Earlier this month, Apple launched the Apple Vision Pro, which Apple is calling “a revolutionary spatial computer that transforms how people work, collaborate, connect, relive memories, and enjoy entertainment.” Since the announcement of the Apple Vision Pro, Apple has been touting what they are calling Spatial Computing, as a revolutionary new way to interface with a computer, your apps, and your information.

I recently set up a demo down at one of the Apple Stores here locally to experience it first hand, after watching and reading several reviews out there. It is a remarkable experience that is nearly impossible to explain in words. If you have the opportunity, I would recommend setting up a demo so you can experience it yourself.

I will link to some of my favorite reviews that I read for more detail. I largely agree with most of what they say, but probably more than any other technology device, these are all about the experience, so reading what other people say really won’t do it justice.

What is the Apple Vision Pro?

The Apple Vision Pro is what Apple is calling a “Spatial Computing Platform”. It’s a set of goggles that you wear that has several sensors and cameras around the outside of it, which project the outside world to ultra high resolution screens with pixels so small they are about the size of red blood cells, making it seem like you are looking through something transparent to the world around you. The sensors can determine where objects are, and also knows exactly where you are in the room and how you are turning your head so that it can move what you see to feel like you are just looking at the world around you.

It also has sensors and cameras inside the goggles pointed at your eyes to help track precisely what you are looking at, and using your eyes to unlock the Vision Pro for you securely (think FaceID or TouchID but for your eyes. They call it Optic ID). The eye tracking is also crucial, as it is how you actually interact with things within the Vision Pro. To select something, you simply look at it, then tap 2 fingers together, and it will select it.

By doing this, you can project environments on top of what you are seeing around you. The interface of apps just floats in front of you, right above the table you are sitting in front of, or projected onto the wall next to you. You can move the interface around you however you would like.

Apple posted a 10 minute Guided Tour video that explains and shows what the Vision Pro is and what it can do pretty well here -

A Guided Tour of Apple Vision Pro

What’s it like in practice?

The Guided Tour from Apple, and several other YouTube reviews of the device do a great job explaining the general idea of the device, but as I mentioned earlier, it really is something different when you actually experience it. Watching these videos, you see apps floating in space as if they were around you, or sitting on the table next to you. You see a futuristic “Minority Report” like sci-fi future where you are waving your hands around to interact with floating application windows, which can take up as much space as you would like, or seeing someone sitting on an airplane watching an IMAX size movie that no one else can see around you.

It all looks very cool, but actually doing it and seeing it on yourself is a whole other level. When you actually have them on, and you are the one reaching out and expanding a photo you are looking at, or looking back and forth at a panorama photo you took that suddenly looks 75 feet wide and curves around you, or you are watching some 3D videos that you shot on your iPhone 15 Pro… it just feels completely different.

I don’t want to go into too much detail about what the demos are like, because I honestly believe it’s an experience you should have first hand, but a few things stood out to me. First, the basic technology even before you are doing anything else is kind of insane. When you first put it on and it gets calibrated, you start seeing the world around you through the goggles. If you look hard and think about it, you can tell that they are screens in front of you, but honestly it’s so good and so convincing that you can easily forget that you are looking through those and just feel like you are looking at the world around you. That alone is an incredibly impressive amount of engineering to make that work so naturally.

Then the App UI starts showing up. The apps are so real looking, it looks like circular pieces of glass floating in front of you that if you weren’t thinking about it too hard, you would feel like you could just reach out and touch directly. If you look at the table in front of you, you’ll even notice that there is a shadow under the apps floating in front of you on the table.

Then Apple takes you through some scripted demo tasks to show you different features of the Vision Pro. They start with photos, which are absolutely incredible to see in that space, and wrap up looking at 3D videos which can be taken with either the Vision Pro or with iPhone 15 Pro. These videos are easy to tell that you aren’t actually there, but it’s also shocking how good they are. It is a far more immersive and personal feeling experience than even blowing up the 2D photos to be the size of the wall in front of you.

You go through several other individual apps, watch some movie clips (which are incredible), but the most incredible experience to me was the 3D immersive environment demos they have. There are a handful of spatial environments you can just wrap yourself in, such as Yosemite, Mount Hood, and even one on the moon. These modes allow you to just wrap one of these environments around you so you could do some work or watch a movie in a completely different environment. The other part of the demo with the 3D environments was a reel of completely 3D immersive videos that Apple shot with extremely high resolution cameras. In both cases, it’s hard to describe the feeling, but it feels like you are actually there. There are animals that walk up to you, and you honestly have to remind yourself that you can’t just reach out and touch them.

So what is this for and who should buy one?

I think the most interesting question about this device is what will this actually be used for. I think it’s easy to imagine a future where you put on a light weight set of glasses and rather than needing a computer screen in front of you, you could just have floating windows that you interact with without anything but your hands, eyes, and voice. This is a real glimpse into a future like that, but the reality is that this is so new that “what it’s for” will likely shift a fair amount over the next few years. When the Apple Watch first came out, it was focused more on the apps and fashion, but Apple quickly figured out that the health features were resonating with people more, and as the next few versions came out, the Apple Watch shifted to be more focused on the health aspects. I think something similar will happen with the Vision Pro, and its use cases will become more clear over the next year or two.

Right now, what is the killer app? Any type of media consumption at the moment. Watching a movie or looking through your photos is honestly an experience that is hard to describe and impossible to replicate elsewhere at the moment.

There are several ideas that I would love to see someone try to do with the Vision Pro. For me personally, I want to see more development with being able to use it as external screens for the Mac. It can do this today, but I’d love to see more. I’d love to just be able to take my laptop somewhere and put on Vision Pro and suddenly be able to have a couple of high resolution displays that are private from everyone around me. Someday it would be cool to not even need the Mac, but I’m so ingrained in the Mac apps that I use it would be hard for me to move off of that any time soon.

CAD programs could be absolutely incredible in Vision Pro. If you were designing a motor, or car, or even working on engineering out a building, being able to see it in front of you in crystal clear 3D could be a game changer. Training someone with another Vision Pro somewhere else in the world could be amazing too. Imagine a mechanic working on something, and someone across the world is able to see what they see in 3D, and maybe circle or highlight something that the person is actually looking at while talking them through what to do. What about if you could use a Vision Pro to walk around a house that is going to be for sale, and generate a fully immersive 3D walk through of the house, so that prospective buyers could feel like they are in the house walking around from anywhere in the world?

There is a huge amount of potential, and I’m excited for the things that none of us are even thinking of right now that developers will come up with.

Should you buy this? Well if you’re looking for the immersive content like movies, photos, etc. and that’s worth the $3,499 price point, this is an incredible product for that. A high end TV will often cost more than this. If you are looking for something to radically change the way you work, you may want to wait until there are more applications available, and Apple has started to iron out the use cases more.

Casey Neistat said it best at the end of his review. He started out the video just trying to be silly around New York City and get people’s reaction to someone wearing technology that no one had really seen yet, but he ends the video saying he was actually surprised how much the product moved him, and how it just feels like Apple is tapping in to the future with this product. I feel the exact same way. There is a lot that can and will improve on this, but it feels like Apple is really tapping into something big here, and it feels like the future.

Other reviews

Here are some of the reviews I liked that do a great job of going into the details.

Apple’s Guided Tour -

A Guided Tour of Apple Vision Pro

Casey Neistat’s Video -

the thing no one will say about Apple Vision Pro

MKBHD -

Using Apple Vision Pro: What It’s Actually Like!

Apple Vision Pro Review: Tomorrow's Ideas... Today's Tech!

The Verge -

Apple Vision Pro review: magic, until it’s not

iFixit Teardown -

Vision Pro Teardown Part 2: What’s the Display Resolution? | iFixit News

For small businesses, transitioning to Google Workspace can be a swift and streamlined process. In just one day, your organization and its users can master the suite of applications offered by Google Workspace. A plethora of resources and tools are at your disposal, empowering companies to manage this transition on their own, both efficiently and effectively.

Yet, this raises an intriguing question: If the switch to Google Workspace is so uncomplicated, why should IT staff consider partnering with a reseller? What unique benefits can a reseller provide? How can their engagement improve your business?

Let's explore these aspects in detail.

The advantage of working with a Google Workspace Reseller

1. A Reseller Can Provide Google Workspace Support
   
   One of the most significant advantages of acquiring Google Workspace through a reseller is the access to specialized, tailored support during the migration process. Opting for a reseller allows businesses to delegate the entire transition, a particularly valuable option for small businesses with limited IT resources. Migration demands careful planning and allocation of resources – a challenging task for businesses already stretched thin. A Google Workspace reseller brings invaluable experience and expertise, easing the burden on internal IT staff and setting the stage for a successful transition.
   
   Furthermore, local resellers offer a unique support level that even Google cannot match. They provide on-site, direct assistance, crucial for smoothly migrating users, educating employees about the new platform, and offering continuous support and training. This hands-on approach not only facilitates a seamless transition but also helps in averting potential pitfalls, ensuring a more efficient and error-free migration.
   

2. A Reseller Can Provide Google Workspace Efficiency
   
   While the initial setup of Google Workspace might be manageable without external help, the eventual need for maintenance and support is a critical aspect to consider. Acknowledging this, most resellers provide a range of support plans and training options. These services are tailored to ensure businesses can use Google Workspace efficiently on a daily basis. This support extends beyond mere technical troubleshooting; it encompasses comprehensive guidance to help businesses fully exploit the suite's features and functionalities. Such proactive support and training are invaluable for businesses aiming to optimize productivity and streamline operations, particularly for those without a dedicated IT department.

3. A Reseller Can Alleviate IT Workload in Google Workspace Management
   
   A reseller can play a crucial role in alleviating the burden on IT staff. By offering expert assistance in the setup, maintenance, and troubleshooting of Google Workspace, a reseller can handle complex or time-consuming tasks that might otherwise fall on the internal IT team. This support can be especially beneficial in small businesses where IT resources are limited. With a reseller taking care of the technical aspects, the IT staff can focus on other strategic areas of the business, leading to better allocation of resources and enhanced overall efficiency.

4. A reseller can enhance business software integration
   Most businesses need more than email and basic productivity tools. They often need a suite of software solutions that cater to various aspects of their operations, such as accounting, billing, project management, and more. When you purchase Google Workspace through a reseller, you gain access to additional expertise and services that can be highly beneficial.
   
   A knowledgeable reseller can help identify and integrate additional products and programs that work seamlessly with Google Workspace. This ensures that your business's existing software for various functions like accounting, billing, and project management is effectively aligned with the new Google Workspace environment. Such integration is crucial to maintain efficiency and ensure all systems work in harmony.

Opting for Google Workspace through a reseller is a strategic choice that offers the same cost and licensing as direct purchase from Google, but with added benefits. Resellers provide invaluable support, integrating Google Workspace seamlessly with existing systems and offering expert guidance. This approach is especially beneficial for small businesses, as it alleviates the IT workload and enhances operational efficiency without disrupting workflow. Thus, partnering with a reseller is not just a purchase decision; it’s an investment in streamlined productivity and optimized business processes.

What is Zero Trust Security, and why is it important?

In simple terms, Zero Trust is a security philosophy that believes in "never trust, always verify." Instead of assuming everything inside your organization's network is safe, Zero Trust assumes that threats can come from anywhere, be it inside or outside the organization. Traditional security models work under the belief that everything within the company's network is trusted. However, in our increasingly mobile digital world, where people are able to work from anywhere, this model isn't as effective. This is where Zero Trust steps in, providing a more comprehensive approach to security.

However, it's important to understand that Zero Trust is a journey, and it is unlikely to ever achieve “100% zero trust” within any organization. While it might not be possible for all businesses to implement every component of Zero Trust, progressing in this direction and incorporating as many elements as possible is crucial.

While traditional models often focus on building a strong perimeter, Zero Trust considers that threats can be internal as well. It requires continuous verification, making sure that every user, device, and application is validated before granting access. Thinking of security in this mindset also helps isolate the damage an attacker can inflict if they can compromise a specific system by making it more difficult to pivot from one system to others.

Implementing Zero Trust: Recommended Components

At 2Fifteen Tech, we work off the Zero Trust Roadmap, which is a sample architecture provided by Cloudflare in a vendor-agnostic fashion, available here - https://zerotrustroadmap.org/

Here are some bullet points on how 2Fifteen Tech recommends implementing Zero Trust within an organization, based on the Zero Trust Roadmap:

Users

• Establish a Corporate Identity: Secure your domain name, and ensure strong authentication and identity for everyone within your business.

• Enforce MFA for All Applications: Multi-factor authentication is crucial. It should be phishing-resistant, leveraging security keys, device checks, and biometric confirmations.

Endpoints and Devices

• Implement MDM/UEM: Manage corporate devices to verify their authenticity during access.

• Endpoint Protection: Protect against malicious behavior on endpoints, such as laptops and mobile devices.

• Inventory Devices and Services: Know every device, API, and service within your corporation.

Internet Traffic

• DNS Filtering: Block DNS requests to known threats and suspicious domains.

• SSL/TLS Inspection: Inspect encrypted data on the network and enforce security policies.

Networks

• Segmentation: Limit network access only to what's necessary for specific users.

• Close Inbound Ports: Avoid exposing any ports to the public internet.

Applications

• Phishing Protection: Monitor inbound emails and filter out any phishing attempts.

• Inventory Corporate Applications: Be aware of all applications used within your organization.

• Zero Trust for Applications: Enforce Zero Trust policies for all types of applications.

• Protect Against Layer 7 Attacks: Make sure application uptime and protect against cyberattacks.

• Enforce HTTPS and dnssec: Secure your web assets and applications.

Data Loss Prevention and Logging

• Log and Review: Monitor traffic on sensitive applications.

• Define Sensitive Data: Know which data is sensitive and where it resides.

• Data Loss Prevention: Prevent sensitive data like PII or credit card numbers from unauthorized access or leaks.

• Review and Mitigate: Establish a SOC to review logs, update policies, and handle threats.

• Stay Updated: Keep an eye on known threat actors and potential risks.

Ongoing Deployment

• DevOps Approach: Ensure continuous policy enforcement.

• Implement Auto-scaling: Make sure resources can adapt to the demands of your system.

Wrapping Up

Zero Trust isn't just a passing tech fad; it represents a vital cybersecurity strategy aimed at enhancing security without sacrificing the user-friendliness of technology. 2Fifteen Tech can help guide you on your Zero Trust journey.

If you have any questions or want to know how we can help implement Zero Trust within your organization, please reach out!

Protecting Your Business from Business Email Compromise (BEC) Scams

Business Email Compromise (BEC) is a prevalent and dangerous cyber threat that targets businesses through email accounts, posing significant financial and reputational risks. In this blog post, we will explore the basics of BEC, its potential costs, and provide practical tips to protect your business.

Understanding Business Email Compromise (BEC)

BEC is a malicious form of cyber attack that exploits vulnerable organizations and individuals for financial gain. Attackers compromise email accounts to send fraudulent emails that appear legitimate, or in some cases just impersonate or spoof someone within an organization and send emails that look like they are from someone legitimate, tricking victims into making payments or sharing sensitive information. These scams often involve impersonating business partners or customers.

The Cost of BEC

BEC attacks can have devastating financial and reputational impacts. The recovery process and restoring customer trust can strain budgets and damage brand reputation. Investing in cybersecurity solutions and implementing processes to monitor incoming emails for suspicious activity can help prevent losses caused by these attacks.

Tips to Protect Your Business

1. Implement an anti-phishing / anti-spam email security platform.

2. Train staff to recognize and prevent phishing attacks.

3. Ideally, use an advanced Identity Management system that helps control access to all critical systems, but at the very least, implement strong multi-factor authentication for added security.

4. Regularly monitor employee email account login attempts for suspicious activity.

5. Conduct regular audits of networks and systems to identify vulnerabilities.

6. Where possible, implement context-aware access rules to block certain things like logins from foreign countries that may indicate compromised accounts.

By following these tips, businesses can reduce the risk of falling victim to BEC scams and protect their finances and reputation.

Best Practices for Continuous Protection

By implementing these best practices, businesses can safeguard their finances and reputation from BEC scams.

Protecting your business from BEC scams requires proactive measures and a strong cybersecurity strategy. By staying vigilant, investing in the right technologies, and educating employees, you can reduce the risk of falling victim to these malicious attacks.

To learn more about how 2Fifteen Tech can help protect you and your business from Business Email Compromise, schedule a call with us today!

Understanding the NIST Cybersecurity Framework: A Guide for SMBs

Introduction

In today's digital age, cybersecurity has become a critical concern for businesses of all sizes. Small and medium-sized businesses (SMBs) often face unique challenges when it comes to protecting their data and assets. That's where the NIST Cybersecurity Framework comes into play. In this blog post, we will explore what the framework is, why it is important, and how SMBs can leverage it to enhance their cybersecurity practices.

What is the NIST Cybersecurity Framework?

The NIST Cybersecurity Framework, developed by the National Institute of Standards and Technology (NIST), is a set of guidelines and best practices designed to help organizations manage and reduce their cybersecurity risks. It provides a structured approach that enables businesses to identify, protect, detect, respond to, and recover from cyber threats. For managed IT service providers like 2Fifteen Tech, the framework serves as a valuable tool in safeguarding the systems, assets, data, and capabilities of their SMB clients.

The NIST Framework is not a one-size-fits-all solution but rather a flexible guide that can be tailored to the specific needs of each organization. It is structured around five core functions:

1. Identify: Recognize the critical assets and business environment to understand the risks.

2. Protect: Develop safeguards to ensure delivery of critical infrastructure services.

3. Detect: Implement solutions to identify cybersecurity events efficiently.

4. Respond: Develop an action plan to address detected cybersecurity events.

5. Recover: Construct strategies to restore capabilities impaired due to cybersecurity events.

Why is the NIST Cybersecurity Framework Important?

The NIST Cybersecurity Framework is important for several reasons. Firstly, it provides a common language and a standardized set of practices that businesses can adopt to improve their cybersecurity posture. This ensures consistency and facilitates collaboration between different organizations, including 2Fifteen Tech and the SMB’s we support. Moreover, the framework helps businesses align their cybersecurity efforts with their overall risk management strategies, enabling them to make informed decisions regarding resource allocation and investment in security measures.

• Risk Management: It offers a strategic view of the lifecycle of managing risks, helping businesses understand, manage, and mitigate risks effectively.

• Enhanced Security: By implementing the framework, SMBs can strengthen their cybersecurity defenses, thereby protecting data, privacy, and integrity.

• Improved Communication: The framework provides a common language for understanding, managing, and expressing cybersecurity risks internally and externally.

• Compliance: Adherence to the framework can also aid in compliance with various cybersecurity regulations and laws.

Applying the NIST Cybersecurity Framework for SMBs

1. Start Small and Scale
Start by adopting basic elements of the NIST framework and progressively integrate more components as your business grows and evolves. 2Fifteen Tech can help in effectively implementing and scaling these practices without overwhelming your existing systems and processes.

2. Risk Assessment
Engage in a risk assessment process to identify and prioritize risks. Understanding the risk landscape helps in making informed decisions on where to allocate resources for maximum protection.

3. Employee Training
A significant portion of cybersecurity breaches happen due to human error. Train your staff on the importance of cybersecurity, the policies in place, and the best practices to adhere to.

4. Partner with Experts
Cybersecurity is complex and ever-changing. Collaborate with experts like 2Fifteen Tech who have deep knowledge of the NIST Cybersecurity Framework and can provide managed IT services to keep your business secure.

5. Regular Audits and Updates
Conduct periodic reviews and audits of your cybersecurity policies and procedures to identify areas for improvement and ensure that you are always protected against the latest threats.

Conclusion

The NIST Cybersecurity Framework is an invaluable tool for businesses aiming to improve their cybersecurity posture. For SMBs looking for guidance and support in navigating the complexities of the framework and implementing its principles effectively, 2Fifteen Tech is here to help. With our expertise and commitment to cybersecurity, we ensure your business not only understands the risks but is well-equipped to handle them, allowing you to focus on what you do best - running your business. For more information or to get started with enhancing your cybersecurity, contact 2Fifteen Tech today.

October is recognized as Cybersecurity Awareness Month, an ideal time to learn about, engage with, and promote cyber-safety practices. At 2Fifteen Tech, we understand the importance of cybersecurity in our digitally connected world, and we are committed to providing resources and services designed to safeguard your data and online presence.

What is Cybersecurity Awareness Month?

Cybersecurity Awareness Month is a global initiative that aims to educate individuals and organizations about cybersecurity and empower them to protect themselves against online threats. It was launched by the National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Security Agency (CISA) in the United States.

Origins and Significance

The need for Cybersecurity Awareness Month stems from the increasing sophistication and prevalence of cyber threats. With the rapid advancement of technology, our reliance on digital platforms and devices has grown exponentially. Unfortunately, this has also brought about an increase in cyberattacks, data breaches, and identity theft incidents.

This annual campaign provides an opportunity to educate the public and organizations about the potential risks they face in the digital world. It aims to promote safe online practices, raise awareness about emerging threats, and encourage individuals and businesses to take proactive measures to enhance their cybersecurity defenses.

Why is Cybersecurity Awareness Month Important?

1. Education and Empowerment: Cybersecurity Awareness Month serves as a platform to educate individuals about common cyber threats, such as phishing, malware, and social engineering. By increasing awareness, individuals can make informed decisions and take necessary precautions to protect themselves online.

2. Promoting Best Practices: The campaign emphasizes the importance of adopting best practices for cybersecurity, such as using strong and unique passwords, enabling two-factor authentication, keeping software up to date, and regularly backing up data. These practices can significantly reduce the risk of falling victim to cyberattacks.

3. Building a Cybersecurity Culture: Cybersecurity is not just the responsibility of IT departments or security professionals. It requires a collective effort from individuals, organizations, and communities. Cybersecurity Awareness Month encourages the development of a cybersecurity culture, where everyone understands their role in maintaining a secure online environment.

4. Staying Ahead of Evolving Threats: Cyber threats are constantly evolving, and new attack vectors emerge regularly. Cybersecurity Awareness Month helps individuals and organizations stay informed about the latest trends and tactics used by cybercriminals. By staying ahead of these threats, we can better protect ourselves and our digital assets.

Conclusion

As we navigate the digital landscape, it is crucial to prioritize cybersecurity. Cybersecurity Awareness Month provides an excellent opportunity to reinforce the importance of online safety and security. By raising awareness, promoting best practices, and fostering a cybersecurity culture, we can collectively build a safer and more secure digital world.

Follow our blog this month for more blog posts explaining cybersecurity concepts, how to best implement them, and explain some of the tools that we use to help protect our clients.

Google Workspace has taken a step towards making our online experiences both more secure and more convenient with the introduction of passkeys. This new feature has been available with consumer Google accounts for a couple of months, but is now being rolled out to Google Workspace accounts.

What are passkeys?

They're a passwordless sign-in method designed to provide a more convenient and secure authentication experience across websites and apps. Users can now sign in to their Google Workspace apps, such as Gmail or Google Drive, with a passkey using their fingerprint, face recognition, or other screen-lock mechanism. Importantly, this feature respects user privacy – no biometric data is ever sent to Google's servers or other websites and apps.

Why should we care about this change?

Well, Google's early data from March and April 2023 shows that passkeys are twice as fast and four times less error-prone than traditional passwords. Plus, they're available across all popular browsers and operating systems, including Android, ChromeOS, iOS, macOS, and Windows.

Not only are passkeys more convenient, but they're also more secure. They're based on the same public key cryptographic protocols that underpin physical security keys, like the Titan Security Key. As a result, they can be resistant to phishing and other online attacks – more so than SMS, app-based one-time passwords, and other forms of traditional two-factor authentication (2FA).

So, how can you get started with passkeys?

If you're a Workspace admin, you can enable users in your organization to skip passwords at sign-in using a passkey. This setting is off by default, but you can easily change it in the Admin console under Security > Passwordless. If you're an end user and your admin has enabled passkeys, visit g.co/passkeys to start using them in place of passwords or as a 2SV method.

The rollout of this feature began gradually on June 5, 2023, and is available to all Google Workspace and Cloud Identity customers. It may take up to 15 days to see the feature in your environment.

With passkeys, Google Workspace is taking us one step closer to a passwordless future, promising a safer and more user-friendly authentication experience.

Many businesses today are turning to managed service providers (MSPs) to handle their technology needs. However, some companies may not want to outsource all of their IT services completely and prefer to keep some control in-house.

This is where co-managed IT comes in. Co-managed IT is a partnership between a business's in-house IT team and an MSP. While co-managed IT can be a great solution for many companies, there are still some misconceptions about it that need to be cleared up. Here are 4 misconceptions about co-managed IT with an MSP:

1. MSPs will take over all of your IT responsibilities

One of the biggest misconceptions about co-managed IT is that the MSP will take over all your IT responsibilities. This is not true. Co-managed IT is a partnership, meaning the MSP will work with your in-house IT team to provide the services you need. The MSP will not take over your IT responsibilities unless you want them to.

2. Co-managed IT is only for large businesses

Another misconception about co-managed IT is that it is only for large businesses. This is also not true. Co-managed IT can be beneficial for businesses of all sizes. No matter the size of your company, co-managed IT can help you improve your technology infrastructure and streamline your IT processes.

3. Co-managed IT is too expensive

Many businesses believe that co-managed IT is too expensive. However, this is not necessarily true. Co-managed IT can save you money in the long run. Outsourcing some of your IT services to an MSP can reduce your in-house IT costs and increase efficiency. Additionally, many MSPs offer flexible pricing options, so you can choose the services that fit your budget.

4. Co-managed IT is only for businesses with IT problems

Finally, some businesses believe co-managed IT is only for businesses with IT problems. This is not true. Co-managed IT can benefit any business looking to improve its technology infrastructure and streamline their IT processes. Even if your in-house IT team performs well, co-managed IT can help you stay up-to-date with the latest technology trends and best practices.

We understand the importance of co-managed IT and can tailor our services to meet the specific needs of your business. We are here to help you navigate this journey and ensure you get the most out of co-managed IT. Contact us today to discuss how co-managed IT can benefit your business and learn more about how we can support your organization's IT needs.

Google Workspace has announced a set of new AI-powered writing features in Docs and Gmail. These features will help users get started writing by generating drafts of documents and emails based on a topic entered. This means that users can save time and effort that would otherwise have gone into drafting content from scratch. The AI-powered features will also make suggestions for rewriting existing content in a more polished, professional style, allowing users to refine and edit their content with ease.

While the initial set of AI-powered writing features is being introduced in Docs and Gmail, Google plans to add these generative AI capabilities to other Workspace products like Slides, Sheets, Meet and Chat in the future. This will allow users to harness the power of AI to create, connect and collaborate like never before.

Google plans to launch these new AI-based capabilities this month via a trusted tester program, starting with English in the United States, before being made available more broadly to consumers, small businesses, enterprises, and educational institutions in more countries and languages. The goal is to deliver the full potential of generative AI across Workspace, revolutionizing creation and collaboration all over again, just as Google did with real-time collaboration through co-authoring in Docs 17 years ago.

As technology continues to evolve, businesses are finding it increasingly difficult to keep up with the demands of their IT infrastructure. This is where working with an IT managed service provider (MSP) can be beneficial. However, instead of outsourcing all IT responsibilities to an MSP, some businesses work with them in a co-managed fashion. This blog post will explore the benefits of working with an IT MSP in a co-managed fashion.

Increased Flexibility

One of the main benefits of working with an IT MSP in a co-managed fashion is increased flexibility. This approach allows businesses to customize their IT services to meet their specific needs. An MSP can work with the internal IT team to provide additional support and expertise. This allows businesses to maintain control over their IT infrastructure while benefiting from the expertise and resources of an MSP.

Enhanced Security and Compliance

Another benefit of working with an IT MSP in a co-managed fashion is enhanced security and compliance. MSPs have a deep understanding of the latest security threats and compliance regulations. Businesses can ensure their IT infrastructure is secure and compliant by working with an MSP. Additionally, MSPs can provide ongoing monitoring and maintenance to detect and prevent potential security threats before they become significant issues.

Reduced Downtime and Increased Productivity

Finally, working with an IT MSP in a co-managed fashion can reduce downtime and increase productivity. MSPs can provide proactive maintenance and support to prevent issues before they occur. This means that IT infrastructure is more reliable and downtime is reduced. With increased reliability, businesses can focus on their core competencies instead of dealing with IT issues. This leads to increased productivity and improved business outcomes.

Conclusion

In conclusion, working with an IT MSP in a co-managed fashion can provide businesses with increased flexibility, enhanced security and compliance, reduced downtime, and increased productivity. By working together, businesses can benefit from the expertise and resources of an MSP while maintaining control over their IT infrastructure. If you're considering working with an IT MSP, a co-managed approach may be the best option for your business.

Google Workspace is introducing new features and enhancements to Smart Canvas, a set of intelligent tools that helps users work more efficiently and easily. With the latest updates, Smart Canvas now includes more smart chips and a new way to display dates across Google Sheets, making it easier for users to quickly preview and interact with dates, locations, and financial information. Additionally, Google Docs has added a stopwatch chip that can track the time taken to complete an activity, helping users stay on task and on time.

Place Chips

Google Maps place chips can now be added to Google Sheets, allowing users to open the location directly in Google Maps and see a preview of the location or find directions. This feature is especially useful for users who need to include location information in their spreadsheets. By simply typing “@” followed by the place or finance entity, users can easily insert a smart chip into their sheet.

Expanded Date Capabilities

Google Sheets now includes expanded date capabilities with the @ entry point, which provides shortcuts like @today, @yesterday, @tomorrow, and @date. Clicking on the date will display a date picker that allows users to update dates as needed. This feature makes it easier for users to work with dates and keep track of important deadlines.

Finance Chips

Users can now add Google Finance entities, such as stocks, mutual funds, and currencies, into a Google Sheet. The finance chips provide users with information depending on the entity type. For example, for stocks, users can see the company name, listing Index, stock price, and market cap. Clicking the chip will take users to the entity’s dedicated Finance page. This feature is especially useful for users who work with financial data and need quick and easy access to financial information.

Stopwatch Chips

Google Docs has added a stopwatch chip that allows users to track the time to complete an activity. The stopwatch chip can be inserted by typing “@” followed by “Stopwatch” or by navigating to Insert > Smart chips. Users can start, stop, and reset the timer as needed, making staying on task and on time easier.

Google Workspace continues to innovate with Smart Canvas by introducing more smart chips and enhancements to Google Sheets and Google Docs. These new features make it easier for users to work with dates, locations, financial data, and track time. The updates are available to all Google Workspace customers, legacy G Suite Basic and Business customers, and users with personal Google Accounts. The rollout will take place gradually, with feature visibility beginning on February 23, 2023, for Rapid Release domains and March 9, 2023, for Scheduled Release domains.

What is a supply chain attack, and how does it affect your organization? A supply chain attack is a type of cyberattack that targets an organization's external suppliers and vendors. This can lead to financial losses, damage to reputation, and costly recovery efforts.

Cyber supply chain risk management is an essential component of any organization and is critical to maintaining order and protecting the bottom line. It involves identifying and mitigating potential risks from various sources, such as third-party vendors, their products and services, and other external factors.

By implementing best practices, organizations can mitigate the impact of a cyberattack and ensure that their security standards are met. Additionally, proactive measures can be implemented to further protect against cyberattacks, such as regular security audits and employee training. By taking the time to assess and address potential risks, organizations can reduce the likelihood of a successful attack and ensure the security of their data and resources.

Recommended Security Practices

Adopting best practices is essential in managing data, systems, software, and networks. Preventative measures are far more beneficial than reactive solutions when addressing supply chain risks. Some of these practices include:

• Having a comprehensive cyber defense strategy. This involves taking a proactive and holistic approach to protecting your business from threats within your supply chain. Focus on identifying and assessing potential vulnerabilities, implementing robust security measures to prevent attacks, and developing contingency plans in case of a breach.

• Conducting regular security awareness training. Educate all employees about how even a minor mistake on their part could severely compromise security. Train them to identify and avoid potential threats, especially those from your supply chain. Remember that drafting and implementing an effective security awareness training program should not be a one-time affair. It should take place regularly to ensure all stakeholders are on the same page.

• Implementing access control. Enabling an access control gateway allows verified users to access your business data, including those in your supply chain, and helps minimize the risk to sensitive data. Both authentication (verifying the user's identity) and authorization (verifying access to specific data) are crucial in implementing a robust access control strategy. Additionally, you can restrict access and permission for third-party programs.

• Continuously monitoring for vulnerabilities. Continuously monitoring and reviewing the various elements and activities within your supply chain can help identify and address potential security threats or vulnerabilities before a cybercriminal takes advantage of them. This can be achieved with tools and technologies, such as sensors, tracking systems, and real-time data analytics. Continuous monitoring can also help you identify and address any bottlenecks or inefficiencies in your supply chain, leading to improved efficiency and cost savings.

• Installing the latest security patches. This practice enhances security by ensuring that all systems and devices are protected against known vulnerabilities and threats. Usually, software updates that fix bugs and other vulnerabilities that hackers might exploit are included in security patches. By installing these patches promptly, you can help safeguard your business against potential attacks or disruptions and reduce the risk of other negative consequences.

• Developing an incident response strategy. An incident response strategy is a plan of action that outlines ways to handle unexpected events or disruptions, including those resulting from a supply chain attack. This strategy helps ensure that your organization is prepared to respond effectively to any potential security breaches or other issues that may arise. Some components of a supply chain incident response strategy may include identifying potential threats and vulnerabilities, establishing clear communication channels and protocols, and identifying key stakeholders who should be involved in the response process.

• Partnering with an IT service provider. Partnering with an IT service provider can help reduce supply chain vulnerabilities by providing expert support and guidance in cybersecurity, data protection, and network infrastructure. This can help reduce the risk of data breaches and other cyber threats and ensure your systems are up-to-date and secure. An IT service provider can help you implement and maintain robust security protocols and processes to help you strengthen your supply chain security and protect your business from potential threats.

Adopt these best practices before it's too late. Supply chain security is a complicated and multifaceted issue, and the best practices suggested above are the start of what you need to do to avoid security incidents. Trying to put all of these measures in place can be daunting.

One effective way to begin is by partnering with an IT service provider. They can provide the support and guidance you need to ensure your business has a secure and safe future. Don't go it alone – get in touch today and let them help you take the first steps towards a safer future.

This week, LastPass posted more information about a recent compromise that impacted their customers, and it’s much worse than they initially thought. As reported by The Verge, hackers were able to copy customers’ databases. While these are encrypted, which should make it difficult for a hacker to actually see anything login info in your LastPass account, if you do not have a strong Master Password, it’s possible that they could brute force your password. Additionally, some reports have speculated that metadata, such as which sites the passwords were to, may have been compromised. This type of information can also be valuable, as specific information about you can be used in a Spear Phishing attack.

Using a password vault is important because it allows you to store and manage your passwords in one central location securely. This is especially important because it is common for people to use the same or similar passwords for multiple accounts, which can leave them vulnerable to security breaches. Using a password vault, you can create unique, strong passwords for each account and protect them with a single master password. This helps to reduce the risk of your accounts being compromised and keeps your personal information more secure. Additionally, password vaults often have features such as automatic password generation and two-factor authentication, which can further enhance the security of your accounts.

Unfortunately, this has been a bit of a pattern for LastPass this year, and at this point, we recommend moving off of LastPass and rotating your passwords. We recommend working with our partner, 1Password. 1Password is architected in an extremely secure way, and offers many great features.

If you would like to learn more about 1Password and how it can help your organization, or want some assistance migrating off of LastPass into 1Password, please reach out to us.

If you're a business owner, you've probably heard a lot of talk about cloud backups and why they're essential for protecting your data. But with all the hype and misinformation out there, it's easy to get confused about cloud backup and how it can benefit your business. In this blog post, we'll demystify some common myths about business cloud backups and explain why hiring a managed IT services company can help you implement and maintain an effective cloud backup solution.

Myth #1: A cloud backup is the same thing as storing data on a remote server

Many people assume that a cloud backup is simply a way of storing data on a remote server, but this is not the case. A cloud backup is a separate system that is designed specifically for backing up data and ensuring that it is secure and easily accessible in the event of a disaster or data loss. This means that a cloud backup is not the same thing as simply storing data on a remote server, and it provides a higher level of protection and reliability.

Myth #2: Cloud backups are expensive and only for large businesses

Another common myth about cloud backups is that they are only for large businesses with deep pockets. In reality, cloud backups can be affordable for businesses of any size, and the cost is often offset by the peace of mind and increased productivity that comes from knowing that your data is safe and secure. A managed IT services company can also help you implement a cloud backup solution tailored to your specific business needs and budget.

Myth #3: A cloud backup is a one-time process

Cloud backup is not a one-time process but rather an ongoing process requiring regular maintenance and updates to ensure your data is always protected. This is where a managed IT services company can be beneficial. By hiring a managed IT services company, you can trust that your cloud backup solution will be monitored and maintained on an ongoing basis, giving you the peace of mind that your data is always safe and secure.

In conclusion, business cloud backups are an essential tool for protecting your data and ensuring that your business can continue to operate smoothly in the event of a disaster or data loss. Despite some common misconceptions, cloud backups are affordable and effective for businesses of any size. Hiring a managed IT services company can help you implement and maintain a cloud backup solution tailored to your needs. Don't leave your business data vulnerable - consider implementing a cloud backup solution today.

A new year is just around the corner, and this is a great time to work on your budget for next year.

It’s important to understand that technology shouldn't be an afterthought in today’s highly digitized world. It is essential to budget for your technology needs to continue to help innovate, protect, and accelerate your business goals.

In this blog post, we’ll explore a few key things to keep in mind while budgeting for your IT needs.

Always assess your business needs

Technology advances rapidly, and regular technology refreshes become increasingly essential for any company hoping to stay successful. Rather than simply assuming you'll need the same IT budget as last year, take the time to assess your organization’s current needs and how upgrading or moving to different platforms might help your company meet those needs.

Like most technology-backed businesses, you should allocate your IT budget to improve these areas:

Routine IT services

It’s important to start with the day-to-day support of your technology and users. Nearly every business relies on technology to run its daily operations. If the day-to-day support of that technology is neglected, chances are more significant issues will pop up down the road, and they often happen with abysmal timing. Employees also need a resource to help them with their technology to be successful at their job. Technology should help people do their jobs, not get in the way of what they are trying to do. Making sure you budget for supporting the critical technology you already need and having the budget to maintain it is an essential first step with your IT budget.

Projects

Businesses are great at planning projects and other business initiatives during the year, but the technology infrastructure to support those projects is often an afterthought. Working with IT to ensure the infrastructure and technology are in place to support the business initiatives during the year is essential.

Refreshes and upgrades

Another critical aspect of your IT budget should include refreshing or upgrading your infrastructure. Technology moves quickly, so upgrades can often have significant performance impacts.

Additionally, as equipment ages, it becomes increasingly likely that a hardware failure could lead to expensive downtime. Recent supply chain issues have exacerbated the problem, making it often difficult to replace quickly in an emergency. It is essential to work with IT to develop a lifecycle strategy for all critical technology infrastructure to prevent these potential risks and keep things running well.

Security

Nearly everything is online these days; unfortunately, cybersecurity events are happening more frequently than ever. Attackers are becoming more sophisticated, and planning for cybersecurity is becoming more necessary. The unfortunate reality is that even if cybersecurity was never a concern in the past, that does not mean you are safe from everything in the future. You don’t need to throw every security tool available into your environment. Still, you should work with IT to identify the highest cybersecurity risks to your business and begin by budgeting to address those gaps.

Accidents or incidents

Unfortunately, you can never predict everything you need during the year. It is essential to set some budget aside for things you can’t anticipate, such as accidental damage, theft, or any other things that could happen.

An IT service provider might be what you need

An IT service provider like 2Fifteen can guide you through anything IT-related, including cybersecurity, backup, compliance, budgeting, and more.

Internal support: Internal IT department or IT team

The most common type of support is through an internal IT department or IT team. Usually, businesses with a committed IT team are enterprises, while small businesses may have only one IT staff member or none at all.

External support: Outsourced IT service provider

An external IT service provider, like 2Fifteen, can support your business in multiple ways, such as assessing your IT infrastructure to formulate a plan for budgeting decisions, providing advice on the best IT solutions, and assisting with implementation and setup.

Hybrid support: A combination of internal and external IT services

If you have an existing internal IT team but have areas they cannot cover, you can outsource those areas to an external specialist.

Outsourcing your IT needs or opting for hybrid support alongside your internal IT team can reduce stress since our specialists can help lighten the load and show you the right way to prepare a budget. To get started, contact us today for a no-obligation consultation.

In today's digital world, safeguarding your organization's online assets is critical. Unfortunately, poor password hygiene practices by some employees cause problems for many small businesses, leaving them vulnerable to hackers.

Cybercriminals are constantly trying to find new ways to break into business systems. Sadly, too often, they succeed thanks to weak passwords. In fact, nearly 50% of cyberattacks last year involved weak or stolen passwords.* This calls for small businesses like yours to step up and take password security seriously and implement strong password policies.

Password best practices

When your team is aware of password best practices, they can significantly ramp up your cybersecurity.

Use a password manager

One of the most important things to keep your passwords safe is to use a password manager. A password manager helps you create and store strong passwords for all your online accounts. Password managers can also help you keep track of your passwords and ensure they are unique for each account.

Implement single sign-on (SSO)

Single sign-on is a popular password solution that allows users to access multiple applications with one set of credentials. This means that you only need to remember one password to access all your online accounts.

While SSO is a convenient solution, remember that all your accounts are only as secure as your SSO password. So, if you're using SSO, make a strong, unique password that you don't use for anything else.

Avoid reusing passwords on multiple accounts

If a hacker gains access to one of your accounts, they will try to use that same password to access your other accounts. By having different passwords for different accounts, you can limit the damage that a hacker can cause.

However, avoid jotting down your passwords on a piece of paper and instead depend on a safe solution like using a reliable password manager.

Make use of multi-factor authentication (MFA)

One of the best ways to protect your online accounts is to use multi-factor authentication (MFA). In addition to your password, MFA requires you to enter a code from your phone or another device. Even if someone knows your password, this method makes it much more difficult for them to compromise your account.

While MFA is not perfect, it is a robust security measure that can assist in the protection of your online accounts. We recommend that you begin using MFA if you haven't already. If you use MFA, make sure each account has a strong and unique code.

Don’t use the information available on your social media

Many people use social media to connect with friends and family, stay up to date on current events, or share their thoughts and experiences with others. However, social media can also be a source of valuable personal information for criminals.

When creating passwords, you must avoid using information easily obtainable on your social media accounts. This includes your name, birth date, and other details that could be used to guess your password. Taking this precaution can help keep your accounts safe and secure.

An IT service provider can help you

As cyberattacks become more sophisticated, you may not be able to devote sufficient time and effort to combat them. As an IT service provider, we can help implement a Password Manager, ensure that password policies are in place to ensure strong passwords and consult with you on other ways to help keep you and your business safe. We also partner with market-leading 1Password to help businesses set up and maintain their password vaults.

Schedule a no-obligation consultation with us today to learn more about how we can help protect you from poor password hygiene, and how we can help set you and your business up with 1Password.

Now that you know how to keep your passwords safe, download our infographic by clicking here to learn how to keep your email inbox safe.

Source:

* Verizon DBIR 2022

As the business world becomes increasingly digitized, you’ll have to tackle several dangers that come with doing business online. Cybercriminals nowadays have several methods to target organizations, from credential hacks to sophisticated ransomware attacks.

This is why it’s critical to think about measures to protect your organization in every possible way. If you are unfamiliar with technology and the cyber threat landscape, it might be hard to know the best strategy to protect your organization. With so much noise about cybersecurity, it can be challenging to distinguish between myth and fact. 

Understanding current and evolving technology risks, as well as the truths behind them, is critical for providing a secure direction for your business. This blog can help you with that, and after reading it, you'll have a better idea of the threat landscape and how to protect your business against it.

Cybersecurity myths debunked

Busting the top cybersecurity myths is essential to keep your business safe:

Myth #1: Cybersecurity is just one solution

There are many different aspects to cybersecurity and they’re all crucial in keeping your business safe. A robust cybersecurity posture includes several layers of defense, including employee security awareness training, physical security measures, and several layers of defenses for your network and devices. You can create a solid cybersecurity strategy for your business by considering all these measures.

Myth #2: Only large businesses become the victims of cyberattacks

Small businesses are typically not going to be targeted with sophisticated personalized attacks that you read about on the news, however, small businesses are still a big target for cybercrime. Often small businesses won’t have the resources to implement enterprise-grade tools and won’t be able to employ a team of security specialists to monitor everything happening on their network and assets, which can make them low-hanging fruit for compromise.

Myth #3: Antivirus software is enough protection

Antivirus tools only protect one dimension of security and are far from a complete solution. Only implementing antivirus software without a more complete security posture would be similar to only locking one door on a house and expecting the whole house to be secure.

Myth #4: I'm not responsible for cybersecurity

Your IT team can help implement the right tools and policies for cyber security, however, everyone in the organization needs to be involved in protecting your business from outside threats. Compromises are getting more sophisticated every day, and your employees need to be aware of what to look for in suspicious emails, downloads, or even social engineering calls. The best way to have an effective cybersecurity program is to have everyone involved.

An IT service provider can help

Cybersecurity is a critical part of any modern business, and it can be intimidating to see how much is involved in protecting your business. This is where an IT service provider, like us, can help.

We have the experience and expertise to handle matters such as cybersecurity, backup, compliance, and much more for our customers. We're always up to date on the latest security landscape and provide you with the tools and guidance you need to stay safe. Contact us today to learn more about how we can help you secure your business.

Want to learn more? Get our eBook that highlights the importance of security awareness training in your cybersecurity strategy. Download it here.