only as good as the tools they use. As a vCIO, I have seen firsthand how impactful the right tools can be, especially during times like these when we depend on technology for communication. Based on all of my experience, I have come to the conclusion that a secure, cloud-based, all-in-one communications platform that allows real-time collaboration on any device anywhere in the world, is the ideal approach to virtual communication for nearly all organizations.

To demonstrate why this type of platform is so universally useful, let’s look at some of the very real threats to productivity that companies are facing today:

•        Bad communications amongst departments

•        Too many emails and difficulty finding the right emails

•        A virus or ransomware that takes away your proprietary work

•        Lost documents, or inability to access the right document version

•        A slow or broken computer

•        Delayed communications

•        Inaccurate interpretation of communications

•        Internet outages

By using the kind of cloud-based communications platform I have described, companies can help fix these issues; emails and documents are stored in the cloud and easy to locate and share, data and information are accessible from any device, communication happens in real time, and collaboration is possible at the touch of the button via video, voice, or chat. Popular examples of these types of platforms include Microsoft Teams, Slack, and others.

When asked in our survey whether they would continue to use their virtual communications platforms after returning to work in the office, most respondents said yes. Thus, crafting a clear and effective strategy for all-in-one virtual communications represents a worthwhile long-term investment, as does developing policies around how that tool is used (e.g., authentication, security, meeting hours, etc.).

Focus Pocus

Have you ever ended a wasteful or superfluous meeting and felt the need to mentally disconnect? If so, you are not alone; an MIT study shows that disorganized and unnecessary meetings can have a significant negative impact on employee morale and productivity, stating:

“Poorly run meetings have a tremendously negative impact on team success, innovation, creativity, and on individuals’ well-being and stress. In fact, experiencing a poor meeting can even result in meeting recovery syndrome, where employees lose additional time and productivity mentally recovering from a bad meeting.”

Any complete policy on virtual meetings should offer a meeting outline template to help the meeting organizer stay on-topic and inform attendees of what needs to be covered. Training and tools such as Whiteboards, brainstorming apps, and intuitive project management software such as Microsoft Planner can help make meetings more focused and interactive.

A New Hope

If we have learned nothing else about technology and business in the last eight months, please take away this: embrace technology as it evolves. Before the pandemic, I was pushing Teams to as many of my customers as I could as an easy, intuitive option for remote communication. Some companies were hesitant, and others took the chance to try it. When March came around, companies with Teams were able to continue to work and communicate successfully from home, often without missing a beat. Those which refused to adopt Teams or a similar tool found they were in trouble and had to spend additional time and resources on last-minute projects, training, software platforms, and even hardware in order to survive.

The good news is that organizations seem to already be moving in this direction; vCIOs at Dataprise have already found our customer base more willing to listen to IT direction, introduce new technologies and processes, and embrace fast-paced changes rather than worrying about how their employees will cope. Companies see the value that innovative technology provides to advance productivity, communications, security, or the bottom line. As an IT leader, I am excited and optimistic to see the future of businesses now that there are fewer hesitations about technical advancement. Building policies and standard practices around virtual meetings are just one step along the path towards the future.

More Data

Finally, below are a few more results from the poll I did not use for this post but thought to add for your benefit:

The post Virtual Meeting Trends: A vCIO’s Perspective on Video Conferencing appeared first on Dataprise.

The purpose of this article is to expose the mechanisms of mail flow in a way that translates to the MSP space, and to examine the considerations an MSP and its clients may have when planning and discussing a mail solution. Even when approaching a new environment, it is surprisingly easy to map out mail flow if you know where to look and what to look for. However, it can often be difficult to understand this process due to the presence of several convergent technologies working in concert. Let’s take a closer look at email explained: mail flow and email handling services.

“Hopping” through the Sender’s Environment

Modern email operates using a “store and forward” technique which works exactly how it sounds. Messages “hop” around organization’s networks and the internet to reach their destination, getting manipulated, encrypted, filtered, and forwarded at various stages until they reach their destination. The first step of mail flow is to navigate through the sender’s environment following the process described below.

Every message in an email handling service begins within a Mail User Agent (MUA), which is responsible for formatting, user-interface, and connecting the end-user to their mail server. The MUA forms the interface layer of common mail applications like Outlook and Gmail, controlling the user’s experience sending messages. 

Once the message is sent out of the MUA, it goes to the sender organization’s mail server. The mail server is simply a high-powered computer designed to host two critical server applications which are responsible for handling mail. The first is called the Mail Submission Agent (MSA) and is responsible for receiving email messages from the MUA. The second, known as the Mail Transfer Agent (MTA), locates the correct mail server to send the email to by identifying a specific type of Domain Name System (DNS) record called the MX Record. This record is stored online and belongs to the recipient. Once the MX Record is identified, the MTA releases the email to this intended recipient.

Leaving the Sender’s Environment

In addition to the MUA and mail server, most mail flow include a filtering gateway, which represents the first and/or final hop for any emails entering or leaving the local network. Organizations do not technically need filtering gateways for their email system to work, but they provide great value by scanning inbound messages for spam and malicious payloads which could damage the recipient, and by running incoming mail against sets of receive rules and policies to ensure compliance. Filtering gateways often take the form of third-party anti-spam software solutions (e.g., Barracuda Email Security Gateway, Sophos Email Appliance), or entirely cloud-hosted platforms (e.g., Mimecast, Microsoft Advanced Threat Protection). They are generally located on the receiving side, and securely relay mail from the sender’s MTA to the recipient. 

At this point, it is worth noting that the MTA is the “point of no return” in the email process. Even if filtered by an outgoing filtering gateway, the email is out of the hands of the sending environment and cannot be recalled or traced past this point by the sender. 

After being released from the final hop of the sender’s infrastructure, the message is relayed by Simple Mail Transfer Protocol (SMTP) to the recipient’s MTA then the recipient’s Mail Delivery Agent (MDA). The MDA then stores the message in the recipient’s mailbox for access. Once placed in the mailbox, the recipient can read the message from their own MUA and, if needed, respond, starting the mail flow cycle over again in reverse.

The Big Picture 

The simplified mail flow described above can, of course, differ from organization to organization, but the basic structure remains the same. Visually, the pathway looks something like this:

Although email handling services can be hosted on a wide variety of on-premises and cloud-hosted server platforms, the communications between these servers and services operate on an agreed-upon structure to maintain compatibility and functionality.

By understanding the process by which emails pass across the internet, organizations can understand where they, as either the sender or the recipient, can and cannot control the mail flow. For example, filtering gateways represent a crucial barrier against unwanted and potentially harmful mail from reaching an organization’s employees. By maximizing their control over the email process and ensuring that they have the best possible controls in place, organizations stabilize their environment and minimize risk.

Ready to for part two on email explained: to cloud or not to cloud? Head on over to learn more about hosting your server on the cloud vs on-premises.

Get Started with Dataprise for Your Email Handling & Email Archiving

For more information on what mail hosting options are right for you, how you can optimize and secure mail flow, and other technology concerns, contact our Marketing Team today.

The post Email Explained: Mail Flow & Email Handling Service appeared first on Dataprise.