Eleni Leppo

8 Strategies for Managing Work-Related Stress

April 27, 2023 by Eleni Leppo Leave a Comment

April is Stress Awareness Month, making it the perfect time to recognize the impact that work-related stress can have on our overall physical and mental health. While managing stress in the workplace can be challenging at times, implementing the right mindset and strategies can help to reduce its impact and maximize job satisfaction. In this blog post, we will share eight practical strategies for effectively dealing with work-related stress. Implement these to help you strike the right balance between your personal and professional life.

1. Prioritize Your Tasks

One of the most significant sources of work-related stress is feeling overwhelmed by a never-ending to-do list. One way to combat this is to make a list and prioritize your tasks based on their importance and urgency. This approach allows you to focus on the most critical tasks, complete them first, and gain a sense of accomplishment. By prioritizing your tasks, you’ll feel more in control and productive, leading to a more positive work experience. Some great Microsoft tools that you can leverage for managing your tasks include Microsoft Planner, To Do, and OneNote. Watch our latest video by Adam Atwell, Cloud Solutions Architect at KiteTech to learn how you can use Microsoft Planner and To Do to streamline your daily tasks.

2. Manage your Time Effectively

Research has shown that avoiding multitasking and taking regular breaks can be helpful time-management strategies. However, there are numerous time-management techniques available, and it’s important to explore different options to find the ones that work best for you. Additionally, incorporating technology tools such as time-tracking or productivity apps can further help you manage your time more effectively and reduce your stress.

3. Set Realistic Goals

Set achievable goals for yourself that are challenging but not impossible. This can help you feel more confident in your abilities and less stressed about meeting expectations. Also, breaking down bigger tasks into smaller, more measurable steps can help you feel a sense of accomplishment and keep you energized.

4. Practice Positive Self-Talk

Negative self-talk can be a significant source of stress and anxiety. Practice positive self-talk and focus on your strengths and accomplishments instead of dwelling on your mistakes or shortcomings. We talk to ourselves more than anyone else, so Be Nice! Make sure to talk to yourself the same way you would talk to your best friend.

5. Communicate

Talk to family, friends, or colleagues about how you’re feeling. Sometimes just having someone to listen and offer support can be incredibly helpful in reducing stress. There are times that work-related stress can stem from having too much on your plate. If you’re feeling overwhelmed, don’t keep it to yourself. Communicate with your manager about what you are feeling so they can help you come up with a plan of action.

6. Disconnect After Work

It’s essential to disconnect from work after you leave the office. For those working from home, this has become even more challenging as work is so accessible. Set boundaries for yourself and try to avoid continuously checking emails or taking work calls after hours. This can help you recharge and approach work with a fresh perspective the next day. Creating an end-of-day ritual such as shutting the office door and cleaning up your desk can be helpful. Another useful tip is to wrap up your day by reviewing your to-do list and prioritizing the next day’s tasks. This can provide a good sense of closure for the day and help you feel less stressed because you’ll have a clear plan in place to start the next day.

7. Exercise Regularly

Exercise is a proven stress-reliever, so make sure to incorporate physical activity into your daily routine. Exercise helps to reduce stress by increasing endorphins, boosting confidence, and improving your overall sense of well-being. Even just a few minutes of exercise each day can make a big difference, so make sure to schedule exercise into your day to make sure it happens consistently.

8. Take Care of Yourself

Along the same line as exercise, practicing self-care is essential for managing stress. This can include getting enough sleep, eating a healthy diet, and making time for activities that bring you joy and relaxation. Rest allows your mind and body to recover which in turn reduces tension and improves your mental clarity. It is vital to prioritize rest and make time for activities that you enjoy and help you recharge. This can include making time for hobbies you may enjoy like reading or spending time with family and friends.

Conclusion

When left unchecked, work-related stress can have a significant impact on your overall well-being and job satisfaction. However, by implementing these strategies, you can reduce stress, increase productivity, and approach your work with a more positive mindset. Start incorporating these strategies into your workweek and start reaping the benefits. By doing so, you’ll be on your way to a happier, healthier, and more fulfilling work life.

Eleni Leppo

Director of Marketing
Kite Technology Group

Kite Technology Group is Highlighted by The Manifest as Baltimore’s Top Recommended IT Services Provider for 2023

February 7, 2023 by Eleni Leppo Leave a Comment

IT plays an integral role in business and markets this generation. Big or small, your business will ultimately struggle if you don’t have a strong IT infrastructure that can support your operations and empower your team. Here at Kite Technology Group, we have more than three decades of experience helping SMBs across the US conquer their most daunting tech hurdles.

Today is an extremely proud moment for us because we’re here to share exciting news with all of you. During the esteemed The Manifest Company Awards, Kite Technology Group was officially spotlighted as one of Baltimore’s top recommended and reviewed IT service providers this 2023!

We were so honored and grateful when we found out about this award. We’ve been in the industry for decades, and the feeling of seeing our clients appreciate and rave about the benefits our services provide is just amazing. We are so grateful for their partnership and the trust and confidence they have in our capabilities.

To give you a better understanding of this award, The Manifest is a Washington DC business news resource that publishes content about B2B industries, market trends, and the newest technologies. The site annually holds industry honors to praise outstanding firms that share remarkable relationships with their clients. The top 15 leaders from varying categories are determined based on the review count they’ve achieved over the past twelve months.

It goes without saying that our clients helped made this possible for us. We are so appreciative of their gracious support and willingness to share about their experience working with us. Thank you so much for the trust you’ve placed in us.

To learn more about how our Managed IT and Consulting services can help your organization achieve your objectives, please contact us to schedule a conversation! We would love the opportunity to learn more about your business and how we can help.

To hear what our clients have to say about what it’s like working with us, please click here to visit our Clutch Profile and read our reviews!

Adam Atwell Receives Microsoft® Most Valuable Professional (MVP) Award

January 18, 2023 by Eleni Leppo Leave a Comment

It is with great pride we announce that Adam Atwell, Cloud Solutions Architect at Kite Technology Group has been awarded as a Microsoft® Most Valuable Professional (MVP) for 1/1/2023 – 7/1/2024. The Microsoft MVP Award is an annual award that recognizes exceptional technology community leaders worldwide who actively share their high quality, real world expertise with users and Microsoft. We are so thrilled to see Microsoft recognize and appreciate Adam’s extraordinary contributions. To view Adam’s Microsoft MVP profile, click here.

With just over 3,000 awardees worldwide, Microsoft MVPs represent a highly select group of experts. MVPs share a deep commitment to community and a willingness to help others. They represent the diversity of today’s technical communities. MVPs are present in over 90 countries, in more than 40 languages, and across numerous Microsoft technologies. MVPs share a passion for technology, a willingness to help others, and a commitment to community. These are the qualities that make MVPs exceptional community leaders. MVPs’ efforts enhance people’s lives and contribute to our industry’s success in many ways. By sharing their knowledge and experiences, and providing objective feedback, they help people solve problems and discover new capabilities every day. MVPs are technology’s best and brightest, and we are beyond excited that Adam has been welcomed in the MVP community..

To recognize the contributions they make, MVPs from around the world have the opportunity to meet Microsoft executives, network with peers, and position themselves as technical community leaders. This is accomplished through speaking engagements, one on one customer event participation and technical content development. MVPs also receive early access to technology through a variety of programs offered by Microsoft, which keeps them on the cutting edge of the software and hardware industry.

As a recipient of this year’s Microsoft MVP award, Adam joins an exceptional group of individuals from around the world who have demonstrated a willingness to reach out, share their technical expertise with others and help individuals maximize their use of technology.

Please join us in congratulating Adam on receiving the Microsoft MVP award, as well as the additional Microsoft certifications below.

KiteTech 2022 Holiday Gift Guide

December 9, 2022 by Eleni Leppo Leave a Comment

At KiteTech, we love helping people find the right technology solutions for their business. But, we also love technology in general! So, for the holidays we asked our staff what technology they’ve been using that would also make for a great gift. Here’s what they recommended! The below list includes a bit of everything, at a variety of price points, so whether you’re shopping for a loved one, or maybe looking to treat yourself, there’s something for everyone.

Anker Powercore Essential 20000

At some point, everyone finds themselves in a situation where they need a bit more power for their devices: Maybe you’re flying and need your phone to provide in-flight entertainment, on vacation taking lots of video or mobile gaming. Whatever your use-case, Anker’s PowerCore Essential 20000 can provide the extra power you need. Jake Weyer (Project Technician) used his Anker on a recent family vacation to charge not just his phone, but his family’s devices as well. The Anker Powercore provides enough juice to fully charge a phone multiple times and can charge two devices simultaneously. It can charge via USB-C, Lightning, and Micro-USB ($36.52, amazon.com)

Philips Hue Smart Light Starter Kit

Old-school lightbulbs and lightswitches are soooo last century. The Phillips Hue Starter Kit includes the basics to get started with smart lighting, including 2-4 smart bulbs and a Hue Bridge. The starter kit allows you to use your phone to turn lights on/off, set brightness, set color (if you have color bulbs) and control your lights away from home. Each bulb can be independently set. If you really want to feel like you’re living in the future, Philips Hue can integrate with smart home systems like Alexa or Google Home, to allow voice control of your lights ($69-$199, bestbuy.com)

Beats Fit Pro True Wireless Noise Canceling Earbuds

Beats Fit Pro takes the audio quality Beats are known for and expands on it. The Fit Pro provides three different listening modes: Noise Canceling when you just want to hear your audio, Transparency for when you want to hear your audio but also remain aware of your surroundings and Spatial Audio, which uses built-in sensors to adjust sound as the user moves their head, to create an immersive sound experience. Beats Fit Pro are designed for all-day comfort coupled with six hours of battery life (24 hours with the charging case). Beats Fit Pro works for both iOS and Android, but iOS users will further benefit from Siri integration and auto switching between devices ($179.95, amazon.com)

LG C series 65 Inch 4K Smart OLED

Dillon Fornaro (Security Engineer) swears by this award-winning TV. The 4K OLED screen provides fantastic image quality, with excellent contrast and punchy colors, while the 120hz refresh rate also ensures this TV is up to the task for gaming. The TV is no slouch with audio either, with Dolby Atmos support for immersive surround sound. All this is wrapped up in an elegant, pencil-thin display ($1696.99 for the LG C2, amazon.com)

Garmin Smartwatches

(Left: Garmin Forerunner 255s Music. Right: Garmin Instinct 2 Solar)

Jimmy and Krystal Son (Project Engineer and Help Desk Team Lead, respectively) recently traded in their Fitbits for Garmin Smartwatches. “Smartwatch” may be slightly misleading: While these watches have basic smartwatch functionality (notifications, app store, contactless payment) they are less like smartwatches and more akin to activity trackers. Both these watches have much more basic screens than an Apple or Samsung watch (The Instinct 2 has a black and white display), and this is by design: These watches trade vivid displays for greatly increased battery life: 12 days for the 255s Music, and potentially unlimited for the Instinct 2 Solar (50 days is more reasonable). Beyond that, both have an onboard altimeter, barometer, compass, thermometer and GPS, which allows them to provide basic weather and backcountry navigation independent of a data connection. Both watches provide heart rate monitoring, sleep tracking, and calorie burn, and can track a wide variety of athletic activities (Forerunner 255s Music: $400. Instinct 2 Solar: $450, rei.com)

Logitech G733 Wireless Headset

Fun fact: If you’re speaking to one of our help desk technicians, they are likely speaking to you on a Logitech G733 Headset. This headset quickly became popular with our techs due to it’s comfort, battery life (26 hours), convenience (wireless range of 60 feet) and audio and mic quality. Other wireless headsets we had tried would frequently lose connectivity or the mic would pick up too much background noise; not so with the 733. While they are great for meetings and productivity, they’re also great for gaming, so long as you’re on a PC or Playstation; sorry, Xbox fans ($119.99, bestbuy.com)

Rocketbook Core Smart Reusable Notebook

Note-taking apps like Google Keep and Apple Notes are undeniably useful. But, sometimes nothing quite beats the tactile experience of a pen and paper. Rocketbook seeks to bridge the gap between note apps and pen and paper, to provide the best of both worlds. Rocketbook includes 35 or so reusable, glossy paper pages. You take notes on these pages with an erasable pen (not proprietary). The ink from these pens, once dry, will stay put until erased with a moistened cloth. If you want to upload your notes, you can use the Rocketbook app to scan the note, then send it to a note-taking app, online storage or to your email ($18.99-$34, amazon.com)

Tile Slim Bluetooth Tracker

If you’re in the habit of misplacing your wallet or purse, Tile may make your life easier. Tile Slim is a Bluetooth tracking device compatible with IOS or Android, small enough to fit into a wallet, a purse, luggage, etc. Once the Tile is synced with the Tile app on your phone, you can use the in-app Find feature, which will cause the Tile to ring so you can find it (more to the point, whatever you’ve put the Tile in). The Find feature also works in reverse: If you can’t find your phone, but have your Tile Slim, you can press a button on the Tile to locate your phone. The Tile app can also be configured with alerts: If you were to leave your wallet behind at a restaurant, the app can be configured to alert you. Tile Slim has an advertised range of 250 feet with a three year battery life, though the battery isn’t replaceable. The more expensive Tile Pro’s batteries are replaceable. Tile makes a variety of other trackers, including one for your keychain ($24.99, bestbuy.com)

Time to Shop!

So, there you have it! Hopefully, our tech gift guide will ease your shopping experience and is providing you with some ideas of cool items you can add to your gift list! Happy Holidays to you and your loved ones from all of us here at KiteTech!

Jimmy Son

Project Engineer
Kite Technology Group

Case Study: Managed IT Services for Pennsylvania Independent Insurance Agency

November 16, 2022 by Eleni Leppo Leave a Comment

An independent insurance agency using Applied Epic and located in York, Pennsylvania has been working with Kite Technology Group for Managed IT Services since January 2002. Kite Technology ongoing IT Management and technical support.

Project Details

The Client

Introduce your business and what you do there.

I’m one of two owners of a full-service independent insurance agency in York, Pennsylvania.

The Challenge

What challenge were you trying to address with Kite
Technology Group?

We needed a Managed IT Service provider to handle all of our IT needs.

The Approach

What was the scope of their involvement?

Kite Technology Group has provided on- and off-site IT services since January 2002. Over the years, they’ve purchased hardware and software solutions to improve our IT infrastructure. Kite Technology Group’s team has helped us implement Microsoft Teams into our phone system. When necessary, Kite Technology Group comes on-site to execute projects. I’d estimate that they come into our office three times a year.

How did you come to work with Kite Technology Group?

We’ve been working with Kite Technology Group for quite some time, so I’m not sure how the relationship started because I wasn’t with the company at the start of the partnership. However, I believe they had a relationship with the previous owner. I assume their geographical location and existence as one of the few insurance-based IT companies on the market influenced the decision to hire them.

What is the status of this engagement?

We started working together in January 2002 and the engagement is ongoing.

The Outcome

What evidence can you share that demonstrates the impact of the engagement?

Since Kite Technology Group provides us with weekly and monthly reports on the type and quantity of service calls and solutions they provide, I can report that all of those metrics are very good. The entire relationship with them has been fantastic. We trust them completely when it comes to IT management.

How did Kite Technology Group perform from a project management standpoint?

Their team has excellent project management. They use an emailbased management tool to create and track service tickets. From that management portal, their teammates can respond to our service tickets. We communicate with them through phone calls.

What did you find most impressive about them?

We trust Kite Technology Group. Their team is responsive to our needs and understands that we’re in a time-sensitive industry and do their best to respond to us promptly and efficiently.

Are there any areas they could improve?

There is nothing for them to improve.

Do you have any advice for potential customers?

It’s important to give Kite Technology Group the time to learn about your business — meet with them and give them the opportunity to win your business.

Summary of Project Feedback

“The entire relationship with them has been fantastic. We trust them completely when it comes to IT management.”

To check out the live review on Clutch click here. If you are currently working with Kite Technology and would like to leave a review on Clutch, please click here.

Interested in Learning if Kite Technology is the Right IT Partner for Your Business?

We would love the opportunity to meet with you and learn more about your organization’s objectives and goals. To schedule a conversation, please contact us and a member of our team will reach out to you.

Strategies for Recognizing and Avoiding Phishing Attacks

November 10, 2022 by Eleni Leppo Leave a Comment

To understand how to best recognize and avoid phishing attacks, it’s helpful to first understand exactly what phishing is and why it’s a serious threat. We’ve all heard the term before, but it can be more involved than a spam email. Phishing is more of a blanket term to describe someone utilizing social engineering techniques to either trick someone into providing data which could be used to steal their information, compromise an account, or deploy malware.

The crazy thing is, in just the first quarter of this year, over 1 million successful phishing attacks occurred and that’s why it’s so important to understand how to protect yourself against these types of threats.

This article is adapted from the Security Awareness Training: How to Identify and Prevent Phishing Attacks, hosted by Dillon Fornaro, Security Engineer at Kite Technology. You can view the entire webinar here.

Why Phishing is a Serious Threat to You and Your Business

Email accounts are commonly used to reset passwords for other websites – Many times when you’re signing up for something, be it a website or service, they require an email address, right? This is usually used to log in or reset your password in the event you forgot it or wanted to change it. If that email is compromised, anyone with access to it can reset passwords for any of your accounts and services that are using that email address.
Single sign-on allows for one account to authenticate to multiple other services – With the adoption of what we call single-sign on, certain identity providers can be used to log into multiple other services. For example, you’ve probably used your gmail account or microsoft account to sign up for wesbites such as facebook or a line of business application. If that account gets compromised, than those other services are at risk
Non-public information may be stored in a user’s mailbox, opening the organization to hefty fines – Employee email accounts may contain non-public information or sensitive data such as social security numbers, credit card numbers, and a number of other non-public information. If that data is stolen, it could open up your organization to fines and potential lawsuits. This can cost a company thousands to millions of dollars depending on the types of data they handle.
An account compromise can cost a business hundreds of thousands of even millions of dollars – If a business is handling regulatory data, a notification of breach to their customers may be required based on state and federal law. This can put companies out of business and is extremely damaging to their reputation which is hard to recover from.
Threat actors can spread malware across your system and networking resources, causing further damage than just an account compromise – Phishing is also used to push Malware across a companies’ network and systems, completely halting their everyday business which further increases the damage done.

While the list could continue as to why phishing is a serious threat, these few examples should give you a good idea on why it’s so important to take phishing seriously.

The Different Types of Phishing Attacks

Email Phishing

The most common type of phishing is through email. More than likely, you’ve received a email phishing attempt more than once in your lifetime. These emails are created to trick a user into clicking a link, opening an attachment, or some other nefarious goal to compromise the end user. The threat actor may spoof the from address to look like the email is coming from a legitimate domain when it’s actually not legitimate. These threat actors also may utilize what we call cybersquatting. A common form of cybersquatting is called typosquatting. An example of this is when someone registers a domain that looks very similar to a legitimate one to trick the user to thinking it’s safe. Think facebook.com but with an extra o in book. However, since most phishing attempts through email are sent out en masse, they usually contain grammatical errors and are easy to catch if you know what you’re looking for.

Spear phishing

While common email phishing attacks are usually sent out to thousands of people at once based on a wide variety of services, there are other types of phishing attacks that take a more targeted approach which allows for a better chance of compromise. One of them is called Spear phishing. Spear phishing takes a more meticulous approach and attempts to compromise a ‘specific’ user. The key word here being specific. The threat actor usually has some information on the employee that they’re targeting, be it their name, job titles, phone numbers, etc. All of this information is used with the goal to build legitimacy for their request, making compromise more likely. These emails usually are well-crafted from a grammatical standpoint and use words to provide a sense of urgency. These attempted attacks usually have a goal in mind rather than just compromising an account. The threat actors are usually after something specific and they can be tricky to catch.

Whaling

Another more targeted approach to phishing is what we call Whaling. Whaling is type of spear phishing attack as it also takes a targeted approach with previous reconnaissance being done beforehand. However, with Whaling, the threat actor is determined to compromise a high-level executive in the company rather than just any specific employee. The targeted executives usually have access to sensitive information that most employees from the organization do not. If this type of attack is successful, the percentage that there will be additional internal compromises drastically increases. The damages from this type of compromise can be detrimental to the entire organization.

Smishing

Smishing is any sort of phishing attempt sent over a text message or an SMS service. Smishing has actually become increasingly more common over the last few years. Most of you have probably received some sort of smishing attempt show up in your text messages. Common ones are messages that say your bank account has been locked out or that you need to approve a charge on your credit card. These messages usually contain links that will attempt to steal your credentials by sending you to a malicious website or stealing browser cookies to hijack an already authenticated session.

Vishing

Vishing is similar to smishing but it’s conducted over the phone. Vishing attempts will usually have someone call you and pretend to be from a legitimate company like Microsoft or your bank and attempt to trick you into downloading something or giving them information. We are actually starting to see a decrease in overall vishing attempts thanks to some initiatives by the FCC. There are also new technologies being developed by phone manufacturers and wireless carriers to help catch and prevent these types of calls before they reach your phone.

Red Flags to Help You Identify and Avoid Phishing Attempts

Spelling and Grammatical Errors – One of the biggest things to look out for is spelling and grammatical errors. We’ve all been there and accidently spelled something wrong or used a word out of context. But, you will usually be able to tell the difference between a small mistake and a completely botched email from a grammatical standpoint.
Sense of Urgency – “I need this done right now or the payment isn’t going to go through!” “Please hurry because I have an appointment that I need to get to!” These are just a few examples of how someone may try and get you to move quickly before thinking about the request. This is why verification processes are so important, even if they make the workflow a little inefficient. All of us are busy people and it’s common for us to want to get the work done as soon as we can. This is why a sense of urgency is such a common tactic used to try and trick the end user. If something seems a bit too urgent, take a step back and think before you continue on with the conversation.
Infrequent Contact – If we aren’t in the role of onboarding a new client or user, most of the time the people we talk with on a day-to-day basis or our contacts at a specific company usually won’t change very frequently. And if they do, we are usually made aware of that role change ahead of time. There are even controls in the back-end of email protection that can notify you if you haven’t spoken to a contact before.
That’s why it’s important to question any time you receive an email from someone who you haven’t heard from before, especially if their request seems unordinary.
Unusual Requests – I’m sure we’ve all heard of the scam where someone poses as the CEO or President of a company and asks an employee to buy gift cards. While we all love to be rewarded for our hard work, this is usually considered an unusual request. Any requests for confidential information in general should raise an alert. If your company deals with payments or wire transfers, a newer approach is to request payments using cryptocurrency or asking to use a third-party payment platform such as Venmo or Paypal. These types of strange requests can be common and it’s always best to reach out to the person in question directly over the phone before moving forward.
A Generic Initial Greeting – The companies that you deal with will know your name. If an email starts off with a generic sounding greeting such as dear sir or madam, that should raise a red flag. While it’s not hard to get someone’s name to use in a phishing attempt as a lot of the time, it’s right in their email address. But, a generic greeting should make you think before moving forward or at least provide you with a sense that you need to verify further.
The From Address doesn’t match the company’s domain – This method of detecting a fraudulent email isn’t foolproof anymore because some of the spoofing technologies that are available. However, it’s a good first step if you feel a little uneasy about an email possibly being a phishing attempt and can help rule out a lot of the less sophisticated phishing attacks. If it’s coming from a domain that uses the company name, but isn’t the normal email you’re used to seeing them contact you from (think microsofttechsupport.com rather that microsoft.com or possibly a gmail account rather than a companies registered domain), it’s probably malicious.

Do’s and Don’ts to Help You Defend Against Phishing Attacks

Slow Down – Take your time when responding to an email, a phone call, or a text message. Think to yourself about the red flags BEFORE you respond, especially if your gut is telling your something is off. The faster we perform tasks, the higher chance of making a mistake.
Validate the request by calling the sender directly – It never hurts to be too cautious. If you’re communicating with someone and something feels off, give them a call. If someone is attempting to impersonate another person, I’m sure they would want to be made aware. This will also give the person being impersonated a goal to notify their own company and clients to be on the look out.
Keep your information locked down: Purge your social media accounts of non public information and personally identifiable information (PII). The more data you have one someone, the easier it is to deceive them. So, go ahead and remove all of the NPI and PII that’s available on any of your social media accounts. After that, lock down your social media presence by changing your profiles to private so only accepted requests can view your account.
Keep your computer and applications up-to-date – Keeping your applications and software up-to-date is a huge deterrent for common attacks. Many phishing attempts will utilize exploits in out of date software that will only require you to click on a link or open an attachment to compromise your account. Making sure you are turning on auto-updates is crucial to protecting yourself from the latest exploits threat actors may attempt through phishing.
Don’t click directly on links – If you are concerned about a link, especially a shortened URL, hover over it with your mouse to see a pop up of where it’s actually taking you. If you have a link in an email to a web page that doesn’t seem right, bring up your browser and go to the website directly. You can also copy and paste the link on the website virustotal.com which will scan it against a database of malicious URLs.
Don’t blindly open attachments – If an attachment was sent to you, download the attachment first and scan it with your anti-virus software before opening it. You can also forward and submit suspicious email attachments to Microsoft or websites like virustotal.com to scan on your behalf. Or if you can, reach out to your IT provider and have them verify the attachment’s integrity.
Don’t send sensitive information over email or text message – It’s always best to exchange non public information over the phone. But, we do understand that sometimes, emailing this type of information is necessary. If you must send data such as credit cards or social security numbers, be sure that it is at least encrypted and deleted afterwards just in case your account or device is compromised later on.
Don’t use the same password across different websites and services – This one is crucial. We all know that it’s hard to remember all of your passwords for every single website or service out there. Try adopting a password manager into your workflow to help create strong passphrases without the need to remember them all in your head. If an account uses the same credentials as a compromised one, it’s essentially compromised as well. This would be a good time to also implement some sort of darkweb scanning to see which credentials you’ve used have been compromised. Some password managers actually have this feature built in.

Best Practices for Safeguarding Your Business From Phishing Attacks

Implement Multi-Factor Authentication – I’m sure you’ve all heard of this and are currently using it in some way shape or form. A lot of times, an end user who falls for a phishing attack will usually realize they messed up once they’ve handed over their password. That’s why implementing a form of multi-factor authentication on your accounts is crucial to protecting that password compromise from moving to an entire account compromise.
Enable Conditional Access/Geo-IP Filtering for Logins – Conditional access policies use logic to determine whether an account should be allowed to log in based on certain parameters. Those parameters can be set to things such as allowed devices, security control requirements, and even geographical locations. If you have the ability to implement conditional access policies or something similar, it will greatly help prevent an account compromise as it enforces these controls across the entire business.
Purge Your Company’s Social Presence of NPI – Remove any non-public information on company websites: It’s nice to have contact information on your website. It allows for your clients to easily find and reach out to the appropriate person for their needs. Things like email addresses, direct phone number extensions, etc. While this may be convenient from the standpoint of client communication, it also provide threat actors with easily accessible intelligence on your company and employees that can be used for a targeted approach. It’s best to have a department wide email for client contact and forward them internally to the appropriate person.
Refrain From Keeping Emails Past Regulatory Retention Requirements – Do not use mailboxes as storage – purge emails that contain non-public information: A lot of us are dealing with NPI through email communication on a daily basis. Whether it’s a users’ SSN, drivers license, credit cards, etc, mailboxes were never meant to be used as a storage account for this type of information. It’s important to implement proper retention, archiving, and purging policies to either move this information into a more secure database, or remove it altogether.
Deploy a Spam Filtering Service – It’s best to utilize some sort of spam filtering policies through a third-party or your email provider. These policies are the first line of defense at catching phishing attempts sent to your employees and should be configured to a proper standard, even if it may delay some emails in the process.
Enroll Employees in Security Awareness Training and Simulated Phishing exercises – Spam filters aren’t perfect. If your spam filter fails (which at some point, it will), your next line of defense is the recipient of that phishing email, the end user. That is why it’s crucial to keep up to date on the latest threats by enrolling users in security awareness training and simulated phishing exercises in your environment. These solutions teach strategies for avoiding phishing attacks and will teach employees how to identify and protect themselves from not just phishing, but all types of threats.
Utilize DKIM/DMARC/SPF Records – This is a more technical concept and you don’t necessarily need to understand how these technologies work. From a basic standpoint, they’re used in the back end to authenticate an email and its sender which then determines what should be done in the event it can’t be validated. Like I said, the technology behind how this works isn’t relevant. The most important aspect that I want you to take away from this concept is to make sure you’re utilizing these solutions by contacting those who are managing your email.
Purchase Cyber Liability Insurance – Last but not least, cyber liability insurance. Compromised accounts can lead to an entire disruption of a business. You can be infected with malware such as ransomware which will completely lock down your organization and cost a company millions of dollars. It’s best to have the peace of mind that you are financially covered in the event this happens to you as these events can put a company out of business.

Conclusion

While protecting yourself and your organization from phishing attacks is challenging, education and awareness are key. Implementing the strategies we’ve mentioned here, can go a long way in helping you recognize and therefore avoid phishing attacks. You can also check out the recorded webinar to watch the complete security awareness training.

Kite Technology is committed to helping businesses across the country with their IT and security needs. Contact us to learn more about what we do and how we can help you leverage technology for greater security and business success.

Dillon Fornaro

Security Engineer
Kite Technology Group

Digital Hygiene Series: Must-Have Practices for Stronger Online Security

November 10, 2022 by Eleni Leppo Leave a Comment

So far in our Digital Hygiene Series, we have focused on keeping your systems neat and orderly. However, the most important component of digital hygiene includes practices for stronger online security. A security vulnerability can quickly wipe out all the benefits of good digital hygiene. In this last article of our series, you will learn five vital practices that you can leverage to better secure your systems and accounts and protect your data and identity.

1. Enable MFA on All Accounts

If you only take away one thing from this entire article, make it this: MFA is the single most important security feature you need. MFA (multi-factor authentication) is a second layer of authentication you set up on your accounts so that after you supply your username and password, you supply another form of authentication. This can be a code sent to you in a text message or a push notification to your mobile device. This way, if a hacker does get their hands on your password, they are still unable to log into your account because they don’t have this second layer of authentication. Many services, like banks and insurance companies, require MFA when you establish your account. As someone who cares about your security, you should not only set up MFA on those accounts where it is required, but you should also seek out MFA on new accounts you create even when they don’t require it.

2. Use Strong Passwords

Simple passwords are easier to crack, so if you use passwords that are short and contain all lowercase letters, you run a high risk of having your accounts compromised. Complex passwords generally contain a combination of lowercase, uppercase, numbers, and symbols, and adhere to a minimum number of characters. Different sources give different recommendations for minimum password length. I recommend at least 16 characters, but the longer the better. You should also avoid using words or phrases that are easy to guess, such as your initials, the current year, or your birthday.

3. Use Unique Passwords

In addition to making sure all your passwords are complex enough, you should also never repeat the same password on more than one account. The simple reason is that if your password is compromised once, the attacker now has access to all your accounts that use that password. Ideally, your passwords would not even be similar, like adding an exclamation point, or using the same word or phrase but using all lowercase in one password and all uppercase in another. Minor differences are still easy for an attacker to guess.

4. Use a Password Manager

Using passwords that are both complex enough and entirely unique from one another is a huge challenge. A password manager program, such as LastPass or RoboForm, can help tremendously. These programs allow you to store your passwords for all your different accounts so that you don’t necessarily have to remember them. Then, the password manager can input your passwords and log in to your accounts when you need them. Additionally, some password managers offer other features, like health checks that scan all your passwords and alert you on things like repeated passwords or passwords that have not been changed for a long time. Keep in mind: you MUST ensure your password manager is protected by a highly complex password as well as multi-factor authentication.

5. Monitor the Dark Web

The dark web is a part of the Internet that is not indexed by search engines and can generally only be accessed by special programs or browsers. The dark web is most infamous for the criminal activity that takes place there. One form of criminal activity is the resale of compromised data, which means that if your data (including passwords) somehow get breached, they may be available to bad actors on the dark web. There are services you can use to run scans on the dark web to find out if your email address or username is associated with any data breaches. Then, you should immediately change your password or take whatever measure is appropriate to secure your data. Some services can run scans for you automatically and alert you when a threat is found. If you are part of an organization, your administrator or IT provider should be running these dark web scans for you.

Conclusion

Incorporating these practices will go a long way in strengthening your digital hygiene. They will serve as an important first line of defense against new and changing digital threats like malicious emails, social engineering, phishing, and more. Most data breaches are caused by human error, so it’s important to have good security practices in place and remain vigilant in order to protect ourselves as much as possible.

Could your organization benefit from a thorough review of your security practices? If so, please don’t hesitate to reach out to us to schedule an initial conversation. We would welcome the opportunity to learn more about your business and how we can help.

Digital Hygiene Series:

Daniel Gilbert

Chief Operating Officer
Kite Technology Group

Considerations for Selecting a Cloud Phone System for Your Business

October 21, 2022 by Eleni Leppo Leave a Comment

As a business owner, you know how critical it is to have a reliable phone system for your business. However, choosing a new system can be overwhelming because there are so many options on the market.

Transitioning from and upgrading an on-premise business phone system to a cloud phone system (VoIP) can be exactly what you need to take your operations to the next level. Given the growing remote workforce, it is more vital than ever to select a business phone system that includes a wide range of valuable calling, collaboration and mobile tools that your employees can use whether they’re in the office or working from home. However, not all cloud phone systems are created equal, and providers offer a wide variety of options and services that can confuse even the most tech-savvy of individuals.

Here we’ll cover what to consider when choosing a cloud business phone system. This guide is adapted from the Selecting Your Next Business Phone System webinar, hosted by Kite Technology—view the entire video here.

Why Get a New Cloud Phone System?

Many established organizations have had their same phone system for years. These systems are reliable and can work for a long time—maybe too long. Because the phone keeps ringing, many will take the approach of, “if it ain’t broke, don’t fix it.”

But our work has changed. There are three main reasons why a new phone system can help accelerate your business operations:

New tools require new integrations: Microsoft 365, Zoom, Google Teams, Slack, and all the other common tools used regularly in the office should be seamlessly integrated into a cloud phone system for optimal results.
Employees need (and want!) flexibility: The rise of remote work and offshore teams means employees need a more flexible phone system to complete their work.
Customer demands: Despite the importance of a phone system, calling is not all that important for many customers. They’re expecting live-chat services, texting, or other ways to connect with the company in addition to phone calls.

These factors mean that most companies need to upgrade their system to meet modern work demands.

Phone Systems 101

Before diving into what exactly to look for, let’s review the three essential pieces of a phone system. The anatomy of any phone systems is made of three parts:

System (PBX or Private Branch Exchange): This refers to the “brain” of the phone that allows calls to be made on the network. It can be a physical system, a hosted service (i.e., public or private cloud service), or an on-demand “as-a-service” system.
Endpoints: This used to be a physical handset on a desk or conference room phone, but now includes anything to receive calls. Common endpoints today include softphones that operate on Windows or Mac operating systems, and mobile apps that operate on iOS or Android.
Dial tone: This is what connects you to your system. Old analog technology was only available on-premises and operated as a pay-per-line system. Today we use either PRI (Primary Rate Interface) circuit or SIP (Session Initiation Protocol) as flexible connection methods.

The main reason to understand these three parts of a phone system is to know how much variety there can be between options.

Key VoIP Phone System Features

Not all cloud phone systems are made equal. They differ significantly in their features and capabilities, so you need to know what’s important for your business and team. Here are some features to consider:

Flexibility

Flexibility is so important in today’s modern work environment. Phone systems come in a few different formats:

Hot desk or hoteling gives you the ability to walk up to any physical phone in an office space, put in a code, and have it be your personal line for the day.
Mobile apps are the ultimate flexibility and can be installed on any mobile phone.
Omni channel messaging allows for different types of communications, including SMS and MMS.
Remote handsets allow employees to take calls without being tied to a physical phone.
Brower control lets you access a VoIP phone system from a web browser, which is more flexible than a specifically installed app.

Visibility

With a remote or offshore team, visibility is important. Some things to think about:

Presence: Who’s available? Who’s on do-not-disturb? Who’s away from the phone?
Reporting and analytics: How many staff are available? How is the connection? How long is each call?
Receptionist console or switchboard: How will phone-call triage work?

One-to-many communication

Phones aren’t just single person to single person anymore. VoIP phone systems need to manage one-to-many communications such as intercom, overhead paging, call queues, and faxing.

Quality and security

High-quality and secure cloud phone systems are a must today. A few features to consider are:

Call recording: Here, you need to know state recording laws and may need to train people and say if they’re on a recorded channel.
Secure SIP: This is an encrypted channel.
Session border controllers: This is for a physical phone system to ensure multiple units are operating correctly.

How to Choose a New Cloud Phone System?

When choosing a new VoIP phone system, you need to think beyond a simple phone call but at a holistic communication strategy. Here’s how to choose one:

Evaluate your starting point

Know where you are starting by analyzing your current technology, processes, and channels. Here are some questions to ask:

What type of in-office technology do you have?e., CAT3 vs. CAT5 cabling, power over ethernet connections. Connect with your IT department to understand current capabilities.
What do your team members have at home to work with?
Who answers calls in your organization? Is your system easy to use from a client perspective?
What are your communication channels? Do you also use SMS, web chat, or Facebook Messenger? How do they integrate?

Determine where you need to go

After getting a really clear idea on your current capabilities and starting point, you can begin to think about where you want to go in the future. There are some trends you need to plan for:

Remote work: How to people interact with each other? Consider how a strong, streamlined communication system will help mitigate loneliness and trouble collaborating.
Office and home-office upgrades: Think about technological improvements that are needed in your physical space, including routers, cabling, Internet bandwidth, and more.
Security: With people at home, you’ll need to boost security by ensuring there’s a secure SIP and you’re able to report and record calls.
Omnichannel: This refers to the integration of multiple platforms, so that customers can access you anywhere and employees have full visibility of all communications.

Plan for a change

By now, you should know the type of system that will best suit your needs. As your implementing the change, be aware of two last barriers to adoption:

Pricing: Your choices may be constrained by budget. Consider if you’re going to lease or own a system, and what pricing model it’s billed as (per user/extension, per concurrent call, or in minute blocks).
Learning it: It’s hard to make changes, but it’s necessary. Start by identifying people who “get it” and will be champions of change. Then, implement a careful and thoughtful training program to get everyone on board. Videos and cheat sheets go a long way, too!

Choosing a new VoIP phone system is a challenging but necessary, undertaking. You can purchase a new phone system on your own, or you can use strategic IT support services to help make the best decision. Connecting with an IT partner to help you plan and implement your system is vital to a successful transition and adoption. Learn more about our Managed Cloud (VoIP) Phone Solutions today. You can also check out the recorded webinar for more in-depth details on how to choose a VoIP phone system or visit our YouTube channel to check out our other helpful videos.

Kite Technology is committed to helping businesses across the country with their IT needs. Contact us to learn more about what we do and how we can help you leverage technology for greater business success.

Digital Hygiene Series: Tidying Up Your Mobile Devices

October 17, 2022 by Eleni Leppo Leave a Comment

Digital hygiene doesn’t just apply to your computer. It’s also important for your mobile devices. In this fourth article of our Digital Hygiene series, we share 5 strategies for tidying up your laptops, cell phones, and tablets. Applying these strategies will go a long way in helping you get the most from your mobile devices and help you be more efficient on the go.

1. Delete Unused Apps

Just as it is best to keep unused applications off your computer, it follows that you should do the same with your mobile device. It is common to install apps to solve a short-term problem, and if left unchecked, apps like this can be forgotten, taking up storage and maybe even processing power on your phone. As soon as you know you will no longer need a particular app, uninstall it and remove all associated data if you will never need it again. You can also regularly audit your installed apps and remove any that you don’t need. Most mobile devices have an automated process you can enable to identify and even uninstall applications you no longer use.

2. Organize Home Screen

Your home screen should be set up deliberately to give you quick access to all your most frequent functions, and should be organized in a simplistic layout so it is easy to navigate. You can arrange apps into categories and use app folders to contain related apps. Ideally, you want to create enough different categories so that your apps are distributed across them, but not so many categories that you end up with categories containing only one or two apps. This is subjective, but generally you know when your app folders are serving you well and when they aren’t. Another great tool for an organized home screen is widgets. A widget is a bite-sized components of your apps you can put directly on your home screen. Examples include a preview of your calendar or today’s forecast from your favorite weather app. If you have found a home screen organization that works well for you, do your best to always keep it that way by putting apps into the proper folders, placing your most common functions close to the home screen, and making good use of widgets.

3. Storage Consumption

Eliminating unused apps is a good start at managing your storage, but that is just a small piece among more important kinds of data, such as multimedia and old messages. In the storage settings of your mobile device, you can view your used storage and a breakdown of what kinds of data comprises that used storage. You should be aware of how much data your device can store and how much you are currently using so you don’t run into issues from your device filling up. Photos, videos, and music commonly take up the most space, so it is important to learn about the streaming options you have available in your photos and music apps. When set up properly, these features manage the amount of storage you are using on your local device by moving most of your data to the cloud. You should audit your storage often to make sure you stay ahead of issues before they happen.

4. Enable Cloud Backup

Offloading your multimedia as I just discussed is one form of backup, but it is also important that you are running system backups so you don’t lose other kinds of data like contacts, text messages, stored files, and apps. You can set up your backup preferences in your device’s settings to ensure they are happening frequently and reliably. These backups should be running to a cloud service so that if you lose, damage, or otherwise replace your device, you can pick up right where you left off on the new device. Keep in mind, like the data itself, backups take up storage. While it is not a common issue, it is important to avoid running out of capacity in your cloud service to store system backups.

5. Be Intentional About Contact/Calendar Sync

Ever since we have been able to set up multiple different email accounts on our mobile devices, the ability to sync contacts and calendars has been a huge benefit but can also be a huge risk if it is not done properly. I have seen many people with a mess on their hands from a contact list that has taken years or decades to amass and has suddenly become inundated with extraneous or duplicate records, or else has been completely overwritten or cleared. With the proper backups in place, these issues are typically reversible, but not without a painful crash course in the ins and outs of calendar and contact sync. You can choose to keep separate contacts and calendars in your separate accounts, and you can certainly combine them and work off only one list. Whichever method you choose, be sure that the proper default account is selected (in your device’s settings) so that new records you create will go to the right place. The confusion here typically happens when concepts like separate accounts and default account are not well understood, so educate yourself on where your contacts and calendars live, and don’t be afraid to consult an expert if you need help.

Conclusion

As more and more work is done remotely, following these strategies will enable your mobile devices to perform better and help you stay more organized. Keep in mind that if you or your employees are using your personal mobile devices to conduct work, there are crucial security practices that need to be implemented to keep your business and personal data secure. To learn more about this and our Managed IT and Security Services, please get in touch with us to schedule a conversation. We would welcome the opportunity to learn more about your business and how we can help.

Digital Hygiene Series:

Daniel Gilbert

Chief Operating Officer
Kite Technology Group

Microsoft Basic Authentication Deprecation – What This Means For You

September 14, 2022 by Eleni Leppo Leave a Comment

Authenticate: au-then-tic-cate; /ôˈTHen(t)əˌkāt/ – a computer user or process having one’s identity verified.

Why Basic Authentication is Being Retired

Nearly 3 years ago, Microsoft indicated they would be firming up their stance on security by looking to sunset Basic Authentication and fully head towards a Zero Trust model. Basic Authentication has been around for years and has been used by many client applications to authenticate with servers, services, and endpoints. Easy to set up and usually enabled by default, Basic Authentication means the application sends a username and password with every request, which is also often stored or saved on the device.

However, its simplicity is its downfall.

When using Basic Authentication, and attempting to authenticate with a server, Threat Actors armed with today’s tools and methods can easily capture this information (especially when it is not protected behind encryption methods like TLS). This increases the likelihood of reusing the obtained credentials across other endpoints or services which would enable them to gain access to more of your data.

How Modern Authentication Works

Today there are better, more effective ways to authenticate with your servers, services, and endpoints. Modern Authentication uses several entirely different industry-standard protocols along with security tokens that administrators use to approve or revoke access to resources. Modern Authentication allows for multi-factor authentication (MFA), smart cards, certificate-based authentication (CBA), and other third-party identity providers, like Duo.

Impact on Users

What does this mean for you, and will you be impacted? With your personal devices you use to access your work email, it is hard to say. If you are using an older mobile device access that does not have a currently supported operating system, you may be impacted. However, the best way to avoid any interruption would be to download and use the Microsoft Outlook for iOS and Android application. The Outlook mobile application supports Modern Authentication and is our preferred way to have you access your email.

Impact on Your Business

As far as any impact to your business? Shortly after the initial announcement, Microsoft disabled Basic Authentication on any newly created tenant. For any existing tenants, they’ve disabled where they could with minimal impact. But now, the pressure to change has increased, and they are relying on their partners (that’s us) to change as much as we can. For the most recent announcement, Microsoft has stated that any processes actively using SMTP AUTH (a type of Basic Authentication) will remain in place and not impacted. This is largely in part due to many businesses having older multifunction printers and copiers which do not support Modern Authentication when sending scans by email or across a network.

While Microsoft was nice to spare the removal of SMTP AUTH at this time, we would not be surprised if it goes away in the future as Microsoft presses forward towards Zero Trust. If you have not had the conversations with your copier vendors about updating your devices, today is a good day to start the conversation. Newer multifunction devices support Modern Authentication which allows for scanning to places like OneDrive and SharePoint.

How KiteTech Can Help

Kite Tech has been auditing all our tenants behind the scenes and minimizing any impact this may have. Thank you for your continued faith in us and working with us to keep your environment safe and secure.

If you have any questions, please feel free to reach out to your Client Experience Manager or email the Help Desk support line. As always we are here to help you navigate the ever-changing world of technology we live in.

If you’re not currently working with Kite Technology and would like to learn more about our Managed IT Services, please contact us to schedule a conversation. We would love the opportunity to learn more about your business and how we can help you achieve your goals.

Chip Seelig

Director of Service Management
Kite Technology Group

Case Study: Managed IT Services for California Independent Insurance Agency

September 8, 2022 by Eleni Leppo Leave a Comment

An independent insurance agency using AMS360 and located in San Fransisco, California hired Kite Technology Group for managed IT services. They handle the server, provide support, and modernize security procedures. Currently, they’re migrating the system to Microsoft 365.