Author: rory-admin

10 Questions Your New IT Provider Should Be Asking YOU During Onboarding
Much of our content is focused on what you should be asking your existing or future IT provider – from what services they cover, what cyber security protections they offer and how they will deploy their solutions to meet the needs of your specific office environment.

The flipside of the coin though is the information they need to gather from you to best meet your needs, and if your IT provider hasn’t asked you any of the following questions, we would definitely consider that a red flag. How can their solution be tailored to your needs if they have no idea what those needs are?

Here are the top 10 questions your IT provider should be asking you during onboarding or in your first year of service with them:
1. What specialized business software do you use? As an IT provider it’s important we establish a relationship with your existing software vendors (especially for specialized business software) early on to help manage these tools on your behalf.
2. How many devices does your business have? How many are used outside the office? This is a dual question with one purpose, we need to know about these devices so we’re making sure to cover the basic support items needed to keep them running, including backups and updates. Devices used remotely also need to be counted but the setup for those may involve getting in touch with those employees directly to deploy the solutions we use.
3. How many servers do you have (including virtual machines)? Again, if we don’t know about it, we cannot support it and we even find in our client assessments they may have servers running that they weren’t even aware of. Any device on your network that’s internet connected and not receiving regular maintenance is a potential threat vector and we can make recommendations to discontinuing devices not in use.
4. What was something your previous IT vendor provided that you would like us to continue? Regardless of the reasons you may have for switching IT providers (and if you’re thinking about doing so but aren’t sure how to get started, we have a kit available to help) there were probably some aspects of the service they provided that you feel were beneficial. This might include a certain kind of reporting they provided or a preference for how meetings are conducted. It’s good to establish the groundwork for continuing these preferences early on so your new provider can adapt routines to meet these preferences.
5. What was something your previous IT vendor did that you did not like? Again, it helps us to know what your experiences have been in engaging with IT vendors and how we can best support your business. Maybe you didn’t like how they went about billing you for services or how they handled ticketing, whatever it was its invaluable information for your new provider.
6. What projects do you have in the works? Whether it’s just an idea or something that was started and never finished, your new IT provider will want to help you meet your project goals.
7. Do you have any cyber security frameworks or compliance goals your business must meet? Whether it be HIPAA, CMMC or you would just like to beef up your cyber security in 2024, it’s good to discuss this topic individually especially if your organization must meet specific cyber security requirements.
8. Who provides your telecom and internet services? Networking support and phone maintenance is often included in many technology plans, it is helpful for us to know who provides these services for you. If you’re not happy with the current providers we can also offer recommendations for alternative solutions and we have even helped customers save money on these bills if we find they’re being overcharged.
9. How often would you like to meet to discuss the services we provide for your company and any upcoming goals? At Valley Techlogic we host what we call a Technology Business Review (TBR) at the minimum annually, but we can also have these more frequently if the client desires.
10. What minimum service requirements would you like us to adhere to? Whether it be our response time to tickets, how often we provide updates or specific tools you would like us to provide or help your company utilize – ideally your IT vendor will tailor your plan to YOU.
Which is something Valley Techlogic does for our clients, our IT service plans are tailored to meet our clients’ needs and their specific setups. If you would like to learn more you can get started here.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
April 5, 2024
5 Ways Microsoft 365 Business Premium Elevates Your Operations and is the Superior Choice for Your Business
In today’s fast-paced digital landscape, having the right tools to streamline your business operations is essential. Microsoft 365 offers a suite of powerful applications designed to enhance productivity, collaboration, and security. Among its offerings, Microsoft 365 Business Premium stands out as the ultimate solution for businesses seeking a comprehensive suite of tools tailored to their needs. In this blog post, we’ll explore the five best ways to leverage Microsoft 365 Business Premium in your business and why it greatly surpasses Microsoft 365 Business Basic and Microsoft 365 Business Standard as our top choice in Microsoft 365 subscription options.
1. Advanced Security Features
One of the most compelling reasons we’ve found to opt for Microsoft 365 Business Premium is its advanced security features. With the increasing prevalence of cyber threats, protecting your business data is paramount. Microsoft 365 Business Premium offers built-in threat protection, advanced data loss prevention, and information protection capabilities. Features like Multi-Factor Authentication (MFA), and Advanced Threat Protection (ATP) safeguard your business from phishing attacks, malware, and other malicious activities. By investing in robust security measures, you can mitigate risks and safeguard your sensitive information effectively.
1. Enhanced Collaboration Tools
Effective collaboration is the cornerstone of success for modern businesses. Microsoft 365 Business Premium provides a suite of collaboration tools that facilitate seamless communication and teamwork. With Microsoft Teams, employees can chat, meet, call, and collaborate in real-time, regardless of their location. SharePoint Online enables secure document management and file sharing, allowing teams to access important resources from any device. Moreover, features like Microsoft Whiteboard and OneNote promote creativity and idea sharing, fostering a culture of innovation within your organization.
1. Comprehensive Productivity Applications
Microsoft 365 Business Premium offers access to a comprehensive suite of productivity applications, including office favorites like Word, Excel, PowerPoint, and Outlook. These applications are essential for creating, editing, and sharing documents, spreadsheets, presentations, and emails. By harnessing these productivity tools, your team can work more efficiently and deliver high-quality results.
1. Simplified IT Management
Managing IT infrastructure can be complex and time-consuming, especially for small and medium-sized businesses with limited resources. Microsoft 365 Business Premium simplifies IT management by providing centralized administration through the Microsoft 365 admin center. From one intuitive dashboard, administrators can manage user accounts, devices, security policies, and compliance settings. By streamlining IT management processes, you can focus on growing your business without being burdened by technical complexities. All of this can be set up by your IT provider (looking for an IT provider? Consider Valley Techlogic).
1. Scalability and Flexibility
As your business grows and evolves, your technological needs may change. Microsoft 365 Business Premium offers scalability and flexibility to adapt to your organization’s requirements. Whether you’re adding new users, expanding into new markets, or embracing remote work, Microsoft 365 Business Premium provides the flexibility to scale your IT infrastructure accordingly. With a predictable monthly subscription model, you can align your technology expenses with your business priorities and avoid the upfront costs associated with traditional software licensing.

Why Microsoft 365 Business Premium?

While Microsoft 365 Business Basic and Microsoft 365 Business Standard offer valuable features, Microsoft 365 Business Premium emerges as the superior choice for businesses seeking an all-inclusive solution that combines advanced security, enhanced collaboration, comprehensive productivity applications, simplified IT management, and scalability. By investing in Microsoft 365 Business Premium, you’re not just adopting a suite of tools – you’re empowering your business to thrive in today’s competitive landscape.

Microsoft 365 Business Premium offers a compelling value proposition for businesses of all sizes, enabling them to unlock their full potential and achieve greater success. By leveraging its advanced features and capabilities, businesses can enhance productivity, foster collaboration, strengthen security, streamline IT management, and adapt to changing business needs with ease. Embrace the power of Microsoft 365 Business Premium and take your business to new heights. Learn more today by scheduling a consultation with Valley Techlogic.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
March 29, 2024
Microsoft Copilot, is it worth investigating for your business? 10 things you can use it for TODAY
Released earlier this year, Microsoft Copilot is available for you to use today and is Microsoft’s answer to the growing trend of AI assisted technologies. Copilot is a Microsoft 365 offering alongside their other popular business software applications such as Word, Excel, PowerPoint, Outlook and more but you may be asking, what can I do with it?

Here are 10 real life use cases for Microsoft Copilot:
1. Automate Reporting from Excel: If you’re still manually generating reports based on the Excel spreadsheets created by your business that can end today. Copilot can generate comprehensive reports based on trends, perform calculations and more. Copilot will even analyze the data and alert you if it senses there are errors.
2. Create Visuals from Your Data: If you need charts to demonstrate certain aspects of your business to clients and partners, Copilot can generate charts and graphs based on the data you have available with the click of a button.
3. Document Creation: Like other AI tools, Copilot can help you reword documents you currently have in progress or offer additional creative inspiration alongside your UGC (User-Generated Content). It can also generate images that will complement your documents.
4. Easy Integration: Since Copilot is a Microsoft tool, that makes integrating it into your business easier than trying to evaluate the many emerging AI technologies on the market and you can train your staff on the features found with AI.
5. Use Copilot for Reminders: You can train Copilot to create reminders for you based on previous activity, say you have a monthly meeting each month. Copilot can look at that data and create reminders for it going forward without you needing to manually schedule those reminders yourself.
6. Fraud Detection: Speaking of analyzing behaviors, Copilot can also look for behaviors that are unusual within your business – such as financial transactions that differ greatly from your norm and report these to you.
7. AI-Powered Customer Chat: Copilot can be an automated chat and response tool for your business when it comes to interacting with your clients, including allowing it to respond to routine questions so you don’t need to take time out of your day to do so.
8. Marketing Campaigning: Copilot can analyze your customer base and suggest marketing campaign ideas to send to your target audience.
9. Software Development: As with ChatGPT and the like, Copilot can even offer assistance if your business has in-house programmers or technical people. Even for nontechnical roles, many questions can be answered via AI without needing to go down the rabbit hole of a Google search.
10. Tailored to You: In case we weren’t clear, Copilot can do as much or as little as you want it to do – from writing emails, to creating slide decks, to analyzing data, to performing routine tasks, Copilot and AI in general is powerful tool that most businesses should be taking advantage of in 2024.
If all of these advantages weren’t enough, Microsoft just recently announced Copilot for Security. Taking advantage of the vast wealth of data the Microsoft Security Suite has available and powered by AI, Microsoft Copilot for Security will look for user risks and can even resolve security incidents before they become a problem.

If you would like to learn more about utilizing Copilot for your business, Valley Techlogic has been a Microsoft partner since 2004 and would be able to assist your business as we enter this new age of AI powered technology. Schedule a consultation with us today to learn more.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
March 22, 2024
Received a weird text from your boss? You’re not alone, text scams are rising in popularity
You’re sitting at your desk when you receive a text on your phone, it’s allegedly from the CEO of your company. He may say this is his new number (or his personal number) and he’s reaching out to you by name, adding to the legitimacy of the text. If you respond, he’ll say he’s in an important meeting and he needs you to use your company card to buy gift cards as a gift for the attendants of the meeting.

If you do so, and he’ll be keeping in constant communication with you in spite of being in an “Important meeting”, he’ll say he doesn’t need the physical cards just the codes which you can find if you scratch off the back. He may thank you for being a team playing after providing the codes or stop responding altogether because unbeknownst to you, the scam has been successfully completed.

Why gift cards? Gift cards are untraceable and usually not refundable when purchased. The scammer will quickly move the funds off the gift card leaving you with the empty plastic remnants and no recourse. Other variations on this scam may request Cryptocurrency instead (such as a message sent pretending to be one of your friends or a family member) but scammers know this would throw up too many red flags in a workplace setting.

The request even that unusual, if you’re an executive assistant for instance you probably regularly make purchases at the request of your employer. Scammers may target the whole company if they’re unsure who the influencers to the decision maker are or they may target specific individuals.

How are they getting the information to make their requests see more legitimate? They find it in the following ways.
1. Your Company Website: Often times your website will have information about your key players on it, including contact information. While we don’t recommend excluding this information to prevent being a target (as it’s valuable to those you want to legitimately do business with) it’s a good idea to remember that it’s out there when you’re getting strange communications via text or email that may call you out by name.
2. Social Media: This may be your company social media pages or even your personal accounts. We recommend making your personal accounts private and not oversharing on social media in general.
3. Search Engines: Nothing beats a good old fashioned Google search, and the information that’s available about you online may shock you. Phone numbers, relatives names, addresses etc. can all be found online. While there’s no real way to prevent this, you can somewhat keep track of what’s been made available by creating Google Alerts for your name, email address, etc.
While text scams may never rise to the prevalence of BEC (Business Email Compromise) attacks – which are being sent out at the rate of 10 per 1000 inboxes per day – it still showcases the way scammers will strategically target you and your business.

If you are looking to beef up your cyber security protocols in 2024, including providing your employees training to prevent attacks like this one, Valley Techlogic can help.

Security training is included as part of your monthly plan with us, as well as 24/7 monitoring, data recovery and remediation, backup solutions and more. Get started with us today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
March 15, 2024
In the market for a new laptop? Take these 5 factors into consideration
With Windows 10 approaching end of life in 2025, it’s putting a lot of people in the market for a new Windows 11 capable device.

A work laptop’s size, type of screen, keyboard, and trackpad are just a few of the personal variables that go into choosing one. But certain factors are more important than others when it comes to choosing the right specifications for your professional laptop. The type of work you do and how you approach it will determine which kind of laptop is best for you; there are lightweight models that are good for simple tasks and robust, graphics-intensive versions that are great for graphic design or multitasking.

These are the top five factors that we think are most crucial when using your laptop for work:

Battery Life: Battery life might not be a major concern for people who use their laptops mostly at desks. However, battery life becomes a critical factor to take into account if mobility is necessary for your profession. It’s crucial to remember that better specs are frequently associated with lower battery life. It can be more sensible to go with a lighter, less powerful laptop if your tasks are simple but yet need mobility.

RAM/Memory: For work laptops, we advise having at least 16 GB of RAM (or the option to upgrade). Reducing memory could cause problems with performance because Windows uses a lot of memory, especially for heavy users. For very low usage, 8 GB could be plenty, while 16 or 32 GB is better for heavier workloads.

Storage: Choosing a larger storage capacity is advised because Windows takes some of the available storage during installation. 500 GB might be plenty for light users, but most users should strive for at least 1 TB.

Video Card: A high-quality video card is essential for graphic-intensive tasks like graphic design and video editing, not only for gaming. A good video card is crucial when choosing a professional laptop if these are duties you perform as part of your workflow. Gamers’ laptops are frequently equipped with excellent video cards and screens making them a good choice even for non-gaming purposes.

CPU: When purchasing a laptop, the CPU’s quality is quite important. Greater capability for managing numerous browser tabs or running programs simultaneously is correlated with a more powerful CPU. If you find yourself multi-tasking for work, you will need to look for a powerful CPU.

For organizations purchasing laptops for multiple users, customization can be challenging. Valley Techlogic offers expert recommendations tailored to meet your workforce’s needs while considering budget constraints. Through our procurement services, we have partnerships with major vendors like Dell, Lenovo, and HP, providing a wider range of choices than typically available in physical stores.

Valley Techlogic also offers installation services to assist with setting up new equipment and ensuring it’s ready for your employees.

Discover more about our procurement services by scheduling a consultation here and you can learn more about our procurement services here.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
March 8, 2024
The details on AT&Ts massive outage last week and the compensation coming your way if you’re an AT&T customer
As our headline suggests, AT&T experienced a massive outage Feb. 22 which affected their cell network nationwide. The outage affected over 70,000 reported customers (the actual numbers are certainly much higher) and left many unable call, text or even reach 911 for 12 hours. Many police departments report seeing an increase in 911 calls as some customers tried dialing to see if the call would go through.

AT&T had been seeing an increase in outages affecting their networks ahead of the major outage that occurred last Thursday. The outage lasted just under 12 hours and it was enough time for speculation as to the cause to run rampant across the internet.

AT&T has confirmed the outage was not due to a cyber incident but instead a botched update that took their networks offline. They also confirmed no customer data was lost In the event. The outage hit consumers and business customers alike.

According to AT&T’s own landing page about the incident, consumers will be seeing a credit issued to their accounts automatically ($5.00 at the time of writing) and they say they will work with business customers individually to compensate for the down time.

For some customers that might feel like too little to compensate for the inconvenience caused and at least one state’s attorney general agrees, with New York Attorney General Letitia James announcing they’ll be conducting an investigation into the matter.

“Americans rely on cell service providers for consistent and reliable service to help them with nearly every aspect of their daily lives,” New York Attorney General Letitia James said. “Nationwide outages are not just an inconvenience, they can be dangerous, and it’s critical that we protect consumers when an outage occurs.”

There are also some concerns surrounding the credit that’s going to be issued and whether scammers may take advantage of the situation for their own gain. Consumers should be extra vigilant when opening and responding to emails relating to credit or compensation from AT&T. At the time of writing AT&T has said consumers do not need to do anything on their end to receive the credit. We especially want to warn against clicking on any links with the promise of compensation, which is inadvisable well beyond the current situation.

Consumers should also avoid responding to text messages or phone calls requesting their information to receive the credit, again AT&T will not be contacting customers directly, and any communications should be directed at official lines of communication. If you’re not sure how to contact AT&T, we suggest referring to a recent bill.

For businesses, downtime like this can be more than an inconvenience, it can affect your business in major ways and be financially very costly.

At Valley Techlogic, we have strategies to prevent outages from affecting your business or your bottom line and our clients rely on our expert advice for navigating technology solutions for their business. Reach out to us today to learn more.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
March 1, 2024
China sponsored hacking data dump highlights the importance of seeing the bigger picture when it comes to your cyber security protections
It’s not a new concept to many Americans that cyber warfare crosses all borders and boundaries and affects many areas of our day to day, from the increase in attacks at the start of Russia’s war with Ukraine, to concerns related to our voting systems and democracy, to even leaving US citizens nationwide transfixed over the implications of an errant balloon. Overseas sponsored cyber-attacks tend to strike a different chord with us than attacks that originate stateside.

Many of us have heard of applications on our phones being rife with spyware connected to China, conversations about apps such as Temu or TikTok and how to safeguard our information from not only being sold and used in overseas ventures but even whether these apps are a potential threat vector have lead to talks about whether they should be banned outright. Again, the fear surrounding the unknown nature of the threat these apps may or may not pose is often palpable.

Awareness is only one part of the equation when it comes to overseas invasions of a digital nature, agreeing on what to do about it, how to prevent it or whether it can even be prevented in our interconnected world is no small matter and something that is constantly debated at a government level.

We don’t often have the proof needed to back up the claims that are made, however, that these cyber-attacks are occurring. As you would expect the threat actors behind attacks on other countries are experts in their field and covering their tracks can often be a matter of life and death for them.

That’s why the leak that occurred this week of a 600-page document detailing a complex network of for hire hackers used to spy on Chinese citizens and conduct global cyber attacks is so shocking. The document which was posted to GitHub is being analyzed and experts are weighing in on what is nearly a first of its kind look at the inner operations behind global cyber warfare conspiracies that have proliferated news cycles for decades.

This leak occurs during heightening tensions with the US and China and is being dubbed “the tip of the iceberg” by FBI Director Chris Wray who reported in October that Chinese cyber operations are the “biggest hacking program in the world by far, bigger than ever other major nation combined” in an interview with CBS News.

You may be reading this now wondering, what does this have to do with me? Well besides the implications when it comes to our global security, cyber attacks don’t occur in a vacuum.

Hackers are constantly looking for new ways to infiltrate systems and the aftermath is new threats are being released for public consumption. Not every hacker is an expert, and many attacks don’t have financial motivation and are simply orchestrated to disrupt.

We need to come together as a community and make sure we’re doing everything possible to prevent our systems from being infiltrated and our devices from being used in potential attacks.

Even if your business is unlikely to be targeted by an overseas orchestrated attack, that doesn’t mean it cannot be used to assist a specific hacker’s operations and the more ways we shut down cyber attacks as a profitable enterprise the better off we all will be.

If you want to know how you can help or where to start, here are 10 items you can implement in 2024 that will be up your cyber security protections 10-fold.

If you need help with the implementation of cyber security measures in your business, Valley Techlogic is the resource you’ve been looking for. We are experts in the field of cyber security and for helping businesses improve their cyber security protections and comply with government regulations and frameworks. Reach out to us today to learn more.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
February 23, 2024
5 Reasons to have an annual meeting with your IT service provider and how to make the most of it
If you’re a small business owner and you work with an outsourced IT provider you’re not alone, statistics vary but it’s estimated up to 60% of small businesses utilize a third-party resource for their IT.

This can look different depending on your particular size and needs, for some businesses it can look like support for existing IT staff, for other businesses their entire IT needs are shifted onto a third party IT resource. There is no one size fits all solution, the needs of your business are unique and your IT support provider should be a resource for helping you grow your business and keep up with the technology demands of modern work places.

That is why it’s so important you meet with your IT team at the minimum annually, although we really could make a strong argument for quarterly (especially during times of intense growth or change within your business). Keeping them in the loop allows them to provide for your business adequately and on the opposite end you can learn about their recommendations for your business, which are often times free or low-cost solutions and improvements to your technology infrastructure and security.

Even for recommendations that carry a cost you can plan for these things in advance rather than having it come up as an unpleasant surprise later on, an example would be let’s say their reporting has discovered your on-premises server is struggling to keep up with your demand or even showing signs of failure. This could be talked about in a meeting ahead of time but instead it might become a major headache when the server fails spontaneously and has to be replaced on the spot. Maybe you would have thought about making the move to the cloud this year or could have planned out your hardware purchases to coincide with more favorable timing, you’ll never know but hindsight is 20/20 and you will probably make a different choice going forward.

So, what are the 5 reasons to have an annual meeting with your IT service provider?
1. Future Planning: As we outlined in the scenario above, having this meeting allows you to create a plan for the year ahead. If your business has a busy season (most of us do) you can schedule any maintenance or downtime during the off-season. You can plan out hardware purchasing, software upgrades, cybersecurity improvements and more.
2. Review Documentation: Your annual meeting is also a great time to review any reports your IT service provider has created for your business. At Valley Techlogic we’re constantly tracking items we’re doing on the back end for our clients, the regular maintenance, our 24/7 cyber security monitoring, backup and data services we provide just to name a few.
3. Project Planning: We also suggest touching on any projects you would like to complete, such as switching out your traditional landline system to VoIP, security cameras (if they provide that service) and any installation or infrastructure projects. Even if you’re not ready to commit to them now, keeping your IT provider in the loop will allow them to plan for these projects on their end as well and keep them in mind when doing their own scheduling.
4. Service Delivery Improvements: Whether you’re currently happy with your IT providers’ services or not, are they aware of it? Your annual meeting is a great time to review the services you have with your provider and whether they’re currently meeting your expectations (if they’re not, maybe it’s time to make a change and our Switching IT providers kit can help you do it).
5. Reviewing Past Work: In the same vein, this annual meeting should also be used for reviewing the work they have done for you this last year and any follow-up requests. Despite all the tools and widgets we use in the IT industry, we’re still not omnipresent and sometimes a request is better delivered verbally. They will probably have in their meeting notes items they wish to go over and revisit to make sure you were satisfied with the outcome as well.
We could address even more benefits of having this an annual meeting with your provider but these five will greatly improve the services they’re able to provide for your business and get you the most value out of the service you’re paying for.

If you’re working with an IT service provider who doesn’t give you the option of meeting annually, it would be our recommendation you look for a new provider. Our Switching IT Provider’s kit makes it easy to switch (we even provide you with a template letter for discontinuing your service) and if you’re looking for an IT service provider who makes meeting with clients regularly a priority, than why not give Valley Techlogic a shot by clicking here or the image below.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
February 16, 2024
Toothbrush or threat vector? Turns out it was both for 3 million smart toothbrushes utilized in a recent DDoS attack
When it comes to cyber attacks it seems like anything can be utilized (see Amazon Fire Stick on the recent attack on Rockstar Games) but even our toothbrushes?

It’s true, while details are still coming out it’s been reported that 3 million malware infected toothbrushes were used to bring down a Swiss company’s website at the cost of millions of Euros.

No details have emerged yet on either the brand of toothbrush or the specific company that was targeted but we know the toothbrushes were running on Java which is a popular operating system for IoTs (Internet of Things) devices.

It highlights the point that any device connected to the internet can be used for malicious intent. We’ve all probably heard about threat actors utilizing home security cameras or baby monitors to gain unwanted access to our homes or to just be creeps. Or how about the study on smart fridges that found out they were collecting a lot of your data unknowingly.

With so many of us having smart devices scattered throughout our homes it’s long overdue that we think about what security needs to be in place to prevent these devices from being a danger to us or others. That includes both the obvious devices like our computers and the less obvious devices like our internet connected home gadgets.

In a recent study by the SANS Internet Storm Center they tested how long it would take for an unprotected, unpatched PC to become infected with malware when exposed to the internet. Their calculations came back that it would only take 20 minutes on average for that PC to be infected, this is down from 40 minutes back in 2003.

Even if you consider yourself tech savvy and “careful”, attackers are relentless when it comes to looking for the latest exploits and staying ahead of the curve. It’s the unfortunate truth that they can put more time into their nefarious activities than you as a business owner can dedicate to outsmarting them.

For them it’s a numbers game and the more nets they cast and the more avenues they look for to gain access the more likely they are to be successful, and even items such as a toothbrush are not safe.

That is, unless you follow these steps when securing your network and IoT devices.

On top of these simple steps to secure your network and maintain your devices, you can also work with a provider like Valley Techlogic.

We utilize best in class tools that prevent cyber attacks from occurring in the first place. Our partners have the resources to stay on top of and mitigate threats (even zero-day attacks) and with ongoing maintenance included in our service plans we can prevent your devices from becoming a threat vector to you or to another business.

Schedule a meeting with us today to learn more.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
February 9, 2024
CMMC Changes for 2024 Summarized
On December 26^th 2023 the DoD (Department of Defense) dropped a slightly belated Christmas gift on defense contractors and vendors in the form of big changes to the CMMC (Cybersecurity Maturity Model Certification) program.

Whether the timing of the info dump was intentional or not remains a matter of debate but what’s not up for debate is that these changes are now the law of the land when it comes to reaching your CMMC goals (at least until they’re possibly challenged in court but we wouldn’t hold our breath on that). If you have not started working on them yet this is your sign to get started ASAP.

The 234-page document covered a variety of updates to the program, including splitting up tier 2 into self-attestation OR requiring contractors and vendors to obtain a third-party audit, but for those actively working on it we’re happy to say the controls themselves remain unchanged.

The vast majority of contractors (63% as estimated by the DoD) will still fall under CMMC Level 1 but a new change will not allow these contractors to submit a POA&M (Plan of Action and Milestones) to comply with unmet milestones going forward.

For contractors falling under Level 2 and 3 they can still submit a POA&M but while it previously allowed contractors to set their own timing for completing the actions required the new rules state all POA&M must have a plan for completion within 180 days of the initial assessment.

This is a huge change and will make it very difficult for contractors who are trying to rush to get their accreditation to comply with existing contracts. There are also new limitations on POA&Ms and some controls don’t allow them to be completed under a POA&M at all.

DoD contractors and vendors will have to rethink their entire plan for coming into compliance with CMMC this year.

The good news is that if you do meet all of the new hurdles and pass your assessment you will be in the clear for 3 years.

For those in the CMMC level 2 category (an estimated 37% of those affected) whether or not you can still self-attest in SPURs (Supplier Performance Risk System) or will need a third-party assessment is dependent entirely on whether the CUI (Controlled Unclassified Information) found in your contract warrants one or the other as determined by the DoD.

As these rules are still rolling out Level 2 contracts will most likely be required to self-attest to start until the program gains its footing when we’ll start to see more required to take on a third-party assessment. Contractors should be prepared either way as they perform the actions needed to qualify for certification.

There’s good news for Level 3 contractors in that not much has changed for them, and the program overall is still based on guidance from NIST SP 800-172. New language was added that CMMC Level 3 contractors must maintain a perfect Level 2 score in addition to achieving 20 out of 24 points to meet the qualifications for Level 3. Only a small minority of contractors will need to worry about achieving Level 3 and we have no doubt those that qualify know who they are and were already well prepared for this news.

The proposed roll out of these changes and CMMC as a whole is under a phased implementation window that will expand across a three-year period. Beginning with the DoD looking at those soliciting new DoD contracts to have a Level 1 or Level 2 self-attested score all the way up to the inclusion of CMMC in all new and existing contracts by year three.

It should also be noted that those who misrepresent their level of readiness under the CMMC program can face some pretty sharp penalties for doing so.

To add salt to the wounds the DoD have given themselves a grace period up to 2027 to begin rolling out these changes within their own organization – rules for thee but not for me? Perhaps a little bit.

These weren’t the only changes to be announced in December, if you would like to see and read the full 234-page document yourself you can find it here.

Either way the time to get your ducks in a row was several years ago (CMMC 2.0 was released in 2021) but short of inventing a time machine to do so the second best time to start is now.

Valley Techlogic has worked with clients on readiness for a variety of cybersecurity compliance frameworks including but not limited to CMMC, HIPAA, NIST, CIS and more. If you would like to learn more about how we can help you meet your CMMC goals, reach out today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
February 2, 2024