��Ƶɫ

How Finance and Insurance Providers Can Respond To The Surge of Cyberattacks

admin — Wed, 23 Feb 2022 17:41:55 +0000

How Finance and Insurance Providers Can Respond To The Surge of Cyberattacks admin Wed, 02/23/2022 - 11:41 Trends ��Ƶɫ

Over the past two years working from home (WFH) has rapidly accelerated in many fields. Although the pandemic’s part in contributing to this shift is undeniable, much of this trend would be impossible without software developments supporting remote work. However, digital growth has increased the chances for cybercriminals to strike out and harm companies.

Smaller and mid-sized businesses are especially at risk due to limited resources and budgets for cybersecurity. On the other hand, businesses that have had increased digital footprints have also given cyber insurance companies more information to assess risk profiles of policyholders. These data-driven insights help provide more accurate underwriting and ultimately protect the insured.

This article will discuss the ways WFH has altered the digital landscape and what, both financial and insurance, providers can do to respond to this increased growth.

Growing Digital Footprints

As of 2020, over half of the world’s population is connected to the Internet. In America, over 90% of Americans have access to the internet. These numbers stand in sharp contrast to 2007 (the year the first iPhone was released), when 47% of Americans had access to broadband Internet at home. Every year more and more people are coming online and signing up for the services and platforms that connect us in this digital age. Increasingly, our digital presence has become relied upon as a method for us to transact business and experience our lives.

More and more businesses require employees to leverage these types of digital systems, which is why we have seen a huge increase in vulnerabilities. The transition from an Internet of the wild west to a place where the vast majority of the world’s business takes place has been essential for WFH to become possible. Importantly, businesses should consider how to rebuild after Covid.

Powered by the Cyberworld: Working From Home

WFH, sometimes called remote work, or even more rarely, working from anywhere (WFA) has become key to how we do business today. The sudden shift to WFH dramatically altered the business landscape because overnight we suddenly found many workers, some of whom had never sent an email, were handed a laptop and told to sign up for Zoom.

Early in the pandemic Zoom went from servicing 10 million people a day to over 300 million. In short, the Internet got way bigger and way more crowded. Companies suddenly needed new services, like being able to encrypt your emails. This rush to cyberspace also created an open floodgate of information for cybercriminals to wade through.

Criminal Threats Online

Cybercrime is nothing new, but the massive shift to remote work has made business data all that more vulnerable to hackers. Zoombombing, the practice of breaking into private Zoom meetings and disrupting them, although largely benign, underlines the importance of securing your business’s online presence.

Something important to keep in mind is the various types of groups that perpetrate these crimes, but also the angles from which they may attack businesses. This information is critical for financial and insurance providers because by understanding how cybercriminals behave you can determine how to better protect policy-holders.

Cybercrime Perpetrators

Generally, there are three to four types of cybercriminals that can be identified based on their alignment. The first group would be government actors. These are hackers employed by the government of a nation and are frequently used to undermine the stability of other governments. Second, there are government-sponsored hackers. These groups are typically paid for by nations in order to separate themselves from the type of attack that is taking place. They attack all kinds of targets.

The third and fourth are hacking collectives and individual rogue hackers. Sometimes hacking collectives can be government-sponsored. Other times they act on their own. Frequently, these groups attack corporations of all sizes and harvest their data for sale on the dark web.

Consider how these groups might attack your clients and how your clients’ risk profile might change based on the groups that target them.

Crime Targets, Attack Vectors, and What They Mean for Financial and Insurance Providers

What methods do these criminals use though? And what are their targets? Unfortunately, I cannot cover every single type of target and attack vector here, but I will cover the most common areas and discuss how these can impact your business.

To begin, many hackers target personal data -- at all levels. This means whether a business has 2 employees or 2,000, they are ripe for being attacked. Personal data does not just mean an employee’s data either, it means all the data that the business itself has collected.

For example, hospitals store all sorts of important data on patients, including their date of birth, social security number, address, and even vital records. Encrypting records is key to preventing these data breaches. Hospitals aren’t the only vulnerable industry, however, all business owners should consider some type of insurance to prevent loss when a data breach occurs.

Second, a favorite target of many hackers is cryptocurrencies and other financial assets. Today, more and more financial institutions sell cryptocurrency or invest in it themselves. Insurance providers may offer policies that cover the loss of cryptocurrency. There are many options for safely storing your crypto, but it will definitely continue to be a major target along with all other types of assets.

When it comes to how attackers seek this information the most common methodology is phishing. Phishing involves posing as, or spoofing, a trustworthy identity. Once the hackers have gained your trust, through social engineering, they then send a file, link, or other pieces of malicious software to gobble up your information or take control over your system.

Email is one of the most common ways that phishing scams are employed, which is why it is so vital that your email is secured with the right software. Other times these scams can be employed on social media. A business may have employees on Facebook or TikTok, who subsequently, albeit unintentionally, expose their employer to threats.

Insurance companies should consider this in the underwriting process. Does the business you are insuring have a social media policy for employees? Does the business have other kinds of insurance policies in place in the event of the worst happening? A training program to protect against phishing? These should be considerations in any process you undertake.

Brute force hacking is far less common than phishing, but it often requires more resources on the part of the hacker. Businesses and financial institutions can be particularly vulnerable to these types of intrusions because of corporate software that allows many employees to connect in the cloud. A hacker targeting the database of a large corporation could easily gain access to countless files.

These are just a handful of the areas that can potentially be impacted by cybercriminals, but they are the main areas to consider if you provide either financial or insurance products.

Big Opportunities for Financial and Insurance Providers

As you can see, the increase in cybercrime and expansion of cyber vulnerabilities are opportunities for both financial and insurance providers to tailor their services to their clients. By better understanding how working from home has expanded the marketplace for hackers, financial and insurance providers can both offer more complete coverage and better protect consumers.

Secure Modern Workplace

10 IT Trends for 2022 that MSPs should know

admin — Thu, 10 Feb 2022 21:45:33 +0000

10 IT Trends for 2022 that MSPs should know admin Thu, 02/10/2022 - 15:45 Trends ��Ƶɫ

For the last two years, uncertainty and unpredictability have reigned supreme in the IT world. The world of work was turned on its head by a global pandemic, and the message was clear: businesses that change too quickly to stay afloat would sink.

But while many businesses have taken a reactive approach to IT changes, 2022 is ushering in a new era. It’s time to start planning again. Here are IT 10 trends CompTIA predicts for 2022.

1 The definition of “workplace” will continue to change

If the pandemic taught us anything, it’s that work can happen anywhere—for better or worse. Working from home full-time has been a gift for some and a burden for others, and how employees want to move ahead is deeply personal for each person.

It’s clear that companies will need to be flexible in how they accommodate their employees’ needs in the year ahead. Some employees may want to remain remote while others will want to hold onto a hybrid approach.

Technologically speaking, being able to support remote work has encouraged most IT departments to reorganize their list of priorities, pushing them to formalize and legitimize band-aid solutions so that they can scale properly. For many organizations, this means a renewed commitment to digital transformation.

2 Travel for business will be more measured

For a long time and for many people, travel was part and parcel of working in the technology industry. When the pandemic ground things to a halt, however, businesses were forced to find new ways to connect. Video calls and virtual conferences became the norm, and rather than highlight why travel was so essential, changing things up actually proved that it was a lot less necessary than many had assumed.

In 2022 and beyond, travel for work is going to look a lot different. Firstly, approved business travel will need to have a proven use case and ROI. Secondly, smaller regional conferences and hybrid/virtual conferences will be more common. Thirdly, more employees will be empowered to turn down travel requests, which is especially important now that younger generations of workers have cited virtual collaboration as sufficient for innovation, as well as concerns over climate change making them less enthusiastic about hopping on the next flight.

3 The never-ending quest for regulation continues

Regulation has long been a seemingly unsolvable puzzle in the tech industry, but the pressure to reduce monopolistic practices and protect consumer privacy has only increased in recent years. Creating laws around these issues hasn’t gotten any easier, though; antitrust concepts and business practices vary by country, and increased globalization makes it difficult to contain any one rule in a meaningful way.

Going forward, the onus is shifting to tech companies rather than regulatory bodies. All tech companies will have to work to fully comprehend the unintended consequences of their output, and to try to build a framework that encourages responsible behavior. Tech firms need to help lawmakers understand the issues, examine their own operations, and practice transparency with their clients to address these concerns.

4 Technology budgets will grow—stealthily.

Over the last few years, CIOs have been expected to do more with less as IT budgets shrank. Today, though, businesses are moving away from the assumption that IT is a cost center that needs to be tightly controlled.

Today, businesses are taking a more strategic point of view in how they approach their IT budgets, but this shift in perspective isn’t so obvious at first glance. Stealth IT, where business units procure their own technology, makes it hard to track overall technology budgets.

Technology can also be an embedded component of business solutions, making it difficult to be explicitly defined. Take the example of a custom website built as part of a marketing campaign. The entire budget may be assigned to marketing, even though technology was built to meet the objective.

Overall, even when tech spending grows, there may not be tech-specific line items to back it up in the books. Today’s technology opportunities are more than hardware installations and software licensing, and they’re more integrated into businesses’ long-term goals than ever.

5 Cybersecurity is getting more proactive

When it comes to cybersecurity, more has changed in the last five years than the decades that preceded them. For a long time, cybersecurity was planned out based on the idea that a firewall and antivirus software were enough to keep out the bad guys. However, the move to cloud services and mobile-first workforces has eroded the idea of the secure perimeter, and the idea of a defensive approach.

Today’s security breaches can lay dormant and undetected within networks for a long time, and more businesses are becoming wise to the idea that a proactive approach is necessary to keep data and users truly safe. More organizations are starting to use their own resources or outside partners to probe systems and find any weak spots.

Both offensive and defensive approaches are necessary to keep modern workplaces safe, which includes intentional strategy along with new investments in infrastructure.

6 Channel cybersecurity still has strides to make

CompTIA’s 2021 State of the Channel study, found that 36% of channel businesses are either only just beginning to formulate their cybersecurity strategies, are behind schedule, or not involved in cybersecurity at all. Of the 64% that are on target, only 28% of them consider cybersecurity a strategic specialty, meaning the majority do not offer more sophisticated tools and services beyond the basics of antivirus and firewall protection.

While there are understandable risks and challenges that come with operating a successful cybersecurity practice, there’s really no excuse for not specializing in this space. Considering how much cyberattacks against MSPs have increased recently, these companies can’t afford to expose themselves and put their customers at risk.

7 More channel companies will take the consulting route

How customers buy technology has fundamentally changed. Product-centric, transactional business models no longer cut it for MSPs, and more channel providers have been moving to more of a consulting-based offering. The evidence is clear: helping customers run their businesses better with the right technology is a lucrative avenue that’s both profitable and in high demand.

Consultants have the opportunity to play the role of expert for businesses that need that expertise. In 2022, more channel firms will realize that reselling products and services in a cloud marketplace era is fading—but there’s lots of opportunity to expand into the kind of consulting that’s so sorely needed.

8 Chip supply chain constraints will cause a wake-up call

Without a reliable supply chain, even the best-engineered product won’t get built or delivered on time. Today’s global semiconductor shortage has affected smartphone, PC, and other chip-dependent industries in the wake of COVID.

For decades, just-in-time manufacturing has allowed suppliers and providers to stop stockpiling inventory and parts, and respond in as close to real-time as possible to demand. The chip shortage threw this method into question, however, with some now wondering if it might be wiser to keep inventory, parts, and components close to home, regardless of whether customer orders have been placed yet.

Many channel firms will have a decision to make in 2022: do they want to start holding some inventory of their own in the event of backlogs?

9 Software development will get more granular

Software development used to be left to large companies who could afford the resources and infrastructure to participate. As the foundational computing platform has stabilized and technology has become democratized, however, more companies have started adding their own software development skills.

Today’s companies have lowered the barrier to entry considerably by relying on open source and microservices. Cloud computing has also allowed companies to stand up multiple environments for development, testing, and production without needing capital investment.

As capacity and capabilities have grown, however, skills supply has flagged. This has led to organizations trying to compensate by breaking applications down into bite-size pieces. These smaller functions can be refreshed more quickly and reused throughout a comprehensive software strategy.

Whether this is an evolution of microservices or a new approach entirely, the trend of reusable pieces of software will simplify development but add challenges in integration and architecture management. To keep up, many companies will also accelerate their DevOps efforts, with more advanced companies exploring AIOps to further automate their established processes.

10 Data management will drive an analytics revolution

Today’s companies are aggressively pursuing analytics as a strategy in order to understand past transactions, improve operations, and predict future opportunities. But while data science is one of the fastest-growing roles, for most organizations managing data in-house is still a very early endeavor.

In fact, many companies are struggling to build a structured foundation of corporate data, and will have to start with the basics. This requires an understanding of where data lives and how it is used, as well as a classification of all data to define requirements around usage and security. It also requires a strategy for data to outline goals and identify trade offs.

Only organizations that have updated their storage schemes, or ensured that they are getting the most out of traditional tools like relational databases, will be ready to move on to tools that work with unstructured data, algorithms that leverage machine learning, or models that rely on real-time data streams.

Read the full report

If you want to get more in-depth on CompTIA’s predictions for 2022, you can read the full CompTIA IT Industry Outlook 2022 here.

The Future of MSP

4 of the best Microsoft Teams features you may not be using today

admin — Wed, 12 Jan 2022 15:49:56 +0000

4 of the best Microsoft Teams features you may not be using today admin Wed, 01/12/2022 - 09:49 Microsoft 365 ��Ƶɫ

When the pandemic hit in early 2020, many workplaces migrated to Microsoft Teams, looking for a quick fix to connect employees until it was safe to return to the office. Nearly two years later, many of those same workplaces are now planning to work remotely or in a hybrid setup indefinitely. This may lead you to wonder if there’s more to the tool that your team can benefit from.

Indeed, there’s more to Microsoft Teams than just video meetings, instant messages, and project channels. Let’s take a look at some of the lesser-known features that can help your team long-term.

Get more out of messaging

Most discussion of Microsoft Teams only considers it the “new version of Skype chat”, or likens it to Slack. In reality, there’s a lot more to it than being able to send and receive instant messages. Teams is set up so that you can work in real-time with your colleagues without ever leaving the channel you’re in. It’s a great place to house your digital workplace hub to collaborate, plan, and execute work as a team.

Where Microsoft Teams gets a leg up over other messaging apps is in its ability to support many functions at once. Within project channels and direct messages, you can easily attach a file, video or voice-call a colleague, and access other Microsoft apps like OneNote and Office, all within the same window. This makes it easy to stay on-task, collaborate seamlessly, and organize project information.

Collaborate with colleagues

There are a number of features that make collaboration easier with Microsoft Teams.

First, as Microsoft explains over on their support page, adding tabs makes it possible to keep your information organized and streamlined. You can add any relevant files and apps as tabs to your existing Teams conversations. For example, if there’s a deck your team is working on that’s part of a larger project, you can add a tab to that channel to make the deck easily accessible to everyone. Once a file is added, users can also co-edit it together in real-time, without needing to leave Teams.

Another great collaboration feature is the ability to add both internal and external contributors to project spaces. This makes it possible to add vendors, suppliers, freelancers, and clients as guest users, which means you don’t have to rely on a separate email thread to keep them in the loop (just make sure you run this function through your security process first).

Integrate for ease

Integrations make it easier to work smarter using third-party apps in conjunction with Teams.

First, sometimes you need more than just text to get your message across. Microsoft Teams lets you easily embed content from third-party apps directly into your messages, making them more interactive, informative, and functional for the people receiving them.

You can also interact with 24 different app bots by @mentioning them in chats or project channels. This support article uses the example of chatting with Survey Monkey to create a new poll within a team message. This makes it easier to accomplish more, without having to put any extra effort in.

Access from anywhere

We’ve all gotten used to working from home over the last two years, but the Teams phone app makes it possible to access all your documents and conversations while you’re on the go as well.

Once you have the Teams app on your phone, there are a number of ways you can customize it to suit your work style. For example, you can set quiet hours (and even quiet days) to filter out notifications during your down time. You can also use the app to share content from your phone during a meeting, or transfer a call from your laptop to your mobile app.

Overall, Microsoft Teams is more than just a messaging app. With the right actions, information, and integrations, you can use it to connect with your team on everything from day-to-day communications to larger projects that require heavy collaboration.

If you’d like to talk to a Microsoft Partner about Microsoft Teams, get in touch here.

Secure Modern Workplace

Advanced Notice: Staying Alert and Aware of a Security Breach

admin — Thu, 06 Jan 2022 15:55:58 +0000

Advanced Notice: Staying Alert and Aware of a Security Breach admin Thu, 01/06/2022 - 09:55 Thought Leadership ��Ƶɫ

Locking your digital doors is the most important thing your organization can do—a cybersecurity system is crucial in today's hack-happy world.

Recognizing what a picked lock looks like is the second thing. Cyberattacks do come with warning signs, and your team needs to know those signs so that you can stop a security breach before it's too late.

We hear stories all the time about how a proactive approach to cybersecurity makes a breach less catastrophic. Here's a hypothetical business and name, but the scenario has happened many times.

Jay Duncan and his team learned this the hard way. Jay is the IT director for Sew Clean, a chain of alterations and dry cleaning stores. He has pushed his senior management to move towards a completely digital point of sale system, so their customers' information is stored in their network. Jay installed Intrusion Detection Software (IDS) in the network when they installed the new POS software, thinking that with all that customer data they needed bigger firewalls. The IDS he chose is antivirus software that monitors incoming network traffic.

So far, it's worked out well. Not only are customer's starch choices in the system, but so are their measurements, so they can just drop off basic alterations like hemming. During the pandemic, this full curbside service has boosted Sew Clean's business while their competitors are struggling.

Sew Clean has several branches in the metropolitan area, and Jay oversees a team of six administrators. Together, they keep customer data secure and manage the business operations.

A Series of Peculiar Events

One day, a branch manager mentioned that she had been locked out of her account when she tried to log in. She hadn't said anything about it because she assumed she had missed a capital letter on her password. Jay didn't think much about it; Susan was new and he figured she had just forgotten the sequences. He had also added email encryption to the system for an added layer of security. That afternoon, the operations manager said that the network seemed slow, and some of the computers were inexplicably crashing. Jay immediately shut down his computer, only it would not cooperate and kept running. Jay's suspicions of a security breach were confirmed when a ton of pop-ups started doing just that—popping up exponentially.

Jay realized that a data breach was in progress. He had been discussing plans for an emergency recovery with his IT admins since his first day, so he called his lead engineer and told her "we're hacked, get everyone on site and start working through the plan." Then he called the CEO with the news.

While Jay was having an uncomfortable discussion with the CEO, his lead engineer Jane had shut down all company routers to limit the spread of the hack, and had begun shutting down all servers. Her staff were calling branch managers to tell them to run through the instructions in the red 3-ring binder labeled "Emergency Recovery Plan."

By the time Jay got to the data room, Jane and her staff were almost finished rebuilding the desktop computers in the office. "Jay, I'm glad you made us practice this last month. I've put all the main servers in quarantine, and Tom's signed off on the checks. I'm sending the guys out to the branches to make sure they're all clean. Once that's done, we'll be back in business within an hour".

How Jay Prepared for a Data Breach

Jay and his team knew the signs of a security threat, but the initial signal—a new employee couldn't log in right away—was so subtle that he and Jane dismissed it at the outset. His CEO was grateful that Jay had insisted on additional email security as well as security audit software, although he had grumbled a bit about the cost at the time.

Fortunately, he and Jane both had that emergency plan in place, so they had minimal downtime and no loss of data.

Major Signs a Data Breach is Underway

Jay and Jane knew the warning signals for a data breach and had trained their staff to look out for these signs.

Users locked out of accounts—Susan couldn't log in because a phisher was interfering
Slow hardware and software performance–systems freeze and crash without reason
Abnormal system behavior—lots of pop-up and virus detection messages are a sure sign that malware is worming its way into your network

A security breach attack can even take the form of targeted campaigns that are customized to spoof legitimate notification messages.

More subtle changes to the system are sudden file changes and unusual activity on an administrative account. When Jay realized a cyberattack was underway, he was able to confirm through his security audit software that his admin account was secure and that the malware had not infected the company files.

Your data security should have built-in updates

Data security tools are constantly evolving to keep up with the bad actors in cyberspace. Jay had already installed Microsoft 365 Security Audit software that continuously monitors his email system for vulnerabilities. Hackers are always looking for a way in, and emails are a popular delivery vehicle for testing the waters. Phishing attacks are typically the first breach in a network. The security audit analyzes all network mailboxes for permissions, passwords, MFA, and forwarding settings so that any attempt at breaking in is automatically rebuffed.

Phishing is a highly profitable attack vector

According to an IBM study on overall costs of a data breach, a successful phishing attempt accounts for the second costliest type of attack. Phishing accounts for 17% of all data breaches, and costs companies an average of $4,65 million. Compromised email credentials—when the malware fools the active directory into thinking a request is valid—are responsible for 20% of security breaches. These incidents, however, are less expensive to clean up than a phishing hack.

Phishing breaches that wormed into business email, however, cost an average of $5.01 million in recovery. What's worse, IBM found that phishing only accounts for 4% of data breaches, and takes almost a year—317 days—to identify.

Modern IDS Keeps Up with the Bad Actors

The days when Jay and Sew Clean could keep their data secure with anti-virus software are long gone. As businesses are networked, security levels need to meet that risk by providing safeguards for the entire system. An IDS acts as that gatekeeper, with highly adaptable technologies that keep all your systems secure against consistently more sophisticated cyber threats.

Signature-based IDS takes off from antivirus software, which searches for patterns in byte sequencing—signatures—or known malware instruction sequences. The problem with signature-based IDS is that it cannot identify new attacks as there is no pattern precedent.

Anomaly-based IDS goes a step further and uses AI to identify odd patterns of behavior against a predefined trust model. The downside to this IDS is that fake positives are a possibility; in some instances new legitimate activity gets flagged as malicious.

Until this attempted data breach, Jay and Jane were having a hard time convincing their team and CEO that modern security software was critical for their company and customer information to remain safe and secure. Once the crisis had passed, they were fully on board with learning and staying up to date on security protocols.

Secure Modern Workplace

How to increase adoption of Microsoft Teams

admin — Thu, 23 Dec 2021 19:33:07 +0000

How to increase adoption of Microsoft Teams admin Thu, 12/23/2021 - 13:33 Microsoft 365 ��Ƶɫ

For some workplaces, going remote in 2020 was their first foray into collaborating and meeting virtually. For these organizations, Microsoft Teams was a welcome addition, allowing them to meet, chat, and stay organized from afar.

Now that some time has passed, however, some are finding that while their colleagues and employees are using Microsoft Teams, they’re not getting the most out of it. Let’s look at a few ways you can encourage more meaningful adoption of Microsoft Teams at your workplace.

Decide what success looks like

We’ve touched on the bridge between usage and meaningful adoption, but what does that look like? The truth is, it’s different for every business. It’s important to define what a successful adoption of Teams will look like for your business and work towards those metrics.

As with any goal, it’s important to make sure yours are specific, measurable, achievable, realistic, and time-bound. According to Microsoft, there are four categories of outcomes you can work towards: organizational, cultural, tangible, and individual. Let’s look at each a little more closely.

Organizational outcomes: Goals in this category include those around cultural transformation, employee retention, talent acquisition, social engagement, and operational agility.

Cultural outcomes: These include goals around employee sentiment, employee recommendations, customer feedback, and innovation measures.

Tangible outcomes: These can include impacts on customer experience, cost savings, revenue generation, data security, process simplification, and retirement of legacy systems.

Individual outcomes: Here’s where we get more into the weeds of user adoption, with outcomes related to actual use of the tool, employee morale, employee productivity, employee engagement, and idea generation.

Being clear from the outset on which of these outcomes are important to you (and how you plan on achieving them) is critical, but so is being flexible. If you’re having trouble reaching an outcome, you can investigate why and adjust your adoption approach accordingly.

Drive engagement with champions

Encouraging—and managing—behaviour change is one of the most difficult things leaders can do within an organization. Getting employees to join a work call on Meetings is one thing; getting someone to change the way they conduct their day-to-day communication is another entirely.

Managing this change, however, is critical. Engagement is a major factor in driving software adoption across an organization. When it comes to Microsoft Teams, the company has a solution for making this happen: onboard early adopters first, and identify Microsoft Teams champions—that is, the people who will drive awareness, adoption, and education around how to use Teams within the organization. As Microsoft recommends, champions should be given:

Formal training in how to use the software
Encouragement and empowerment to guide, teach, and train others
Consistent, positive reinforcement on the progress and impact they’re making
A clear, time-based plan to execute

Microsoft even has a Champions Program, where leaders can access valuable materials about getting the most out of Teams. If you’re running your champions program well, these people will learn all they can about Teams and pass that knowledge and support onto others who may be less enthusiastic or knowledgeable about the software.

If you’ve already been using Teams and haven’t appointed Champions, it’s not too late, and it’s worth the effort. There’s no replacement for having someone internal who can drive adoption and address any questions and concerns others may have.

Incorporate feedback and invest in awareness

It’s important to gather feedback about Teams from your employees, both from your champions and from others. Understanding how people use and experience the product will help you adjust the way you approach awareness and training going forward.

Microsoft recommends paying close attention to things like how users incorporate Teams with existing technology and which questions they ask about how to use it.

Finally, you should put considerable effort into building awareness and training across the organization. Microsoft equates this with the “marketing and communications” segment of your overall adoption strategy.

A good awareness and training plan includes deliberate internal communications, which can look like events, signage, and self-help/training information to familiarize people with why this is an important tool.

It’s important to evaluate your success metrics and share them widely to encourage continued adoption across the organization. Microsoft recommends sharing insights from your feedback channels with the hashtag #TeamStories to make them easily searchable. They also recommend sharing a team story company-wide every month to show what increased productivity and collaboration looks like using Teams.

Meaningful adoption doesn’t happen overnight

As with any major endeavor, success with Microsoft Teams adoption won’t happen overnight. Getting employees engaged, trained properly, and enthusiastic about using this tool will take careful planning, deliberate execution, and discernment about what’s working and what could be improved.

If you enable your champions, measure success, and incorporate feedback, you’ll be well on your way to meaningful adoption across the board.

Secure Modern Workplace

IP Spoofing Attacks: What are they and how can you prevent them?

admin — Fri, 17 Dec 2021 21:45:22 +0000

IP Spoofing Attacks: What are they and how can you prevent them? admin Fri, 12/17/2021 - 15:45 Trends ��Ƶɫ

There are dozens of techniques hackers can use to try to infiltrate your company's sensitive data, though some are more sophisticated than others. IP spoofing attacks are used by bad threat actors to “get a foot-in-the-door" of your network. They’re growing in popularity and frequency, and have the potential to wreak havoc on your organization if gone unnoticed. In this article, we will dive deeper into what IP spoofing is, how it’s commonly used, and what you can do to protect your organization for these types of attacks.

What Are IP Spoofing Attacks?

When data is transferred over the internet, it gets broken up into packets before being reassembled upon arrival. Each and every packet comes with source information, including the IP address of the sender and receiver.

IP spoofing is an entry point for attackers, used to bypass systems that are set up on a model of trust, or used to enter networks that aren’t secured with the right systems.

When attackers use IP spoofing, they impersonate a legitimate entity by changing their IP (Internet Protocol) source information to make the receiving computer system believe the data is coming from a trusted source. In systems that are configured to work between a set of trusted networked devices, IP spoofing can be used to circumvent the IP authentication process by appearing as a trusted entity on the network... getting past the moat and into the castle.

IP spoofing can be used to carry out “Man-in-the-Middle" (MitM) or “denial-of-service" (DoS) attacks. These methods allow hackers to obtain sensitive data, such as credit card information or social security numbers by interfering with communication between other networked computers. In the case of DoS, the hacker leverages devices they’ve compromised, i.e. “zombie” devices to carry out the attack. Often, hackers will even have a large network of these compromised devices, that they will use to flood or completely shut down websites and servers, and the IP source information is falsified to create confusion and prevent mitigation. This is similar to someone sending a dangerous item in the mail, but placing a false return address on the package (or even putting the recipient address on the package as the return address). This method makes it difficult for businesses to trace the source of the attack.

How Can My Organization Prevent IP Spoofing?

Although there are many things to worry about in the world of cyber security, there are also many ways to keep yourself and your organization safe from attacks like these.

Your users will be highly unlikely to detect IP spoofing, that’s why it’s important to ensure the organization’s IT security measures are up-to-date and configured properly. Some recommendations are to enable multi-factor-authentication (MFA) for your employees to access critical data in your network. Validating devices inside the organization with MFA is a strong option to provide an extra protection layer. It’s also recommended to place your network behind a firewall, and to implement additional security measures beyond IP authentication alone. Perhaps it’s time to implement packet-filtering for incoming traffic (ingress filtering), and external network traffic (egress filtering) to bulk up your IP authentication process, for example. Members of your web development team can also ensure they’re using the most up-to-date internet protocol, as old versions are more vulnerable to attacks.

How Can My Organization Recover From an Attack?

If your organization has been the victim of attacks carried out after IP spoofing, you know how jarring it is to discover that your network has been infiltrated. If you notice a device (or multiple devices) in your organization has been infiltrated, the first step is to disconnect it from the network as soon as possible. This can prevent the spread of the attack and give you a chance to perform data backups if they aren't done automatically in the cloud.

Next, affected users should change their login credentials and avoid using the same password for multiple accounts.

At this stage, you should have your cybersecurity team scan your system for viruses or malware, or reach out to a professional local IT security team (such as a Managed Service Provider in your area) that can help you with the process.

Finally, run an audit and see where the vulnerabilities were that allowed a hacker to gain access to your network or data. Once you know how the attacker got in, you can change your cybersecurity policies and procedures to prevent attacks like this from happening ever again, and begin implementing some of the recommendations we provided above.

Connect With A ��Ƶɫ Partner Today to Help Prevent Cybersecurity Attacks

��Ƶɫ is partnered with thousands of Managed Service Providers who can help you get to the root of your most common security vulnerabilities and offer their top choices for the tools you need to properly patch up any gaps. You can connect with a local IT partner in our network to help with network security.

Secure Modern Workplace

A rundown of backup recovery and data loss

admin — Fri, 17 Dec 2021 17:14:30 +0000

A rundown of backup recovery and data loss admin Fri, 12/17/2021 - 11:14 Backup ��Ƶɫ

As a business owner, knowing how to protect your digital data is a must when it comes to avoiding disruption to your business. Your business's essential data may be on a device that can get damaged, and data that is stored online may be accidentally deleted. Fortunately, data backup and recovery services make getting your data back if something happens to it easier than you might think. Here is an overview of what data backup and recovery typically look like and how they can benefit your business!

What Is Data Backup and Recovery?

Data backup and recovery describe the steps business owners can take to make sure they still have access to their digital assets, files, and other data in case something were to happen to the original version. Data that has been properly backed up in advance can usually be recovered if it is accidentally deleted, your device is damaged, or your business becomes the target of a cyber attack.

Difference Between Backup and Recovery

Data backup and recovery are two closely related concepts, but they are not exactly the same thing. Data backup is a preventative measure that should be taken long before you experience data loss or other problems with your data, while recovery is the process of getting your data back after a problem occurs. Properly backing up your data is an important step in making sure that you are able to recover it if you need to, as the process cannot be done in reverse if data that has not been adequately backed up is lost.

Types of Backups

Your business has several options when it comes to backing up your data. Although you will need to begin by performing a full backup, incremental and differential backups tend to be more efficient options for backing up new data.

Full Backups

A full backup creates an extra copy of all the data on your system. This type of backup is the most thorough, and it is an essential starting point when backing up your system for the first time. However, it is usually not the best choice for adding new data once the majority of your information has already been backed up because it is a very time-consuming process that typically takes many hours or even days to complete.

Incremental Backups

Under most circumstances, incremental backups are a better option when it comes to backing up new data. Because you do not need to back up your entire system over and over, selecting this option allows you to only create a copy of new files or other types of data that have not yet been backed up. As long as you have done at least one full backup in the past, an incremental backup is a faster and more efficient option for making sure you have a backup copy of all the files you need.

Differential Backups

Differential backups fall in between full backups and incremental backups. Like incremental backups, they only affect some of your data, but they use your most recent full backup as a starting point instead of your most recent incremental backup.

Types of Recovery

There are also several types of data recovery methods to choose from, some of which can work better for certain types of data failure than others. Some of the most common types of data recovery include granular recovery, instant mass restoration, volume recovery, virtual machine disk recovery (VMDK recovery), bare machine recovery, and instant volume mounts. Assuming your data was backed up properly before its failure, you can choose which type of recovery is the best fit for the type of data you lost and what problem caused it to disappear.

Importance of Backup and Recovery

Here are several reasons why considering data backup and recovery before you need them is essential when it comes to protecting your business!

Your Data Is Essential to the Operations of Your Business

Digital data security has quickly become a far bigger concern for many businesses than it was even a decade ago, although it has been an important consideration for as long as it has been used for business purposes. Your business likely relies on a wide range of categories of digital data to function normally on a daily basis, and abruptly losing access to that data can hinder your business from accomplishing as much as it should. For this reason, taking steps to ensure the overall security of your data is a must when it comes to keeping your business up and running.

No Business Is Immune to Data Loss

No matter how strong your security measures are, your business's devices and programs can fail or experience a cyber attack. Laptops can wear out and no longer turn on, files can become corrupted and unable to be opened, human error can cause you or an employee to accidentally delete data, and your business may become the target of a ransomware attack or other cyber security concern. Although your IT team should certainly take steps to reduce the likelihood of these problems, it is impossible to guarantee that they will not cause your data to disappear.

Ramifications of Not Backing Up Your Data

Although it is understandable that your quest to find ways to save time and money for your business may not automatically include investing time and money in data backup and recovery programs that you may never need to use, it is important to carefully consider the ramifications of cutting corners in an area that has the potential to cause extreme financial losses and productivity setbacks if something happens and your data cannot be recovered.

Cyber criminals are becoming more sophisticated even as cyber security programs become stronger, and banking on never experiencing a cyber attack because you are taking precautions could be catastrophic for your business. Simple human error, such as accidental deletion, can also destroy hours, weeks, or even years' worth of hard work.

At ��Ƶɫ, we prioritize helping our clients take steps to avoid the damage that data loss can do to their businesses. Contact us today to learn more about how we can help you take steps to protect your data from a wide range of potential losses or to get started!

Secure Modern Workplace

Everything you need to know about Microsoft Customer Digital Experiences (CDX)

admin — Wed, 15 Dec 2021 17:12:22 +0000

Everything you need to know about Microsoft Customer Digital Experiences (CDX) admin Wed, 12/15/2021 - 11:12 Microsoft 365 ��Ƶɫ

If you’re a Microsoft employee, a vendor with an MSFT domain, a Microsoft Partner, or an MVP, you’ve likely heard of Microsoft Customer Digital Experiences (CDX). It’s designed for people like you to demonstrate Microsoft technology and products with hands-on interaction. You also probably know that it offers three main types of experiences: demos, interactive guides, and customer immersion experiences.

But do you know how to make the most of it? If not, fear not: we’ve put together a quick guide to help you out.

First things first: How access works

Access to CDX is granted to all valid Microsoft partners and MVPs. If you’re a Partner, you must use the work account associated with your Microsoft Partner Center for authentication. For MVP users, you must be a current, approved user in order to access.

To sign in, ��Ƶɫ must use a work account that is enrolled into the Microsoft Partner Center, associated with their MPN account, and authenticated through their work domain's Azure Active Directory (Microsoft Partner Center Help can support any setup issues you encounter).

Demos: More common, less involved

Overall, demos make up most of the experiences available through CDX. A demo is a deep one-to-many or one-to-one presentation led by Microsoft and Partner facilitators that incorporates little to no audience participation.

Generally, a demo is best for an audience of practitioners, ITDMs, IT pros, security pros, or anyone involved in tech planning or everyday use. Demos can be on-site or virtual, and come in a variety of types, so let’s take a look.

Assets only demos: These demos offer downloadable guides that can be followed as a standalone demo, or within a Demo Tenant that is already in your account.

Shared tenant demos: These demos allow you to open a demo environment that’s already pre-configured. This environment may contain products and features that are not available within your own demo tenant.

Tenant only demo: These demos provide an easily accessible personal demo tenant that can be used to demo the product that the experience is about.

Interactive guides: Step-by-step specifics

Interactive guides provide a guided, step-by-step presentation for a specific feature of a product or business scenario. They focus on the enablement of features and functionality, and are especially helpful for supporting virtual training and events.

These guides are often featured at conferences and events, and are available online for all audiences: field, partners, and customers. The experience of participating in an interactive guide is mostly passive, with some guided simulation.

Customer immersion experiences: The full package

Finally, we have the most interactive option, the customer immersion experience (CIE). A CIE is a one-to-three hour on-site or virtual experience led by a professional facilitator that features a high degree of audience participation.

The intended audience for a CIE are enterprise executives, BDMs, or IDTMs that meet minimum qualifications. Generally, the audience for a CIE is anywhere from 4-20 people.

CIEs allow all participants to log into a live Microsoft 365 environment using virtual desktops or a quick tenant. From here, users can interact with one other in real-time, using a scenario-based script to demonstrate various Microsoft 365 products.

There are a number of CIEs to choose from, each highlighting a product or a specific industry. Generally, the experience is interactive, storytelling-based, and hands-on, with some guided simulation. CIEs come in two options: Instant-On or Quick Tenant.

Instant-On: Instant-On CIEs should not be used for testing purposes and only a customer account should be selected.

Quick Tenant: A Quick Tenant CIE provides only a preconfigured tenant, and can be accessed by your users either in a browser or on physical devices. (Devices are not provided by CDX).

So there you have it, the basics of Microsoft CDX explained. Want to learn more about Customer Digital Experiences? If you’re an existing partner, you can access our full M365 Sales Fundamentals workshop here, which features a Transform module. If you’re not yet a partner, but interested in access to our online workshops, masterclasses, your own account manager with Microsoft expertise, and more, become a partner with us today!

The Future of MSP

The Email Security Dictionary

admin — Mon, 13 Dec 2021 22:13:55 +0000

The Email Security Dictionary admin Mon, 12/13/2021 - 16:13 Email Security ��Ƶɫ

The world of email security contains all kinds of terms that are not often understood intuitively without a clear definition. For this reason, we have created a comprehensive email security dictionary to help you and your team understand the most important cyber security definitions, which will ultimately help you keep your company's data and information safe.

This guide is broken up into two categories: email security acronyms and good old-fashioned cyber security words or phrases.

Email Security Acronyms You Need to Know

Email security terms often consist of acronyms, which are sometimes referred to as cyber security alphabet soup. Here are the most important ones for you to be aware of:

2FA: 2 Factor Authentication

2FA, also known as MFA (multi-factor authentication), refers to the requirement of a password and tangible authentication system, often a confirmation code sent to a cellphone, to allow access to private online accounts or computer systems. These prevent immediate access by hackers to private data and accounts, even if the password has been compromised.

APT: Advanced Persistent Threat

An APT is a cyber attack against a network that is systematic and uses multiple tactics in an attempt to overload existing security measures over time. Hackers using APTs often attempt to infiltrate numerous platforms, and breaking into email accounts is one of the most common methods. Basic security strategies are usually not enough to stop these kinds of attacks, though more advanced security measures can slow them down or prevent them altogether.

Note: this acronym is not to be confused with ATP (Advanced Threat Protection)

DKIM: DomainKeys Identified Mail

DKIM is a helpful email security measure that ensures messages are not altered during transit from the sender to the receiver. It provides the email with a private key while it exits the outbox, and the recipient's inbox uses the organization's public key to verify the sender and that the message was not altered. This security measure is essential for preventing email spoofing attacks.

IMAP: Internet Message Access Protocol

IMAP allows users and email clients to access their messages from multiple devices on the internet. This is what enables people to check their email on their phone, computer, tablet, or other devices, and the email client usually leaves messages on the server until the user deletes them. Nearly all email clients use IMAP to allow widespread email access.

MTA: Mail Transfer Agent

MTAs are the software that actually performs the transfer of emails from one computer to another. It receives emails from other users, and forwards them to its intended recipient. Microsoft Exchange is an example of an MTA.

PKI: Public Key Infrastructure

PKIs are protocols that help data transfer securely over networks with digital certificates that are issued and managed with public-key encryption. A PKI consists of policies, procedures, hardware, software, and so much more.

Email Security Words or Phrases to Be Aware of

Aside from acronyms, email security is also full of terms that may seem more intuitive, but might actually not mean what many people believe they do. Here is some clarification about important email security words or phrases:

Encryption

Encryption usually involves emails sent from one user to another getting scrambled until they are incomprehensible, only to be reassembled with the use of a key. There are several different types of encryption, but email encryption is helpful for keeping emails safe from prying eyes while they are sent, transferred, and received. Every organization should have, at the very least, an email encryption system in place to prevent hacks and data loss.

Data Loss Prevention

Data loss prevention is the proactive efforts by an organization to detect and dismantle security threats and violations before they result in compromised accounts and data loss. Data loss prevention policies often include practices for using, storing, and transferring sensitive data in a safe in secure way to protect employees and clients.

Phishing

Phishing is a common method hackers use to obtain sensitive information and data. Most often, phishing attacks consist of email messages that seem legitimate, but trick recipients into clicking links or replying with private data like login information or passwords. Phishing attacks have gotten more advanced in recent years, and they can result in devastating losses for your organization.

Public Key Cryptography

Public key cryptographies are any systems that use both public and private keys within a network to protect messages. Public keys are held by all users within a network, while private ones are held only by an individual. Some encryption methods use public keys to allow the sender to send their message, while the intended recipient is the only one who can access the message because of their private key.

Ransomware Attacks

Ransomware attacks encrypt files on a device, which makes them unreadable and unusable. Attackers who carry out ransomware attacks often target government agencies or large corporations and demand money in exchange for decryption. Ransomware attacks are often activated when users open an attachment from a bad actor that compromises their files and data.

Spoofing

Spoofing is a cyber attack where hackers use fake information that seems legitimate, such as email addresses or domain names, to get users to divulge important information. Some companies have suffered spoofing attacks where employees received instructions to wire money to illegitimate accounts from an email address that appeared to be a higher up in the company. Less advanced spoofing attacks are easy to spot, but many hackers use surprisingly complex techniques to make it difficult for users to differentiate the legitimate from the illegitimate.

Need More Email Security Assistance? Talk to the Pros at ��Ƶɫ | AppRiver Today!

Now that you have a better understanding of important email security terms, you will be better able to understand and implement basic cybersecurity measures in your own life and organization. Even still, your company will likely still have email security vulnerabilities that can result in compromised data and financial losses.

Fortunately, the email security professionals at ��Ƶɫ have the knowledge and experience they need to help your organization devise a comprehensive email security plan. To learn more about how ��Ƶɫ can get your company off on the right email security foot, please contact us today!

Secure Modern Workplace

10 FAQs About Microsoft’s New Commerce Experience, Answered

admin — Fri, 10 Dec 2021 17:01:26 +0000

10 FAQs About Microsoft’s New Commerce Experience, Answered admin Fri, 12/10/2021 - 11:01 Microsoft 365 ��Ƶɫ

Updated 01/10/2022: Microsoft’s New Commerce Experience (NCE) is now available through Secure Cloud for customers and partners.

What do you need to know about NCE? Microsoft’s New Commerce Experience (NCE) has been around for Microsoft Azure since 2019, but now it’s expanding to include M365, Dynamics 365, Windows 365, and Power Platform.

While technical previews have been underway since October, the general release date is fast approaching. We wanted to answer any questions that Microsoft partners may have beforehand. Without further ado, here are the most common questions we hear about NCE—and their answers.

1 What is NCE?

As Microsoft puts it, "The new commerce experience makes it easier to transact with Microsoft...It’s a multi-phase, long-term investment in the CSP program aimed at helping our partners accelerate business growth, simplify licensing, and address how their customers prefer to purchase."

Whereas before, NCE only existed for Microsoft Azure, it’s now a Microsoft-wide initiative that introduces a standardized way of doing business, both directly with customers and through partners.

The ultimate goal of introducing NCE is to enable partners and customers to have more choice and buy more easily while optimizing costs. This is evident through the consistent and simplified purchasing experience, the greater standardization of offers and terms, and the opportunity for partners to sell or upsell to a larger set of existing and new customers.

Please note, the initial rollout of NCE for CSP subscriptions will only be for commercial offers. Government, education, and non-profit offers are expected to be introduced to NCE over the coming months, but there is currently no date for when these subscriptions will be available in New Commerce.

2 How will NCE affect partners?

NCE will offer some distinct benefits for partners, allowing them to serve customers better and have an easier time with the platform themselves.

Greater sales agility and customer commitment: NCE offers pricing benefits for annual term subscriptions that lock in pricing for the entire term (plus a promotional pricing period starts in January 2022).

Operational efficiency and cost savings: NCE makes it easier to manage subscriptions, with enhanced provisioning, pausing, automated changes at renewal, and efficiency for quoting and price list management.

More choice for customers: The introduction of the new monthly term subscription will allow customers to cancel or reduce seats more easily than an annual term, at a premium price. It will also be easier to adopt new products and add-ons separately.

3 How will NCE affect customers?

There are also a number of things that make NCE more flexible and accommodating for customers, such as:

New products, with more options: The new Windows 365 is now available for Cloud Service Providers (CSPs). There are also free trial choices with an easier conversion to being a paid customer, as well as new add-ons available only on NCE.

Offers to meet specific or changing needs: For a premium, Microsoft will now offer new monthly-term subscriptions, allowing customers to cancel or reduce seat counts on a monthly basis. Monthly subscriptions can also be combined with annual subscriptions to help customers balance cost.

More value for commitment: Customers can access the best pricing on annual terms with long-term protection. They can also lock in pricing further with multi-year terms, and switch from a monthly to an annual term easily to save money.

4 When are commercial subscriptions moving to NCE?

There are a few dates to keep in mind. Any new subscriptions will have to be made on NCE after March 2022. However, the ability to renew existing subscriptions on the legacy CSP platform will continue through June 30th 2022, ending on July 1st 2022. Legacy subscriptions will remain in effect until each of the subscription terms end, but Microsoft partner incentive rebates on legacy subscriptions will be removed in October 2022. After June, legacy customers will have to renew subscriptions in the New Commerce Experience before each subscription expires to ensure the services continue.

5 Can I have one customer on the same SKU with multiple terms?

Yes, you can have a customer on different terms, with different sets of seats, for the same offer. In the SMB space, it’s more common to have seasonal or temporary employees over the course of the year, for example in the restaurant and tourism industries. For these customers, mixing Annual and Monthly agreements for permanent and temporary users can be the most cost effective option.

"For example, a growing organization can minimize license fees and lock in predictable pricing for new users with an annual or multi-year subscription. However, that same organization can further minimize costs and maximize flexibility by including monthly subscriptions for any licenses that are expected to be unused for more than 3 months each year. As a partner, you can elect to have monthly, annual, or multi-year term expiration, which gives you maximum flexibility where term length is concerned.

6 How can I start an NCE subscription?

��Ƶɫ will continue to use the Secure Cloud - Partner Portal to start subscriptions.

7 How do I cancel, and will I receive a refund?

With NCE, a cancellation policy will be enforced for all terms. A subscription can only be cancelled or downgraded within 72 hours of the initial order or renewal, for all term types. A prorated refund will be provided for cancellations, with proration calculated daily within that 72-hour span. After 72 hours, that cancellation function will not be available. Suspending an account can prevent users from accessing the subscription, but billing for that subscription will continue.

8 Can I reduce seats during an existing contract?

Like cancellations, seat counts on a new commerce subscription can be reduced within the first 72 hours. However, if there’s a midterm order of additional seats, you will also have a 72-hour window to reduce that back to the original number of seats.

Conversely, if customers want to add seats, they will be priced at the original subscription purchase price (not the current price). Overall, this means that the price for additional seats will always be locked in at the beginning of the term.

9 Will there be promos? When?

Microsoft has announced a promotional period for NCE commercial offers that begins January 10, 2022 and runs through June 30, 2022. During this time, customers can choose a monthly subscription without paying the 20% premium, aligning monthly term pricing with annual term pricing. From January 10, 2022 to March 31, 2022, customers can choose an annual subscription and lock in a 5% discount off the annual term pricing. Microsoft has indicated they may extend this 5% promotion, possibly all the way through June 30, 2022.

10 Will there be any new features?

Yes! Microsoft is introducing a number of new features to help partners with how they manage subscriptions, billing, and data processing. Here are a few:

The ability to schedule changes at subscription renewal: ��Ƶɫ will be able to schedule different seat counts, SKU conversions, term-length renewal changes, and renewals to different billing options. This allows partners to manage subscriptions in advance instead of performing manual changes at renewal, which improves operational efficiency.

Automatic seat assignment with full upgrade: Whereas before, this was only possible with SMB SKUs, now seats can also be assigned automatically at upgrade with enterprise-level SKUs. This creates easier and more efficient subscription management for larger customers, saving partners a lot of work.

Auto-renewal toggle option: Now, partners can toggle auto-renewal and submit it manually. This makes it easier to manage renewals and plan ahead for subscriptions that will be terminating soon.

Switching partners:.Customers will not be able to transfer active subscriptions to a new partner. New subscriptions and additional users may be added via a new partner, but customers will continue to be responsible for existing subscription terms.

Subscription ownership enforcement: Previously, customers could buy from different partners to aggregate instances of the same SMB offer and buy multiple free trials. Now, Customer SKU limits will be enforced across multiple partner tenants, preventing a customer from purchasing multiple lower-cost SMB SKUs beyond defined limits from different partners. This prevents customers from gaming the system, and ensures that partners can maximize revenue from each customer.

Suspend/resume subscriptions: Previously, a partner would have to suspend and then reorder subscriptions if the term expired. Now, a partner can suspend and then resume a subscription at any time during the term without cancellation. Partner billing will continue through the suspension. This helps the partner by allowing them to pause until the customer remits an overdue payment.

Note on M365 price change

In addition to launching the New Commerce Experience for CSP’s, Microsoft also announced commercial pricing changes for some key Microsoft 365 SKU’s around the same time. Although these price changes are unrelated to NCE, it’s good to be aware of how they could impact you and your customers. This pricing increase reflects the value of the solutions and the added areas of innovation around communication and collaboration, security and automation. The pricing changes will go into effect on March 1, 2022. You can read more about that here for a clear and graphical breakdown of these changes.

Hopefully, we’ve answered any questions you had around NCE. If you’d like to know more, contact your ��Ƶɫ or AppRiver channel account manager directly, or become a partner with us – we will be your guide.

The Future of MSP

�����Ƶɫ

How Finance and Insurance Providers Can Respond To The Surge of Cyberattacks

Growing Digital Footprints

Powered by the Cyberworld: Working From Home

Criminal Threats Online

Cybercrime Perpetrators

Crime Targets, Attack Vectors, and What They Mean for Financial and Insurance Providers

Big Opportunities for Financial and Insurance Providers

10 IT Trends for 2022 that MSPs should know

1 The definition of “workplace” will continue to change

2 Travel for business will be more measured

3 The never-ending quest for regulation continues

4 Technology budgets will grow—stealthily.

5 Cybersecurity is getting more proactive

6 Channel cybersecurity still has strides to make

7 More channel companies will take the consulting route

8 Chip supply chain constraints will cause a wake-up call

9 Software development will get more granular

10 Data management will drive an analytics revolution

Read the full report

4 of the best Microsoft Teams features you may not be using today

Get more out of messaging

Collaborate with colleagues

Integrate for ease

Access from anywhere

Advanced Notice: Staying Alert and Aware of a Security Breach

A Series of Peculiar Events

How Jay Prepared for a Data Breach

Major Signs a Data Breach is Underway

Your data security should have built-in updates

Phishing is a highly profitable attack vector

How to increase adoption of Microsoft Teams

Decide what success looks like

Drive engagement with champions

Incorporate feedback and invest in awareness

Meaningful adoption doesn’t happen overnight

IP Spoofing Attacks: What are they and how can you prevent them?

What Are IP Spoofing Attacks?

How Can My Organization Prevent IP Spoofing?

How Can My Organization Recover From an Attack?

Connect With A �����Ƶɫ Partner Today to Help Prevent Cybersecurity Attacks

A rundown of backup recovery and data loss

What Is Data Backup and Recovery?

Difference Between Backup and Recovery

Types of Backups

Full Backups

Incremental Backups

Differential Backups

Types of Recovery

Importance of Backup and Recovery

Your Data Is Essential to the Operations of Your Business

No Business Is Immune to Data Loss

Ramifications of Not Backing Up Your Data

Everything you need to know about Microsoft Customer Digital Experiences (CDX)

First things first: How access works

Demos: More common, less involved

Interactive guides: Step-by-step specifics

Customer immersion experiences: The full package

The Email Security Dictionary

Email Security Acronyms You Need to Know

2FA: 2 Factor Authentication

APT: Advanced Persistent Threat

IMAP: Internet Message Access Protocol

MTA: Mail Transfer Agent

PKI: Public Key Infrastructure

Email Security Words or Phrases to Be Aware of

Encryption

Data Loss Prevention

Phishing

Public Key Cryptography

Ransomware Attacks

Spoofing

Need More Email Security Assistance? Talk to the Pros at �����Ƶɫ | AppRiver Today!

10 FAQs About Microsoft’s New Commerce Experience, Answered

1 What is NCE?

2 How will NCE affect partners?

3 How will NCE affect customers?

4 When are commercial subscriptions moving to NCE?

5 Can I have one customer on the same SKU with multiple terms?

6 How can I start an NCE subscription?

��Ƶɫ

Connect With A ��Ƶɫ Partner Today to Help Prevent Cybersecurity Attacks

Need More Email Security Assistance? Talk to the Pros at ��Ƶɫ | AppRiver Today!