Blog

January 14th, 2015

Security_Jan12_BAny business can become the victim of security breaches on a mass scale, as shown by the debacle which recently eclipsed Sony and forced it to temporarily cancel the release of blockbuster movie The Interview. Beneath the dramatic headlines are lessons for small business owners everywhere in how simple errors in IT security management can have grave consequences. These tips will help prevent your firm being the next to suffer Sony’s fate.

Don’t let basic security habits slip

Our modern-day instinct tells us that the answer to potential security breaches is to install new layers of antivirus software, firewalls and further encryption systems. While these are all worthy additions to your company’s armor of security shields, they will do little to help if good old-fashioned protective habits are allowed to slide.

Instill a disciplined, security-conscious mentality in your organization, and keep the messages simple so that staff remember and follow them. Focus on regularly changing passwords and keeping them secret, being vigilant about avoiding unexpected links in email messages, and limiting network access for the likes of external contractors to that which is absolutely necessary.

One of the ways hackers made their way into the Sony network was by tricking administrators into thinking they had a legitimate need for access: teach your staff to be careful, and praise cautiousness even if it turns out access is warranted. Encourage staff to flag up potential security lapses, and make sure they know that reports will be followed up and loopholes closed.

Take a flexible and agile approach to IT

IT changes, and so do the ways best suited to keeping it safe. This means it is vitally important to keep your IT systems up to date, and where necessary to do away with outdated practices that could leave your business technology exposed. This involves more than just ensuring that your network is running updated antivirus software to catch the latest bugs and worms - it means staying abreast of emerging methods to mitigate potential threats from hackers worldwide.

All of this uses staff and resources that your small business might not have - which is where outsourced managed services come in. Using a managed service provider as an add-on to your own IT team can give you extra flexibility and the ability to keep abreast of industry security developments, even when you lack the time to do so yourself.

Equally, know when it is time to ditch data - think of emerging social networks like Snapchat, which set messages to self-destruct after a set time, as your cue to make your data retention policy less permanent, particularly in relation to email. If you no longer have a business need or a regulatory requirement to retain information, then delete it - in the process you can limit the possible damage even if the worst should occur and you fall victim to an external attack.

Backup, backup, backup

The last thing you want in the event of a security breach is for it to hit your day-to-day operations - the potential damage caused by the hack itself is likely to give you enough to worry about. But that is exactly the situation Sony found itself in after its latest hack, with its email system down and staff forced to return to the days of pen, paper and even the fax machine.

As well as ensuring alternative means of communication remain open to your business in the aftermath of a possible attack, it is also vital to make sure that you retain access to the information most critical to your work. Regular, secured backups help ensure that, whatever happens, the show is able to go on and your firm’s productivity and revenue are not unduly hit. Engaging professionals to undertake your backups on a managed service basis also means this can happen routinely and without fail, while you stay focused on running your business.

Want to learn more about how to reduce your IT network’s vulnerability to attack? Get in touch with us today.

Published with permission from TechAdvisory.org. Source.

Topic Security
December 31st, 2014

security_dec24_AThere are so many ways that hackers can gain access to your computers and systems it boggles the mind. One of the more popular tactics employed is the increasingly common spear phishing. In early December 2014, news broke of a new, super savvy, spear phishing campaign that had succeeded in scamming top Wall Street companies and could be a danger to small businesses as well.

What is spear phishing?

Spear phishing is an advanced form of phishing where attackers troll the Internet for relevant information about you and then create a personalized email that is sent to you. This email is usually developed so that it appears to be coming from a friend or trusted partner and contains links to a site or program that can initiate an attack or steal information.

More often than not, these links are to websites where you enter account information, passwords, and even bank account details, or any other personal information which can be used to break into computers and even steal your identity.

What is this latest spear phishing attack?

This new form of spear phishing, being carried out by an organization who calls themselves FIN4, has actually been around since as early as mid 2013. When they attack Wall Street listed companies they are doing so to steal valuable plans and insider information.

What we know is that they send highly savvy and targeted emails to people at a company, trying to harvest Microsoft Outlook account information. Once they have this crucial data they then target others inside, or connected to, the organization, with the same email, while also injecting the code into ongoing messages. This method can spread the attack quickly, leading to a potentially massive security breach.

In the email examples of this phishing threat, the attackers write mainly about mergers and other highly valuable information. They also include a link to a forum to discuss the issues raised further. These emails come from people the recipient already knows, and the link is to a site that asks them to enter their Outlook account and password before gaining access. When this information is entered, it is captured by the attacker and used to launch more attacks.

What can we do to protect our systems?

From what we know, this attack is being carried out largely against law firms, finance companies, and other large organizations. While this discounts many small businesses, there is a good chance that the attackers will turn to small businesses operating with larger companies at some point.

Because this is an email-based attack, you need to be extra vigilant when opening all emails. Be sure to look at the sender's address, and read the body of the email carefully. While hackers generally have good English skills, they aren't fully fluent, which means you will notice small mistakes. Also, keep in mind previous emails sent by the recipient. If the tone and style is off, then the email may be fake.

It is important to always look carefully at all links in email messages. If a link looks suspicious, then ask the recipient for more information or to tell you where the link goes. If you come across any site asking you to enter account information, be extra careful. Look at the URL address in your browser, if it doesn't sat HTTPS:// before the address, then it may be a good idea to avoid this.

If you have any questions on spear phishing and how you can prevent it, contact us today to see how we can protect your business.

Published with permission from TechAdvisory.org. Source.

Topic Security
December 30th, 2014

BCP_Dec23_AWhen it comes to backing up your important business data, there are many options available to your company. One of the increasingly common choices is to use online or cloud-based backups. Despite the popularity of these systems, there is still confusion over what exactly online backup is and the benefits it can bring businesses.

What exactly is online backup?

In a wide sense, online backup is a backup system where your files, folders, and even systems, are backed up to an offsite storage server over your Internet connection. Tech experts also refer to this service as remote or cloud-based backup.

When you back up your files and systems to an online solution, your files are stored off site, usually in redundant data centers. This means that should something happen to your files you can access the system via another computer and restore your backups onto that computer, as long as you have an Internet connection.

For many companies, this is arguably the most efficient form of backup, not because of the backup method itself, but because of the fact that your backups are stored remotely The chance your data will be accessible if your business faces disaster increase, as data can be recovered quicker than most other systems.

How do online backups work

Like most other technical systems out there, there are numerous varieties of online backups. Some of the most effective are image-based, which take a snapshot of a computer or server at a specific time and then upload this to the remote backup servers. This snapshot contains the whole system as it is and can be easily recovered.

Other solutions can be automated to back up specific files and folders, and run through a Web-based interface that can execute a backup from almost anywhere. Beyond this, many systems can be managed by a company like us. We can implement a system that works best for your company and your data, and then manage it so that your data will always be available when you need it. Should something go wrong, we can even help you recover your systems.

4 Benefits of online backup

Companies that implement an online-based backup have been able to realize the following benefits:
  1. Decreased recovery time - Because your data is stored online, as long as you have an Internet connection you can begin recovery at the click of a button; there is no having to go find your backup, then figure out how to recover it. Most companies see a generally reduced backup recovery time when they implement an online system.
  2. Increased backup reliability - Over time, physical systems break and need to be replaced, and this can happen at any time. Because online systems are managed by other companies, whose main job is to ensure backups are always available, you see increased reliability with these systems.
  3. Decreased costs - Physical backup systems can be costly, especially if you have a large number of systems or a large amount of data to back up. Many online providers charge a flat monthly fee that often works out to be less costly than other solutions. Beyond this, you don't need to invest in physical backup solutions and the storage space to house and maintain these. As a result you should see lower costs.
  4. Increased data availability - As long as you have an Internet connection, your data will be available. This means you don't have to worry about your offsite physical data being okay, if you have a problem or disaster strikes on your premises. With online services data is available when you need it.
If you would like to learn more about online backup, contact us today and let us reveal just how dynamic and effective our solutions can be. Don't wait until you have to face a backup issue to back up your vital data!
Published with permission from TechAdvisory.org. Source.

December 11th, 2014

BusinessValue_Dec11_AThe beginning of a new year can be rather stressful and expensive for everyone, employees and business owners alike, with new plans and goals set in place right after long holidays. While it is great to start anew, it can be tough to justify or find the funds for new expenses, even if there is a real need. Instead, you may want to look for cost saving tools that can help improve business operations for less. To help, here are five free or affordable tools that can make your business life easier.

1. Canva

If you are a business owner, chances are that you aren’t the world’s best graphic designer, unless you run a graphics company of course! In order to design graphics, icons, flyers, and even posters you need specific graphics software. This can be expensive and the software is not going to be easy to use for design novices. You may even need an in-house graphic designer. This is where Canva comes in.

Canva is an online app that allows users to quickly and easily create professional looking graphics using drag and drop functionality and a wealth of free, or affordable, stock images. In other words, you can create designs in a short amount of time.

The service itself is free, but some images do need to be purchased.

2. FreshBooks

Most business owners are not certified accountants either, and even if you understand the basics of accounting and tracking of finances, the money side of your business is often a full time or at least a specialized job. If not handled correctly, this could spell disaster for your business. One solution is cloud-based FreshBooks.

FreshBooks is accounting software that allows you to invoice clients, track payments, accept payments, track expenses, and access financial reports at the click of a button. Beyond this, you can connect FreshBooks with your payroll services to ensure that your employees are paid on time.

The platform offers a free plan that allows you to track and manage one client, while paid subscriptions start at USD 19.95 a month.

3. Hootsuite

Many businesses have a presence on more than one social media network. While this is a great way to reach out to the highest number of customers, it can be a chore to manage and maintain a presence on all of these networks all of the time. Hootsuite is specifically aimed at this task.

Hootsuite is a tool that allows you to manage your social media accounts from one platform. Using Hootsuite you can schedule posts, set up streams, establish keyword tracking, and track engagement. It really is a one-stop-shop for all of your social media platforms.

Hootsuite offers a free subscription which allows you to manage three social media profiles, while a business subscription starts at USD 8.99 and allows you to track up to 50 profiles and gives you access to more advanced analytics and features.

4. Podio

Managing projects and ensuring that all employees are aware of what they should be doing, and what others are doing, can be one of the toughest tasks for any business owner. Sure, spreadsheets and communication work to a point, but there is always room for error and of course improvement, which is what Podio provides.

Podio is a project management app that allows you to easily manage projects, tasks, deadlines, and even files. Using an intuitive dashboard that all users have access to, employees and managers can easily see who is doing what, as well as what needs to be done and what has already been done.

Podio is free with limited features for five users and costs USD 9 per user, per month for the full subscription plan.

5. CoSchedule

If you have a blog, either on WordPress or hosted by WordPress, sharing the articles you post on your social media profiles is a great way to increase content reach and interaction. However, it can be time consuming to actually create posts on each different platform, unless you use CoSchedule.

With CoSchedule you can write your social media posts for a blog article and schedule them to be posted once the article goes live. Think of it as automating the sharing of your blog articles. This will save you time, while making it easier to manage your content, largely because the calendar included in CoSchedule is easy to work with and gives you a good view of your content.

CoSchedule is USD 10 per month, per blog.

If you are looking for more affordable ways to improve your business operations, contact us today to see what boost we can offer you at a price you can afford in 2015.

Published with permission from TechAdvisory.org. Source.

December 3rd, 2014

Security_Dec01_ASpend even a small amount of time looking at the various massive malware threats out there and you will find that security experts are usually able to figure out who developed it, the intended targets, and where it is most prevalent. In early November, news broke about a mystery security threat called Regin that has been around for years, but which experts seem to know comparatively little about. Many business owners are worried about Regin, but should they be?

What exactly is Regin?

What is most interesting about Regin is that a number of security experts seem to not really fully understand it. They know that it exists, they know it is complex, and they know it is one of the most advanced pieces of malware ever created. But, they don't know what exactly it does, or where it comes from.

What we do know is that Internet security firm Symantec is credited with first bringing Regin to public attention, and that it has been around since at least 2008. So far, the company has said it is similar to the Stuxnet virus that was supposedly developed in (or by) the US and used to attack and subvert the Iranian nuclear program.

Regin is known to infect Windows-based computers and at its core is a backdoor trojan style of infection. From detected infections it is looks like the purpose of the malware is not to steal information but to gather intelligence and facilitate other types of attacks.

What makes this malware so powerful and disturbing is that it is much more advanced than other infections. Using various encryption methods it can hide itself extremely well, making it difficult to detect. It can also communicate with the hacker who deployed it in a number of different ways, thus making it a challenge to block or stop. As a result, it is far from easy to actually figure out what exactly this malware is doing and why.

Who has been infected?

According to various security experts we have been able to compile a list of companies and organizations that have been targeted to date. These include:
  • Telecommunications companies
  • Government institutions
  • Financial companies
  • Research companies
  • Individuals and companies involved in crypto-graphical and mathematical research
At the time of this article, no known attacks have been carried out against companies in the US, Canada, or the UK. The main countries targeted so far have been Russia and Saudi Arabia, along with a smaller number of infections in Malaysia, Indonesia, Ireland, and Iran. A total of 10-15 countries have been targeted since the malware was first discovered in 2008.

Is this a big deal for my company?

Just because your company is operating in a country that hasn't been affected thus far, doesn't mean that you aren't at risk of being attacked by this malware in the future. If you operate in any of the industries or sectors listed above, you could still be at risk, especially if you do business with clients in infected regions.

For now, however, it appears that Regin is only infecting larger government bodies and large companies outside of North America and much of Europe, so the chances of you being infected are relatively low. Although as with any threat, this can change at any moment.

What we recommend is that you ensure your antivirus and antimalware solutions are kept up to date and always switched on. You can rest assured that eventually experts will learn more and block this malware from infecting systems. Beyond this, working with an IT partner, like us, who can ensure that your valuable data and systems are secure, is also be a good idea. The same goes with watching what you download and any emails you open. If you don't know or trust the source, don't download any program, open an attachment, or read an email connected to it.

Looking to learn more about the security of your systems? Contact us today.

Published with permission from TechAdvisory.org. Source.

Topic Security
December 3rd, 2014

BI_Dec2_AWith the steady increase in the adoption of business intelligence suites and solutions by small to medium businesses, managers and owners have been able to take advantage of better data. One business function that has really benefited is sales. There are so many sales-related metrics to employ, it can be tough to actually pick the ones that work for your business. To help, here are five of the most common and most useful sales metrics.

The sales pipeline

This metric is often employed by businesses to show current sales opportunities and estimate the number of sales or revenue the sales team will bring in over a set period of time, usually a couple of months. When employed correctly, team members are better able to track and remain in control of their sales. Managers can also be assured that targets are more accurately set and reached.

When companies set up their sales pipeline metrics they often set out to measure:

  1. Average time deals remain in the pipeline.
  2. Average percentage of converted leads.
  3. Average worth of every deal.
  4. The number of potential deals in the pipeline.

Overall sales revenue

This metric is often seen to be the most important sales-related metric to implement, largely because it provides managers and owners with a good overview of the health of their company and overall performance. In short, sales revenue allows you to accurately view the profitability of your business, even if your profits aren't presently growing.

Beyond giving a useful whole-business overview, this metric can also uncover exactly how much each sale influences or contributes to the bottom line. This can be calculated by using the standard profit-ratio equation - net income over sales revenue.

Accuracy of forecasts

Any sales manager knows that forecasts are just that, predictions. But, because so much of sales is based on informed speculation it is important to track the overall accuracy of any future forecasts. By doing so, you can uncover gaps in processes and reveal any forecasting tools that need to be improved.

From here, you can track improvements and tweak forecasts to ensure that they become as accurate as possible. After all, if you can show that you are meeting your goals, or are close to meeting them, you can make more reliable decisions and be assured that your company is doing as well as it appears to be.

Win rate

The win rate, also known as the closure rate, is the rate that shows how many opportunities are being translated into closed sales. Because this rate looks at the number of sales, you want it to be as high as possible, especially when you look at the time your sales team puts into closing sales.

While a high rate is preferable, low win rates are also useful largely because they can highlight areas where improvement is needed. For example, if your team has constantly low win rates across the board, then it could signify that there is a need for more training on closing sales, or that sales staff may not be knowledgeable enough about the products or services being offered. A fluctuating rate could show increased industry competitiveness and highlight when a sales push could be beneficial.

Loss rate

The loss rate can be just as important as the win rate, largely because it focuses on how many potential customers did not purchase products and/or services from you. It can really highlight problematic areas in the early sales process. For example, by tracking the loss rate you may be able to see that response time is low, causing potential customers to walk away.

Essentially, when measured correctly, you can use loss rate to improve the overall sales process and hopefully bump up your overall win rate. You can also compare the two rates to really see how big of a gap there is and give your team a solid goal to try and find ways to reduce this gap.

If you are looking for solutions that allow you to track and measure your sales and any other data you generate, contact us today to learn how we can help turn your data into valuable, viable business information to lead your company to better success.

Published with permission from TechAdvisory.org. Source.

December 3rd, 2014

GeneralHealthIT_Dec03_AYou may not want to rely on the Food & Drug Administration’s (FDA’s) app approval system: Roughly 90 percent of Android health-care apps have been hacked, and 22 percent of them were FDA-approved. That information comes from latest State of Mobile App Security report from Arxan Technologies, which attributed the high rate to a lack of information-security training and resources in the health-care field.

Of health-care apps, none that were Apple iOS-based have been hacked. But, looking at all apps, the risk is close between Android and iOS. Looking at the top 100 paid apps, 97 percent of those that are Android-based have been hacked, and 87 percent of those that are iOS-based have been hacked.

Because health-care apps tend to hold confidential patient information, these breaches present serious risk. “Make application self-protection a new investment priority, ahead of perimeter and infrastructure protection,” says Joseph Feiman in a Gartner Maverick Research report, “Stop Protecting Your Apps; It’s Time for Apps to Protect Themselves.”

Click here for an infographic that shows the state of app security, and contact us if you are looking to make sure that your apps are secure.

Published with permission from TechAdvisory.org. Source.

November 25th, 2014

BCP_Nov24_AAs a business owner you must be constantly aware of threats to your business. One of the best ways to mitigate many of these dangers is to develop and implement a Disaster Recovery Plan. In order to help ensure that your business is ready to recover from any disaster, here are five real-world tips that can help see you through.

1. Have a full copy of your data backed up outside of your operating region

Almost every company, regardless of size, has backup measures in place. These backups can be either physical or digital, and are supposed to be carried out on a regular basis. If a disaster strikes, having access to your data can help ensure that you can recover your systems and resume operations in the minimal amount of time.

While backups are great, if you keep your backups in the same area as your main systems, or even if your offsite backups are in the same region, there is a chance that a large disaster, like a flood, or power outage, could also affect these backups too. One of the best solutions is to keep a current backup offsite, and outside of your operating region, with most experts recommending at least 150 miles (250 km) away from your main business area.

How do you achieve this? The best option is to use cloud-backup. Many providers host their backup service at a number of different data centers in various locations, so that should a disaster strike both your business and a nearby data center, your data is still safe at other centers.

2. Realistically test your plan

It can be tempting to simply develop a plan and then test it in a closed environment once or twice a year, make some changes where necessary and then sit back and hope it works. In truth, for any plan to really be effective it needs to be tested in a realistic environment. If this is not carried out then there is a possibility that the plan could fail when activated.

Because disasters come in almost any form and size, you are going to want to first identify as many potential problems as possible. From here, test your recovery plans based on these scenarios and see how effective they are. Be sure to also involve your colleagues and employees, as they too will need to know what to do when disaster strikes and what their role in the recovery of data is.

A good way to look at these tests is to think of them more as practice runs. As with anything, the more your practice the easier and more effective it becomes. In this case, good practice could literally save your business.

3. Update your plan as you update your systems

When you develop a recovery plan, you need to base it on the systems and technology you currently have in your business. However, these systems and devices may not be in use six months, to a year from now, or you may introduce new systems and improvements.

As soon as you make any changes, your existing recovery plan could become obsolete. Therefore, you need to ensure that when you introduce new systems or technology you are also updating the recovery plan to cover and fit with these changes.

4. Create an accessible plan

Many experts agree that having a physical plan that employees can see and access during a disaster is one of the best ways of ensuring that it is actually implemented properly. Therefore, when you develop a Disaster Recovery Plan make sure that all of your employees can access it at any time. This includes during and immediately following a disaster.

Beyond this, you need to make sure that the plan is consistent. If you update the master plan, but fail to update the copies you store in say a public cloud, or at different worksites, this will lead to confusion and even an increased recovery time or complete recovery failure. When you do update your plan, let all parties involved know that it has been updated and remind them where they can find copies of the plan.

5. Don't be the only fully-trained disaster recovery expert in your company

As a business owner or manager it can be easy to try and run everything yourself. Afterall, it is your business and you know exactly how to look after everything, right?. The problem is that if you are the only fully-trained disaster recovery person you are making yourself the weakest link in the plan.
Published with permission from TechAdvisory.org. Source.

November 21st, 2014

Security_Nov17_AIn many western countries we are blessed with a free and open Internet, but in the US there is a battle currently raging over the idea of Net Neutrality. Chances are high that you will have heard this term thrown around by various experts and media outlets. In November, President Obama took a stance on this issue. Here is an overview of Net Neutrality, the stance from The White House, and what this could mean for your company.

What is Net Neutrality?

In order to define Net Neutrality, we should first look at the main idea behind what the Internet is: a free and open medium where individuals can express and house thoughts, ideas, and more. It was founded on one principal, and one principal alone: All information and Internet traffic MUST be treated equally.

This free, open, and fair principle is what we call Net Neutrality. In practice, this idea prevents Internet providers, and even governments, from blocking legal sites with messages they disagree with, and restricting access to services and sites that don't meet their business needs.

What exactly is the issue?

At this time, major telecommunications companies providing Internet access are trying to push legislation through the US court systems that will essentially make it legal for them to throttle Internet speeds; asking other providers to pay fees in order to speed up access to sites and to even block some sites.

There are laws currently in place, set by the FCC (Federal Communications Commission), that prohibit providers from collecting, analyzing, and manipulating user traffic. In other words, according to the FCC, the role of the Internet providers should be to simply ensure traffic and data gets from one end of the network to the other.

Last year, it was uncovered that US telecommunications giant, and Internet Service Provider, Comcast demanded that Netflix pay them millions of dollars or they would limit the Internet speed of Comcast users trying to access the streaming service. Netflix tried to negotiate but the result was that Comcast did indeed cut user speeds. Netflix paid to avoid this from happening again. This act is an obvious breach of the main tenet of Net Neutrality: Equal access for everyone.

Combine this with the January 2014 ruling that the FCC had overstepped its bounds in regards to this topic and the increased lobbying by telecommunications giants against Net Neutrality, and you can quickly come to realize that the Internet as we know it is under threat.

How will this affect my business?

If nothing is done, there is a very high chance that you will be paying higher rates for Internet-based services (because the providers will be asking other companies to pay to guarantee speedy access which will then be passed along to you via higher rates). You may even be forced to use services you don't want to use because they offer better access speeds on your network.

Beyond this, because so many businesses rely on websites and the hosting companies that enable us to access them, there is a very real risk that these hosts may have access speeds cut. This in turn could mean that it will take more time for some users to access your website and services. Think of how you react when you can't access a website, you probably just search for another similar site which loads easily - now imagine this happening to your site. In other words, you could see a decrease in overall traffic and therefore profits.

What can I do about this?

First off, we highly recommend you visit The White House's site on Net Neutrality, and read the message that President Obama has recently posted there. To sum it up, he believes that Net Neutrality should be protected and the Internet should remain open and free. He has even laid out a plan with four rules that the FCC should enact and enforce:
  • No blocking - Internet providers are not to block access to any legal content.
  • No throttling - Internet providers cannot slow or speed up access speeds based on their preferences.
  • Increased transparency - The FCC is to be more transparent and push providers to follow the Net Neutrality rules.
  • No paid prioritization - There is to be a ban on providers insisting other companies pay to have equal access speeds.
You can bet that this plan will be met by stiff resistance both in government and by the telecommunications companies themselves. The FCC is an independent organization and it is up to them to select whether or not they want to enact President Obama's plan. One thing you can do is to publicly submit your comments to the FCC via this website. Any comments made will be seen by the FCC and are are publicly viewable. In the past, enough public pressure has been able to sway FCC decisions, so share this article and the links in it with everyone you know, asking them to take action as well.

What about other countries?

For now, the Net Neutrality battle is largely US based. The vast majority of Internet traffic starts or at least passes through the US. This means that if the telecommunications providers (many of whom own international subsidiary providers) can limit access to sites in the US it could very quickly become a world issue. Beyond this, other countries often follow laws that the US enacts, so it could only be a matter of time before we see similar bills passed in other countries.

In short, this is a major issue that could see the end of the Internet as we know it. If you would like to learn more about Net Neutrality and how you can help ensure the Internet remains free and open, contact us today.

Published with permission from TechAdvisory.org. Source.

Topic Security
November 20th, 2014

Windows_Nov18_AOne of the biggest IT expenses for many small businesses is software. Some companies require thousands of dollars of software, which can quickly compound when you hire new employees. Businesses who have purchased Microsoft software may soon be receiving a letter from the tech giant asking for a systems audit. Here is a quick overview of this letter and what you should do if you receive one.

The Microsoft Software Asset Management Review

Earlier this year, Microsoft announced that they will be sending out over 30,000 letters to small businesses who have purchased Microsoft software licenses. These letters or emails are focused on checking that you have the right number of licenses for your systems.

This program actually has three audit elements, or emails, that are being sent out to businesses.

  1. Internal self-audit email - This is the most common letter businesses have been receiving. It asks them to verify that they are compliant with Microsoft's licenses, which is usually done by sending Microsoft the software keys for each license or product purchased. They then compare this to their records.
  2. Software Asset Management (SAM) Engagement - This is a voluntary process where Microsoft sends a Software Asset Management partner to your business to audit your systems and see if you are over or under licensed. For companies who do agree to this, the audit is paid for by Microsoft. The downside is, if you are found to be non-compliant, you will likely face a fairly large bill.
  3. Legal Contract Compliance (LCC) audit email - This audit can be enacted by Microsoft if you put off a SAM or self-audit for an extended period of time. Essentially, this is a legal audit that you must comply with. If you are found to be non-compliant under this audit, you could face stiff legal penalties.

What happens if I receive one of these emails?

Should you receive one of these emails you will be asked to carry out the audit by a set date. Most of the emails contain a spreadsheet that you will need to put your license information into. This can take time because you will likely need to physically check every machine using Microsoft software for relevant information.

Auditors who come to your business will ask you for network and server access and any other form of information they think they can ask for.

Should you be found to be non-compliant or under-licensed, you will likely then be presented with a bill for the extra licenses. If you happen to be highly under-licensed, this bill could be quite large.

What should I do if I am worried about this audit?

An audit like this could be time consuming, costly, and above all is frustrating for any business owner. What we recommend is working with us. We can help ensure that your business is using appropriate licenses and, should you face a request to do an audit, we can help you through the process.

So, contact us today to ensure that your business is compliant.

Published with permission from TechAdvisory.org. Source.