As a business owner, it’s easy to focus on growth, customer service, and day-to-day operations while discounting cybersecurity. However, in a world where 46% of cyberattacks target small and medium-sized businesses, maintaining a secure digital environment is not just important—it’s critical for survival.

This blog dives into the key cybersecurity practices for small and medium-sized businesses, to help you protect your organization from malicious threats and costly ransomware attacks.

Why Are SMBs a Target?

The answer lies in their limited cybersecurity infrastructure. While large corporations invest heavily in advanced security systems, smaller businesses tend to have fewer resources or budgets. However, just because your business is small doesn’t mean you have to an easy target.

Common Cyber Threats Facing SMBs

Understanding the types of cyber threats your business may face is the first step in building a strong defense. Preparing for security incidents is an important business practice.  Here are the common attack methods cybercriminals use:

1. Phishing Attacks

Phishing remains one of the most popular methods used by cybercriminals use. These attacks typically involve fraudulent emails that use urgency, deceptive visuals and links, and impersonation to trick employees into clicking on malicious links or sharing sensitive information.

2. Ransomware

Ransomware attacks involve encrypting a company’s data and demanding a ransom to restore access. In many cases, businesses are left crippled for multiple days or weeks without access to their own information. Even after paying the ransom, there’s no guarantee the attackers will return the data.

3. Malware

Malware is malicious software that can infiltrate your systems to damage, disable, or exploit your data. This broad category includes adware, spyware, and viruses designed to cause harm or steal valuable information.

4. Weak Passwords and Credential Compromise

Weak, reused, or stolen passwords remain one of the biggest cybersecurity risks. A compromised credential allows an attacker to bypass security protocols and gain direct access to sensitive systems.

Small Business Cybersecurity Best Practices

Implementing robust cybersecurity measures doesn’t have to be overwhelming. Here are practical steps you can take to protect your business:

1. Use Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) requires users to provide two or more verification methods—such as a password and a security code—before gaining access to the system.

2. Regularly Update Software

Outdated software is a major vulnerability. Whether it's operating systems, web browsers, or specialized business software, keeping everything up-to-date is essential. Many updates contain patches for security flaws that have been identified.

3. Create Strong Password Policies

Ensure your employees are using strong, unique longer passwords for each of their accounts. Implement a password policy that requires complex combinations of letters, numbers, and symbols, and encourage regular password changes.

4. Educate Employees on Cybersecurity

Your employees are your first line of defense and greatest vulnerability. Provide regular training helps them identify current phishing scams, social engineering, and recognizing and reporting potential security breaches.

5. Conduct Regular Risk Assessments

A risk assessment helps identify areas of vulnerability. This involves a third party evaluating your current cybersecurity practices, identifying potential threats, and implementing strategies to address them. Regular assessments help you stay ahead of evolving threats and ensure that your defenses remain effective.

6. Backup Your Data

Data backups are critical to recovering from a cyberattack. Ensure that your business performs regular backups of all important data to an encrypted, offline location. This way, if you do experience a breach—such as a ransomware attack—you can restore your systems faster without losing significant data.

7. Install Firewalls and Anti-Malware Software

Investing in firewalls and anti-malware software is a non-negotiable aspect of cybersecurity. A firewall monitors incoming and outgoing traffic and blocks suspicious activity, while anti-malware software detects and removes malicious software before it can do damage.

8. Install Endpoint Protection

Every endpoint (laptop, mobile phone, tablet, etc.) that connects to the corporate network is a vulnerability, providing a potential entry point for cyber criminals. It is imperative for businesses to deploy endpoint solutions that can analyze, detect, then block and contain cyberattacks on remote systems.

9. Develop an Incident Response Plan

An incident response plan outlines the steps to take in the event of a security breach. This plan includes who to contact, how to contain the breach, what to communicate, and the order of systems to be restored based on their importance for conducting business. Regularly practicing incident response through simulations helps your team respond effectively when a real threat arises.

Additional Cybersecurity Considerations for SMBs

While the best practices outlined above are foundational, you can further strengthen your business’s security posture by considering these additional measures:

1. Mobile Device Management

As more employees work remotely or bring their own devices to work (BYOD), managing mobile security becomes critical. Implement mobile device management (MDM) software that enables your business to monitor, secure, and manage all employee devices that have access to company data. This allows you to enforce security policies and wipe devices remotely if they’re lost or stolen.

2. Secure Your Wi-Fi Networks

Unsecured Wi-Fi networks are an open invitation for hackers. Ensure your business’s Wi-Fi networks are encrypted, and consider segmenting networks for employees, guests, and business systems. This prevents unauthorized access and reduces the risk of data interception.

3. Perform Penetration Testing

Penetration testing involves simulating cyberattacks on your system to identify weaknesses before actual attackers can exploit them. Hire a cybersecurity professional to conduct these tests to provide recommendations on how to address vulnerabilities.

Free Small Business Resources

There are a number of free resources available from the federal government and the State of Ohio to reduce your risk to potential cybersecurity threats including:

• NIST Small Business Cybersecurity Corner
• FTC Cybersecurity for Small Business
• National Cyber Security Alliance (NCSA) Small & Medium Sized Business Resources
• https://www.cisa.gov/resources-tools/resources/free-cybersecurity-services-and-tools
• https://ohcr.ohio.gov/

Final Thoughts

By following these cybersecurity best practices, your company can create a strong digital defense and focus on what really matters—growth and success. Remember, being cyber aware means being cyber prepared.

Author Bio: As the CEO and Founder of Secure Cyber Defense, Shawn leads a dedicated team committed to safeguarding organizations across the entire spectrum of cybersecurity needs. From perimeter defense to secure network design, and vulnerability discovery to intrusion detection systems, Secure Cyber Defense offers comprehensive solutions tailored to meet the evolving challenges of today’s digital landscape. With over two decades of experience in cybersecurity and information systems, Shawn brings a wealth of expertise to the table. He specializes in leading security teams to bridge the gap between technology and business objectives, empowering informed decision-making that protects assets from both internal and external threats.

As Cybersecurity Awareness Month kicks off in October, it’s a great time to remind everyone at your company to practice cybersecurity awareness to protect against cyberattacks and data breaches. Of course, there’s no completely foolproof way to keep threat actors from attempting to infiltrate your network. But taking these four preventative steps can significantly reduce your cyber risk.

Use strong passwords

Using strong passwords is an easy way to safeguard your apps and digital accounts. At Pondurance, we recommend that users choose passwords with at least 16 characters including uppercase, lowercase, numbers, and symbols. Also, we suggest that users choose a unique password for each of their accounts and never reuse their personal passwords for company accounts.

Like most people, you probably have dozens of accounts with passwords, and remembering all those passwords is a difficult task. That’s where the use of a password manager comes in. A password manager program generates strong passwords, stores them, and autofills the passwords. That way, you don’t have to remember your passwords or write them down. But be sure to use a strong master password that you can easily memorize for the password manager account.

Implement MFA

Turning on multifactor authentication (MFA) can make it especially tough for a threat actor to access your accounts. That’s because MFA requires two or more factors, such as a password, PIN, or verification code, to authenticate your identity at login. The added layer of protection may be the single most important thing you can do to defend against threat actors. Your company should have MFA implemented on every device to avoid being vulnerable to exploitation.

MFA has even become a strict requirement to qualify for a cyber insurance policy. Increasingly, cyber insurers want to see that companies have MFA implemented on every device on a company’s network.

Identify phishing

The Pondurance security operations center (SOC) team ranks phishing as the top method of credential compromise for email users. During a phishing attack, a user gets an email from someone claiming to be a known, reliable source and is fooled into providing credentials, such as passwords, credit card numbers, or bank accounts. The team reports that phishing emails with a financial lure are common fraud schemes during tax season, and malware delivery via phishing emails is an increasing threat. FBI data confirms the team’s conclusions, showing that phishing/spoofing is reported over five times more often than any other type of cybercrime.

In past years, phishing emails were often easy to identify due to their awkward language and poor grammar. Today, it’s not as easy to distinguish a phishing email. Artificial intelligence (AI) services, such as ChatGPT, are now making phishing emails more difficult to detect because AI helps threat actors use convincing language and proper grammar in the email text.

To reduce the risk of an attack, the SOC team suggests that you set inbox rules to detect any unauthorized activity and provide user awareness training for everyone at your company. User awareness training helps your employees, executives, and board members identify phishing emails and learn how to report suspicious activity.

Make updates

Updates fill the gaps or vulnerabilities that threat actors look to exploit in operating systems, software, and apps. Making updates can fix security bugs, protect against malware, improve performance, and more. The cybersecurity team at your company should stay informed about newly disclosed vulnerabilities and perform needed updates and patches as quickly as possible to keep threat actors out of your network.

Conclusion

Making cybersecurity awareness a priority at your company can help you protect against cyberattacks and data breaches. Using strong passwords, implementing MFA, identifying phishing, and making updates are four preventative steps that can significantly reduce your cyber risk during Cybersecurity Awareness Month and all year long.

Author Bio: Mike has enjoyed a career of more than forty years of operations and sales experience in the information technology and cybersecurity industry at IBM, Siemens, Sprint, and AT&T as well as several smaller and startup businesses. He has spent the past twelve years at Pondurance helping organizations tackle the challenges of cybersecurity to better protect their clients and their hard-earned brand reputation. Mike is active in the Central Indiana Information Systems Security Association (ISSA) chapter and is a member of InfraGard, a partnership between the FBI and members of the private sector.

After the successful launch of Technology First's Emerging Tech Leaders program, we sat down with Coach Mike for an insightful Q&A. In this conversation, he delves into the inspiration behind the program, the pressing need to cultivate the next generation of IT leaders, and his thoughts on the evolving role of IT leadership in shaping the future.

Question: What inspired you to design the Emerging Tech Leaders program?

Coach Mike: It was a combination of a several things, but I think they all had the same underlying theme which was the massive gap in leadership and people-management focus in IT. We are a population of engineers and technical-minded people who have lived our lives relying on our logic and reason to solve everything. So often people are promoted into leadership positions and are never prepared or trained to digest and respond to the complexities of balancing technical decisions with the emotional needs of people and maintaining business relationships.  

Question: What key skills and competencies do participants develop in the program?

Coach Mike: Over 12 weeks and six sessions, we explore:

I could probably spend six-weeks on any one of those topics, but the goal is to provide participants with exposure to experiences that we don’t talk about often or hear about but haven’t gone through. Then, help the participants understand the mechanics of each topic. Each session in the course is designed to equip attendees with insights, new tools, and various perspectives on how to navigate complex situations when they return to their roles.

Question: How does the program's interactive, scenario-based approach enhance leadership learning?

Coach Mike: Consistently, people say “I’m a hands-on learner.” In fact, I can’t think of a single time anyone has ever said to me “I can’t learn anything hands-on; what I need is a good PowerPoint presentation.” As we cover these principles, we put participants in complex scenarios, and the scenarios compound over the program. By the end of the course, we’re able to look at a scenario and consider the results of an action, balancing the financial, emotional, and relational aspects and perspectives of our customers, teams, and leadership.

Most of the scenarios are not meant to be “solved;” it’s not even about finding a “right” answer; instead, it’s about managing complexities and understanding the impact of decisions.

Question: Can you share an example of a scenario participants might encounter during the program?

Coach Mike: We had talked about who we are as a leader and started to inspect our competencies and areas of growth, as well as how that aligned with the organization we are in. In the week this scenario was presented we were discussing performance management and measurement.

The class was asked to consider all aspects of the scenario and put together a plan.

The point is not necessarily to solve the situation, but more to consider – and manage - all the dimensions at play. There’s no “right” answer; the appropriate or productive actions to take can vary wildly depending on the organization’s expectations and principles as well as the managers personal management style and values.

Also worth mentioning is that this is one of seven possible scenarios that groups are given, and this is probably one of the less complex situations.

Question: What unique challenges do new and aspiring IT leaders face today, and how does the program address them?

Coach Mike: IT leaders experience many of the same challenges that plague other leaders, especially ones who are leading highly specialized functions. And like other leaders, one of the most common challenges is often lack of training.

What I see that is unique to IT is the perception that IT is nothing more than a service center for the business. Pair that with technology solutions being oversimplified and the entire vocation seemingly being “magic,” and we are often overlooked when key decisions are made. We’re brought in far too late or handed a solution which is not viable for various reasons. Our Emerging Tech Leaders program helps by addressing this potentially detrimental dynamic, putting an emphasis and awareness around building a strong professional network, building business alliances, presenting IT as a business solution in clear, relatable terms, and making the IT team easy to work with as a partner.

Question: How do peer group collaborations contribute to the learning experience?

Coach Mike: This is one of my favorite things about the program! Having a diverse mix of industries, experience, and company sizes has proven to be very valuable, enriching our discussions. There are perspectives that people in small companies have that can influence a department leader to think more broadly, such as customer impacts. Conversely, a larger business typically has a very broad range of controls and policies that small groups may not be aware of, but either need or will need, such as IT Security or DevOps.

Sharing perspectives on team culture, hiring practices and relationship building from various backgrounds helps broaden everyone’s understanding and approaches.

Question: How does the program help participants navigate the unique challenges of the tech industry?

Coach Mike: Tech can be a bit of a black-box and sort of magical to a lot of people, so one of the biggest challenges of working in tech is trying to relate what we’re doing to objectives that make sense to others and building confidence in our business partner. Our program focuses on giving participants the tools to navigate their work culture and figure out messaging that instills trust in their organization. Inspiring trust and comradery goes much further than a lot of buzzwords and generic communication strategies that are too vague to apply to complex cultures and relationships.

Question: What advice would you give to someone considering joining the next cohort?

Coach Mike: I’d advise them to just sign up! This isn’t your typical training. We don’t hand out scripts. Instead, we explore how to grow as leaders, peers, and team members.

You’ll develop a cohort of peers, work closely with them on common goals, share insights, and solve problems together. Every session we explore lessons learned since the previous session; demonstrating how the principles we discuss influenced real actions.

Question: How do you see the role of emerging tech leaders evolving over the next few years?

Coach Mike: Over the past few years, I’ve seen growth in “functional” leadership. Roles like Scrum Masters and Technical Leads as well as Senior Technologist and Architects are establishing themselves as valuable leaders to have at the table. Leadership is shifting from purely technical roles to business partners.

Some of the best leaders I have worked for were more skilled in project management and navigating relationships than in technical disciplines.

The best organizations are moving toward enabling leaders and managers to focus on career development, coaching, organizational relationships, coordination and planning. Ultimately, organizations that embrace autonomy and self-regulation, empowering leaders to navigate and collaborate - versus a hierarchical and/or matrix structure - will be leaders in their industries, realize increased productivity and deliver more success.

Author Bio: After decades in the IT industry, moving in and out of various technical and leadership positions, Coach Mike Czarnecki was introduced to a transformational leadership coach. Working with a coach changed his life and made him realize that his love of people and personal accomplishment could be more than a task that he was expected to do off the side of his desk. With nearly 30 years of experience in large, medium, and small business, as an individual contributor and leader, a full-time employee and consultant, an employee and business owner, Mike turned his passion into reality by adding IT coach to his resume.

For the first time in United States history, we have five different generations in the workplace.

As an employer, the quicker you understand the skills and motivation each generation brings to your company the better. The interaction of these different generations is a valuable asset for your company. Working together, they can assist you in building the most productive and innovative workforce in your company's history.  Each generation has unique lived experiences - ranging from the Great Depression and WWII to the Vietnam War, September 11^th and prolonged unrest in the Middle East, as well as many other important cultural and historical events.

These diverse experiences lead to varying values and expectations in the workplace. For these reasons, employers face challenges in setting up compensation and benefit systems as well as creating workplace cultures that reflect the needs of all generations. This is potentially the most challenging time in history for Human Resource professionals to build effective teams and for Leaders to guide them to ultimate success.

1. Understanding Experiences and Expectations: The first step to managing a multi-generational workforce is to understand each generation's experiences and expectations to best meet and address their needs. This infographic from Purdue highlights trends within each of the generations.
2. Strategy of Strengths: Once your company understands these generational differences, you can begin to build your workforce strategy in order to best incorporate the strengths of the different generations. A solid workforce strategy will help ensure sustainability, healthy growth, and success. This strategy can help you identify talent and skills gaps, forecast supply and demand, and ensure that you have the right people to meet your strategic objectives. Benefits of a solid workforce strategy include reduced hiring costs, fewer talent gaps, increased retention, and better management of risk.

• There are several steps to building a workforce strategy and the process always starts with defining workforce needs based upon your strategic organizational goals. Next, analyze market trends for each need as well as your internal trends (e.g. retention, turnover). After you have defined your needs, evaluate your current talent and figure out how you can tap into other sources of manpower to fill your needs. It is always recommended that your workforce strategy is diverse and tailored to your specific company. Tap into the plethora of resources in our region including interns, new graduates, mid-senior level transfers, upskilling, and a diverse range of candidates including older adults, veterans, new Americans, reentered citizens, and people with disabilities. With a robust balance of employee sources, you can ensure a strong workforce as well as a deep bench of new employees.

3. Monitor & Adjust: After you develop your workforce strategy, it is crucial for your company to continue to assess your plan, your outcomes, and your success in order to make necessary adjustments to ultimately achieve your company’s goals. 

Embrace the opportunities a diverse generational workforce presents to create a robust culture capable of tackling challenges and driving growth and success. 

Author Bio: Cassie Barlow is the President of SOCHE, a non-profit organization that collaborates with Higher Education, K-12, employers and government in order to impact economic development through education and employment.

I recently presented at my company’s Board of Advisors meeting. After I shared several technical slides on progress, challenges, and next steps, a trusted board member observed that, while the information was good, I am not an IT leader: I am a “Business Leader who just happens to lead the IT function.” What a valuable and validating reminder! Valuable, because you should always deliver messaging from IT using a business framework—a fact I temporarily forgot in my excitement to share the impressive work my team had accomplished. Validating, because I don't have deep technical knowledge; but, while IT knowledge is important, you can be a great IT leader without knowing how to build a server or develop an application. 

I have spent most of my corporate career leading enterprise project management offices (ePMOs).While most of those projects had an IT component, and somewhere wholly focused on IT, leading an IT group is another task entirely. By nature, the ePMO is controlled and predictable (I'm very good at planning and controlling—I often say that I am a control enthusiast ;)). But good planning and control will only take you so far in IT. The rest of the journey requires that you build a clear strategy, foster a strong leadership team, and stay aligned to the business’s mission. 

When I was offered the VP of IT position at LION, I was excited about the role and knew that I could do it well. I must admit, though, that I didn't sleep much the first few months. There are many things that weigh heavily in IT: the seeming inevitability of cyber-attacks, being responsible for reliable and secure infrastructure, simply ensuring that every employee can do their job every day, and that's before the forward-looking innovation and AI activities expected from any business-focused IT group! When it comes to leadership, it is unreasonable to think that a single person would, or could, have a deep understanding of it all. 

Perhaps because of this, it’s becoming common for IT leaders to have a general technical background but proven success leading teams. I believe that is due, in part, to the breadth of IT topics and the pace at which technology changes. So, while I'm still learning new things every day, I'm sleeping better at night. Here are a few things that have helped and that I would recommend to others. 

• Find awesome mentors: First and foremost, ask for help in the early days. Find mentors you trust, preferably outside of your organization like board members or people from your network. Take folks to lunch and ask them to share their own experiences. Listen intently and ask clarifying questions but recognize when you’ve heard enough. It’s easy to become paralyzed by a large amount of advice from great mentors, so once your brain is at capacity, trust your gut to create a cohesive strategy that meets the needs of your department. It doesn’t have to be perfect; your plan will evolve over time.  

• Identify your leaders: In the beginning, spend a good deal of time listening to your team. You’ll quickly learn who the natural leaders are and who is interested in a leadership position. Make a distinction between technical and people leadership, communicate the importance of both, and be sure people are in the right roles. More than anything else, identify great leaders who balance your own skills, put them in place, and trust them to do their job.  

• Become a deep generalist: To compensate for a lack of deep technological background, embark on a journey to become a deep generalist in all things IT. Join professional networks like Technology First, keep in touch with your mentors, read industry related articles, and sign up for newsletters that will keep you up to date on technology trends.    

• Focus on the foundation: Be sure you have a solid foundation on which to build your IT future. In today’s world, security is a key priority. Make sure that you have a robust cyber security posture that includes user training and awareness. If you don’t, or are unsure, hire someone to do an assessment. In addition, be sure your IT Service Management (ITSM) tool meets your needs and provides the data necessary for informed decisions. Finally, to achieve business goals, it is important to have a flexible and scalable infrastructure. Consider cloud solutions, integration software, and a data architecture that will help you quickly meet business needs. 

• Prioritize the work: As any good leader knows, there will always be twice as many things that you want to do than what you have the capacity, time, and money for! Prioritize the work and communicate the plan to your team so everyone stays focused on the most important things. I’m lucky enough to have a strong ePMO that helps us develop the project list and prioritize with consideration for business requests and overall strategy. If you aren’t as lucky, be sure to develop and communicate your own priority standard to set expectations across the board. 

Stepping into the IT leadership role has been both challenging and rewarding. It has required me to shift my perspective to a broader business narrative, ensuring that IT's contributions align with the company's strategic goals. By embracing the mindset of a business leader, I've learned that successful IT leadership isn't about mastering every technical detail. It’s about guiding the team with a clear vision, fostering strong leadership within the team, and ensuring that our IT initiatives support the business's growth and resilience. Though IT is at the heart of modern business, the most important function of any IT leader is to connect the dots between technology and the business outcomes that drive success. 

Author Bio: Apryl Van Oss joined LION in May 2019 and accepted the position of Vice President of Information Technology in August of 2023. In this role, Apryl is committed to building a strong team that is ready to optimize LION systems and processes for organizational growth, efficiency, and innovation. Prior to joining LION, Apryl spent over 20 years working in diverse environments and has established several successful enterprise-wide Project and Portfolio Management Offices across various industries including legal, business, healthcare, insurance, and manufacturing.

As we navigate the ever-evolving landscape of the technology industry, I am thrilled to share our organization’s unwavering commitment to workforce development. Our mission is clear: to connect, strengthen and champion the technology community. 

The Power of Skill Enhancement 

In an era where innovation drives progress, investing in skill enhancement is paramount. Our programs, workshops, and leadership training initiatives empower individuals to upskill, reskill, and adapt to emerging trends. Whether it’s mastering cloud computing, honing data analytics expertise, or diving into cybersecurity protocols, we believe that continuous learning is the cornerstone of success. 

Bridging the Diversity Gap 

Diversity fuels innovation. We recognize that a vibrant tech ecosystem thrives on varied perspectives, backgrounds, and experiences. Our commitment to inclusivity extends beyond mere rhetoric. Through our Women 4 Tech conferences and peer group meetings, targeted outreach, scholarships, and partnerships with organization like NPower, Sinclair College and so many more, we are bridging the diversity gap. Together, we can create a tech workforce that mirrors the world we aspire to build. 

Nurturing Future Leaders 

Our vision extends beyond immediate skill acquisition. We are passionate about nurturing future leaders. Our Emerging Tech Leaders program connects seasoned professionals with aspiring talent, fostering a culture of knowledge-sharing and growth. And we celebrate the achievements of our current leaders at the annual Leadership Awards. We also invest in the potential of those who will shape the industry’s trajectory through annual scholarships to college students. 

Industry-Driven 

The tech landscape evolves swiftly, and so must our educational offerings. Our conferences, events, workshops and programs are designed in collaboration with industry leaders, ensuring that you are equipped with relevant, real-world skills. From agile development methodologies to ethical AI practices, our offerings prepare individuals to thrive in dynamic workplaces. 

Your Role in Our Journey 

You play a pivotal role in our journey. Your insights, support, and advocacy drive our initiatives forward. As we embark on this exciting path of workforce development, I invite you to engage actively, share your expertise, and champion our cause. Together, we can build a resilient, adaptable workforce that propels the technology industry to new heights. 

Thank you for your unwavering commitment to our shared vision. Let us continue to shape the future, one skill at a time.

#UniteDaytonTech 

Introduction

In today's rapidly evolving technology landscape, sustainability is a critical consideration. Balancing innovation with environmental impact is essential for organizations aiming to reduce waste and resource consumption. One area where sustainable practices can make a significant difference is in managing the lifecycle of personal computers (PCs).

The Windows Dilemma

Windows 10 End of life
As Windows 10 reaches its end of life – October 2025, organizations face a challenge. Many PCs running Windows 10 won't meet the hardware requirements for Windows 11, leaving users with outdated systems. The traditional approach would be to replace these PCs with new ones, resulting in increased e-waste and unnecessary expenses.

Instead, is it time to rethink your desktop strategy?

The Alternative: Cloud-Based Solutions
Amid the Windows 10 End of Life challenge, organizations must consider sustainable alternatives. Let’s delve into three cloud-based solutions that extend PC lifecycles and reduce e-waste:

1. Cloud PCs

Cloud PCs offer an innovative solution. By moving desktop environments to the cloud, organizations can extend the life of existing hardware. Here's how it works:

●    Virtual Desktops: Microsoft's Azure and Windows 365 offer virtualized Windows desktops accessible from any device with an internet connection. With the ability to scale Cloud PCs up or down according to your needs, provide secure access from remote locations, and support key scenarios like bring-your-own-device (BYOD) programs, Windows 365 helps lower environmental impact [1].

2. Thin Client and Virtual Desktops

●    Thin client such as IGEL OS: Instead of replacing hardware, consider loading a thin client like IGEL OS onto existing devices. IGEL OS is a lightweight, read-only operating system designed for secure access to virtual desktops and applications. It extends the life of older PCs by repurposing them as thin clients, reducing e-waste and saving costs.

●    Virtual Desktop Infrastructure (VDI): Implementing VDI solutions allows users to access their desktops and applications remotely. By centralizing management and security, organizations can reduce the need for resource-intensive agents on individual endpoints.

Benefits of Sustainable Approaches
While virtual desktops are not a new concept, there’s a common perception that they’re an expensive solution. However, this doesn’t have to be the case. As we come full circle, let’s explore additional benefits of adopting a new desktop strategy:

1. Cost Savings: Avoid unnecessary hardware purchases and reduce IT management costs associated with maintaining multiple endpoints.

2. Environmental Impact: By extending PC lifecycles, we decrease e-waste and contribute to a more sustainable future.

3. Security: Read-only operating systems like IGEL OS enhance security by minimizing attack surfaces and reducing vulnerabilities.

Conclusion
As IT leaders, CIOs, and IT managers, embracing sustainable technology practices is not only responsible but also economically advantageous. By leveraging cloud-based solutions and repurposing existing hardware, organizations can extend the life of PCs, reduce costs, and contribute to a greener planet.

Remember, the future of technology lies in our hands—let's make it a sustainable one! ️ [1]  [2].

Disclaimer: The information provided in this article is for educational purposes only. Always consult with your organization's IT experts before implementing any changes.

References:

1. Reducing the environmental impact of Windows devices
2. Microsoft Cloud for Sustainability: Empowering organizations on their path to net zero

1.  Reducing the environmental impact of Windows devices
2. Microsoft Cloud for Sustainability: Empowering organizations on their ...
3. Tech Trends: Windows PCs help Microsoft meet its commitments to ...

Author Bio: Todd Wind has 13 years in the technology consulting industry serving the Cincinnati/Dayton business community. At CPC, Todd focuses on helping clients deliver a fast, secure, reliable, and consistent experience to their employees as they access the applications and data needed to run the business. 

In 2023, Innomark Communications began working with a skilled team of architects and energy consultants to design a 96,480 sq. ft. building that maximizes efficiency and promotes sustainability in all aspects.   

Why Wi-Fi6? 

Innomark’s IT team decided to roll out Wi-Fi6 at this facility for increased capability, as well as energy-efficient features. One advantage of upgrading is faster connection speeds, which means better upload and download speeds and handling large amounts of network traffic more efficiently(Intel). This facility will house digital printing and finishing equipment, as well as a team of 64 operators, pre-media professionals, planners, quality assurance experts, shipping and packing associates, and executive leaders. To continue high-quality production, and collaborate across departments, our team needs reliable and fast connectivity throughout the entire plant. Wi-Fi6 is going to allow us to continue to grow our digital printing capabilities and maintain clear communication through our internal team and with clients. 

Another important feature of this upgrade is improved security, specifically a system that implements increased password security. “This authentication method helps make passwords harder to crack by using a more sophisticated method of establishing the handshake with the Wi-Fi network. This added layer of security, coupled with stronger encryption, means Wi-Fi will have more robust security options than ever” (Intel).Cyber security is an important training topic at Innomark Communications. Currently, network and data transfer security is ensured through a combination of stringent firewalls, protocols, and SSL encryption. Wi-Fi6 will only add to the tools Innomark already has in place to maintain technology security.   

Wi-Fi6 can also potentially increase battery life on devices. With Target Wake Time (TWT) technology, there is an efficient communication between the router and device regarding when to sleep and wake up (Intel). Devices will spend less time and energy searching for a wireless signal, which can enhance battery life. This makes Wi-Fi6 a more sustainable option than previous wireless standards. 

LED Lighting  

Along with our upcoming facility, all Innomarkfacilities had high-efficiency LED lighting installed to replace less efficient fluorescent fixtures and high bay warehouse and shop lighting. The decision to incorporate LED lighting and other energy-efficient equipment (HVAC/ humidity control systems, roofing materials, and advanced insulation) is a projected savings of 30.4% in the new Digital Facility alone. The neighboring facility, Innomark’s 62,000 sq.ft. Litho Print operation, reduced their annual electricity usage for lighting by 65%.  

Recycling & Disposal of Old Technology 

The Ohio EPA encourages business to recycle electronic equipment no longer in use because it can contain hazardous materials (Ohio.gov).  Innomark works with certified Ohio organizations to recycle old technology, through re-use or proper disposal. From used batteries to old laptops and monitors, our IT team handles disposal in the responsible way and continues to track our recycling habits and hazardous waste. This assists with the company’s adherence to the environmental commitments of its customers.  

Innomark Takeaways  

After specifically designing this facility with sustainability in mind, the Innomark Management Team has taken a closer look at how we can implement these processes at other locations. Sustainable technology can be a starting point in decreasing a company’s carbon footprint.   

Author Bio: Greg Frimming is the Director of Information Technology for Innomark Communications with over 27 years of IT experience. He has a passion for all things technology and has many family members who also work in IT. Greg is a Miami University graduate, specializing in Cybersecurity. 

The Cybersecurity Maturity Model Certification (CMMC) framework, developed by the Department of Defense (DoD), is designed to enhance the protection of controlled unclassified information (CUI) within the Defense Industrial Base (DIB) sector. This requirement is expected to be enforced starting in Quarter 1 of 2025, with a roll out of 5 years and having one-fifth of all DoD contacts requiring CMMC each year. We will explore the various facets of how CMMC compliance can impactyour company's economic health. 

How do I know if I need CMMC? 

All DoD contractors, sub-contractors, and support companies will be required to be at least CMMC level one. This isdetermined if the company has any Federal Contract Information (FCI). Then most contractors, sub-contractor, and support companies that have access to Controlled Unclassified Information (CUI)are requiredto be CMMC level 2. There is also level 3 compliance, but this is more limited and has much higher security and data control requirements.  

The Cost of CMMC 

Achieving CMMC compliance involves significant upfront investments. Companies need to assess their current cybersecurity posture, identify gaps, and implement necessary controls. This may include upgrading IT infrastructure, purchasing new security software, changing current corporate culture, and hiring cybersecurity experts. These expenses can be substantial, especially for small and medium-sized enterprises (SMEs). In addition, any company that is supporting a DoD contractor or subcontractor needs to be CMMC compliant. This includes Managed Service Providers that support the companies.  

The cost to be prepared for a CMMC assessment can range anywhere from $20,000 up to the $100,000s, depending on the scope of the project. This is why it is critical to have a good scope of what is required to be protected. Such scoping projects need to be the first step to compliance and cost management.  

In addition to the upfront cost, there is the cost of the assessment itself. This needs to be done by an independent third party known as a C3PAO (Certified Third-Party Assessor Organization). These costs can range from $15,000 up to the $100,000s depending on the scope and size of the company being assessed. The larger the scope, the greater the expected cost.  

Then there is the ongoing cost of compliance. A company should expect ongoing costs of CMMC. These costs include maintenance of security environments, any secure cloud environments, and physical environments. These costs should be expected to be anywhere from $1,000 to $5,000 per month per user depending on needs, scope, and amount of CUI (Controlled Unclassified Information) being protected.  

The Cost of Non-Compliance 

If a company decides not to go after a CMMC compliance, they will not be able to go after DoD contracts in the future. It will also remove sub-contractors and support companies from being able to service those contracts and companies. For companies heavily reliant on defense contracts, failing to achieve CMMC certification can be economically devastating.  

If you are an MSP or IT service provider to DoD-contracted companies, DoD rule 32, CFR 170, Section 170.19,paragraph 5 states, “If an OSA (Organization Seeking Assessment) utilizes an ESP(External Service Provider), other than a Cloud Service Provider (CSP), the ESP must have a CMMC certification level equal to or greater than the certification level the OSA is seeking.” The Cyber AB has confirmed that MSPs do fall under the ESP standard.  

The Value of CMMC 

Though CMMC has a high initial investment cost and a substantial continuation cost, there are many advantages to having a CMMC certification. Because of its high cost,it creates a barrier to entry for competitors, giving your company an advantage in the marketplace. It is also possible to increase your costs to the government at a rate that is reasonable to the increased burden on your company.  

For information technology (IT) to be considered a valuable investment by the C-Suite, it must be strategically aligned with the business’s key objectives. IT expenditures that do not align with these objectives become a financial drain. 

Simply aligning IT with the business is not enough. The IT investments must deliver the promised results and provide appropriate returns on investment (ROI). Achieving this requires a closed-loop process. The IT organization must maintain a relationship with the C-Suite, allowing visibility into both current and future business objectives. This ongoing conversation necessitates trust and a high level of IT competency. 

One challenge with alignment is the diverse perspectives within the C-Suite. While all are focused on advancing the business and guided by the same objectives, each executive views the path to success through the lens of their specific function. This diversity requires the IT organization to have a robust prioritization mechanism. 

This prioritization is typically managed through the IT portfolio management process, which assesses projects based on business impact (e.g., alignment with key business objectives, payback period, ROI) and implementation difficulty (e.g., risks, likelihood of success). After agreeing on a prioritized list of projects, the IT organization must match available resources and investment capacity to these projects. It is crucial that all proposed investments are cost-efficient and perceived as reasonable by the C-Suite.  

Building relationships and trust with the C-Suite is vital. When C-Suite members perceive IT estimates as too high, it is often due to a lack of understanding of the required integration with legacy systems or the extent of change management needed. Therefore, accurate and comprehensible estimates are essential. 

During project prioritization, it is important to establish clear metrics for success. Success extends beyond mere implementation; it includes delivering the projected business value. The IT organization’s commitment to the C-Suite must be fulfilled. As an example, a CEO at NCR would always ask, “If I give you a dollar today, when will you return it to me?” He wanted an answer of less than a year, though he made exceptions for larger projects, emphasizing accountability for business value return. 

The IT organization must have a process to evaluate investments six months to a year post-implementation, ensuring that the returns are meeting expectations. These returns can manifest as cost savings, reduced time to market, improved customer satisfaction, or increased revenue, all contributing to the entity’s bottom line. This process is often referred to as business value management. 

In summary, success in collaborating with the C-Suite hinges on building relationships and fulfilling commitments. IT organizations need to understand key business objectives, align their investments accordingly, prioritize investments based on C-Suite directions, successfully implement projects, and ensure these projects deliver the expected business value. Consistently delivering business value to the C-Suite will dispel the notion of IT investment as a financial drain. 

Bio: Don Hopkins is the Interim Dean of Raj Soin College of Business at Wright State University and former Chief Information Officer at NCR, SunGard Availability Services and International Game Technology. He also served as Vice President of Global Procurement and Supply Chain Management at both NCR and SunGard Availability Services and International Game Technology.