In today’s digital age, small businesses and nonprofits are becoming prime targets for cyber threats. With the rise in sophisticated hacking techniques and the increasing importance of data security, now more than ever it is crucial for organizations to understand the risks they face and how this impacts existing operations.

In this comprehensive guide, we’ll explore ten of the most common cyber threats that small businesses and nonprofits encounter. We’ll also provide you with valuable insights and resources to help you protect your organization from these threats.

1. Phishing Attacks

That sketchy email is probably sketchy.

Phishing attacks are a form of social engineering, and rely on clever tactics employed by cybercriminals to manipulate individuals into revealing personal information or taking harmful actions. These attacks often involve deceptive emails, messages, or websites designed to mimic legitimate sources, such as banks, social media platforms, or online retailers. The goal is to trick users into divulging sensitive information like passwords, credit card details, or personal identification.

Classic Phishing

In a classic phishing attack, cybercriminals send fraudulent emails that appear to originate from legitimate sources. These emails often mimic trusted organizations, such as banks, social media platforms, or government agencies. The goal is to trick recipients into clicking on malicious links, downloading harmful attachments, or providing personal information like login credentials or credit card details.

– Example –

Imagine receiving an email that appears to be from your bank, urgently requesting you to verify your account by clicking on a link and entering your username and password. The email includes the bank’s logo and formatting, making it look authentic. However, it’s a phishing attempt designed to steal your banking credentials. It could look a little something like this:

Subject: Urgent: Account Security Alert

Dear Customer,

We have detected unusual activity on your account that requires immediate action. Your account has been temporarily locked for security purposes.

Please click on the link below and enter your login credentials to verify your identity and unlock your account:

[Malicious Link]

Failure to verify your account within 24 hours will result in permanent account suspension.

Thank you for your cooperation.

Sincerely,
The Security Team

Potential Risk: Devastating. You really don’t want your banking information in the hands of criminals, right?

Mitigation: Don’t click or download anything suspicious. Ever. Employee training on recognizing phishing attempts, email filtering systems, and use of two-factor authentication (2FA) are an absolute must here.

2. Ransomware

Don’t end up being held hostage.

Ransomware attacks have become more sophisticated over the years, posing a significant threat to individuals and organizations alike. These attacks involve malicious actors encrypting data and demanding a ransom for its release. However, the landscape has evolved, and attackers are now employing more advanced tactics. In this blog post, we will explore the evolving nature of ransomware attacks, including the addition of data leakage as a means of extortion. We will also provide valuable insights on how to protect your data from these threats.

Wait, isn’t data encryption a good thing?

Data encryption allows you to protect data with a key – think of it as a super long, super strong password that makes data unreadable without it. Something as simple as “123 Elm St.” could become something like “68v/j6bLaZtpseMYr/xgJg==”. So, if a hacker tried to decrypt your client’s address, the data would be useless without the key. The problem is, that encryption ransomware attacks turn this problem around: imagine that the hacker is the only one with the key, and all of your data and files get turned into something like the example above.

All of your data and your files basically become unusable unless if you are able to obtain the decryption key from the attacker. Ouch.

– Example –

A healthcare facility experiences a ransomware attack that not only encrypts patient records but also exfiltrates sensitive medical information. Attackers threaten to publish this data on the dark web if the healthcare provider does not meet their ransom demands. Current ransomware demands are believed to average $740,000 USD per incident.

Recognizing Ransomware Attacks

Ransomware attacks can be difficult to detect until they’ve already taken hold of your systems.

Potential Risk: Years of data become inaccessible, a halt to your operations, and worst of all, the potential leak of all sensitive data, including customer data.

Mitigation: Regular data backups, up-to-date security software, employee education, and a robust incident response plan. Social engineering can play a huge role in the success of malware attacks – as it did in the September 2023 attack on MGM.

3. Malware Infections

Yup, computer viruses are still a thing.

Malware, short for malicious software, is a broad term encompassing a wide range of software programs designed with malicious intent. These programs infiltrate systems or devices, compromising their security and potentially causing harm. Understanding the types and methods of malware infections is vital for effective defense.

The Malware Landscape

The world of malware is vast and continually evolving. Common types of malware include viruses, worms, Trojans, ransomware, spyware, adware, and rootkits. Each type has unique characteristics and capabilities, but they share a common goal: to infiltrate and compromise systems.

– Example –

Consider a scenario where a user unknowingly downloads a seemingly harmless file attached to an email. The file contains a Trojan horse, a type of malware disguised as a legitimate program. Once executed, the Trojan opens a backdoor, allowing unauthorized access to the user’s device.

Potential Risk: Various types of malicious software that can damage systems or steal data.

Mitigation: Updated antivirus software, employee training, and regular software patching.

4. Weak Authentication

It’s time to give up on 123password – sorry.

Authentication is the process of verifying the identity of users, systems, or devices attempting to access digital resources. Weak authentication refers to authentication methods and practices that lack the robustness and security required to adequately protect against unauthorized access. Understanding the implications and consequences of weak authentication is fundamental to effective defense.

Imagine a scenario where an online banking platform relies on a simple username and a static password for authentication. An attacker who obtains or guesses a user’s password can access the victim’s account, potentially resulting in unauthorized transactions and financial losses.

Potential Risk: Weak passwords allow malicious third parties to gain access to your most important data, such as online banking or email.

Mitigation: Strong password policies, 2FA implementation, and regular password changes.

5. Unpatched Software and Hardware

Yes, waiting for Windows Update sucks. But you really, really need it.

Unpatched software and systems refer to computer programs and infrastructure components that have not received essential updates, patches, or security fixes. These unaddressed vulnerabilities are a prime target for cyber attackers seeking to exploit weaknesses for various malicious purposes. Understanding the significance and consequences of unpatched systems is crucial for effective defense.

Potential Risk: Data breach, downtime, and all sorts of nasty stuff.

Mitigation: Calendar regular system updates with your IT staff to work around downtime and ensure that updates are down in a prompt manner. Your OS probably has automatic settings to help you plan this.

6. Social Engineering

If someone calls saying that they are Bob from IT, really make sure that it’s Bob from IT.

Potential Risk: Digital apocalypse. Data breach, your most sensitive data being posted to socials, leaked to competitors, the media, and pretty much every terrible thing that you don’t want to see happen. Malicious actors could not only get your data, but also end up with full control of your IT systems, which in some cases could mean control over your business.

Mitigation: This one is scary – train your staff extensively, and consider implementing procedures and policies to mitigate risks from outsiders.

7. Data Breaches

Pretty much the last thing that you ever want to experience.

A data breach is an incident where an unauthorized party gains access to sensitive or confidential data, potentially compromising its confidentiality, integrity, or availability. Data breaches can occur through various means, including cyberattacks, insider threats, or accidental exposure. Understanding the implications and consequences of data breaches is crucial for effective defense.

The consequences? Many. We’ve gone over them in detail in our cyber security guide, which you can get for free here.

Potential Risk: Unauthorized access to sensitive data, leading to exposure or theft; being ridiculed in the media and lawsuits from your customers (ouch).

Mitigation: Encryption, data classification, and a robust incident response plan.

8. Shadow IT

Sometimes you can’t be the fun boss that allows for BYOD.

From a technical perspective, we would explain Shadow IT as: Shadow IT poses a multifaceted challenge in cybersecurity. It occurs when employees or departments within an organization adopt and use IT solutions without the knowledge or approval of the IT department or management. These unauthorized systems and applications can introduce vulnerabilities, complicate security efforts, and lead to various issues.

What it really boils down to is allowing employees to use unauthorized apps or hardware. Often, this may not be an issue, and mobile devices can blur the lines between work and personal items, but BYOD (Bring Your Own Device) can bring huge security risks into your business. Imagine someone connecting an out of date or compromised device to your network. This could wreak havoc on things, and quickly. You also need to watch out for well meaning employees who might use pirated or grey market software to create work for you – this can lead to unwanted ownership issues or liabilities.

Potential Risk: Unauthorized or unmonitored use of devices, software, or services within the organization which can lead to significant losses or breaches.

Mitigation: Establish clear IT policies and procedures, and regularly audit for compliance.

9. IoT Vulnerabilities

Your Smart TV might be great at Netflix, but not be so great at security.

The Internet has evolved way past connecting just computers and printers – we know have an Internet of Things (IoT). Watches, refrigerators, TVs, toys and all sorts of other devices now depend on connectivity for their core functions. The proliferation of Internet of Things (IoT) devices has ushered in a new era of interconnected convenience and efficiency. However, this interconnectedness comes with a significant cybersecurity challenge. IoT devices, ranging from smart home gadgets to industrial sensors, are vulnerable to various threats, which, when exploited, can lead to data breaches, service disruption, and even physical harm.

The reality is that a lot of IoT devices are built for fun, and not really for security. Many of these devices are built for features as a consumer electronic, without consideration as to how much data they can capture about you, or how they can represent a backdoor into your other devices. So you can imagine that adding one of these devices to an otherwise secure network can have some pretty nasty unintended consequences.

Understanding the dynamics of IoT vulnerabilities, learning from notable real-world examples, and knowing how to respond effectively are vital components of a comprehensive cybersecurity strategy. In this extensive guide, we will delve into the world of IoT vulnerabilities, explore real-world incidents, and equip you with the knowledge and strategies to understand, mitigate, and respond to this evolving cybersecurity challenge.

Potential Risk: Insecure Internet of Things (IoT) devices that can be exploited, causing threats that can cascade into more important systems.

Mitigation: Regular firmware updates, network segmentation, and strong access controls.

10. Out of Date Router

You know that router that’s just sitting in the corner all alone and neglected? You might want to check in with it every so often.

In the ever-evolving landscape of cybersecurity, unpatched software and systems pose a significant threat to individuals and organizations alike. These unaddressed vulnerabilities can be exploited by cybercriminals to gain unauthorized access, disrupt operations, or steal sensitive data. Bridging the vulnerability gap by staying up-to-date with patches and fixes is critical to maintaining robust cybersecurity. In this comprehensive guide, we will delve into the world of unpatched software and systems, explore real-world examples, and equip you with the knowledge and strategies to understand, mitigate, and respond to this pervasive cybersecurity challenge.

Threat: Exposing customer payment data to cybercriminals.

Mitigation: Payment Card Industry Data Security Standard (PCI DSS) compliance, secure payment processing, and encryption.

How to prepare and fight back.

By understanding these 10 common cyber threats and implementing the corresponding mitigation strategies, small businesses and nonprofits can significantly enhance their cybersecurity posture. While no organization is completely immune to cyber threats, proactive measures and a vigilant approach to security can go a long way in protecting valuable data and operations.

Remember, cybersecurity is an ongoing process, and it requires continuous monitoring, adaptation, and investment. Prioritizing cybersecurity not only safeguards your organization but also helps build trust with clients, donors, and stakeholders, reinforcing your commitment to security in an increasingly digital world.

In the ever-evolving landscape of cybersecurity threats, social engineering stands out as one of the most cunning and insidious tactics employed by malicious actors. Unlike traditional hacking methods that target software vulnerabilities, social engineering targets the human element—the often vulnerable and unsuspecting individuals who form the core of any organization. In this comprehensive exploration, we will unravel the concept of social engineering, understand its various forms, and learn how to protect ourselves and our organizations from falling prey to these deceptive techniques.

The Essence of Social Engineering

At its core, social engineering is the art of manipulating people into divulging confidential information, performing actions, or making decisions that are not in their best interests. This manipulation exploits human psychology and relies on the fundamental truth that people are often the weakest link in the cybersecurity chain. Social engineers are not hackers in the traditional sense; they are skilled manipulators who use psychological tactics to gain access to sensitive information.

The Motives Behind Social Engineering

Malicious actors employ social engineering for various reasons, including:

1. Data Theft: Obtaining sensitive information like usernames, passwords, credit card numbers, or personal identification information (PII).

2. Financial Gain: Scamming individuals or organizations for monetary rewards, often through fraudulent schemes.

3. Espionage: Gaining access to confidential business or government information for competitive advantage or intelligence purposes.

4. Identity Theft: Assuming someone else’s identity to commit fraud or engage in criminal activities.

5. Cyber Espionage: Infiltrating organizations or governments to gather intelligence, classified documents, or trade secrets.

6. Sabotage: Disrupting the operations of organizations or individuals by manipulating employees or stakeholders.

Forms of Social Engineering

Social engineering comes in various forms, each tailored to exploit different aspects of human behavior. Here are some common forms of social engineering:

1. Phishing

Phishing is perhaps the most well-known form of social engineering. It involves sending fraudulent emails, messages, or websites that appear to be from trusted sources to trick individuals into revealing sensitive information, such as login credentials or credit card details. Phishing emails often use scare tactics or enticing offers to prompt action.

2. Spear Phishing

Spear phishing is a targeted form of phishing where attackers customize their messages to a specific individual or organization. By using personal information obtained from sources like social media, attackers make their messages more convincing and increase the likelihood of success.

3. Pretexting

Pretexting involves creating a fabricated scenario to trick individuals into revealing information or performing actions. For example, a pretexter may impersonate a trusted authority figure, such as an IT technician, and request sensitive information or access to a system under the guise of providing assistance.

4. Baiting

Baiting involves enticing victims with something they desire, such as free software downloads or entertainment media, to lure them into downloading malware or disclosing personal information.

5. Tailgating

Tailgating, also known as piggybacking, occurs when an attacker gains physical access to a secure facility by following an authorized person through a locked door or gate. This tactic exploits human courtesy and a desire to avoid confrontation.

6. Impersonation

Impersonation occurs when an attacker poses as a trusted individual or entity, such as a coworker, government official, or service provider. They may use this guise to request sensitive information or access to restricted areas.

7. Quizzes and Surveys

Attackers sometimes create quizzes or surveys that prompt users to answer personal questions. These seemingly harmless quizzes can gather valuable information for identity theft or social engineering attacks.

Psychological Manipulation Techniques

Social engineering tactics rely on various psychological manipulation techniques to exploit human vulnerabilities. Here are some of the key psychological tactics used by social engineers:

1. Authority

Social engineers may impersonate figures of authority, such as IT personnel or law enforcement officers, to gain trust and compliance. People tend to follow the directives of authority figures without question.

2. Urgency

Creating a sense of urgency or panic can pressure individuals into making hasty decisions without thinking critically. Phishing emails often use urgent language to prompt quick action.

3. Reciprocity

Reciprocity is the idea that people feel compelled to give something in return when they receive something. Attackers may offer a small gift or favor in exchange for information or access.

4. Familiarity

Social engineers may exploit human trust by appearing familiar or friendly. This can lower the target’s guard and make them more likely to share sensitive information.

5. Fear and Intimidation

Fear tactics can manipulate individuals into complying with demands. Attackers may threaten legal action, financial consequences, or harm to the victim.

6. Scarcity

Creating a perception of scarcity or limited availability can make individuals more willing to act quickly. For example, attackers may claim that an offer is available for a limited time.

Protecting Against Social Engineering

While social engineering attacks can be sophisticated and convincing, there are proactive steps individuals and organizations can take to reduce the risk of falling victim to these deceptive tactics:

1. Awareness and Education

Training: Provide cybersecurity training and awareness programs for employees, emphasizing the dangers of social engineering and how to recognize suspicious communications.

Regular Updates: Stay informed about emerging social engineering tactics and share this information with your team.

2. Verification

Verify Requests: Always verify the identity of anyone requesting sensitive information or access, especially in urgent situations.

Use Trusted Channels: Use official and trusted channels of communication when sharing sensitive data or responding to requests.

3. Strong Authentication

Implement 2FA: Enable two-factor authentication wherever possible to add an extra layer of security to accounts.

Complex Passwords: Encourage the use of strong, unique passwords for all accounts.

4. Secure Your Online Presence

Privacy Settings: Regularly review and adjust privacy settings on social media and other online platforms to limit the exposure of personal information.

Beware of Clicks: Avoid clicking on links or downloading attachments from unsolicited or suspicious sources.

5. Physical Security

Access Control: Implement strict access control measures for physical facilities to prevent unauthorized entry.

Tailgating Awareness: Train employees to be vigilant about tailgating incidents and report any unauthorized individuals.

6. Reporting and Response

Clear Reporting Procedures: Establish clear procedures for reporting suspected social engineering attempts or security incidents.

Incident Response Plan: Develop and maintain an incident response plan to address and mitigate the impact of successful social engineering attacks.

Conclusion

Social engineering is a powerful and pervasive threat that exploits human psychology to compromise the security of individuals and organizations. Recognizing the various forms of social engineering and understanding the psychological tactics used by social engineers is crucial in building strong defenses against these deceptive attacks. By fostering a culture of cybersecurity awareness, implementing security measures, and staying vigilant, we can reduce the effectiveness of social engineering and protect ourselves from its manipulative grasp. Remember, the best defense against social engineering is knowledge and vigilance.

1. Set realistic and consistent milestones
2. Consistently get more reviews
3. Respond to and if possible eliminate any poor reviews

Why are Realistic Marketing Goals Important?

“If you aim at nothing, you will hit it every time.” –Zig Ziglar

Positive reviews form the basis of your business’ online reputation.  They play a huge part in what businesses people try for the first time, or recommend to their friends.  Think of it as the digital equivalent of the Better Business Bureau.  Here are some key points to consider if you are unsure whether or not to invest time and resources into a review gathering strategy:

Why are 5-Star Reviews Important?

Positive reviews form the basis of your business’ online reputation.  They play a huge part in what businesses people try for the first time, or recommend to their friends.  Think of it as the digital equivalent of the Better Business Bureau.  Here are some key points to consider if you are unsure whether or not to invest time and resources into a review gathering strategy:

Positive Reviews Build Confidence

When it comes to online, the company with the best, and most reviews tends to win.  Many consumers will choose an overall strong review rating over price.

We Live in a Trust Economy

Reviews, especially in large volume, create confidence in your brand. Ultimately, people will believe in the review of friends family and even complete strangers over any sales pitch you can make.  And in our online world, reviews build trust and speak louder than just about anything else.

Research and The Golden Lead

Virtually every consumer researches their purchases (and store of choice) online.  If you have a large lead in reviews over your competitors, then there is a good chance that you’ve already won them over.  Basically, your customer will make up their mind before they even reach out to you.

Why Won’t Customers Leave a Review?

Customers can decline to leave reviews for a variety of reasons; they may love you and your business, but there might be that little something missing.

It’s Not Important to Them

People lead busy lives.  They might simply be too busy or distracted to leave a review or share their opinions with others.

Review Exhaustion

How often do friends ask you for reviews, LinkedIn recommendations, or to like their page?  Eventually, this might wear down on someone, to the point where they simply ignore these requests.

Your Customer is Too Polite to Tell You About a Bad Experience

Some people just don’t want to be seen as rude and so they won’t leave a review (even a negative one) if they have had a bad experience.  Don’t be afraid to tell your customer something like “I hope we’ve earned 5 stars from you, and if we haven’t what could we have done differently?”  You may not get your review, but you will probably get some valuable insight.

Your Customers Needs the Right Incentive

Some customers need to be pushed in the right direction (more on this below).  Maybe you could hold a monthly draw for clients who leave reviews, or if you want to go the sustainable route, let your customers know that a tree will be planted for every review received.  You may also choose a monthly or quarterly charity and make a donation for every review left.

How Do I Make Sure That I’ve Earned 5-Stars?

This part might sound a bit common sense, and chances are you are already doing many of these things, but here is a quick review of why people leave positive reviews.

Great Communication

It is important to respond to facebook and instagram messages, social mentions, and reviews (both good and bad) in a timely manner.  This will show engagement and activity as it relates to reviews.

Ask People if they’ve had a great experience

Don’t be afraid to ask for feedback; you may want to even consider doing customer satisfaction surveys.  These can serve as an opportunity to get feedback, ask for reviews, and collect email addresses for future updates.  Surveys don’t need to be traditional or highly structured: you ask someone to rate their experience out of 5, or ask them what was pleasant, and if there was anything about their experience that could be improved.

How Do I Incentivize My Customers to Leave Reviews?

We all have our own motivations, and finding one that fits your customers as a whole could be tricky.  Generally, it is NOT a good idea to “pay” for a review – i.e. “Hey Jimmy, if you leave me a 5-star review there’s a $10 gift card in it for you”.  If people find out then this will damage your reputation; however, there are ways to incentivize your customer.

They Probably Like You

Many business owners overlook this point.  Your customers probably like you, and want you to succeed.  They most likely are informally referring business to you anyway, so if you kindly ask for a review, you may get one.

If your customer says yes, make the process easy – send them a link or have a QR code in your office.  Google Business links are a bit of a pain, so make it seamless to go from a yes to a review.

They Probably Believe in a Cause

There is no shortage of causes in our world.  Some causes might be controversial, but others are generally acceptable by the majority of the population.  For example, you might say that for every review left you will plant a tree, or donate to a local animal shelter.  This might spur customers to leave reviews (and encourage other customers to leave reviews) because even though they aren’t getting paid, they still feel that they are getting something for their review.  This can be a great way to combine social causes and fundraising with growing your brand.

We All Love Contests

The easiest way to collect reviews is via a contest.  Now, you can’t blatantly ask for 5 stars, but you could let your customers know via an email blast or face to face meeting that anyone who leaves an honest review will be entered in a draw.  Don’t be afraid to qualify this with something like “Hopefully we’ve earned 5-stars from you. If we haven’t let us know before leaving your review.”  Again, this gives you a chance to gather feedback and potentially nip a bad review in the bud.

Combining Brick & Mortar and Digital to Win The Review Game

If you have a retail front or anywhere you see your customers face-to-face, then it is crucial to connect your brick & mortar to your digital marketing to maximize the potential for reviews.  Customers may need to see your request multiple times in order to be convinced to leave a review.

For example, you might ask for reviews via an email blast and banner on your website, combined with a pop-up banner or mailer card (with a handy QR code to your review link) to reinforce the importance of reviews to your business.

Remember, don’t be afraid to let your customers know that they would be doing you a favour and it doesn’t really cost them anything at all.

Digital Marketing and Your Review Strategy

Don’t forget that social media is a great way to not only ask for reviews, but to highlight great reviews left by your customers.  This is your chance to be a bit boastful, and hopefully draw more reviews (and customers!) in.

And don’t forget that Google Business now supports posting photos and updates.  This content helps your reviews stand out and makes your overall reputation stronger.  You can even post offers or special events to maximize the value from your profile.

Questions?

If you would like further information on anything in this guide, please contact us by emailing info@sspmedia.ca. 

• Email marketing is personalized
• It avoids the toxicity associated with Social Media
• You can offer free, automated incentives for new signups
• You can offer discounts and other perks to existing clients and subscribers
• It’s a great way to just generally keep in touch

As we mentioned in Part 1, you’ll need to commit to two things: collecting emails in an ethical manner (no one likes spam), and to consistently putting together content.  Next, we get into the interesting part; finding the right solution.  We always like to offer our clients low-cost, easy solutions, so that’s why we recommend Sendfox.

Sendfox is offered through Appsumo, and offers the lowest cost bulk email solution that we’ve seen.  Snedfox can literally save you hundreds, and even thousands of dollars each year.  To give you an idea, a one-time (yes, pay once and get it for life) payment of $49 gets you access to their great platform with a limit of 5,000 subscribers.  Five thousand might sound like a lot, but what if you need more? No problem; for additional one-time payments you can add subscribers in chunks of 5,000 up to 25,000 subscribers, which should be plenty for just about any business out there.  If you need more than 25,000, there are additional options with low monthly fees.

So let’s suppose 25,000 is enough for your business.  That means that for a one-time payment of $245, you now have a great platform with lots of features that is fully paid up to do your E-Mail marketing.  To compare, Mailchimp would charge nearly that much per month as part of their standard plan.  If you want to add more features such as HTML newsletters (this let’s you make a pretty newsletter, like the ones we send out) it will only set you back $10 a month.  Overall you are getting a very cost effective solution.

The features don’t stop there.  You’ll get a nice looking signup page (like this one) which will comply with GDPR, as well as a dashboard with some useful analytics.  Sendfox is easy to use, and works great on a variety of devices and web browsers.

If E-mail marketing sounds scary or generating content each month seems challenging, get in touch.  We have affordable plans where we can write your content and keep your emails on schedule.  Either way, don’t neglect email, and don’t be afraid to use it as a marketing tool.

Google Meet is a feaature included for all GSuite users, and provides a well perfoming, easy to use videoconference solution.  While not as popular as Zoom or MS Teams, Google Meet delivers on performance and ease of use. Here’s a few highlights:

• easy invites and Google calendar integration
• works great on a variety of devices
• Internet down? No worries, just call in and go old school
• Low learning curve
• Screen sharing and presentation features

Setting up an initial Google Meet is a piece of cake; just go to your Google Calendar (yes, you can use the app on your phone too) and add invitees. By default, Google Meet video conferencing is added.  Just create the event, if you receive a dialog box asking if you want to send invite details out, just say Yes and that’s it.  Your meeting is all set!

Have you ever had to add multiple last minute guests to a Zoom meeting?  It happens to us all the time, and its not particularly fun, especially on a mobile device.  If you’re a GSuite user, its super simple; just go to your event in your calendar and invite more people.  It’s quick and easy, and the invitee does not require a Google account to join.  

Hold enough meetings, or a large enough one, and you’ll inevitably run into someone who can’t hear you, whose microphone doesn’t work, etc… Just have the participant phone in.  In no time, they will be able to fully participate, and your meeting is free to continue.

Google Meet. might not be for everyone, but its a great alternative to have in your back pocket, especially if you are as GSuite user, as it is already included in your fees.

As always, if you have any questions about video conferencing, GSuite or other pandemic solutions, get in touch.

For many users, social media has become toxic, contributing to anxiety and social isolation (yes, social media can make some us lonely!). Social Media can become a battleground for conflicting political and religious ideals, and generally is a place that is great for arguing or for attracting trolls. Wouldn’t it be nice to have a focused and personalized way to reach out to your customers without them stepping into a potential minefield?

This is where E-Mail comes into play.  E-Mail newsletters still have great open rates, and if they are well crafted and genuine, should bypass most spam filters.  There are never guarantees, but the chance of a customer seeing your email is much higher than some random stranger clicking on a boosted facebook post.

E-mail is more than just personalized communication; it is a great tool to entice new customers, or to reward loyal ones.  Here are a few ideas for E-Mail newsletter incentives.  Just remember that you should always have consent from whoever you are emailing, as being respectful of a contact’s privacy, as well as local anti-spam laws, is key.

1. Incentives for new subscribers

This is an easy, automated and powerful sales tool.  We’ve all seen it, and likely all given in at some point: sign up for our newsletter and receive a FREE ebook!  This is a great way to grow your email list, and collect consent in an automated manner.  It works quite well, and allows you to do a quick intro and thank you to. new subscribers automatically.  Want to see an example?  Check out the Lucha Comics E-Mail newsletter here, where you can receive a free digital comic book.

2. Rewards for existing subscribers

If you are running an ecommerce site and want to offer a discount, or want to offer a free service (such as a financial portfolio or IT services review) then your newsletter can be a great way to offer this bonus to your subscribers. For example, you could send out a Halloween coupon such as “OCT20 for 20% off your next order!” to existing subscribers.  Deals like these keep people reading your newsletters!

3. Letting your clients know that you are stil out there and that you care

E-Mail doesn’t always have to be about asking for a sale: letting your clients know that you are out there, still in business, and that you are taking the time to reach them is just as valuable.  Messages like these can help start new conversations, and are a valuable customer retention tool.

So, now you’ve committed to ethically collecting email addresses, and to consistently write an E-Mail newsletter.  What’s next?  Setting up an E-Mail workflow and finding the right solution – which we’ll cover in Part 2 of this article.  Be sure to read it, and to reach out with any questions.

In early 2019, Windows 7 reached end of life. This means that no security flaws,, no matter how serious or wide spread, will be patched.  And can you blame Microsoft? Windows 7 was released in 2009, so after 10 years it had to hit its expiry date.  

So what does end of life mean for you?  Basically, continuing to run Windows 7 means the following for your home or business:

• Severe Possibility of data breach
• Severe possibility of ransomware
• An unacceptable risk of general cyberattacks

But don’t worry!  You still have plenty of options.  Some may require new hardware purchases, although if you purchased a PC towards the end of Windows 7’s lifespan, then it might be able to run an updated OS, although with recent security flaws found in Intel hardware, a new device might be in order.

Now that you’ve decided to move past Windows 7, what comes next? Here’s our recommended options.

If you are working in a Microsoft centric environment: 

The obvious answer here is Windows 10.  A solid desktop from a major vendor (we prefer Lenovo, although offerings from HP and Dell are also solid choices) will run your new OS just fine, and Windows 10 is mature enough to integrate into your IT environment.  We recommend a device with at least 16GB of RAM ( 32GB or more if you will be creating media or carrying out heavy calculations), along with an SSD drive.  SSD drives provide a huge boost in performance, and really are a must these days.

Estimated Cost: A new PC (~$500+)

If you are working in a mixed environment, or as a solopreneur in a creative industry:

If your budget allows for it, now would be a great time to consider migrating to macOS.  Stability performance, and a great selection of software are just some of the benefits that Apple users enjoy.  Like our recommendation above, an SSD drive is a must.  If you’ve never used a Mac before, their ill be a learning curve, and a few items might seem odd or unintuitive, but the benefits definitely outweigh the negatives. The only caveat here is that Apple is planning to release its own CPUs inside of refreshed hardware, so you may want to delay purchasing a Macbook or Mac Mini until late 2020/early 2021, so this may not be ideal since that Windows 7 machine really needs to go now.

Estimated Cost: A new Apple device (~$700+)

If you are in a mixed environment, solopreneur, or running mainly from the cloud and want a cost effective solution that will let you keep your existing hardware:

This is an option that is met with initial resistance, but soon becomes a favourite: keep your hardware by using a Linux based OS – we highly recommend Ubuntu for first time Linux users.

Haven’t heard of Linux before? Don’t feel bad – it is best known for its use in servers, and makes up only a tiny sliver of the desktop market.  However, it is secure, super stable, and FREE.  Yup, free. All you need is a USB drive to download the image to, and a bit of expertise (or a willingness to learn) to get it setup.  If you need to continue using, or to resurrect older hardware, Linux is the way to go. It supports a wide range of hardware, and thanks to the cloud and a modern browser like Google Chrome, you can access Google Docs, Gmail, Office 365 (via the web), Zoom, Skype and so much more.  Its biggest downside is the lack of native Office 365 support.  If you are a Google Docs user and can do without MS Office, Linux can likely meet alll of your everyday needs.

Estimated cost: a USB drive, patience and some time.

Hopefully you’ll find an option here that meets your needs, but either way it’s time to retire your Windows 7 PC.  Still having trouble deciding? Just drop us a line – we’re glad to help.

Until the COVID-19 pandemic hit full-swing, many of us probably never considered working from home. Now, it has become a reality for many, with several small-medium enterprises scrambling to accommodate a wide range of needs and systems. While some businesses simply cannot operate remotely, many can. For those that cannot operate in a completely virtual manner, there might be a few lessons to help you through this crisis.

In the short-term, it is reasonable to expect some drops in productivity, delays, and maybe even a bit of confusion from team members who have never worked from home, but don’t worry! With a bit of tweaking, your organizational resources can be made to be flexible for both traditional and telecommute scenarios. Here are a few points to consider:

Work is an Important Part of Our Identity

Before we get into the technical stuff, remember that work is an important part of our lives and identities; we tend to crave the routines and socialization that work provides, so don’t lose focus of this as you build, design or tweak your existing systems. You can use videoconferencing or regular phone calls to maintain some cohesion and still have a bit of fun.

Expect Some Downtime

Unless if you designed your systems for remote work or cloud access from day 1, then expect downtime for training, account setup, and refresher courses. Training will likely become an ongoing task, but after some initial downtime, the results will materialize.

Less is More

I’ve seen so many scenarios where people have complex setups with on-site Windows servers, several different apps (many out of date or poorly supported), and workflows that get in the way of working offsite. Modern operating systems do great for supporting many functions out of the box, and unless if you are running a massive operation with several unique roles, you probably don’t need to worry about restricting user access too severely.

Effective Use of Social Media is Never a Time Waster

Many companies seek to limit the time that employees spend on social media, which aways confuses me. Social media is one of the most powerful marketing tools that we have available, and can also be a great way to communicate with stakeholders during this pandemic. It can also be another way to keep your team together – think of private facebook groups as just one way to use this for productivity and good.

Trust Your Team

Remember why you hired someone in the first place: you liked them, and came to trust them. So now isn’t the time to limit what they can do with their systems: users working from home can often find creative solutions that you may not have considered. Unfortunately, this creativity is limited when they can’t install printers, access USB drives, install practical apps, or access certain web resources.

Encourage BYOD

Don’t fall into the traditional mindset that a corporate, locked-down machine is most effective. If someone wants to use bring their own device (BYOD), let them, with one caveat: their setup must pass some basic security checks. This means an up to date instance of Windows 10 (Windows 7 hit end of life and is insecure), macOS, ChromeOS or Linux. Additional security software is always a plus, and if anyone will be working from somewhere like a coffee shop, then a VPN is always a good idea. This biggest challenge here is that many people still prefer Windows 7 over 10. Unfortunately, it just doesn’t cut it from a security perspective.

E-Mail is NOT a Conversation Tool

This is where I see most work-from home scenarios fall apart. E-Mail is not an effective way to have ongoing conversations. If you need to discuss something complex with your team, especially if you need quick feedback, then chat based tools are a good bet. Think of solutions like Skype, Google Hangouts, Slack, and Microsoft Teams. If all else fails, there is nothing wrong with a good old fashioned phone call.

Your In-House Setup is NOT Superior to the Cloud

Sorry people, but your elaborate windows server is likely not superior to the cloud, unless if you are Amazon, Google, Oracle or Microsoft. Even world class companies like Nintendo rely on Google to keep their infrastructure running. While you may have sunk countless dollars into server maintenance, training and updates over the years, it is time to recognize it as a sunk cost and move on.

This doesn’t mean ditch your infrastructure: this simply means moving it to the cloud where it can scale, perform and be managed in a secure manner.

You might think that your office is secure, but try breaking into Amazon’s data center.

Finally, during times of pandemic, you could lose access to your office space. A local non-profit recently lost access to its offices which were located within a municipally owned building. City Hall decided (rightfully so) to close this building to help fight the spread of COVID-19. This organization was left without physical access, but had virtual access to all of its data, records, and even its phone systems! Wouldn’t it be nice to be able to make sure that your servers are up and running from home, rather than trying to find someone to let you in to a locked down building?

The Cloud Can Be Cheap!

G Suite by Google provides your users with email, cloud storage and web-based document apps for less than $10 per user, per month. This has the added benefit of allowing your team to access all of their email, documents and other resources from virtually anywhere, and on any device.

Are you a Microsoft based organization? No problem – give Office 365 a try.

Less Really is More

This is something I can’t stress enough, especially when in the majority of organizations, most work can be done in a web browser. Chromebooks and Linux workstations can give you a modern, secure and high performing option. You might say “But I can’t get app X!”, but ask yourself, what are your typical users actually using on a daily basis? In my most recent digital transformation project, 80% of users were able to accomplish 100% of their tasks (yes literally everything they did on a daily basis) within Google Chrome.

Learn to Let Go

In challenging times like this COVID-19 pandemic, you can get by without your office. Sure, it may not be ideal, and even a little scary, but if you are willing to let go and put up with a few short-term headaches, you can transform your organization into one that can work from anywhere.

1. Reliability

The last thing any small business owner or manager needs to hear from a customer is that “Your website is down” or “The contact form on your site doesn’t work”. WordPress isn’t perfect, but it powers nearly ONE-QUARTER of the Internet’s web pages. With approximately 1.3 Billion pages in existence, WordPress helps the majority of the Internet to just work. If it’s good enough for high volume sites like The New Yorker, it will probably do just fine for you.

2. Features

WordPress began as a blogging platform, but is now used to do some really cool, really crazy things. Personally, our firm built v1 of a business planning app in WordPress, uses it to power Realms of Adventure LARP (a great Live Action RPG), and to drive SocEnt Magazine – a news site for social enterpreneurs & social enterprise. This is achieved through the use of plugins (of which many exist), or where needed, by writing custom code. Either way, for the typical small business, there is very little that WordPress can’t do.

3. Design

Nobody wants a website that is difficult to use, creates a poor user experience, or is just plain ugly. If you’re hearing the dreaded “Your site looks like it’s from the 90’s and won’t work on my iPhone” don’t panic – WordPress has thousands of themes to choose from, and customization is always possible.


Overall, your website needs to be something that your company is proud of. If this isn’t the case, contact us to get started on the great website that you and your customers deserve.

1. Your website relies on Adobe (formerly Macromedia) Flash

In the 2000s, Macromedia Flash dominated the web landscape, and was the tool of choice for delivering video, audio, and in browser games. It allowed for some great menu animations, effects, and just all around eye candy that HTML could not deliver at the time. Fast forward to 2014, and Flash (now an Adobe product) is on its last legs. HTML5, CSS and Javascript have been extended so far that they can now provide much of what Flash was able to. HTML5 is leaner, runs on multiple devices, and all around performs better. Just remember, if you rely too much on Flash, you will be cutting out iPhone and iPad users, as Apple does not support Flash on its products – and we all now that is a huge part of the market.

2. Your content is getting difficult to manage (WordPress anyone?)

Many great sites are built only in HTML, or frameworks like codeIgnitor. If you have an older site that is just a collection of a bunch of HTML files, managing it is probably a nightmare. One of the best trends that the 2010s gave website owners are Content Management Systems (CMSs). Do you have a website with tons of pages, blog posts, images, product listings or other items that have just become too many and too difficult to manage? Great solutions like WordPress (which powers this very site) make it easy to add or update pages, blog posts, and other types of content. Not only that, but if you want to give your site a new look, just find the right theme and you are good to go. Need to add more functions like contact forms, newsletter, or social media integration? WordPress has tons of plugins that can add new features instantly. For any small business without complex technology needs, a solution like WordPress is a must.

3. Your website just doesn’t work on a smartphone or tablet

Every day, more and more web searches happen via mobile devices. If your site cannot accommodate smartphone and tablet users, you have just lost a significant part of the market. If a user cannot view your website on a mobile device, their next search is likely going to take them to a competitor.

Think that you might be in trouble? Don’t sweat, a website upgrade can be painless. Google always has a collection of great insights, and if you are stuck, get in touch and let us put together a solution for you.