THE LATEST iTunes SCAM

YOUR BOSS PROBABLY DOESN’T WANT iTunes GIFT CARDS!  NEW TWIST ON AN OLD SCAM

By now, most of us have realized that the IRS is not going to call you and demand money over the phone. Microsoft, Dell, HP etc. will not call you to inform you that your PC is infected.

The latest twist to come out of the ever-vigilant counter culture of nefarious scammers is to impersonate your boss and ask you to purchase iTunes gift cards. They usually email you posing as your boss, owner, CEO or other easily identified leader of your organization. The emails attempt to get you to think that he/she is in a very important meeting and must have iTunes gift cards as soon as possible to give as gifts to a very important new client. Here is a sample of an email I received recently:

I am in a meeting right now. I need you to run an errand for me at any Walmart,CVS,Target,Walgreens or Best Buy near you. I need iTunes gift cards to send out to a client today as thanksgiving gift. Confirm if you can handle this?

A lot of folks don’t want to run afoul of the boss, so they oblige and purchase the cards. The scammer instructs them to take pictures of the card numbers and email them to him. By the time he gets the numbers, your money is gone!

A couple of common sense ways to detect this fraud:

First, check the email address and headers (check with your IT support folks if you don’t know how to see the full headers). This will let you see where the email actually originated. Most of the time, it won’t even be your supervisor’s email address. If it is, call him/her. Chances are, the email account has been hacked.

Second, call your boss. If you can’t get through with a phone call, send a fresh email to his/her company email address. The scammers will probably tell you it’s their private email address. It is, it’s just not your boss’s email address.

Third, has your company ever used iTunes cards as gifts to clients? Chances are, it is not a part of your corporate gift strategy.

If you do give in and purchase the cards, what can you do?

Apple will sometimes reimburse you, contact them along with local authorities and the Internet Crime Complaint Center (IC3) at https://www.ic3.gov. You may not get your money back, but you have learned a valuable lesson.

The best way to avoid these types of scams is education. Ask your IT company to come onsite and give employees training. It’s necessary to educate them on security protocols and keep them updated on scams, malware, phishing and all the threats that are waiting for them on the Internet.

For more information, reach out to Common Sense Solutions. We can help keep you safe.

 

-Written by Marty Hooper of CSS

Managing all the moving pieces of your service team can be a headache

Managing all the moving pieces of your service team can be a headache.

Use the ComputerEase Service Management module and make those headaches go away!
This module easily allows you to:

  • Track work orders
  • Attach purchase orders for work completed
  • Set markups
  • Import hours worked to payroll
  • Automatically schedule preventative maintenance work orders for service to be performed on a monthly/quarterly/bi-annual/annual basis
  • Generate contract billings automatically for monthly/quarterly/yearly invoicing
  • Assign contracts to a piece of equipment to track service maintenance schedules
  • Generate reports to track contract renewals, billings, history, and other detailed information.
  • Determine profitability by site, tech, work order, customer, etc.
  • Use the dispatch board to enter/edit, assign, print, and manage work orders for scheduling

The best part is that Service Management is fully integrated with Accounts Receivable, General Ledger, and FieldEase.

Cybersecurity Insurance: Another Tool in Your Protection Toolbox

Back in our February 2018 newsletter, we focused on cybersecurity, “The Top 5 Tricks, Sneaky Schemes and Gimmick Cybercriminals Use to Hack Your Computer Network”.  As we stated, knowing the strategies hackers deploy is half the battle because their techniques are constantly changing; it’s impossible to keep up by your-self. Which is why it’s so important to utilize only the most up-to-date security solutions when protecting your business.

But if despite all your best efforts, you still experience an attack, you can usually obtain insurance to help mitigate the costs and lost profits that may result. We don’t sell insurance, but here is what we are seeing in typical cyber-security insurance policies:

  •  Business Interruption Protection. The smaller your business, the more income you may lose if you’re temporarily sidelined. Cyber insurance can offset losses.
  • Help Mitigating Risk. Small businesses don’t have time to manage web security. A cyber policy may provide periodic reviews and other assistance.
  • Reimbursement for Fees and Penalties. Insurance benefits could reimburse you for additional staff required to recover from a cyber-attack, or other related costs.
  • Legal Aid. Hopefully a data breach won’t result in legal action, but if it did, your plan could help find an attorney, as well as cover legal fees and judgements against you.

But like any insurance, coverage is going to depend on a lot of factors, and every insurer is going to ask questions about your current technology practices to sure your security procedures are as strong as possible in order to determine costs and eligible coverage. The questions on those applications can be difficult to answer, and of course are oriented to make sure you don’t need to actually claim coverage. They typically will want to confirm that you have firewall technology, keep your operating systems up to date with patching, update your anti-virus software and have good backups, etc.

When we’re helping our clients fill out these applications it provides a good opportunity to have a discussion about ways to improve security. While most of what they are asking for we have already set up, some of those methods, like implementing complex, frequently changed passwords and limiting the number of employees who can access secure data, have to be balanced against the ease of using your systems and the ease of getting remote access for those who need it.

Contact your business liability insurance vendor to see if cyber security insurance is worth it for your business, and feel free to contact us to assist with filling out the applications.

Shiny New Gadget Of The Month

Harmony Elite Universal Home Control: Remote, Hub and App

Harmony Elite works with over 270,000 entertainment and smart home devices so you can enjoy single-touch control with your favorite brands, right out of the box. From your TV, cable and gaming console, to your AV receiver and Roku® media player—all the way to your smart lights, locks, thermostats, even your Alexa—Harmony Elite proudly works with just about everything.

For more details go to https://www.logitech.com
Price ranges from $29.99-$349.00

Business Technology Trends

All of our clients are small businesses, and we hear from them daily about their technology needs.  It’s amazing to me how much things have changed from when I started this business 25 years ago!  Trends have come and gone – some for better, some for worse. Here are three of the top trends I’ve seen technology moving in over the last few years:

  1. Employees are spending more time working together in meetings, phone calls and other ad hoc communications and interactions than they have in the past 20 years. The role of the ‘lone wolf’, if it ever truly existed, has become a thing of the past.

    How do you work together on documents now?   With a lot of the people I talk to, they’re emailing files back and forth—and that works, but it can lead to confusion, versioning issues, and of course, the downside of email, like losing things to spam filters, or mistakenly sending attachments to the wrong people (I’ve been there).

  2. The vast increase in mobile capability. People travel a lot more for work, or work from home or some other location.  But they still need access to company networks and the information they contain, and they need to collaborate with others (see above).

How often do you find yourself working from home or while you are traveling?  Do you have employees working from home or in remote offices?  We’ve all been in the situation where we’re away from the office and we need access to an Excel file or a presentation that got left behind.  That’s an awful feeling and it can stop you in your tracks!

  1. Small businesses have increasingly become a target for bad actors that used to focus on the bigger companies. Big companies get all the headlines, but because smaller firms  typically have less-robust IT infrastructure and security measures, it is making them an object for cyber attacks, ransomware, viruses or straightforward hacks.  43% of all cyber attacks target small businesses with less than 100 users.

This also ties into item 2 above –   I’ll bet you have your personal iPhone or Android on you right now.  Is it also safe to assume that you and your employees have work email in your phones?  What happens if one of your employees decides to leave the organization?  Would you be concerned if a former employee still had company data on their personal phone?

What the above trends are telling us is more and more the small business environment is becoming a workplace where employees need to collaborate, work remotely, and be protected from internal and external threats.

If you’ve been following our posts and other communication, you know that we’ve always cautioned about moving to the cloud unless it ultimately makes sense for your business to do so — both technically and economically.  That is still the case, but one way to address these issues and dip your toe into the cloud water involves Microsoft Office 365 Business offerings.

Here are some features offered by Microsoft 365 Business in response to the technology trends mentioned previously:

  1. Collaboration. You can now create, share, and work on the same document at the same time with your co-workers.  With Outlook, Skype, SharePoint, and OneDrive you can connect with people via email, instant messaging and online meetings anywhere you have an Internet connection.  There is online and offline access with automatic syncing of your work documents, giving you the flexibility to keep going even if you don’t have internet access.
  2. Mobility. Microsoft 365 Business is built to enable you and your team to work effectively anywhere — at your desk in your home office, parked in your car, working in an airport concourse, or at a construction site — you can have easy access to that document you were working on last night.   Documents are kept up to date and accessible from anywhere—including your calendars, email, and contacts.  You can create, edit, and share files anytime, from your PC, mobile phone, or tablet.
  3. Security. Windows and Office 365 is automatically updated with the latest, most secure versions ensuring your company data is protected, even on your employees’ personal-owned devices.  When anyone leaves your organization or loses a device, you will be able to protect company data.  From the employee’s perspective, he or she will have the peace of mind that personal pictures and text messages remain on their device, that’s their personal information.  This feature further reduces your risk and is easy for both you and your people.

If you’re interested in more of the features that Microsoft 365 Business has to offer, give us a call.  More importantly, if you’re considering moving all or parts of your business to the cloud, we can help you do your homework and investigate all the pros and cons.  We’ve helped many clients navigate through the decision process and would be happy to share our road map with you.

Construction CRM

If you’re involved in construction sales, you know how difficult and time consuming it can be to track all the moving pieces involved in the sales process.  What can a sales executive do to make the process easier and more efficient?

The answer just might be CRM software.  In case you’re not familiar with it, CRM stands for Customer Relationship Management.    Good CRM software helps companies manage and analyze their customer interactions throughout the customer lifecycle with the goal of improving business relationships.

In the past, construction companies have shied away from CRM software because it was too generic and didn’t handle the specific needs of contractors.  But that has changed with the introduction of products specifically built with contractors in mind.  Here are just a few sales features that a good CRM can help with:

  1. Managing Bid Process – Easily gain visibility of bid due dates, who they are assigned to, and what stage of the bidding process the job is in.
  2. Tracking touches on bids – Everyone in the organization will be able to view the “actions” on bids, who did what when. Created a centralized location for data gathering creating efficiency.
  3. Sales/Salesman Dashboards – Gives individual sales people the ability to view their bids, won/loss ratios, total dollar amount out for bid, etc. (Ability to customize data for measuring) Allows managers to view all sales people and company stats as well.
  4. Sales Forecasting/Pipeline management – Allows visibility of bids and the probability of winning them. This helps to illustrate the need for resource ramp up to take on more work, being proactive versus reactive.
  5. Appointment and Contact Scheduling – The ability to manage appointments and schedule them to your Outlook calendar.
  6. Marketing and Sales Campaign Management – Easily create, grow and maintain client and contact lists organized by any data points the client desires. These lists can then be used for marketing campaigns via mail or email.

Good CRM software is out there that is affordable, simple to use, quick to deploy, and empowers your sales team to manage the business development process from rumor to order.

Call us if you’re interested in the details of how CRM has helped our contractor clients, and want to learn more about what it can do for you.

 

Cybercriminals Confess

Cybercriminals Confess: The Top 5 Tricks, Sneaky Schemes And Gimmicks They Use To Hack Your Computer Network

 

The contemporary world is rife with digital thieves.  They’re penetrating the complicated data structures of huge credit-monitoring companies like Equifax, scooping up the personal information of millions of people. They’re releasing sensitive customer data to the public from discreet businesses like Ashley Madison.  They’re watching webcam feeds of our celebrities without them knowing; they’re locking down the systems of public utilities like the German railway system.  They’re even managing to steal thousands of gigabytes of information directly from high-profile government entities like the CIA.

They’re also targeting small businesses exactly like your own and extorting them for thousands and thousands of dollars.

When running a company, it’s vital to have a dedicated security team, equipped with the most up-to-the-minute security technology on your side to protect you from these malicious cyber threats.  But it’s not enough to leave it to somebody else. You also need to be informed.  Here are five of the most common ways hackers infiltrate your network:

1. Phishing Scams
You receive an e-mail in your work inbox coming directly from a high-ranking employee with whom you’ve been working on a project.  Inside is a link he needs you to click to access some “vital information,” but when you click it, it rapidly installs a host of malware on the computer, spreads through the network and locks out everyone in the company.

Phishing scams are the oldest trick in a hacker’s book – ever received one of those “Nigerian Prince” scams? – but they’re still wildly successful.  Not only that, but they’re becoming increasingly more sophisticated.  As Thomas Peters writes for “Newsweek,” “The best messages look like they’re trying to protect the company.  One well-meaning system administrator even offered to post a PDF that could deliver malware on an internal server because it was called, ‘How to avoid a phishing attack.’”  How’s that for irony?

2. Social Engineering
Social engineering is a type of “hacking” that uses real, well-intentioned people to carry out its schemes, rather than intricate lines of code.   This is especially effective for gathering sensitive information to later be used in another type of attack – e-mail passwords used for phishing scams, for example.  Maybe your IT guy receives a call from the “secretary” of one of your clients, pretending that they’re experiencing problems with your service due to some firewall, a problem that your IT professional is more than happy to help out with.  Before you know it, the caller knows the ins and outs of your entire security system, or lack thereof.  Social engineers have been known to use phone company customer service departments, Facebook and other services to gather Social Security or credit card numbers, prepare for digital robbery and even change the passwords to your network security.

3. Password Hacking
You may think that your passwords are clever and complicated, filled with exclamation points and random numbers, but it’s rarely enough.  With information gathered carefully from social engineering or a simple check on your employees’ social media accounts, hackers can easily use brute-force to figure out that your password is the name of the family dog, followed by your anniversary (for example).  That’s if they didn’t already manage to steal your password through one of the techniques listed above.

4. Fault Injection
Sophisticated hackers can scan your businesses’ network or software source code for weak points.  Once they’re located, they can surgically attempt to crash the system through snippets of code they splice in expressly for that purpose.  Different commands can do different things, whether they want to deliver a devastating virus, redirect links on your website to malicious malware or steal and erase vast swathes of information.

5. USB-based Malware
At the last conference you attended, someone probably handed out free branded USB sticks to keep their business top-of-mind.  Hackers will sometimes covertly slip a bunch of infected USB sticks into a company’s stash.  The instant somebody tries to use one, their computer is taken over by ransomware.

So What Can I Do About It?
It’s a scary world out there, with virtually everyone left vulnerable to digital attack.  Knowing the strategies hackers deploy is half the battle.  But, frankly, these techniques are constantly changing; it’s impossible to keep up by yourself.

That’s why it’s so important to utilize only the most up-to-date security solutions when protecting your business.  Hackers move fast.  Give us a call to help you and your security technology get up to speed and always stay one step ahead.

Give us a call today at 888-523-2568 if you have any security questions or concerns!

 

 

 

Learn These 5 Project Management Lessons

Project Management LessonsProject management is one of the most important components in subcontracted projects. Yet it can be difficult to obtain the information you need to efficiently manage a project from beginning to end and achieve your projected profit margins. Here are some tips on better project management so you can assure successful outcomes:

  1. Do your due diligence prior to the bid.
    Visit and review the site prior to entering a project bid. Going in blind to any large project is risky and could result in challenges based on site conditions. Therefore, project managers should visit sites prior to bidding to determine whether the specifications are correct, what equipment is needed, and what the business owner is looking for. Project managers should also submit a bid scope without a price for each project before making an official bid.
  2. Review all documents.
    We’re used to quickly glancing at agreements for every smartphone app we install, but the same can’t be true for contracts. Subcontractors need to carefully review contracts on their own or with legal counsel. In addition to cost, liability, and project deadlines, look at the consequences for delays due to natural and unnatural circumstances as well as possible resolutions for when design changes impact timetables.
  3. Make a safe bid.
    Don’t underbid or add unattainable promises to get the project. Clients are usually displeased when project managers and subcontractors don’t keep their promises. It’s better to condition a bid by underpromising and overdelivering. For example, if you promise the project at six months and you’re done in five, you earn a reputation as an efficient and responsible business owner — however, exceeding a deadline is never favorable. Don’t forget to include a percentage of risk in the bid to ensure you cover all circumstances in liabilities against workers and the project manager.
  4. Hire and keep the right talent.
    Like the bid, don’t use the lowest cost as your matrix for project hiring. Hire the best talent possible with pay at or above regular rates. Professionals with more experience can better manage their time and the project, and they’ll be able to problem-solve to reduce delays rather than contribute to them. Think about and plan for career development and training for all your staff members. Nobody wants to work in a dead-end job.
  5. Manage change orders and changes appropriately.
    Throughout the project, the project manager should get written authorization for all change orders to avoid confusion and the numerous issues that can ensue from undocumented changes and instructions. Finally — and most important — problem-solve to stay on deadline. Clearly communicate with the general contractor’s lead project manager when you anticipate delays and let her or him know why.

Being proactive instead of reactive is the name of the game for subcontractors. Common Sense Solutions experts can help provide the necessary tools for effective project management at each and every step.

[cta]Ready to get a leg up on the competition — and protect yourself and your employer? Contact the experts at Common Sense Solutions for answers to your burning subcontracting questions. [/cta]

Back Up Your Data Before It’s Too Late

Lost DataConstruction company leaders have become increasingly dependent on technology to keep track of large amounts of data to maintain profitability and safety. Unlike larger businesses that may have vast data centers with multiple backup systems, owners of small and medium-sized construction companies sometimes overlook these capabilities due to costs. But not using a proper backup system can have catastrophic risks. A simple power surge can mean data loss, viruses, malware attacks, or general failures due to physical damage or outdated equipment protection. The loss can be devastating not only in terms of project delays but also funds — and clients.

Backup technology has evolved

Backup data protection has changed drastically over the last decade. Most systems from ten years ago were backed up via magnetic tape cartridges. Cartridges are an antiquated and limited way of storing data: They eventually erode like other portable storage devices, and what may work for uploading data on one device may not work for a download on a secondary server. Plus, recovery from tape can take a long time, costing business owners days or weeks of downtime.

Today’s technology allows for fast and permanent data retrieval on primary or secondary servers, and you can implement it on-premise or a cloud-based service provider can take care of it for you from an off-site location.

Online backups are the prime data recovery mode in today’s world. Prices typically depend on the amount of data stored and its location. Moving to an online-based backup system can be an inexpensive way for a construction company leader to assure his or her important data is protected.

Get started

One way to determine the best course of action is to perform a data audit to better understand your technology and backup systems — if any — as well as how long it takes to retrieve data and which data is at risk should a system fail. Once you complete this, the next step is to implement a Business Continuity and Disaster Recovery (BCDR) plan to outline the backup and disaster recovery systems. The BCDR should include how frequently you back up data, what you need to do when a primary system fails, how fast the secondary system and data restoration should take, the time frame for the primary server to come back up, and what to do if it’s completely gone. You also need to include contact information for disaster recovery organizations and primary administrators in this BCDR.

Should you not have your disaster recovery solution or BCDR up to date, an update should be your top priority for the end of this year. The experts at Common Sense Solutions can help provide direction and insight into your system and backup needs. Our proven DataGuard products store data at frequent intervals and allow for instant and rapid retrieval during a disaster recovery situation, thus lessening damage to data, security, and customer satisfaction.

[cta]Ready to get the data protection you need? Contact the experts at Common Sense Solutions to discuss a cloud computing roadmap that meets your specific needs. [/cta]

Should You Hire a Service to Manage Your IT Security?

Managed Security Service Providers

Many owners of small and medium-sized businesses (SMBs) face a conundrum: They need data protection and networking security solutions — but can’t afford the cost or bandwidth of a skilled IT staff to focus on security alone.

Data regarding your customers, suppliers, subcontractors, and employees is a target for hackers. Any information you send through email, access through a device, or keep in a database can be subject to a virus attack or security breach from an outside threat.

When it comes to security, someone must oversee deployment of new software and fixes, security monitoring, as well as software patches and upgrades. This means SMB owners must put more resources into business administration than sales, which could lead to loss of income. In the end, hiring a provider to handle IT security needs can be a great SMB security solution.

Security can get complicated when you consider the numerous ways construction company employees interact with information and the myriad places they store data. Virus protection and firewall software can help, but new viruses and ways of accessing your confidential information make it difficult to maintain technology that assures you have the most up-to-date protection against hackers and viruses.

An outside company is in a better position to ensure protection because expert employees focus on security and stay up to date on the latest threats and technologies necessary to prevent problems. In addition, an outside provider can scale with your business, providing solutions to your needs based on changes. When you hire new people, grow your business, or even change software or hardware, a company that specializes in security can adjust to your changing needs quickly. These service providers offer state-of-the-art security options to prevent data and potential income loss associated with security breaches. They can also help quickly identify problems and get you up and running in the event of a disaster recovery issue.

server-securityWhen you hire a security service provider, security professionals should evaluate your business needs in terms of security, recommend solutions based on your hardware and software infrastructure needs, and have a plan in place to adjust for changes you see coming. First, security personnel look at business security infrastructure to determine strengths and weaknesses. Next, they recommend what needs to be protected and the services required. This can mean server management, vulnerability testing, web application security, and firewall management. They also recommend options to avoid a single point of failure at any time. This may mean they recommend a Business Continuity and Disaster Recovery (BCDR) plan.

The third thing security experts do is adjust. This means upgrading equipment and software, running virus checks, and ensuring your business has the most current security systems possible. This is also the point where personnel determine whether your data recovery procedures will work without major data loss or significant downtime.

As a construction business leader, you want to stay up to date with your security needs while also generating income. That’s why hiring an outside service provider to manage your IT security is an option you should seriously consider. Common Sense Solutions experts can help protect business data and web applications while minimizing malicious cyberattack risk.

[cta] Ready to see what managed IT services could do for your business? Call the experts at Common Sense Solutions at [phone] for additional information.[/cta]