Blog

Continuing on from our previous blog post, we’re answering one of the most common questions we get from new prospective clients: “What do you charge for your IT services?” In the last blog posted, we discussed the most common models – break-fix and managed IT. In this post, we’ll discuss the actual fees. 

 

The price ranges provided are industry averages based on a recent IT industry survey conducted by a well-known and trusted independent consulting firm, Service Leadership, that collects, analyzes and reports on the financial metrics of IT services firms from around the country. 

 

We are providing this information to give you a general idea of what most MSPs and IT services charge and to help you understand the VAST DIFFERENCES in service contracts that you must be aware of before signing on the dotted line. Please note that the actual price is not what’s most important but instead what you are getting for your money. There are a lot of ways “cheaper” IT firms hide the true cost of their fees, and the lowest bidder might actually end up costing you a lot more than you bargained for. 

 

With that in mind, here are the fee ranges for IT services and IT support for small businesses in <<City>>: 

 

Hourly Break-Fix Fees: Most IT services companies selling break-fix services charge between <<$150 and $250>> per hour, with a one-hour minimum. In some cases, they will give you a discount on their hourly rates if you purchase and pay for a block of hours in advance. 

 

As we discussed, this approach works best for microbusinesses that are not hosting or processing client data that is considered “sensitive,” such as health records, financial information like credit cards, Social Security numbers, etc., and that have very simple IT. This is definitely not the approach a growing business with five-plus employees would want to choose. 

 

Project Fees: If you are getting an IT firm to quote you for a onetime project, the fees range widely based on the scope of work outlined and the complexity of the project. If you are hiring an IT consulting firm for a project, I suggest you demand the following: 

 

• A detailed scope of work that specifies what “success” is. Make sure you document what your expectations are in performance, workflow, costs, security, access, etc. The more detailed you can be, the better. Clarifying your expectations up front will go a long way toward avoiding miscommunications and additional fees later on to give you what you REALLY wanted.
   
• A fixed budget and time frame for completion. Agreeing to this up front aligns both your agenda and the consultant’s. Be very wary of hourly estimates that allow the consulting firm to bill you for “unforeseen” circumstances. The bottom line is this: it is your IT consulting firm’s responsibility to be able to accurately assess your situation and quote a project based on their experience. You should not have to pick up the tab for a consultant underestimating a job or for their inefficiencies. A true professional knows how to take into consideration those contingencies and bill accordingly.

 

Managed IT Services: Most managed IT services firms will quote you a MONTHLY fee based on the number of devices, users and locations they need to maintain. The average fee per user (employee) ranges from $146.08 per month to $249.73 per month – and those fees are expected to rise due to constant inflation and a tight IT talent labor market. 

 

Obviously, as with all services, you get what you pay for. “Operationally mature” MSPs typically charge more because they are far more disciplined and capable of delivering cyber security and compliance services than smaller, cheaper-priced MSPs. 

 

They also include CIO (chief information officer) services and dedicated account management, have better financial controls (so they aren’t running so lean that they are in danger of closing their doors) and can afford to hire and keep knowledgeable, qualified techs vs. junior engineers or cheap, outsourced labor. 

 

To be clear, I’m not suggesting you have to pay top dollar to get competent IT services, nor does paying “a lot of money” guarantee you’ll get accurate advice and responsive, customer-centric services. But if an MSP is charging on the low end of $146.08 per employee or less, you have to question what they are NOT providing or NOT including to make their services so cheap. Often they are simply not providing the quality of service you would expect and are leaving out critical security and backup services that you definitely want to have in place.
 

Are you done with ongoing IT problems, downtime and ineffective systems? Then it’s time you gave us a call and let us deliver the responsive, quality IT support you want with friendly, US-based techs who are both knowledgeable and easy to work with. 

 

Schedule your free initial consultation with one of our senior advisors by calling us at 480-464-0202 or going www.compushooter.com

 

On this call, we can discuss your unique situation and any concerns you have and, of course, answer any questions you have about our services and how we might be able to help you. We are also happy to provide you with a competitive bid. 

     Before you can accurately compare the fees, services and deliverables of one IT services company to that of another, you need to understand the two predominant pricing and service models most of these companies offer. Many companies offer a blend of the two, while others are strict about offering only one service plan. The two most popular are:
 

• Time And Materials (Hourly). In the industry, we call this “break-fix” services because the IT company is called to “fix” something when it “breaks” instead of doing regular maintenance and support. These services are typically priced by the hour. The price you pay will vary depending on the provider you choose and the complexity of the problem. Ransomware removal will require a more experienced and skillful tech vs. a simple printer problem.Under this model, you might be able to negotiate a discount based on buying a block of hours. The scope of work might range from simply resolving a specific problem (like fixing slow WiFi or resolving an e-mail problem) to encompassing a large project like a software upgrade, implementing cyberprotections or even an office move. Some companies will offer staff augmentation and placement under this model as well.

  Similar to this are value-added reseller services. VARs typically do IT projects for organizations that have internal IT departments. The term “value-added” reseller is based on the fact that they resell hardware (PCs, firewalls, servers, etc.) and software, along with the “value-added” services of installation, setup and configuration. VARs typically service larger organizations with internal IT departments. A trend that has been gaining ground over the last decade is that fewer VARs exist, as many have moved to the managed IT services model.
   

• Managed IT Services (MSP, or “Managed Services Provider”). This is a model where the IT services company, called an MSP, takes on the role of your fully outsourced IT department. In this model, they handle everything related to your IT “infrastructure.” That includes (but is not limited to) the following: 

• Troubleshooting IT problems (help desk support). 
• Setting up and supporting PCs, tablets, Macs and workstations for new and existing employees, both on-site and remote. 
• Installing and setting up applications such as Microsoft 365, Google Workspace, SharePoint, etc. 
• Setting up and managing the security of your network, devices and data to protect against hackers, ransomware and viruses. 
• Backing up your data and assisting in recovering it in the event of a disaster. 
• Providing a help desk and support team to assist employees with IT problems. 
• Setting up and supporting your phone system. 
• Monitoring and maintaining the overall health, speed, performance and security of your computer network on a daily basis. 
   

In addition to managing your IT, a good MSP will provide you with an IT road map and budget for necessary projects to further secure your network and improve the stability and availability of critical applications, as well as ensure that your IT systems are compliant with various data protection laws (HIPAA, FTC Safeguards, PCI, etc.) and that your cyberprotections meet the standards on any cyber insurance plan that you have.
 

     The advantage of break-fix services is that you only pay for IT support when you need it, without being locked into a monthly or multiyear contract. If you’re not happy with the service you’re getting, you can change providers easily. If you’re a microbusiness with only a few employees, very simple IT needs where you don’t experience a lot of problems and don’t host or handle sensitive data (medical records, credit cards, Social Security numbers, etc.), break-fix might be the most cost-effective option for you. 

 

     However, the downsides of break-fix services are many, particularly if you’re NOT a microbusiness and/or if you handle sensitive, “protected” data. The five big downsides are as follows: 

 

1. Break-fix can be very expensive when you have multiple issues. Because you’re not a managed client, the IT company resolving your problem will likely take longer to troubleshoot and fix the issue than if they were regularly maintaining your network and therefore familiar with your environment AND had systems in place to recover files or prevent problems from escalating.
    

1. Paying hourly works entirely in your IT company’s favor, not yours. Under this model, the IT consultant can take the liberty of assigning a junior (lower-paid) technician to work on your problem who may take two to three times as long to resolve an issue that a more senior (and more expensive) technician may have resolved in a fraction of the time because there’s no incentive to fix your problems fast. In fact, they’re incentivized to drag it out as long as possible, given that they’re being paid by the hour.
    

1. You are more likely to have major issues. One of the main reasons businesses choose a managed services provider is to PREVENT major issues from happening. As Benjamin Franklin famously said, “An ounce of prevention is worth a pound of cure.”
    

1. You can’t budget for IT services and, as already explained, could end up paying more in the long run if you have to constantly call for urgent “emergency” support.
    

1. You won’t be a priority for the IT company. All IT firms prioritize their contract managed clients over break-fix clients. That means you get called back last and fit in when they have availability, so you could be down for days or weeks before they can address your problem.
    

     Are you done with ongoing IT problems, downtime and ineffective systems? Then it’s time you gave us a call and let us deliver the responsive, quality IT support you want with friendly, US-based techs who are both knowledgeable and easy to work with.  

 

     Schedule your free initial consultation with one of our senior advisors by calling us at 480-464-0202 or going to www.compushooter.com.  

 

      On this call we can discuss your unique situation and any concerns you have and, of course, answer any questions you have about our services and how we might be able to help you. We are also happy to provide you with a competitive bid. 

In the fast-paced world of business, efficiency and productivity are paramount. Advancements in technology have revolutionized the way we work, providing a plethora of tools and resources to help us accomplish more in less time. Maximizing workplace productivity with technology has become an essential strategy for organizations looking to stay competitive and innovative in today’s global market. Here are 7 ways to add tech to your day-to-day activities to stay productive.  

1. Automation And Streamlining Processes:
   

One of the most significant ways technology maximizes workplace productivity is through automation and process streamlining. With the help of tools like workflow automation software and robotic process automation, businesses can automate repetitive tasks, freeing up employees to focus on more creative and strategic tasks. By automating routine processes, organizations reduce the likelihood of errors and increase the speed at which tasks are completed. This not only boosts efficiency but also enhances job satisfaction by allowing employees to concentrate on tasks that require critical thinking and problem-solving skills.  

2. Collaboration And Communication:
   

Effective communication and collaboration are vital to a productive workplace. Technology has provided a range of solutions, such as video conferencing, project management software and instant messaging platforms, that enable teams to work together seamlessly regardless of their geographic locations. These tools facilitate real-time communication, file sharing and project tracking, ensuring that all team members stay on the same page and are able to work efficiently together. This results in faster decision-making, improved project management and, ultimately, higher productivity.  

Need help with choosing the right collaboration and communication tools for your business? We can help! Click here to book a 10-minute discovery call to get started.  

3. Data Analytics And Business Intelligence:
   

In the modern workplace, data is king. The ability to collect, analyze and leverage data is a powerful tool for improving productivity. With the help of advanced analytics and business intelligence tools, organizations can gain insights into their operations, customer behavior and market trends. This data-driven approach allows for informed decision-making, optimized resource allocation and the identification of areas where improvements are needed. By harnessing data and analytics, businesses can work smarter, not harder.  

4. Remote Work And Flexibility:
   

Technology has also played a pivotal role in reshaping the traditional office environment. The rise of remote work and flexible work arrangements has been made possible by advancements in communication and collaboration tools. Employees can now work from anywhere, provided they have an Internet connection, which not only enhances their work-life balance but also opens up opportunities for businesses to tap into a global talent pool. Remote work can boost productivity by reducing commuting time and allowing employees to work in environments where they are most comfortable and productive.  

IMPORTANT: Security should be a high priority if you have remote workers. If you don’t have a robust security system for virtual team members, you need to get one right away.  

5. Project Management And Task Tracking:
   

Effective project management is key to productivity. With project management software, businesses can plan, execute and monitor projects more efficiently. These tools provide a clear overview of tasks, deadlines and team member responsibilities, ensuring that everyone stays organized and accountable. From agile methodologies to Gantt charts, technology offers a range of project management approaches to suit various business needs.  

6. Employee Training And Development:
   

Investing in technology for employee training and development is another avenue to maximize workplace productivity. Learning management systems and online training platforms enable organizations to offer continuous learning opportunities to their employees. By upskilling and reskilling their workforce, companies can ensure that their staff remains adaptable and capable of using the latest tools and technologies, which in turn enhances overall productivity.  

7. Security And Data Protection:
   

As technology becomes more integrated into the workplace, the need for robust security and data protection measures is crucial. Cyber security solutions help protect sensitive information, prevent data breaches and ensure business continuity. When employees feel secure in their digital environment, they can work more confidently and productively, knowing that their data and the company’s assets are protected.  

Technology is an indispensable resource for maximizing workplace productivity. From automating tasks and improving communication to harnessing data and fostering employee development, technology offers a wide range of solutions to enhance efficiency and effectiveness in the modern workplace. Embracing these technologies and staying up-to-date with the latest trends is essential for businesses looking to thrive in today’s competitive and ever-evolving business landscape. By leveraging technology effectively, organizations can achieve their productivity goals, improve their bottom line and create a dynamic, innovative work environment.  

If you need help creating a strategic plan for your technology, such as determining what software to invest in, sourcing devices, creating a plan for efficiency or securing your network, our IT team can support you. Click here to book a 10-Minute Discovery Call to get started. 

In today’s hyperconnected world, cybersecurity is a critical concern for individuals and organizations alike. However, as the digital landscape evolves, so do the myths and misconceptions surrounding cybersecurity. If you want to be protected, you have to understand what the real threats are and how you could be unknowingly overlooking them every single day. In this article, we will debunk 5 common cybersecurity myths to help you stay informed and protected as you take your business into 2024. 

Myth 1: “I’m too small to be a target.” 

 One of the most dangerous cybersecurity myths is the belief that cybercriminals only target large organizations. In reality, cyber-attacks do not discriminate by size. Small businesses, start-ups and individuals are as susceptible to cyberthreats as larger enterprises. Cybercriminals often target smaller entities precisely because they may lack robust cybersecurity measures, making them easier prey. To stay safe, everyone should prioritize cybersecurity, regardless of their size or scale. 

 Myth 2: “Antivirus software is enough.” 

 Antivirus software is an essential component of cybersecurity, but it is not a silver bullet. Many people mistakenly believe that installing antivirus software on their devices is sufficient to protect them from all cyberthreats. While antivirus software can help detect and prevent known malware, it cannot stand up against sophisticated attacks or social engineering tactics. To enhance your protection, combine antivirus software with other security measures, such as firewalls, regular software updates and user education. 

 Myth 3: “Strong passwords are invulnerable.” 

 A strong password is undoubtedly an integral part of cybersecurity, but it is not foolproof. Some believe that creating complex passwords guarantees their accounts’ safety. However, even strong passwords can be compromised through various means, including phishing attacks, keyloggers and data breaches. To bolster your security, enable multifactor authentication (MFA) whenever possible, which adds an additional layer of protection beyond your password. 

 Myth 4: “Cybersecurity is solely an IT department’s responsibility.” 

 Another common misconception is that cybersecurity is exclusively the responsibility of an organization’s IT department. While IT professionals are crucial in securing digital environments, cybersecurity is a group effort. Everyone within an organization, from employees to management, should be aware of cybersecurity best practices and adhere to them. In fact, human error is a leading cause of data breaches, so fostering a culture of cybersecurity awareness is essential. 

 Myth 5: “My data is safe in the cloud.” 

 With the increasing use of cloud services, some individuals believe that storing data in the cloud is inherently secure. However, the safety of your data in the cloud depends on various factors, including the provider’s security measures and your own practices. Cloud providers typically implement robust security, but users must still manage their data securely, including setting strong access controls, regularly updating passwords and encrypting sensitive information. It’s a shared responsibility. 

 Cybersecurity is something you must take seriously heading into the New Year. Cyberthreats continuously evolve, and believing in these misconceptions can leave individuals and organizations vulnerable to attacks. It’s essential to stay informed, maintain a proactive stance and invest in cybersecurity measures to protect your digital assets. Remember that cybersecurity is a collective effort and everyone has a role to play in ensuring online safety. By debunking these myths and embracing a holistic approach to cybersecurity, you can better protect your digital life and business.  

 To start off the New Year in a secure position, get a completely free, no-obligation security risk assessment from our team. We’ll review everything you have in place and give you a full report explaining where you’re vulnerable and what you need to do to fix it. Even if you already have an IT team supporting you, a second set of eyes never hurts when it comes to your security. Book a 10-minute discovery call with our team here 

 

Recently, the CEO of a very successful marketing firm had their Facebook account hacked. In just a weekend, the hackers were able to run over $250,000 worth of ads for their online gambling site via their account and removed the rightful owner as the admin, causing the firm’s entire Facebook account to be shut down. 

Not only are they uninsured for this type of fraud, but they were shocked to discover that Facebook, as well as their bank and credit card company, was NOT responsible for replacing the funds. Facebook’s “resolution” was that there was no fraud committed on their account because the hacker used their legitimate login credentials, and Facebook is not responsible for ensuring you keep your own personal credentials safe and confidential. Further, they didn’t have the specific type of cybercrime or fraud insurance needed to cover the losses, so they’re eating 100% of the costs.  

Not only are they out $250K, but they also have to start over building their audiences on Facebook again, which took years to build. This entire fiasco is going to easily cost them half a million dollars when it’s all totaled. 

In another incident, another firm logged into their account to find all of their ads were paused. Initially, they thought it was a glitch on Facebook, until they realized someone had hacked into their account, paused all of their legitimate ads and set up 20 NEW ads to their weight-loss spam site with a budget of $143,000 per day, or $2.8 million total.  

Due to their spending limits, the hackers wouldn’t have charged $2.8 million; however, due to the high budgets set, Facebook’s algorithms started running the ads fast and furious. As they were pausing campaigns, the hackers were enabling them again in real time. After a frantic “Whac-A-Mole” game, they discovered the account that was compromised and removed it.  

The compromised account was a legitimate user of the account who had THEIR account hacked. Because of this, Facebook wouldn’t replace the lost funds, and their account got shut down, with all campaigns deleted. Fortunately, these guys caught the hack early and acted fast, limiting their damages to roughly $4,000, but their account was unable to run ads for 2 weeks, causing them to lose revenue. They estimate their total damages to be somewhere in the $40,000 to $50,000 range.  

When many people hear these true stories (with the name of the companies withheld to protect their privacy), they adamantly believe someone besides them should step up and take responsibility, covering the losses. “It wasn’t OUR fault!” they say. However, the simple reality is this: if you allow your Facebook account – or any other online account – to be hacked due to weak or reused passwords, no multifactor authentication (MFA) turned on, improper e-mail security or malware infecting your devices due to inadequate cyber security, it is 100% YOUR FAULT when a hacker compromises your account.  

Facebook is just one of the cloud applications many businesses use that can be hacked, but any business running any type of cloud application, including those that adamantly verify they are secure, CAN BE HACKED with the right credentials. Facebook’s security did not cause their account to be compromised – it was the failure of one employee. 

The BEST way to handle this is to NOT get hacked in the first place. Here’s what you need to do to protect yourself: 

• Share this article to make sure your staff is aware of these types of scams. Cybercriminals’ #1 advantage is still hubris; businesses and most people in general insist that “nobody would want to hack me” and therefore aren’t extremely cautious with cyberprotections.
   
• Make sure you create strong, unique passwords for EACH application you and your team log into. Use a good password management tool  to manage this, but remember IT MUST BE USED IN ORDER TO WORK. For example, don’t allow employees to store passwords in Chrome and bypass the password management system.
   
• Minimize the number of people logging into any account. If someone needs access, give them that access and then remove them as a user ASAP immediately after. The more users you have on a cloud application, the greater the chances are of a breach.
   
• Make sure all devices that touch your network are secure. Keylogger malware can live on a device to steal all of your data and credentials.  

If you want to ensure your organization is truly secure, click here to request a free Cyber Security Risk Assessment to see just how protected your organization is against known predators. If you haven’t had an independent third party conduct this audit in the last 6 months, you’re due.  

It’s completely free and confidential, without obligation. Voice scams are just the latest in a tsunami of threats aimed at small business owners, with the most susceptible being the ones who never “check the locks” to ensure their current IT company is doing what they should. Claim your complimentary Risk Assessment today. 

The infamous Xenomorph Android malware, known for targeting 56 European banks in 2022, is back and in full force targeting US banks, financial institutions and cryptocurrency wallets.  

The cyber security and fraud detection company ThreatFabric has called this one of the most advanced and dangerous Android malware variants they’ve seen. 

This malware is being spread mostly by posing as a Chrome browser or Google Play Store update. When a user clicks on the “update,” it installs the malware designed to automate the process of accessing your online accounts and extracting and transferring funds.  

Besides being alert to this scam (and you should let your spouse, partners and family know as well), you should be aware of a few ways to protect yourself: 

• Avoid links and attachments in any unsolicited e-mail. Simply previewing a document could infect your device, so never open or click on anything suspicious. 
• To update your browser, simply close it and reopen. You don’t have to download an application to update it. Furthermore, the Google Play Store app will not ask you for an update, so don’t fall for any website alert or text stating you need to download an update.  

But remember, bank fraud can manifest itself in several forms, including:  

1. Phishing Scams: Cybercriminals send deceptive e-mails or messages, often impersonating trusted entities like banks or government agencies, to trick you or your employees into revealing sensitive information like login credentials. Sometimes these are facilitated by phone calls, so make sure your team is fully aware of this. The latest MGM hack happened when a hacker called the company’s IT department requesting a password reset.
    
2. Check Fraud: Criminals may forge or alter your business’s checks to siphon funds from your account, making it essential for you to secure your checkbook and be careful about sharing or e-mailing your account information. You might consider going checkless to cut down on the chances of your account being hacked.
    
3. Unauthorized Wire Transfers: Hackers may compromise your online banking credentials to initiate unauthorized transfers, diverting funds to their accounts.
    
4. Account Takeover: Criminals may gain control of your business’s online banking accounts by exploiting weak passwords, reused passwords or security gaps, such as e-mailing your passwords to others or storing your bank password in your browser, allowing them to make unauthorized transactions.
    
5. Employee Fraud: Sometimes, even employees may engage in fraudulent activities, such as embezzlement or manipulating financial records.  

To protect yourself, use strong, unique passwords for your online banking accounts and never store them in your browser. Also, update your passwords monthly with significant changes to them, using uppercase and lowercase, symbols and numbers that are at least 14 to 16 characters.  

Second, always turn on multifactor authentication (MFA) so you’re notified if anyone tries to log into your accounts without your knowledge. 

Third, set up alerts for large withdrawals. You can ask your bank to require a physical signature for wire transfers to protect you from someone taking money from your account without your signature.  

Fourth, get fraud insurance that specifically covers employee and online theft so you are protected in the event a cybercriminal steals money from your account. 

And, as always, make sure you have strong cyberprotections in place for ANY device that logs into a bank account or critical application. Far too many businesses think that if their data is “in the cloud,” they are safe. Remember, your bank account is “in the cloud,” and the bank likely has a secure portal, but that doesn’t mean YOU can’t be hacked. 

If you want to ensure your organization is truly secure, click here to request a free Cyber Security Risk Assessment to see just how protected your organization is against known predators. If you haven’t had an independent third party conduct this audit in the last 6 months, you’re `due.  

It’s completely free and confidential, without obligation. Voice scams are just the latest in a tsunami of threats aimed at small business owners, with the most susceptible being the ones who never “check the locks” to ensure their current IT company is doing what they should. Claim your complimentary Risk Assessment today. 

Have you started business planning for 2024? The last few months of the year can get hectic, between trying to close out the end of the quarter strong and mapping out your plan to ramp things up in the new year. One area that small business owners often skip over when creating their new year strategy is cyber security planning. Cyber security is NOT an IT decision, it’s a business decision. Your company hinges on your ability to keep your data – and your clients’ – safe from cybercriminals.

To create a reliable plan for the next year, there are a few cyber security basics that every business owner needs to be aware of to avoid being the next victim of a data breach. Cyber issues are becoming such a regular occurrence that it’s easy to become desensitized to the effects of data breaches, which can leave you vulnerable to an attack.

 

Here are 10 BIG takeaways about cyber security that you should keep in mind. Your security depends on it!

 

1. No business is too small.

Hackers love that small business owners think this way because it makes them an easy target. If you have money or data of any size or amount, you are at risk.

Takeaway – Protect your business and consult a cyber security expert on what you need.

 

2. Your employees are putting you at risk.

They are not likely doing it on purpose, but human error is the #1 issue with cybercrime. Whether it’s a bad link that is clicked or a malicious attachment that is downloaded, these small “accidents” can create huge problems for your business.

Takeaway – Invest some of your budget in cyber security training for your team.

 

3. Software needs to be updated when you’re notified about it.

This is true for your web browsers too. If you get a notification about an available update, it often means that a bug or a vulnerability needs to be patched. If you don’t patch it, that’s a little hole in your network that hackers can and will find.

Takeaway – Have your IT team run automatic updates and always manually update if prompted.

 

4. Back up your data.

Disasters happen, whether natural, like a tornado or flood wiping out your office, or a cybercriminal locking down your network and ransoming you to return it. Having a backup will allow you to reduce downtime and further damage to your business.

Takeaway – Have an off-site backup and test it regularly to ensure it works properly.

 

5. Use a VPN when working outside of the office.

If you’re on vacation, working while traveling or even working at the local coffee shop, connecting to public WiFi can put you at risk. Hackers can break into unsecured WiFi or set up fake ones, hoping you will connect to them.

Takeaway – Use a VPN, or virtual private network, to keep your network safe from hackers while on the go.

 

6. Data breaches are expensive.

The cost of data breaches puts most small companies that get hacked out of business within six months. These can range from hundreds of thousands to millions of dollars, depending on the damage done.

Takeaway – Invest in cyber security. Don’t play around and risk everything you worked hard to build.

 

7. Having cyber insurance doesn’t mean you’re covered if you’re hacked.

If you’re hacked, cyber insurance doesn’t automatically cover you. Insurance agents will check to make sure you’ve done everything in your power to prevent the attack. If you haven’t, your claim can be denied.

Takeaway – Read the fine print on cyber insurance policies and make sure you’re following all requirements.

 

8. Compliance doesn’t mean you’re secure.

Being compliant means you are fulfilling all the requirements that the government has issued. This does not mean you are 100% secure; it means you have implemented the basics.

Takeaway – Consult with a cyber security professional who deals with clients in your industry to make sure that you’re not only compliant but that you have the proper security systems in place to protect your organization.

 

9. Basic antivirus and firewalls are not enough.

These are helpful, but they aren’t enough to keep you secure. Hackers are routinely finding ways to break through this software, so if you’re not implementing other security measures, you’re at risk.

Takeaway – Consult with a cyber security professional to find out what you need. It’s often not as expensive as people think and will cost you WAY less if you ever become a victim of a data breach.

 

10. You’ll be the one who people hold accountable if you’re hacked.

When it comes to data breaches, whether you’re at fault or not, you’ll be the one to catch the blame from your customers, employees, attorneys, the media and more, and it will be ugly.

Takeaway – You can prevent this by taking a proactive approach to cyber security.

Take your security seriously in 2024. We offer a FREE, no-obligation Security Assessment. Even if you already have a cyber security company you work with, it can’t hurt to have a second expert opinion to assess if and where you’re vulnerable to an attack.

We have limited spots available and expect to fill up before the holiday break, so if you’re interested, click here to book your assessment with our team now.

The holiday season is in full swing, which means so are the cybercriminals! While you’re making holiday gift lists, they’re plotting and scheming new ways to take advantage of unsuspecting online shoppers. Holiday phishing scams have become an all-too-common threat, targeting customers to steal personal information, financial data and even identities. 

To help reduce the chances that a cybercriminal will ruin your much-deserved holiday fun, we’ve outlined a few of the most common and dangerous scams that you should be on the lookout for, how they work and tips to help you avoid becoming their next victim. 

Understanding Holiday Phishing Scams: 

Phishing is a deceptive technique cybercriminals use to trick individuals into sharing sensitive information such as passwords, credit card details or Social Security numbers. During the holiday season, these scams often take on a festive disguise, tricking victims with holiday-themed e-mails, messages and websites. Whether you’re ordering gifts for clients or friends and family, here are some common tactics used by holiday phishing scammers to be aware of: 

1. Holiday-Themed E-mails: Scammers send e-mails that appear to be from trusted sources like your favorite retailers or even beloved charities. These e-mails look legit and usually offer fake exclusive holiday deals, order confirmations or requests for donations. Inside the e-mail, there is usually a link that leads to a fake website designed to steal your information or your money, or even install dangerous malware on your computer.
2. Fake Promotions: Cybercriminals create fake holiday promotions and discounts that seem too good to be true. Unsuspecting victims see a great deal from a spoof e-mail account and are enticed to click on links or download attachments that can contain malware or lead to phishing websites.
   Sometimes cybercriminals aren’t looking to install malware but instead hoping to steal your money. They’ll duplicate popular retailer websites or set up their own, so when you make a purchase, they’ll collect the money, but you’ll never receive your order. These sites are often difficult to track, making it hard to get your money back.
3. Delivery Notifications: With the increase in online shopping during the holidays, scammers send fake delivery notifications, claiming that a package is on its way or that there’s a problem with an order. These e-mails may prompt recipients to click on links or download attachments containing malicious software.
4. Social Engineering: Scammers may impersonate friends or family members via e-mail or social media, asking for money or personal information under the guise of a holiday emergency or gift exchange. This is a common scam against seniors – who might not realize that the profile requesting money from them that was made “three days ago” isn’t actually their granddaughter – and young teenagers who don’t know fake profiles are an issue.  

 

Recognizing and Avoiding Holiday Phishing Scams: 

 Now that we understand how holiday phishing scams operate, it’s essential to know how to recognize and avoid falling victim to them. 

1. Verify The Sender: Always check the sender’s e-mail address or domain. Be cautious of misspelled or suspicious e-mail addresses. Legitimate companies and organizations use official domains for their communication.
   

2. Don’t Click On Suspicious Links: Hover your mouse over links to see the actual URL they lead to. Be wary of shortened links or URLs that don’t match the sender’s domain. If in doubt, visit the website directly by typing the URL into your browser.

3. Beware Of Urgency And Pressure: Scammers often create a sense of urgency, claiming limited-time offers or imminent problems. Take your time to verify the authenticity of any claims before taking action.
   

4. Double-Check Websites: Before entering personal or financial information on a website, ensure it’s secure. Look for “https://” in the URL, a padlock icon in the address bar and a valid SSL certificate.
   

5. Use Two-Factor Authentication (2FA): Enable 2FA wherever possible, especially for online shopping and banking accounts. This provides an extra layer of security, even if your password is compromised.
   

6. Educate Yourself And Others: Stay informed about current phishing tactics and share this knowledge with friends and family. The more people are aware, the harder it becomes for scammers to succeed.
   

7. Protect Personal Information: Avoid sharing sensitive information via e-mail or text messages, even if the request seems legitimate. Use secure channels for such communication.

While the holiday season is a time for celebration and togetherness, it’s crucial to remain vigilant against holiday phishing scams. Cybercriminals prey on the festive spirit and increased online activity during this time. By recognizing the signs of phishing attempts and following best practices for online security, you can protect yourself and ensure a safe and joyous holiday season for you and your loved ones. 

Business owners: If your staff will be ordering gifts online for clients, make sure they know how to spot a phishing attack and that your network is properly secured in case something slips through the cracks. You don’t want your organization to be negatively impacted by extending holiday goodwill. If you aren’t sure if you’re protected, please give us a call or schedule a 10-minute discovery session with our team. We can help give you peace of mind this holiday season. Click here to book now, and happy holidays! 

One of the most commons questions we get from new prospective clients calling our office is “What do you guys charge for your IT services?” 

While price certainly needs to be one consideration, it’s extremely important you make an informed decision and choose the right IT services company instead of using price as the main deciding factor. 

This seems obvious, but the reality is that most <<CEOs/CFOs/etc.>> don’t really know what questions to ask or what to look for when choosing one IT company over another and therefore put too much weight on the quote. 

What you want to avoid is getting lured into a lowball quote from an IT company that is in financial trouble, cutting corners to lower their fees to get you as a client, but then unable to afford to hire experienced, knowledgeable techs, dedicated account managers and the security tools they need to ensure YOU are actually getting the security, stability and service you need. 

So, how much is “too much” and what are the signs that someone is underpriced? 

Recently, an industry report from Service Leadership, the leading financial benchmarking organization in the IT services industry, revealed that a whopping 28% of MSPs (managed services providers, or IT services companies) were unprofitable, and nearly half of all MSPs were under 10% net profit. 

While everyone likes a “bargain,” here are the reasons why “cheaper” is not the advantage you think it is when you choose an underpriced IT company: 

1. They are woefully short-staffed because the biggest expense in any IT company is the technical staff. THAT means if one of their techs quits, they’re quickly overwhelmed and unable to support your account, and response time suffers, not to mention critical security and backup maintenance of your network.
    

1. The staff they hire are at the lower end of the pay scale, which means you’re not getting the most competent people working on backing up your data, keeping your network secure and handling the critical operations and data your business needs.
    

1. They are very unlikely to have a dedicated account manager and team to work on your account because they can’t afford to hire them.
    

1. They are one or two bad months away from going out of business because they have no buffer. That means you could wake up one morning and find yourself without an IT company, scrambling to find a new one.
    

1. They are not “operationally mature.” Operational maturity means their business has the people and professional processes aligned to provide the highest level of QUALITY services to the end client (you).  

In general, according to Service Leadership, the average “per user” fee for managed IT services is $205.07 to $249.73. Those IT firms with an operational maturity level of below average is $146.08 to $157.49 per “user” (or employee using a computer or device they are supporting).  

As you can see, if someone quotes you $120 a user for managing your network, it might feel like a good deal, but you have to ask yourself how they are able to charge nearly 50% less than IT firms that are operationally mature. The answer is obvious – they’re cutting corners, hiring cheap labor and leaving out critical security and compliance services. 

If you want to know what types of questions you should be asking your IT firm (managed services provider), then click here to download our executive guide, “19 Questions You Should Ask Any IT Company Before Signing A Contract Or Letting Them Touch Your IT.” 

This report discusses in detail exactly what to look for to get exactly what you need without unnecessary extras, hidden fees and bloated contracts. But most importantly, it will show you how to get the right support you want in order to lower your risk and eliminate the frustration of dealing with a less than competent IT company. 

“That won’t happen to me” is something many business owners say when discussing cyber-scams and the need for adequate protections for their business, but these days it’s getting to be a really, really stupid statement that you definitely don’t want your clients, employees and banker to hear.  

Generative AI (artificial intelligence) tools are allowing scammers to produce deep fakes to defraud their targets. Earlier this year, Clive Kabatznik, an investor in Florida, called his local Bank of America representative to discuss a big money transfer he was planning to make.  

Immediately after this legitimate call, a scammer called the bank back using an AI-generated deepfake voice of “Clive” to convince the banker to transfer the money to another account. Fortunately, the banker was suspicious enough that no money was transferred, but not everyone is as lucky. 

According to a report titled The Artificial Imposter by McAfee, a well-established cyber security firm, 77% of AI voice scams were successful in securing money from their target. Even scarier, AI tools can clone a voice from just three seconds of audio.  

A UK-based energy firm’s CEO was the victim of a voice scam when he thought he was talking to his boss, the CEO of the parent company based in Germany. The voice on the other end of the line instructed him to send the equivalent of $233,000 to a Hungarian supplier. The voice was so convincing, down to the slight German accent, that the CEO complied without hesitation. By the time they realized what had happened, the money had already been transferred to Mexico and distributed to other locations that weren’t traceable.   

But big businesses aren’t the only ones targeted.  

Jennifer DeStefano, a mother of a 15-year-old daughter, recounted during a US Senate hearing her terrifying encounter with an AI scammer who used the voice of her daughter to attempt to convince her that the girl had been kidnapped. Fortunately, her daughter was in her bed sleeping at the time, and Jennifer was able to realize it was a scam. Many others aren’t as lucky as Jennifer and are getting scammed by AI voices of grandchildren, children and other loved ones who “urgently need money.” 

This approach is still so new that there’s no comprehensive accounting of how often it’s happening, but the CEO of Pindrop, a security company that monitors audio traffic for many of the largest US banks, said he had seen a jump in its prevalence this year – and in the sophistication of scammers’ voice-fraud attempts. Another large voice-authentication vendor, Nuance, saw its first successful deepfake attack on a financial services client late last year. 

With the rapid advancement of AI technology and its wider availability as costs come down, coupled with the broad availability of recordings of people’s voices on TikTok, Facebook, Instagram and YouTube, the perfect conditions have been created for voice-related AI scams. 

What do you need to do to protect yourself?  

For starters, share this article to make sure your staff is aware of these types of scams. Next, instruct them to ALWAYS check with you via a text message or other means BEFORE transferring money. If you’re not a business owner, you can do the same with your family, using a code word or other means of verifying the caller’s legitimacy.  

Also, check the caller ID. If it’s something you don’t recognize, or it’s a blocked number, that’s a BIG red flag that it’s a scam. Even if it sounds like them on the other end of the line, hang up and call their phone direct or the place they’re supposed to be (school, office, etc.).  

If the person calling has on-fire urgency and wants money wire-transferred or a Bitcoin payment, that’s another huge red flag. Real emergencies don’t come with highly skeptical payment demands.   

In business, you’ve clawed and climbed your way to the top, dodging all sorts of pitfalls and predators that have tried to make you their meal. Such threats are everywhere, and the higher you climb, the more you’ll find hiding behind every tree, every rock and every step. No matter how small and insignificant you might think you are, you ARE a target for someone, and being casual about cyber security and the threats they pose is an absolute surefire way to be robbed. 

If you don’t want this to happen to you, click here to request a free Cyber Security Risk Assessment to see just how protected your organization is against known predators. If you haven’t had an independent third party conduct this audit in the last 6 months, you’re due.  

It’s completely free and confidential, without obligation. Voice scams are just the latest in a tsunami of threats aimed at small business owners, with the most susceptible being the ones who never “check the locks” to ensure their current IT company is doing what they should. Claim your complimentary Risk Assessment today.