Forming an IT Budget for your Small Business

Here in the Vail Valley, All Mountain Technologies has found business owners do not typically see the value in budgeting for IT. Proper business technology increases agility, cut costs, and delivers peace of mind.

According to a recent study, professionals in the U.S. had planned to increase their organization’s IT budget for 2018 and will continue to for 2019. Global IT spending is predicted to reach roughly $3.7 trillion this year.

Technology is evolving and always changing. There are a few routes when it comes to choosing an IT solution as a business owner. You can hire internally (which can cost you anywhere from 60-100k/year), use a one man shop (which can be frustrating when they are out of town or super busy), or partner with a business like AMT.

All Mountain Technologies does not use the break-it-fix-it model when it comes to technology. We anticipate your needs proactively, plan for future changes, monitor, and ultimately take over the entire IT department with a staff of seasoned experts. We believe every successful business needs to allocate a portion of their budget to IT. With a proper infrastructure set-up, a business can run smoothly, efficiently, and make more money in the long run.

AMT has identified four areas as best uses for you IT budget along with some tips for your small business.

itpic.jpg



1. Hiring

Hiring and training qualified IT professionals is the most important use of your tech funds in the year ahead. There has been a skill shortage in IT recently. Technology has become more specialized and less accessible to untrained workers. The Vail Valley is somewhat limited when it comes to IT talent. AMT has a staff with decades of years of experience behind them. From engineering to cybersecurity, our staff has each area of tech covered. We are also in the process of partnering with local universities for an internship program for budding technicians.


2. Training

Not only is it important to partner with a qualified IT expert, such as AMT, but also invest in end-user training opportunities. When partnering with AMT as an Always-On client, you have access to end-user training such as a complimentary phishing awareness lunch and learn.

With recent cybersecurity risks, educating end-users is detrimental to keeping data safe and secure. AMT takes end-user education very serious as human error will always exist.



3. The Cloud

Each business has their own needs and goals. We do not always suggest a solely Cloud based set-up, but Cloud apps can work for some. Cloud apps are scalable, and let you track and manage real-time data. This kind of flexibility and agility is a plus in today’s competitive arena.

At AMT we take a lot off your plate when it comes to the Cloud. Your system administrators manage scores of IT assets—including hardware and software—and track and manage licenses, warranties, maintenance schedules, and custodianship records.

4. Cybersecurity

Cyber-criminals are becoming savvier when it comes to retrieving sensitive data. At your small business, you don’t want to lose customer data or let malicious groups take over your systems. Cover all the basics, including safeguarding sensitive business data and minimizing the risk of malware attacks.

Having a holistic and expansive cybersecurity strategy expands your business’ capabilities, improves your reaction times to potential issues, and creates a system of accountability around your data security operations. If these lower priority issues aren’t addressed, risks associated with cyber-crime can drive up costs, open you up to liability, and fracture processes crucial to the survival of your business.


All Mountain Technologies has created a way to stay cost effective so you don;t have to hire in-house or deal with the unpredictability of a one-man show. With our team of trusted IT professionals, you’re in good hands. Looking towards 2019, begin planning a budget for IT. If you have any questions regarding IT needs for your business, give us a ring.

-Allie Yazel, Marketing Coordinator at AMT ayazel@allmtntech.com




Meet the Team -Allie Yazel-

Allie Yazel grew up in Crystal Lake, a Northwest suburb of Chicago. As a child, she had a natural attraction to art and music, winning several writing awards and participating in musical theater all throughout middle school. Allie also played travel soccer and life guarded at the local lake she grew up swimming in. (Yes Crystal Lake, no, not like Friday the 13th.)

It wasn’t until High School that she picked up a camera. Allie would spend her lunch period in the dark room developing film. After spending her senior year in the Photo Department, she decided to enroll in the Photojournalism Program at Columbia College Chicago. She spent the summer before college, interning in Graphic Design and Strategy at her Aunt’s Marketing Agency.

Allie spent two years in the Photo Program. Her favorite course was Documentary Photography because she loved interacting and interviewing people. As a junior she transitioned into Advertising with a concentration in Account Management and Copy-writing. She felt advertising would allow her to write and manage a team of creatives. It was her dream to travel and work for National Geographic. Her last year at Columbia included a semester abroad studying International Business in Barcelona and a two week travel writing course in the Marin Headlands, California before graduating.

Allie says her time in Barcelona forever changed her perspective and made her a better human. She visited historic cities like FIgueras where Salvador Dali grew up, the islands of Greece, the catacombs in the city of Paris, Chefchaouen the Blue City in Morocco, and met an array of eclectic people. Growing up in the Midwest and never leaving the country before this, she did not have a gauge on just how different other cultures were. She was now addicted to the unknown and exploring new places.

After graduating in May 2016 with her Bachelor’s in Advertising, she returned Europe, but this time Amsterdam. She spent three weeks assimilating in Dutch culture, traveled to Brussels, and Oktoberfest in Munich. She had every intention of finding a job in Amsterdam and staying abroad.

She returned back to Chicago at the end of 2016 and starting working for an ad agency called Havas. Allie worked as an Experiential Concept Creator for large brands like Cheerios and Almay. Her team curated unique experiences and event activation. After nearly a year back in the corporate ad world, Allie felt she could better use her talent for good in the non-profit world.

Allie spent 2017, juggling volunteering for a local non-profit, writing for a human culture magazine in Miami, and working at a technology company. In June of this year, she moved to the Vail Valley and became All Mountain Technologies’ Marketing Coordinator. Since then she has engaged with the Vail Valley Foundation on several events, boosted AMT’s online presence, and fostered important community relationships.

allie12.jpg

“Don’t quit your daydream.”

-Allie Yazel, Marketing Coordinator

She claims to not be super tech savvy, but Allie knows how to market tech! She found her way into Information Technology this past year and fell in love with helping businesses increase productivity through tech. She believes IT is evolving into a standard business practice and is an essential part of success. Allie is part of Vail Valley Partnership’s NEXT Vail Valley leaders group #6 and is loving getting connected with fellow young professionals. Outside of the office, Allie enjoys all the amenities the Valley has to offer, including hiking and snowboarding. To this day, she continues to write non-fiction and photograph her travels. “Don’t quit your daydream,” she says.




Here Phishy Phishy... Tips to Prevent a Phishing Attack

In the past few months, All Mountain Technologies has seen a surge in email phishing attempts. Phishing is the fraudulent practice of sending emails claiming to be from trustworthy companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. Cities are not the only targets and our Valley is certainly not immune to phishing attacks. Industries like healthcare and hospitality are especially good targets because of their databases of sensitive data.  Educating your staff on what to look for when receiving a suspicious email is the #1 way to prevent an attack. We’ve put together tips on what to look for and how to verify an email’s legitimacy.

phishing.jpg


Check the Sender Domain

Cyber-criminals often spoof the display name of an email to imitate a reputable site. You may see your bank’s name or Microsoft in the domain. Don’t trust the display name unless you recognize it. That means the entirety of the domain. Below, “My Bank” does not typically send emails from “secure.com”. Contact your bank to confirm legitimacy. Also check for spelling errors in the domain. If it appears different than usual in any way, don’t open the email.

phi.png

Think Before You Click

 When you are on a trusted site it is fine to click on links. Clicking on links that appear in random emails is not recommended. Hover over links that you are unsure of before clicking on them. Make sure the link leads to where it is supposed to. Phishing emails are designed to look like they are coming from a trusted company. Taking it a step further, cyber-criminals create websites to look real. You may land on a site that is set up to look legitimate, but it is an imitation website to gather your data.

See the URL in blue? That is not a legitimate site.

See the URL in blue? That is not a legitimate site.

Beware of “Dear Customer”

Phisherman and spoofers are highly skilled when writing emails. They try to get as intimate as possible and may start an email with “Dear Customer” or call you by name “Dear Allie”. When in doubt, go directly to the source rather than clicking a potentially dangerous link. 

Verify a Site’s Security

Whether you’re buying concert tickets or making an online deposit, check that you are on a secure website. Check the site’s URL for “https” and there should be a closed lock icon near the address bar.

Also check for a site’s security certificate. If you get a message warning a website may contain malicious files, do not open the website. Never download files from suspicious emails or websites.

Change Your Password Frequently

This is a simple way to increase security.  We recommend you change your password(s) every 90 days. If your passwords were not changed on a regular basis, your familiarity with your password would eventually lead to its compromise. Once another person has acquired your password, they can use your computer account.

Never Give Out Personal Information

You should never share personal or financial information over the internet. This general rule has been in place since the beginning of the Internet due to the success of early phishing scams. Do not send credit card info, a social security number, or any other sensitive data to ANYONE (even a trusted friend or coworker) through ANY platform (email, Facebook messenger, etc.). When in doubt, call and give the information over the phone instead.

When partnering with All Mountain Technologies as your technology solution, you have full access to cybersecurity training including end-user awareness training. If you have any questions, comments, or would like additional information on our services, contact Allie Yazel, Marketing Coordinator at ayazel@allmtntech.com.

Hotel Gasthof-Gramshammer Case Study

Hotel Gasthof Gramshammer nestled in the Vail Village.

Hotel Gasthof Gramshammer nestled in the Vail Village.

CHALLENGE

As a historic hotel, Hotel Gasthof Gramshammer relies on traditional European charm to attract guests. However, due to the ever-changing nature of technology, the hotel needed to reassess the way they used theirs. The hotel’s technology had aged out to the point that they needed to plan for upgrades.

 

SOLUTION

Up until 2015, Gasthof Gramshammer did not have wireless and guests could not access WiFi. All Mountain Technologies started their interaction with the hotel completing a wireless project that year to get them up to speed. Gasthof’s could then better accommodate their guests with access to WiFi. As a result they increased bookings and positive reviews.

AMT was officially brought on in 2017 as Gasthof Gramshammer’s technology partner. The AMT team did a full assessment on what upgrades needed to be done and what downtime would look like for the business. Taking a look at financials, AMT and Gasthof Gramshammer planned projects accordingly for 2017 and 2018. As a hotel, it was important to not disrupt guests or booking capabilities.

AMT found that some servers were almost out of warranty, including a very large Dynamics server used by the hotel’s accountant. At that time, AMT took the opportunity to isolate different departments in the hotel into their own respective networks. The hotel, restaurant, and retail shop now have their own networks. This means if one goes down, the other two can still operate. The hotel had been around so long it had different levels of technology floating around. Nate, System Administrator for Gasthof’s, coins it “a history of tech.” AMT retired all out-of-use machines as well.

 

RESULT

AMT transitioned the hotel into a modern infrastructure, making it more manageable and scale-able for future growth. Nate and other team members scheduled updates around the hotel’s peak times to avoid disruptions to the day-to-day. It also gave the AMT team a chance to get to know the hotel’s staff and the way they function, understanding better how to support their needs.

A special thanks to Sheika Jr., the Hotel Gasthof Gramshammer staff, and our incredibly talented AMT Team.

Nate Parrish, System Administrator (left) and Sheika Jr., on behalf of Gasthof Gramshammer (right)

Nate Parrish, System Administrator (left) and Sheika Jr., on behalf of Gasthof Gramshammer (right)

Tech Tip Tuesday: Cybersecurity Terms

accounting_glossary-social_image-6d1ed3fa.png

Phishing
Phishing is the fraudulent practice of sending emails claiming to be from reputable companies to induce individuals to reveal personal information, such as passwords and credit card numbers.

Spoofing
Like phishing, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data, thereby gaining an illegitimate advantage.

Ransomware
Ransomware is a type of malware that restricts access to the infected computer system in some way and demands that the user pay a ransom to the malware operators to remove the restriction.

Malware
Malware, short for malicious software, is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other intentionally harmful programs.

 

10 Ways to Improve Your Cybersecurity

There is a major misconception looming in the tech world: cyber-crime won’t happen to you. Large companies are not the only targets. Small businesses such as those in the Vail Valley are at risk. We are not in the business of fear mongering, but the statistics are frightening! In a national study published this July, researchers broke down loss in millions of dollars per state. In 2017, Colorado residents and businesses lost 39.94 million dollars to cyber-crime. Global cyber-crime damage costs are projected to hit $6 trillion annually by 2021.

Hackers do not have a specific target in mind when they phish or spoof. Every business, large or small, global or local, should take cybersecuirty seriously. At All Mountain Technologies, we believe educating our neighbors in the Valley is important. We plan on bringing you more education opportunities in the future. The following are ways to improve your cybersecurity and combat hackers!

cybe5.jpg

1. Update Security Tools 

Sticker shock aside, the proper hardware and software does wonders for security. We recommend updating the following:

  • Business firewall – purpose built UTM device
  • Content filtering
  • Sandbox email attachments
  • Open SSL content
  • Intrusion prevention
  • Operating system and software updates
  • Anti-virus and anti-malware
  • Spam filtering
  • Maintenance utilities (cleaner, etc.)
  • Email encryption and archiving

2. Implement Security Best Practices 

Strong passwords are one of the first lines of defense against breaches. Educating staff on changing passwords frequently is a great first step to building best practices. In addition we recommend:

  • Password complexity/change policy
  • Implement Two Factor Authentication (2FA)
  • Never save passwords in your browser
  • Create a separate guest wireless
  • Use central authentication for all systems
  • Review (or develop) permissions for all folders and data repositories
  • Encrypt hard drives for laptops
  • Ensure phones/tablets can be wiped remotely
  • Disable USB ports on all computers
  • Do nothing private on a public network
  • Maintain (and test) robust backups

3. Combat Human Error with Employee Education 

Create a security aware culture. Establishing a security best practice with your staff will set the stage for success. Continuign to educate your staff on what to look for as new tools become available will decrease chances of phising and spoofing. Here is Open DNS' Phising Quiz to test out!

4. Update Regularly

Any connection to the Internet is vulnerable. Keep every connection, operating system, and application up to date with patches and enhancements. Implementing software and system security updates quickly limits possible exposure to vulnerabilities.

5. Implement VPNs for ALL Connections

Networks that are protected only by generic security measures are more vulnerable to attack. Implement virtual private network (VPN) connections between office locations. VPNs are great for remote employees who may connect through public Wi-Fi service as well. 

6. Retire Unused Services

Contrary to popular belief, most old computers do not hold their value. We anticipate archaic machines will not be worth thousands of dollars on eBay in the future. When limited-duration products expire, decommission the applications, logins, and user credentials associated with them. In cases when you don’t use every available feature of a UC deployment, such as a video chat function, turn it off to further limit unauthorized access.

7. Back it Up

Backing up data is not only to keep information updated, but also secure. Multiple backups is always recommended. Archiving data that is not needed on a daily basis can help you stay organized and efficient. 

8. Don't Forget Mobile Devices 

For remote users mobile devices are crucial. As a business it is your job to make sure your staffs' mobile devices are equally secure if company information is being shared. Sensitive browsing, such as banking or shopping, should only be done on a device that belongs to you, on a network that you trust. Whether it’s a friend’s phone, a public computer, or a cafe’s free WiFi—your data could be copied or stolen.

cybe6.jpg

 

9 Monitor, monitor, monitor 

Would you set up security cameras and not monitor them? Cybersecurity works the same way. Be sure to monitor your accounts for any suspicious activity. If you see something unfamiliar, it could be a sign that you’ve been compromised.

10. Don't Leave Devices Unattended

Never leave your devices unattended. If you need to leave your computer, phone, or tablet for any length of time- lock it up so no one can use it while you’re gone. If you keep sensitive information on a flash drive or external hard drive, make sure to lock it up as well.

If you have any questions regarding cybersecurity reach out to Allie Yazel, Marketing Coordinator at ayazel@allmtntech.com. Stay safe out there!

References: 
https://www.csoonline.com/article/3153707/security/top-5-cybersecurity-facts-figures-and-statistics.html
https://www.business.att.com/learn/operational-effectiveness/5-easy-ways-to-improve-your-cybersecurity.html
https://umbrella.cisco.com/blog/2013/10/08/top-ten-important-cyber-security-tips-users/

 

 

 

 

 

 

 

 

 

 

When it Comes to Cybersecurity, Your End-Users are the First Line of Defense

Phishing is one of the main cybersecurity risks that an organization can face. Regardless of size or location, every business is at risk because hackers do not have a specific target. Phishing is the fraudulent practice of sending emails pretending to be from reputable companies to trick individuals to reveal personal information, such as passwords and credit card numbers. Although there have been widely publicized stories about company info being compromised, many businesses still don’t have a cybersecurity plan in place.  

Cybersecurity starts with educating your end users. Do your employees know not to click on links that people send to them unless they’re sure the links are coming from trusted sources? To help with the end-user education, Office 365 comes with a cool feature that allows you to send fake phishing emails to your employees/end-users to test whether they’d click on a malicious link or engage in other unsafe behavior. These emails can be fully customized. You can send a customized, fake phishing email and get a report on the end-users that failed the test.

1200px-Cybersecurity.png

 

Here are steps you can take to make cybersecurity a top priority:

Implement a cybersecurity policy and procedure document.
It doesn’t matter if you’re a one-person organization or a 100,000 – you need to detail your action items long before a threat is identified. This document should contain a section that details action items, in case your end-users encounter perceived or real compromises.

Build your cybersecurity strategy around educating your end-users.
It is rare we see hackers jumping past a company's firewalls to compromise their network because it is too time consuming and expensive. In a hacker's mind, it is far easier to send a phishing email to employees and let them do all the hard work (like clicking on a malicious link). It's likely every one of your employees has an email address, access to the internet, and the ability to fall victim to a hack. Educating your employees is the easiest and cheapest way to prevent attacks. 

Have tools in place to help prevent the potential for compromise.
Cybersecurity protection doesn’t just come from making sure your end-users don’t click on the link or visit a site they shouldn’t. We’re human after all, and as humans, we make mistakes. In addition to preventive education, make sure you have additional tools in place such as Advanced Threat Protection. In the event your employees slip up, this keeps you protected. 

Use a tool that creates a fake phishing email and see how many of your end-users open it.
One tool we suggest is the Office 365 testing tool. This can really help in determining which end-users in your organization could fall victim to phishing attacks and other malicious activities. This type of reporting becomes critical to understanding how effective your cybersecurity program is. If you see a lot of your end-users failing the test, perhaps you need to put more into their training.

Long term, some businesses deploy a cybersecurity awareness certification program as a part of their continuing education process. Look at your business and employees, assess the cybersecurity needs, create an action plan, and continue to educate your staff. 

If you have any questions regarding cybersecurity or education tools, contact your AMT System Administrator today. Stay safe out there!