Listen in on our CEO Johan Hammerstrom during a Q&A discussion on the best IT support for moving beyond the office. What are current in-office, remote, or hybrid nonprofit IT office work models?
He discusses a range of innovations and trends that can keep your team being productive, and how to save and encourage the best of remote work even as you return to hybrid or in-office formats. Had some IT support that fell through last year, or could be better? So did your peers! Johan will touch on these and other topics:
As with all our webinars, this presentation is appropriate for an audience of varied IT experience.
Community IT is proudly vendor-agnostic and our webinars cover a range of topics and discussions. Webinars are never a sales pitch, always a way to share our knowledge with our community.
Presenter:
CEO Johan Hammerstrom
_______________________________
Start a conversation :)
Thanks for listening.
Listen in on our CEO Johan Hammerstrom during a Q&A discussion on the best IT support for moving beyond the office. What are current in-office, remote, or hybrid nonprofit IT office work models?
He discusses a range of innovations and trends that can keep your team being productive, and how to save and encourage the best of remote work even as you return to hybrid or in-office formats. Had some IT support that fell through last year, or could be better? So did your peers! Johan will touch on these and other topics:
As with all our webinars, this presentation is appropriate for an audience of varied IT experience.
Community IT is proudly vendor-agnostic and our webinars cover a range of topics and discussions. Webinars are never a sales pitch, always a way to share our knowledge with our community.
Presenter:
CEO Johan Hammerstrom
_______________________________
Start a conversation :)
Thanks for listening.
Beyond the Office
In-Office? Remote Work? Hybrid Office?
August, 2021
Johan Hammerstrom: All right. Hello, everyone. Welcome. I'm gonna go ahead and get started. Thank you all so much for joining us today. Today is the August, 2021, Community IT Innovators webinar, and we're really happy to have you with us today.
Today we're going to be discussing the rapidly changing IT landscape and how it's evolved throughout the pandemic to really support working outside of a central office location. I guess that was a bit of a spoiler as you'll see in a minute for my first slide.
My name's Johan Hammerstrom, really happy to have you all here with us today. I'm the CEO of Community IT. I'm also the moderator for our webinar series. Because it's August, I'm the sole presenter today. I will be the expert on today's Ask the Expert discussion. The slides and the recording for today's webinar will be available on our website as well as our YouTube channel later this week.
And if you happen to be watching right now on YouTube feel free to subscribe to our channel and you'll get automatic updates every month when we upload our latest webinar. These asks the expert formats are meant to be interactive. So I really encourage you to submit questions using the question and answer panel and I will do my best to answer them. I'm going to try to answer them in real time.
We have a fair amount of material today, but I think we'll be able to get through it all with plenty of time for questions throughout. So before we begin, I wanted to just tell you a little bit more about Community IT, in case you're not familiar with us. We're a 100% employee owned company and our team of almost 40 staff is dedicated to helping nonprofit organizations advance their missions through the effective use of technology.
We're technology experts and we've been consistently named a top 501 managed services provider by channel Futures. And it's an honor we received again in 2021. So we're very happy about that. So let's go ahead and move on to our discussion.
I'm going to go through the agenda first. And actually I'm going to share with you all a set of resources that we put together. Today's presentation is really an overview of a lot of topics that we've been very interested in and following very closely really for the last two years. And there's a lot of different threads right now in the world of IT that are really coming together in an interesting way. And that's really the goal of today's presentation. But we have a lot of resources that go into much more detail on these topics than what I'm going to be presenting today.
So I just sent out to you all through the chat window, a PDF that contains links to those additional resources. So if there's anything that I talk about today that you're specifically interested in and you want to find out more about, obviously you can ask questions today, which I definitely encourage, but you can also refer to that PDF for more information as well.
Today, I really want to try to answer this question: Do you still need an office?
Is that something that organizations still need? For a long time we felt like an office was a pretty critical part to an organization working and that extended to all aspects of the organization's existence, including IT.
So I'll just jump to the chase, this first question. Do you still need an office? And as I alluded to earlier, the answer is no. You don't really need an office, at least not from an IT perspective and for a long time, that wasn't the case. There were a lot of things that you couldn't do from an IT standpoint if you didn't have an office, but that's really changed pretty dramatically over the last two years or so. And there was a lot going on in IT leading up to that, but there's a lot that's changed that, that I want to go over with you today.
Fundamentally, you no longer need on-premises equipment. And you no longer need onsite support. It's possible to handle all of your equipment needs, all of the things that on-premises equipment was providing for you can be done in other ways and support can be delivered remotely.
It no longer requires the IT person, if you will, in the IT closet ready to respond to issues. Even organizations that need an office for other business reasons, there may be a lot of reasons why your nonprofit still needs an office. And that may be the case, but we really try to encourage our clients to design their IT systems as if they didn't have an office.
This was a real lesson that I think a lot of organizations learned early on in the pandemic. Organizations that had switched over to just giving their staff laptops were able to pick that laptop up and go home and use it from home. Whereas organizations that still had desktops, those desktops were left stranded in the office.
So we feel like it's something that allows an organization to be more agile and more flexible if they're designing their IT systems as if they didn't have an office. Like I said, there are other reasons why an office might be important for an organization. But I think the more you can get into a mindset of not having an office or not tying your IT infrastructure to a physical office, the better positions will be long-term because the uncertainty remains.
As most of you know, with the Delta variant spreading recently, we've seen here in DC mask mandates have been reinstated. There's a lot of uncertainty about what the future will hold, even though it felt like just a few months ago we were coming out of the pandemic. So we don't know what's going to happen by the time you're listening to this on YouTube. Hopefully, the pandemic is over by then. But we just don't know.
Device Management
Because of that uncertainty, we really feel like organizations are future-proofing themselves. They're creating greater robustness and reliability by planning an IT infrastructure that exists outside of the office. The place where that really happens first and foremost is around device management.
So back in the day, think back 10 or 15 years, before the cloud was around. Most organizations had a server or a couple of servers in their closet or if they were a larger organization, maybe they had a dedicated server room. And all of the computers in the office were connecting to that server. And the server had all of your user accounts and passwords were stored there and your shared files were there. And the server was also responsible for making sure that all of the workstations were up to date on their patches and that the antivirus was running.
Everything required physical connection within an office in order for you to effectively manage devices. And that's changed you no longer need that. And I want to talk a little bit about why that's changed. And I see a question came in just; going to glance at it really quickly. This is a great question. I will come back to it before I move on to the next section, after I get through with the device management part. So what's really changed is that all of the things that you used to rely on a server for have all moved out to the cloud. And a lot of that has to do with Microsoft and its cloud-based system.
Many of you are probably familiar with Microsoft. I'm sure you're all familiar with Microsoft, but you're probably familiar with Microsoft Office 365. Many of you probably have your email hosted in Office 365. You may have moved your files to SharePoint or OneDrive. There's a lot of Microsoft Office services that Microsoft moved out to the cloud. What you may not be aware of is that Microsoft also moved all the other things that were happening on that server in the closet, all of that's been moved out to the cloud as well.
So now you don't need a server to manage usernames and passwords. That's all happening in what Microsoft calls Azure Active Directory, which is cloud hosted. And actually that's the system that sits behind Office 365. So when you go to Office, to Outlook.com, to look at your work email and you're logging in with a username and password, you're actually logging into Azure Active Directory, and then that's connecting you to your organization's email resources.
Azure Active Directory is a very powerful tool, and it doesn't just manage your user accounts, but you can also use it to register your Windows devices. So if you have Windows 10 workstations that your organization is using, you can connect those also to Azure Active Directory. You can do what's called, “join them” to the Azure domain. And that's sort of the cloud-based version of what used to happen when your computers were joined to your on-premises domain.
And this is very powerful because it enables you to use another tool that Microsoft provides called Microsoft Intune and that enables you to manage those devices remotely.
So this is getting a little bit into the weeds, but there used to be this tool called “group policy.” Organizations could define a lot of things. They could automatically install printers. They could automatically add icons to the desktop of any of the computers that were on the local domain, as it was called. They could automate profile setups. You could even automate things like Internet Explorer bookmarks. Oftentimes organizations would set it up so that when you opened the web browser, it would default to the organization's website.
That was all being done through this system called group policy, but it required those machines to be on a local network and joined to a local domain. And so if you take your laptop home, then what happens? You're not connecting to the local domain anymore.
And for a while, people would use VPNs. Those were not very good. They were clunky, they're difficult to use. There was another tool called Direct Access. Some of you might've heard of and been familiar with; also not great, difficult to use.
Finally, Microsoft said, we're not gonna try to facilitate you connecting your Windows laptop to this small office. Let's just have you connect to the cloud and do all of these things from the cloud. And that's really what Intune does. It enables organizations to manage all of their laptops through a cloud-based interface.
If your organization is dispersed right now, and most of your staff are working from home, if you have Microsoft Intune set up, you'll be able to see all of your organization's laptops through a cloud-based interface. And those laptops are connecting directly to the Microsoft cloud. And from there, you can do all kinds of things. You can set up Windows configurations, all of the things that you used to be able to do locally, you can now do through the cloud.
If your organization has certain standard software that needs to be installed on all of the laptops, that can be defined in Intune, and that can be rolled out in Intune, as well. So it's a very powerful tool for centrally managing an organization's laptops regardless of where they are. They no longer need to be in an office. And in fact, Microsoft has kind of deprecated group policy. Some of what we call “legacy methods” for managing laptops, they're no longer really being supported actively by Microsoft. Microsoft really sees this as the future.
Autopilot
Intune is very powerful. There's some additional things you can do with Intune. And that is based on this new technology called Microsoft Autopilot. One of the big challenges that we used to have prior to this system that Microsoft developed, is how do you get a laptop set up for new staff? Or, if someone leaves the organization, how do you take their laptop and make it available for their replacement? How does that work? Back in the day, the laptop had to physically go to the office, to the IT department. They had to manually wipe the laptop. They had to put a new image on, they had to reinstall it. They had to configure it and set it up and it required a lot of that physical touch point. Well, what Microsoft Autopilot allows you to do is enroll the hardware directly in Azure Active Directory.
Let's say you go to order a couple of new laptops from Dell. You want to order them for your staff. Your staff are spread out, you have one staff person in Chicago, you have another staff person in Nashville. You may have someone in Orlando. In the old days, you'd have to order the laptops from Dell, ship them to wherever your IT person was. That person would then get them set up and configured and then have to ship them out to the different staff in those three different cities. Now, when you order the laptops from Dell, you can specify that they are part of your organization and you can have them shipped directly to the staff and when they arrive and they turn them on, they're basically going to get a welcome message saying welcome to your organization's name. Please log in with your username and password. And they would log in with their username and password.
Basically the laptop would start being configured automatically based on all of the policies that are set up for your organization. So essentially you enroll the hardware in Microsoft Autopilot and that tells Microsoft that this physical device belongs to your organization. Once that happens, then the only way you can access that device is using a username and password that is affiliated with your organization that's present in Azure Active Directory. And once you log on, then all of the policies that you've defined in Intune automatically get applied to the laptop. And then if that person leaves the organization, you can basically reset the laptop automatically from the cloud and they can ship the laptop directly to another staff person. And it would start the process all over again. So it's a very powerful tool for managing, configuring and provisioning laptops without having the need for a centralized office.
I'm going to pause there because my next slide addresses one of the questions and there are a couple of other questions that have come in that I want to get to.
Some Questions:
So the first question is from a nonprofit that has equipment on site. They have a Synology, which is a network attached storage device. And the network attached storage is basically something you can store files in. This organization has Netgear equipment, which is the routing equipment for routing the internet connection, providing Wi-Fi. They also have internet phone equipment and a desktop for the IT company.
Are you saying we can get away without some of this equipment, even though we're a hybrid office?
It depends, right? That's what every consultant will say: It depends. You probably can get away with some of the equipment. Now, if you still need an office, you're going to still need the Netgear equipment, because if you have staff coming into the office and trying to get on the internet, the Netgear equipment will be needed for them to be able to get on the internet.
For the Synology, it really depends on the kinds of files that you're storing on that device. So if it's just a substitute file server and you have a lot of Word documents, Excel documents, your organization's files are on that device, then it's possible that those files could be migrated off of the Synology and into a cloud hosted system like SharePoint or Box or Dropbox or OneDrive. That migration is typically not a trivial one.
Sometimes it can be easier and straightforward, sometimes it can be more complicated. But that's something that you want to explore: the possibility of migrating those files. If those are more media files: videos, photos, that's one area where the cloud still remains somewhat expensive as a solution for all of your digital assets as they're known. And you know, that's an area where some additional discussion is going to be needed.
Now if you still have an office, it's still important for your organization to lease an office, then it probably makes sense to leave that device there if it's storing media files. If your organization doesn't need an office anymore, like using a shared workspace, then there might be some creative options for how to deal with those files. And I'll talk about the phone equipment in the next section, so I'll come back to that.
The next question is from an organization that doesn't use Microsoft, but instead uses Google Workspace.
Is there an equivalent form of device management for Google Workspace?
Ken, good to see you. Thank you for joining us today. Ken provided a great link to the Google credential provider for Windows which is a substitute. One of the things that we've actually been recommending, and we're starting to explore it, I should say, a lot of this is new. And we don't have enough reps under our belt, if you will, for me to endorse this whole heartedly. But based on everything we've researched, it should work. We've tested it out and it works. You can basically create a connection between Azure Active Directory and Google Workspace.
You set up Google Workspace as your primary identity provider. And so all of your usernames and passwords, your account identification, is primarily being managed in Google Workspace. It’s good if you're using Google Workspace for your email, you're using Google drive, Google docs, Google sheets, et cetera. But then, all of your hardware management would be happening in Azure Active Directory. And these two would be synced up. So Google Workspace is still your primary source of identity, but you've also set up Azure Active Directory for managing your Windows 10 machines. So that's something we're exploring.
Like I said, we don't have enough real world experience under our belt for me to say that that's definitely the best solution, but our guess is that it is.
Some of the things that Microsoft is doing right now with remote cloud-based management of Windows workstations is just incredible. It's amazing how well it works. And you know, it's not something Google's ever going to be able to do, because Microsoft owns the whole stack. They're developing Windows 10. They're able to connect it in a really tight way with Azure. So for now it looks like this whole process of automated provisioning, it's going to require you to rely on Microsoft.
But we think that you're going to be able to separate, part the waters, if you will, such that all of your hardware device management is happening in Azure in Microsoft, and all of your information systems and identity management is happening in Google. And if you take that approach, it should enable you to get the best of both worlds.
Does everyone need a business premium Microsoft 365 account to use Intune or do we only need a couple of licenses?
That's a great question. I actually don't have that slide in this deck. We did a webinar that was kind of a deep dive on Autopilot. I think it was last month. And if you go into that webinar, there's a slide that has an outline of the licensing requirements. You do need business premium, non-profits get 10 licenses for free. So if you're a smaller organization and you have 10 staff or less, business premium is the way to go. And you can get all of this with your 10 free business premium licenses.
For organizations that are not using Microsoft regularly, who don't have any E3 license, Microsoft 365 E3 license or EM+S which is what you use for some of the security, you can get an Intune license, which I think is a 1.50 or 2 dollars per month per device. So you can just buy Intune licenses to do this.
You know, Microsoft's licensing is not always simple. I would encourage you to either work with your IT support provider to get more details. TechSoup is a great resource for understanding Microsoft licensing or feel free to send us a follow-up after the webinar. And we'd be happy to look at your specific use case.
Question about laptops: Windows 10 Pro, yes. They need to be Windows 10 Pro or Windows 10 Enterprise.
Windows 10 Home does not give you the full feature set that Pro or Enterprise provide. So thank you for noting that. You want to make sure that you've got Windows 10 Pro or Enterprise.
Since I'm going through the questions, the last one right now is,
Do you have any new innovations for when the power goes out?
Nothing new or innovative. Do the best you can, hopefully you've got a full charge on your battery and you can use your phone as a hotspot. That's how we handle power outages at the moment. So I don't have a better answer than that, unfortunately.
Great, great questions. Keep them coming. I'm going to move on in the presentation, but as more questions roll in. I'll pause again to go through those.
One other thing you can also integrate with Okta. So if you're using Okta as your identity management solution you can integrate that with Azure Active Directory. And it's kind of the same concept as with Google Workspaces, where you're using Okta for identity management, but you're using Azure for your device management. So it's kind of an interesting way of looking at it, but I think it's in theory it should work, right. And it's something that we're going to be exploring in more detail in the rest of the year.
All right. Great question.
How does the upcoming Windows 11 fit into the roadmap?
It seems to obsolete many devices that are relatively new. I need to look into that a little bit more. Windows 11 is a free update. So if you have Windows 10, you can automatically upgrade to Windows 11. I'm not fully aware of the spec requirements for Windows 11 and whether or not existing laptops, a laptop that might be three or four years old, if it's too old to really run Windows 11 effectively. I don't know the answer to that. I'm going to have to look into that.
How much longer will Microsoft support this entire framework on Windows 10?
My guess is that it'll be for a while. Our recommendation is that you replace laptops generally every three to four years. If they're just sitting in someone's home and moving around a lot, you could maybe get away with a five-year replacement cycle. And our sense is that Microsoft will maintain support for Windows 10 within the bounds of that replacement cycle. So I think it should be okay. That would be my guess.
Telephony
All right. So let's switch gears a little bit. We've been talking about devices and how you can manage them if you don't have a central office or any centralized IT resources. Another part of being in an office is the phone system. In most offices, well, I think it's a mixed bag. A lot of organizations still had on-premises phone systems that they were using like a Mitel system. Some organizations had moved to cloud-based VoIP solutions like RingCentral, but they were still using handsets and dedicated to hardware that was located in the office. In some cases, people took that hardware home with them. In some cases it won't work at home.
The traditional telephone systems really depended on a central office to work effectively. And we've now entered a world where any kind of telephone system you can think of, whether it's a standard telephone system or receptionist system that has call routing rules or hunt groups, or even a call center that's providing customer service, all of that can now be handled in the cloud and it doesn't require any on-premises hardware at all.
What we've seen a lot of is organizations moving away from a separate telephone system as a communication tool. As you all know, everybody, I think for the most part, has moved to Zoom or Teams or Google Meet or another video conferencing system. And a lot of the communications that have been happening in the business world over the last year and a half which used to happen via telephone call are now happening via one of those video conferencing solutions.
Telephones and telephone calling is becoming a subset of this richer form of communication, which could include a video conference, could include a one-to-one video call. It could include real-time chat. And our recommendation is for the most part go with the app that is most familiar to your staff.
I think that's one of the things that's been particularly frustrating or confusing for a nonprofit staff with telephony is they have the software that they know how to use, which might be Zoom, or it might be Teams. And then they have this other telephone software or hardware, and it's just a completely different user interface. It's a completely different interaction paradigm and it becomes confusing and it becomes frustrating. Wait, what do you mean if I want to talk to somebody can't I just push this button? Why do I have to go over to this other system and jump through all these hoops to make a call? So what's happening is a lot of the most common solutions like Teams and Zoom are incorporating traditional telephony into their solution.
So you can bring together in one app, every method of communication that your organization might use, whether it's video meetings or chat or phone calls. You can start any of those from your app. And you can collaborate seamlessly across the different software that you have at your organization.
I have a little bit of a demo. Let me show you the demo. And then I'll come back to this and can talk about this a little bit more.
Carolyn 31:13
Here you see the person in Teams clicking on the calls icon, dialing a 10 digit phone number, hitting Call, and now they're calling somebody. You may be in Teams all day and you're going in and out of Teams meetings, you're calling people in your organization using direct calling in Teams.
And then, you have to call somebody outside of your organization. You don't know how to get them on Teams, but you do have their phone number. You can just call them directly from Teams.
This really simplifies the communication experience for the organization because instead of having to manage multiple software, everything can be done through Teams and it's not just Teams. Zoom has a similar set of functionality where from the Zoom app, using the interface that you're familiar with, you can go in and dial phone numbers and receive calls as well.
With both Teams and Zoom you can migrate over your existing phone numbers and accept calls as well as make calls. So this is just kind of a quick overview of how all of this works.
There was another webinar we did maybe four or five months ago, which had a lot more detail about how all of this works. It's important to look at your current phone system, find out how long your contract term is for. And when, when the contract is up, maybe five or six months ahead of that would be a good time for you to start potentially looking at other options.
Now, there are plenty of use cases where it still makes sense to have a traditional phone system, but if you're no longer inhabiting an office, you can move towards a system like this. In general, it's going to handle most of your telephony needs.
Can you move phone numbers from another VoIP service to Teams? Looking to keep phone numbers from another service.
The answer is, yes. To enable this in Teams really means setting it up in Microsoft 365. So you have to purchase additional licenses, assign those to user accounts and then they get provisioned in Microsoft Business Voice. And then as part of that process, you can port phone numbers over from your existing provider into a Microsoft Business Voice. So it is possible to move the phone numbers over. I think if you're a small organization with maybe, 10, 15, 20 staff, and your staff are not making or taking a lot of phone calls, that's probably a relatively straightforward process that you could do on your own if you're savvy with Microsoft's licensing and administration on the backend of Microsoft 365. If you're a large organization where you use your phone system in a more robust way, then it'd probably be worth getting some assistance with that and making sure that you do a really thorough job of vetting, whether or not this is going to be the right solution for the organization. The same holds for Zoom's phone as well. You can port the phone numbers over from Zoom.
I don't know if I know the answer to this.
Does Zoom have the ability to provide a phone tree to allow people to find the extension they need?
I think they do. I know the Microsoft Business Voice does have a phone tree. Those sorts of features are starting to get into the realm of more advanced telephony features. And I think that's the area where if you have a phone tree and you have it set up in a certain way with certain messaging, and that's an important business need that your organization has, you're really gonna want to vet how Zoom handles that or how Microsoft Business Voice handles that before making the leap. You may find that your existing phone provider allows for a lot of customization, as far as phone trees go, or auto attendant messages that may not be there with Microsoft.
And if it's not there with Microsoft, you’re out of luck. It's a huge company and it's set up the way that it's set up and then they may or may not change it or improve it. So I think with those sorts of needs, like phone trees, hunt groups, that sort of thing, it's definitely worth taking the time to evaluate a couple of different telephony solutions. I think these are worth evaluating. They're easy, they're lightweight. But you want to make sure that they have all the features and functionality that your organization needs.
How would people across both states contact us?
If you want to provide a little bit more information, I assume they're calling you right now. This is a nationwide calling plan on both of these solutions and I think you could even add 800 numbers, although I'm not 100% certain about that. They even include international calling. If you have international calling needs or international offices, they can assist with that with a toll-free number. I think it supports toll-free numbers, but that's a great question. That's something you'd want to explore specifically.
There was a question earlier about computer leasing programs.
I know that most computer vendors, laptop vendors have leasing programs. Dell has a leasing program as does CDW. If you're buying a Lenovo machine from CDW, I don't have any specific information on their leasing programs.
Cybersecurity
So let me go on to the next topic, which is cybersecurity. So this is partly motivated by this concept of beyond the office and working outside of an office. And it's partly motivated by just an explosion of cybersecurity incidents. You've probably seen them in the news. We've certainly seen it firsthand with the organizations that we support, organizations that are coming to us to help them post incident. So there's a lot going on.
It continues to grow, unfortunately, as a problem that plagues most small businesses and nonprofit organizations and large, I mean, everybody, we're all subject to cybersecurity problems and challenges.
So it's really important. The theme here is when you move outside of your office, it used to be like a walled garden behind a firewall where you controlled and protected all of the machines and information in your office. Now that everything is in the cloud and distributed and dispersed it really changes the mentality that you need for thinking about cybersecurity.
So we wanted to make sure that we touched on that topic. As a good reminder, if you're going to move outside of the office you have to be mindful of the cybersecurity landscape as well as some best practices that it's really important to adopt; just good habits and best practices to stay protected.
Carolyn 39:43
As you can see here, these are the number of cybersecurity complaints submitted to the IC3 and there were 300,000 back in 2016, slight increase in 2017, slight increase in 2018 and 19, and then it just exploded.
It practically doubled in 2020. The pandemic really brought out a lot of you know, hackers and cyber criminals. And, it's a watershed year from a cybersecurity standpoint. And so it's a large problem. It's a growing problem. And we really try to emphasize it as much as we can to the organizations that we support. It's really something you can't take too seriously. We found, if you can improve your cyber security posture in any way, you really should.
What are some of the best practices?
These are what we consider minimal acceptable standards.
Policy review is not… there may be some people who live for it, but in most organizations, everyone's kind of relieved when the policy has been written or reviewed and can be safely stored in a secure place in the file system.
The fact is, if you're not reviewing it on a regular basis, it's going to get out of date very quickly. And it's not just about having the written policy, but about the thought process you have to go through in order to write the policy.
We see IT acceptable use policies that still refer to tools and technology that haven't been used in years. Social, like MySpace, I've seen in some IT acceptable use policy documents. I think MySpace might still be around, but if it's being referred to in your acceptable use policy, it probably means no one's looked at it in a while. There are a lot of new threats and working from home that should really be incorporated into that. So if you haven't looked at it in a while, I would encourage you to take a look at it and to update it.
Microsoft has a pretty good update rhythm and the updates are coming out regularly. You can manage that to a certain extent through Intune, which I talked about earlier. The update is released because basically there's a vulnerability that is known and has been published. And there are plenty of hackers. We often hear about the “zero day vulnerabilities” and that's very scary because it means there's hackers that are using weaknesses in our computers that no one's aware of and are using those to infiltrate our systems and to steal information and wreak havoc. But the reality is those are very expensive and those are generally being used by nation state actors, or for very high profile, organized cybercrime activity.
Most hackers, most cyber criminals out there, they're not bothering with those because they know there are plenty of people that don't keep their computers up to date. They can use last year's exploits or the year before’s exploits to hack computers. So you really have to keep your computers up to date. You have to make sure that all of the computers that are being managed by your organization and that your staff are using to do work, have their patches and their security systems up to date.
It's not a cure-all. Antivirus doesn't save you from all problems, but if you don't have it, you're almost guaranteed to experience issues. So that's important.
In fact, this year many of the organizations that we support have basically been given notice by their insurance companies that if you don't have multi-factor authentication enabled across your organization, we are going to cancel your cyber liability policy or your premiums are going to go up drastically. The insurance industry has really been rocked by cyber incidents over the last year. For the first time ever claims exceeded premiums in 2020; a lot of money is being lost. And so the insurance companies are getting very serious about cybersecurity. Multifactor authentication is one of the best ways to protect your accounts from being hacked. I don't have time to go into it in great detail. There's a great resource in the PDF that I sent out at the beginning of the webinar that gives more information on that.
Ransomware is the cybercriminal activity where malicious software gets deployed to your computers, encrypts all of the files on the computer and you can't get any of your data unless you pay a ransom to get the decryption key. Don't pay the ransom, have a backup of your files instead and then you can just ignore the ransom request, delete all the encrypted files and restore from your backup. So backups are generally speaking the best way to protect yourself against ransomware attacks.
But a lot of cybercrime happens through phishing, through emails. If you've got your spam filtering set up, it can help a lot. It can't protect you against everything, though.
We use a solution called KnowBe4, which basically sends out fake phishing campaigns. So it's pretending to be a hacker sending out emails. And then if someone clicks on one of those fake phishing attempts, it takes them to a website that says, “Well, it turns out this was a fake phishing attempt. If this had been a real phishing attempt, your computer would be compromised at this point.” And then it takes them to a little training video where they can learn more about hacking attempts and all that. We found it to be very effective. Just a little bit of training goes a long way. And none of these other tools are going to be effective if your staff are not trained, as well. So training is very important.
Action Steps for Cybersecurity
It's really important to prioritize cyber security. Here are some action steps that you can take. If you want to make cybersecurity a more central part of your organization, review your existing controls and have a clear understanding of your risk profile.
Really think about who might be targeting you. Most organizations probably don't have enemies that are actively targeting them. They're just subject to the same kind of cybercrime that we're all experiencing, but some organizations do have adversaries that are going after them. And you want to understand who they are and what their motives are. It's really important to know your adversary when you're developing a security posture.
And then finally you want to make sure that it's budgeted and cybersecurity has to be included in your budget.
All right. So that concludes the formal part of the presentation. I wanted to leave plenty of time for Q&A. And I see there's some additional questions here. I'm going to turn to those. Actually before I do that, if any of you have to go, I just want to mention really quickly that our next webinar appropriately enough is on training.
IT Training - How to Do it and Why, how to justify it and how to do it. That's going to be next month Wednesday, September 19th, third Wednesday at 3 o'clock. I hope you can join us for that.
More Q and A
This is a follow-up to the question about leasing, also from Ken.
Thank you, Ken. He suggests checking with the finance team to see if there's an advantage to spreading out the cost of leasing as an operating expense versus a capital expense that depreciates. I think that's exactly right.
The leasing versus buying ends up becoming almost completely a financial question and different organizations have different approaches. Their thresholds are different on what they need to capitalize. And I've seen it go both ways. So I think that's a good suggestion.
On average, how much would you budget for cybersecurity for an organization with less than 20 staff?
I don't have a ready number. I would say that of all of the things, you need to budget enough to make sure the computers are being updated, all of the minimum acceptable standards that I reviewed. Make sure you have enough in your budget to ensure that the computers are being updated.
And it's important to note that that is not a software solution, it's an IT management solution. So there is software involved in it, but it needs to be an IT management process in the sense that someone is reviewing it, making sure that it's running and making sure that the updates are happening.
Identifying someone in the organization or outsourcing to your IT support provider to take that on. Making sure that antivirus is included. I know a lot of organizations have started to use Microsoft's Windows Defender for their antivirus. It's a good solution. And in some ways, antivirus is one of the most commoditized IT solutions out there. They're basically all using the same definitions, the same type of engine, the same sort of scanning to see if you have any viruses on your machine.
There's not a great difference between different virus solutions on the computer software standpoint, the difference comes in with the management. It's the same sort of thing.
If the engine stops running, the definition stops being updated, you need to make sure that you have a way of figuring that out quickly and addressing it quickly. So that's our only concern with Windows Defender. We're not entirely sure that the management interface is as good as some of the dedicated anti-virus tools.
So you want to make sure that you have that and pay for the additional licenses. If you have a Microsoft 365, multi factor is important, paying for backups is important. I would do a bottom up budgeting exercise where you're figuring out how much it is going to cost to do all of these things effectively, security awareness training. And those costs will depend on the specific solutions that you go with. I hope that helps.
How do I select a remote support person? We desperately need this, we're all on Macs and use Google workspace.
Depending on the size of your organization, you'd want to think about if you're a smaller organization that's relatively independent. Your staff generally know what they're doing, but you just need to call someone every once in a while when you have issues arise that are beyond the technical ability of your existing staff. In those cases, I feel like independent consultants can be very effective.
If you're interested in having someone take ownership of managing technology for the organization and your staff need a help desk to call regularly, then I would recommend looking at going with a managed services provider. We actually have a guide on our website that you can download “12 Questions You Should Ask a Managed Services Provider” that you're considering working with.
Obviously, we'd love to be considered. Usually, what happens in the nonprofit sector is people go to their peers, they ask around and find out, “Well, who are you working with? Who do you like?” And I would definitely talk to at least three or four different managed services providers before making a decision on who to work with.
I've been told that Mac machines don't need antivirus software because they're less vulnerable to malware. Is that true?
It depends. Depends on who you ask. There is Mac malware. It's not like Mac machines are completely immune from malware. There is malware that's designed to get to Macs.
The security model in the Mac OS, the operating system, is designed in such a way that makes it less susceptible to viruses and malware than Windows. And the install base is so much smaller. There's just so many more Windows workstations out there that it's just a crime of opportunity. So they're going to go with the larger install base. If your organization has real security concerns, then you should certainly look at getting a Mac based antivirus system.
Probably 10% of the machines that we support are Macs overall across our entire install base. And we have antivirus running on most of those and we're catching viruses. So it's out there, it's happening.
Our official policy now… if our CTO is watching, he's probably screaming at me right now... our official policy is yes, you have to have antivirus. And that's something that we've really changed in the last two years. So sorry. That was a long-winded answer.
Do you endorse only allowing approved applications to run on managed workstations?
That's a great question. I think it depends on the context. If you know the 10 or 15 applications that your organization needs, then you can create that allow list and really lock down to allowable applications. This is something you can do on Intune and that creates a very secure environment.
The problem that we've run into when we tried to do that, is there is always one person who has some software that they need. Or even applets, if you're going to a website and you want to join a GoToWebinar or a Citrix WebEx event, you have to remember to add those to the approved application list or the person just can't join the webinar at that time.
So we typically don't recommend it just because our experience has been that it tends to cause more headaches than not. And also, increasingly the security incidents that we're seeing are more breaches and persistent threat attacks, which don't rely on software. They're just using the software that's native to the machine. So -- so that's, there, there are, I guess there are situations where it's probably helpful. But in general, it's not our recommendation.
I tried to send the PDF out through the chat. Let me send that again. If you still don't get it please let me know and we can send it to you directly.
All right. And this is going to have to be our last question. Thank you all so much for the great questions and for joining us today for your attention. As I mentioned before, this is going to be recorded. You'll get a link to the YouTube video later in the week. If there are any topics we reviewed today that are particularly interesting to you, that PDF has links to webinars that do a deeper dive with more technical people on those topics. So I encourage you to check that out.
We're in the process of purchasing computers for staff and discerning between providing, this is great. One: only PCs; two: only Macs; three: a combination of the two.
Do you advise sticking with one type of computer to streamline or does that not matter? Do you advise one computer type over the other?
Great question, really glad we're ending on this question today.
The guiding principle in all of IT is simplification. So the simpler you can keep your design, the lower your ongoing support costs are going to be. So having both Macs and PCs is going to increase your IT support costs just on principle. It may not be significant, and we certainly have plenty of clients who have hybrid environments and we can make it work. You generally have to have two different device management solutions in place to make that work. You can't use Azure to manage Macs. To manage Macs, you have to get a specialized software solution and invest in that. If you're going to invest in it, it makes more sense to spread those investment costs across your entire organization instead of just a subset of the organization. But there are organizations that have real business reasons for having both Macs and PCs.
In terms of which one we would recommend, it depends, generally speaking, Windows machines are a better general purpose device. Macs tend to be a little bit more expensive to manage. That being said, there are a lot of cases where Macs make more sense for an organization. And we have, like I said, 10% of our clients are Mac only. And it's important for them. It makes a difference for their organization.
If you want to reach out to me directly after the webinar, I'd be happy to talk in more detail about your specific case.
All right. Well, thank you all so much for joining us today and I hope you have a great afternoon. Take care.