Menu
Log in
Log in


Tech News Blog

Connect with TECH NEWS to discover emerging trends, the latest IT news and events, and enjoy concrete examples of why Technology First is the best connected IT community in the region.

Subscribe to our newsletter

  • 08/01/2024 9:21 AM | Abby Pytosh (Administrator)

    Introduction

    In today's rapidly evolving technology landscape, sustainability is a critical consideration. Balancing innovation with environmental impact is essential for organizations aiming to reduce waste and resource consumption. One area where sustainable practices can make a significant difference is in managing the lifecycle of personal computers (PCs).

    The Windows Dilemma

    Windows 10 End of life
    As Windows 10 reaches its end of life – October 2025, organizations face a challenge. Many PCs running Windows 10 won't meet the hardware requirements for Windows 11, leaving users with outdated systems. The traditional approach would be to replace these PCs with new ones, resulting in increased e-waste and unnecessary expenses.

    Instead, is it time to rethink your desktop strategy?

    The Alternative: Cloud-Based Solutions
    Amid the Windows 10 End of Life challenge, organizations must consider sustainable alternatives. Let’s delve into three cloud-based solutions that extend PC lifecycles and reduce e-waste:

    1. Cloud PCs

    Cloud PCs offer an innovative solution. By moving desktop environments to the cloud, organizations can extend the life of existing hardware. Here's how it works:

        Virtual Desktops: Microsoft's Azure and Windows 365 offer virtualized Windows desktops accessible from any device with an internet connection. With the ability to scale Cloud PCs up or down according to your needs, provide secure access from remote locations, and support key scenarios like bring-your-own-device (BYOD) programs, Windows 365 helps lower environmental impact [1].

    2. Thin Client and Virtual Desktops

        Thin client such as IGEL OS: Instead of replacing hardware, consider loading a thin client like IGEL OS onto existing devices. IGEL OS is a lightweight, read-only operating system designed for secure access to virtual desktops and applications. It extends the life of older PCs by repurposing them as thin clients, reducing e-waste and saving costs.

        Virtual Desktop Infrastructure (VDI): Implementing VDI solutions allows users to access their desktops and applications remotely. By centralizing management and security, organizations can reduce the need for resource-intensive agents on individual endpoints.

    Benefits of Sustainable Approaches
    While virtual desktops are not a new concept, there’s a common perception that they’re an expensive solution. However, this doesn’t have to be the case. As we come full circle, let’s explore additional benefits of adopting a new desktop strategy:

    1. Cost Savings: Avoid unnecessary hardware purchases and reduce IT management costs associated with maintaining multiple endpoints.

    2. Environmental Impact: By extending PC lifecycles, we decrease e-waste and contribute to a more sustainable future.

    3. Security: Read-only operating systems like IGEL OS enhance security by minimizing attack surfaces and reducing vulnerabilities.

    Conclusion
    As IT leaders, CIOs, and IT managers, embracing sustainable technology practices is not only responsible but also economically advantageous. By leveraging cloud-based solutions and repurposing existing hardware, organizations can extend the life of PCs, reduce costs, and contribute to a greener planet.

    Remember, the future of technology lies in our hands—let's make it a sustainable one! [1]  [2].

    Disclaimer: The information provided in this article is for educational purposes only. Always consult with your organization's IT experts before implementing any changes.

    References:

    1. Reducing the environmental impact of Windows devices
    2. Microsoft Cloud for Sustainability: Empowering organizations on their path to net zero
    Source: Conversation with Copilot, 7/25/2024
    1.  Reducing the environmental impact of Windows devices
    2. Microsoft Cloud for Sustainability: Empowering organizations on their ...
    3. Tech Trends: Windows PCs help Microsoft meet its commitments to ...

    Author Bio: Todd Wind has 13 years in the technology consulting industry serving the Cincinnati/Dayton business community. At CPC, Todd focuses on helping clients deliver a fast, secure, reliable, and consistent experience to their employees as they access the applications and data needed to run the business. 

  • 08/01/2024 9:17 AM | Abby Pytosh (Administrator)

    In 2023, Innomark Communications began working with a skilled team of architects and energy consultants to design a 96,480 sq. ft. building that maximizes efficiency and promotes sustainability in all aspects.   

    Why Wi-Fi6? 

    Innomark’s IT team decided to roll out Wi-Fi6 at this facility for increased capability, as well as energy-efficient features. One advantage of upgrading is faster connection speeds, which means better upload and download speeds and handling large amounts of network traffic more efficiently(Intel). This facility will house digital printing and finishing equipment, as well as a team of 64 operators, pre-media professionals, planners, quality assurance experts, shipping and packing associates, and executive leaders. To continue high-quality production, and collaborate across departments, our team needs reliable and fast connectivity throughout the entire plant. Wi-Fi6 is going to allow us to continue to grow our digital printing capabilities and maintain clear communication through our internal team and with clients. 

    Another important feature of this upgrade is improved security, specifically a system that implements increased password security. “This authentication method helps make passwords harder to crack by using a more sophisticated method of establishing the handshake with the Wi-Fi network. This added layer of security, coupled with stronger encryption, means Wi-Fi will have more robust security options than ever” (Intel).Cyber security is an important training topic at Innomark Communications. Currently, network and data transfer security is ensured through a combination of stringent firewalls, protocols, and SSL encryption. Wi-Fi6 will only add to the tools Innomark already has in place to maintain technology security.   

    Wi-Fi6 can also potentially increase battery life on devices. With Target Wake Time (TWT) technology, there is an efficient communication between the router and device regarding when to sleep and wake up (Intel). Devices will spend less time and energy searching for a wireless signal, which can enhance battery life. This makes Wi-Fi6 a more sustainable option than previous wireless standards. 

    LED Lighting  

    Along with our upcoming facility, all Innomarkfacilities had high-efficiency LED lighting installed to replace less efficient fluorescent fixtures and high bay warehouse and shop lighting. The decision to incorporate LED lighting and other energy-efficient equipment (HVAC/ humidity control systems, roofing materials, and advanced insulation) is a projected savings of 30.4% in the new Digital Facility alone. The neighboring facility, Innomark’s 62,000 sq.ft. Litho Print operation, reduced their annual electricity usage for lighting by 65%.  

    Recycling & Disposal of Old Technology 

    The Ohio EPA encourages business to recycle electronic equipment no longer in use because it can contain hazardous materials (Ohio.gov).  Innomark works with certified Ohio organizations to recycle old technology, through re-use or proper disposal. From used batteries to old laptops and monitors, our IT team handles disposal in the responsible way and continues to track our recycling habits and hazardous waste. This assists with the company’s adherence to the environmental commitments of its customers.  

    Innomark Takeaways  

    After specifically designing this facility with sustainability in mind, the Innomark Management Team has taken a closer look at how we can implement these processes at other locations. Sustainable technology can be a starting point in decreasing a company’s carbon footprint.   


    Author Bio: Greg Frimming is the Director of Information Technology for Innomark Communications with over 27 years of IT experience. He has a passion for all things technology and has many family members who also work in IT. Greg is a Miami University graduate, specializing in Cybersecurity. 

  • 07/01/2024 10:00 AM | Abby Pytosh (Administrator)

    The Cybersecurity Maturity Model Certification (CMMC) framework, developed by the Department of Defense (DoD), is designed to enhance the protection of controlled unclassified information (CUI) within the Defense Industrial Base (DIB) sector. This requirement is expected to be enforced starting in Quarter 1 of 2025, with a roll out of 5 years and having one-fifth of all DoD contacts requiring CMMC each year. We will explore the various facets of how CMMC compliance can impactyour company's economic health. 

    How do I know if I need CMMC? 

    All DoD contractors, sub-contractors, and support companies will be required to be at least CMMC level one. This isdetermined if the company has any Federal Contract Information (FCI). Then most contractors, sub-contractor, and support companies that have access to Controlled Unclassified Information (CUI)are requiredto be CMMC level 2. There is also level 3 compliance, but this is more limited and has much higher security and data control requirements.  

    The Cost of CMMC 

    Achieving CMMC compliance involves significant upfront investments. Companies need to assess their current cybersecurity posture, identify gaps, and implement necessary controls. This may include upgrading IT infrastructure, purchasing new security software, changing current corporate culture, and hiring cybersecurity experts. These expenses can be substantial, especially for small and medium-sized enterprises (SMEs). In addition, any company that is supporting a DoD contractor or subcontractor needs to be CMMC compliant. This includes Managed Service Providers that support the companies.  

    The cost to be prepared for a CMMC assessment can range anywhere from $20,000 up to the $100,000s, depending on the scope of the project. This is why it is critical to have a good scope of what is required to be protected. Such scoping projects need to be the first step to compliance and cost management.  

    In addition to the upfront cost, there is the cost of the assessment itself. This needs to be done by an independent third party known as a C3PAO (Certified Third-Party Assessor Organization). These costs can range from $15,000 up to the $100,000s depending on the scope and size of the company being assessed. The larger the scope, the greater the expected cost.  

    Then there is the ongoing cost of compliance. A company should expect ongoing costs of CMMC. These costs include maintenance of security environments, any secure cloud environments, and physical environments. These costs should be expected to be anywhere from $1,000 to $5,000 per month per user depending on needs, scope, and amount of CUI (Controlled Unclassified Information) being protected.  

    The Cost of Non-Compliance 

    If a company decides not to go after a CMMC compliance, they will not be able to go after DoD contracts in the future. It will also remove sub-contractors and support companies from being able to service those contracts and companies. For companies heavily reliant on defense contracts, failing to achieve CMMC certification can be economically devastating.  

    If you are an MSP or IT service provider to DoD-contracted companies, DoD rule 32, CFR 170, Section 170.19,paragraph 5 states, “If an OSA (Organization Seeking Assessment) utilizes an ESP(External Service Provider), other than a Cloud Service Provider (CSP), the ESP must have a CMMC certification level equal to or greater than the certification level the OSA is seeking.” The Cyber AB has confirmed that MSPs do fall under the ESP standard.  

    The Value of CMMC 

    Though CMMC has a high initial investment cost and a substantial continuation cost, there are many advantages to having a CMMC certification. Because of its high cost,it creates a barrier to entry for competitors, giving your company an advantage in the marketplace. It is also possible to increase your costs to the government at a rate that is reasonable to the increased burden on your company.  

    Bio: Ken Fanger is a CMMC Registered Practitioner and has been working on CMMC compliance since 2019. If you would like to learn more about CMMC or request our CMMC Explained, please reach out here: https://ontechnologypartners.com/dod-contractor-contact-form/. Follow Ken on LinkedIn here: https://www.linkedin.com/in/ken-fanger-42502b5/.
  • 07/01/2024 10:00 AM | Abby Pytosh (Administrator)

    For information technology (IT) to be considered a valuable investment by the C-Suite, it must be strategically aligned with the business’s key objectives. IT expenditures that do not align with these objectives become a financial drain. 

    Simply aligning IT with the business is not enough. The IT investments must deliver the promised results and provide appropriate returns on investment (ROI). Achieving this requires a closed-loop process. The IT organization must maintain a relationship with the C-Suite, allowing visibility into both current and future business objectives. This ongoing conversation necessitates trust and a high level of IT competency. 

    One challenge with alignment is the diverse perspectives within the C-Suite. While all are focused on advancing the business and guided by the same objectives, each executive views the path to success through the lens of their specific function. This diversity requires the IT organization to have a robust prioritization mechanism. 

    This prioritization is typically managed through the IT portfolio management process, which assesses projects based on business impact (e.g., alignment with key business objectives, payback period, ROI) and implementation difficulty (e.g., risks, likelihood of success). After agreeing on a prioritized list of projects, the IT organization must match available resources and investment capacity to these projects. It is crucial that all proposed investments are cost-efficient and perceived as reasonable by the C-Suite.  

    Building relationships and trust with the C-Suite is vital. When C-Suite members perceive IT estimates as too high, it is often due to a lack of understanding of the required integration with legacy systems or the extent of change management needed. Therefore, accurate and comprehensible estimates are essential. 

    During project prioritization, it is important to establish clear metrics for success. Success extends beyond mere implementation; it includes delivering the projected business value. The IT organization’s commitment to the C-Suite must be fulfilled. As an example, a CEO at NCR would always ask, “If I give you a dollar today, when will you return it to me?” He wanted an answer of less than a year, though he made exceptions for larger projects, emphasizing accountability for business value return. 

    The IT organization must have a process to evaluate investments six months to a year post-implementation, ensuring that the returns are meeting expectations. These returns can manifest as cost savings, reduced time to market, improved customer satisfaction, or increased revenue, all contributing to the entity’s bottom line. This process is often referred to as business value management. 

    In summary, success in collaborating with the C-Suite hinges on building relationships and fulfilling commitments. IT organizations need to understand key business objectives, align their investments accordingly, prioritize investments based on C-Suite directions, successfully implement projects, and ensure these projects deliver the expected business value. Consistently delivering business value to the C-Suite will dispel the notion of IT investment as a financial drain. 

    Bio: Don Hopkins is the Interim Dean of Raj Soin College of Business at Wright State University and former Chief Information Officer at NCR, SunGard Availability Services and International Game Technology. He also served as Vice President of Global Procurement and Supply Chain Management at both NCR and SunGard Availability Services and International Game Technology.  

  • 07/01/2024 10:00 AM | Abby Pytosh (Administrator)

    Finding qualified tech talent, especially at the junior level, can be a tough task. Employers are often spammed with resumes from candidates, and it can be difficult to filter through resumes and determine which applicants actually know their stuff. Talent teams are already spending countless hours trying to narrow down the applicant pool for higher level positions, and these entry level roles can add undue stress. 

    What’s a hiring manager to do? 

    Establishing a pipeline of junior level talent by creating a community of mentorship is not only financially beneficial for companies, but provides a more qualified, and often diverse, talent pool for years to come. The creation of a mentorship program also challenges development teams to make clear processes for onboarding new hires, which can help explain the work in a more concise, consistent way for employees across all levels. This results in new hires who are onboarded more quickly and efficiently, and who can begin making an impact much sooner.  

    How Can this Pipeline be Established? 

    For example, Code:Youprovides free training to adults aiming to transition into tech-related careers, and an integral piece of the program are the volunteer mentors who help students navigate their learning journeys. Qualified professionals who are already in the tech field work with students to help with troubleshooting, knowledge checks, and learning what it’s like to actually work in the tech field. Mentors get to watch their students succeed and build lasting relationships with them. This set-up has allowed for a life cycle of giving back, with former students coming back to mentor the program once they are more established in the industry.  

    Companies can intentionally structure their own development teams around mentoring by creating internal pipelines. Senior devs can mentor mid and junior folks, while mid-level employees looking to flex their leadership skills can mentor juniors or interns. By structuring their code, deployment process, and documentation around mentoring, companies can come up with processes that are easy to learn and explain for folks at all levels. This leads to clean code and well documented projects that anyone can contribute to, but requires a team buy-in to build out successfully.  

    Get First Pick of Talent 

    For example, at Code:You, mentors work with the same group of students for up to 20 weeks, allowing them to get to know their work ethics, skills, and unique backgrounds and interests. This relationship gives mentors the ability to pinpoint students who not only know their stuff on a technical level, but whose background and transferable skills would be a good fit for their company. Instead of sifting through a pile of faceless resumes, they have a pool of qualified talent at their fingertips, saving both time and money in their hiring process. Companies can mimic this model by bringing on early level talent for internships and using established mid to senior level talent to mentor and foster that talent. 

    Strengthen Your Team 

    Providing a strong mentor experience can allow companies to train students or potential employees in skills important to them. Instilling best practices from the get-go can allow for a shorter onboarding period and learning curve once a new hire starts, allowing them to make a more immediate impact.  

    Latecomers to tech can also be an excellent asset for your team, because they often bring other skillsets and/or industry knowledge to the table.  

    Sharpening Your Team’s Skills 

    Mentors are helping the next generation of tech talent grow into full-fledged junior developers. A mentor does not need to be an expert developer or have prior teaching experience. In fact, self-taught developers who are around the mid-level tend to be some of the best, because they know where students are coming from, and can provide a similar perspective. These leadership experiences can empower higher level developers to grow more in their own careers.  

    Have fun! 

    Day jobs can be a slog from time to time, even for those who genuinely enjoy what they’re doing. Mentoring adds back in some of the fun of what you do day to day. Helping students work through problems and create exciting new project ideas can help remind you why you got into the field in the first place. Getting more involved in the tech scene is sure to benefit you professionally.It will also surely provide personal benefits as well.  

    Creating a strong community of mentorship is not something that happens overnight, but the benefits are worth the hard work. According to a 2022 article from the Society for Human Resource Management (SHRM), employers estimate the total cost to hire a new employee can be three to four times the position’s salary. By cultivating a community of mentorship, your company can lessen those costs by finding talent that is not only a skills match, but a culture match, and set to succeed.  

    Bio: Shannon Sheehy is the Manager of Strategic Partnerships for Code:You, a non-profit program that has helped over 1,000 adults launch exciting new careers in technology since 2015. Through her role, she manages the careers team that assists program participants in finding jobs after completion of their training program. A Dayton native and graduate of Miamisburg High School, Shannon now resides in Louisville, KY.

  • 07/01/2024 9:00 AM | Abby Pytosh (Administrator)


    Hello Tech Community!

    As we gear up for another exciting year in the world of technology, it's time to talk shop about one of the hottest topics on every IT leader's mind: budgeting for the cloud in 2025. I'm thrilled to dive into this with you because, let's face it, the cloud isn't just a buzzword anymore – it's the backbone of modern IT infrastructure. 

    So, let's start with the headline news: Gartner's latest report predicts that by 2025, a whopping half of enterprise IT spending will be allocated to cloud technologies. Wrap your head around this figure: nearly $1.8 trillion – that's trillion with a 'T' – is expected to be spent on cloud services alone.

    But before you break into a cold sweat thinking about budget overhauls and endless spreadsheets, fear not! I've got your back with a savvy roadmap to help you prepare for this cloud-centric future while keeping your budget in check. 

    Here's the lowdown on how to navigate the cloud migration and budgeting waters in 2025:

    1. Know Thy Infrastructure:

    Take stock of your current IT setup like a seasoned detective. What apps are you running? Where are your workloads chilling? Understanding your infrastructure inside-out is key to figuring out what's ready to make the leap to the cloud. 

    2. Show Me the Money:

    Budgeting for the cloud isn't just about crunching numbers; it's about predicting the future (cue the crystal ball). Work closely with your finance team to map out the short-term migration costs and the long-term operational expenses. Remember, a little foresight goes a long way! 

    3. Craft Your Migration Strategy:

    Rome wasn't built in a day, and neither is your cloud migration plan. Take it step by step. Decide which workloads get first-class tickets to the cloud and which ones can chill in the on-premises lounge a little longer. Oh, and don't forget to factor in downtime – nobody likes surprises! 

    4. Lockdown Security & Compliance:

    Security isn't just a buzzword – it's your shield against cyber nasties. Beef up your security measures and ensure you're compliant with all the regulations lurking in the shadows. Trust me; it's worth the peace of mind. 

    5. Skill Up, Buttercup:

    The cloud isn't just about fluffy white things in the sky; it's about empowering your team with the skills they need to navigate this brave new world. Invest in training and upskilling initiatives to ensure your squad is ready to rock the cloud like pros. 

    So, there you have it, folks – your roadmap to cloud success in 2025! Buckle up, because the journey ahead is going to be one heck of a ride. And remember, the tech community is here for you.  

    Until next time, stay curious, stay savvy, and keep pushing the boundaries of what's possible in tech! 

    Melissa

    Melissa Cutcher
    Executive Director
    Technology First

  • 06/01/2024 9:04 AM | Abby Pytosh (Administrator)

    The Industrial Internet of Things (IIoT) and adjacent technology continues to have a profound impact on industrial processes, creating opportunities for product and service transformation. From intuitive graphic interfaces and intelligent device sensors to full-scale industrial workcells and more, successful technology integration is proven to optimize operations. That said, here are several concepts for companies to consider: 

    Install a Robot 

    An outside-of-the-box concept for many to consider, the adoption of robotic technology further enhances the IIoT ecosystem, driving further growth toward operational excellence. Where applicable, companies that successfully integrate and synchronize highly efficient robots with their current network of devices, including capital equipment, have discovered benefits such as greater production workflow, part quality, product throughput, operational safety, and return on investment (ROI). 

    A prime example of this is the integration of an industrial or human-collaborative robot to load/unload machined parts. A highly mundane and potentially dangerous task (depending on the part and environment), the combined use of innovative end-of-arm tooling (EOAT), easy-to-use electrical interfaces and flexible-yet-robust robots enables highly consistent part transfer. Not only is this reliable and consistent method of transfer ideal for protecting the integrity of capital equipment such as press brakes, but also, employee health and safety concerns can be substantially minimized. As an added benefit, workers can be redeployed to safer, value-added tasks for increased competitive edge. Applications for palletizing, pick and place, and welding are other labor intensive tasks that are frequently automated. 

    Execute Security Standards 

    Whether an industrial robot or another piece of machinery has been deployed, companies that integrate and synchronize equipment to an IIoT framework should understand the potential cybersecurity threats and vulnerabilities these machines (and others for that matter) can face. From exploiting weak passwords to ransomware attacks and more, there are a variety of ways “bad actors” try to disrupt operations. For these reasons, it is important for decision makers to take all necessary steps to ensure robot and enterprise safety.  

    Adhering to robot safety standards and industry best practices such as the Robot Security Framework (RSF) is suggested. Additionally, replacing default passwords with strong passwords, along with backing up robot and peripheral data at regular intervals is helpful. 

    Encryption and authentication techniques to protect data and communication may also be helpful to securely connect robots to necessary systems or networks. Protocols like Secure Sockets Layer (SSL) and Transport Layer Security (TLS) can aid in encrypting and authenticating data transmitted over the internet or other networks, while Virtual Private Network (VPN) technology can create a secure and encrypted tunnel between devices and a remote server. Public Key Infrastructure (PKI) may also be used to employ digital certificates and keys to encrypt and authenticate data. 

    “Hardening” devices and existing networks to withstand physical and logical attacks is also important. This process is done by applying security measures and configurations that disable and/or remove any service and feature that is not required for robot or device operation. This includes apps, interfaces, ports, protocols, etc. 

    Clearly defining internal roles and responsibilities for managing the robotic system (and inter-connected devices), when needed, is also ideal. While this is not a complete list of protocols and methods that may be used, it indicates that cybersecurity is a real threat that should be taken seriously, and proper precautions should be implemented to protect operational integrity. 

    Use Machine Monitoring 

    Many devices (CNC machines, robots, grippers, scanners, torches, etc.) can provide a wealth of information pertaining to equipment performance and operational trends. The ability to check, harness, and transform this data into actionable insights is extremely valuable for achieving the highest level of operational efficiency – as it enables data-driven optimized planning for key decision making. 

    That said, the implementation of a factory automation monitoring system that supports multiple brand devices and collects data in real time is suggested. From a manufacturing perspective, IIoT monitoring tools (along with product/part tracking) are helpful for detecting system errors, part defects and production bottlenecks. 

    Proven edge server solutions that use a leading OPC-UA interface to enable an integrated, intelligent, and innovative approach to data analytics are ideal. This allows decision makers to see what is happening at any point on the value creation chain. In turn, this helps to make informed choices that provide the ability to better manage supply chain complexity, maintain high-throughput production and execute strategic company goals. 

    Practice Preventative Maintenance 

    The key to peak performance operations is maintaining the health of a robot and other capital equipment. While the use of machine monitoring for predictive and preventative maintenance can play a large part in the life cycle management of automated tools, visual checks of a robot system should not be overlooked. From performing a grease analysis to monitor iron levels to doing a manual test to check for worrisome vibrations and gear noise, there are common assessments end users should perform to protect their robotic investment. 

    With any high-end purchase, it is always smart to invest in the value-added support programs available through the equipment supplier. Not only does this help ensure maximum asset performance, but also it provides prime ROI. Locking into an annual or extended service plan can augment a company’s preventative maintenance strategy, while ensuring issues are addressed in a timely manner to optimize uptime. 

    Whether protecting a robot or robot system purchase, maintaining the life cycle of another piece of capital equipment, these concepts should help build a solid foundation. As always, any questions should be directed to your robot supplier or equipment manufacturer – as this will provide the best source of information for moving forward. 

    Bio: Bill Edwards is Sr. Manager of Collaborative Robotics at Yaskawa Motoman, where he strategically oversees all aspects of collaborative robot planning, design, specification and approval. With over three decades of experience in engineering and project management, as well as control systems application and design, Bill is dedicated to developing safe, high-quality robots that foster greater production efficiency. He is a voting member for both the International Organization for Standardization (ISO) and the American National Standards Institute (ANSI), where he serves on various industrial robot safety committees. 

  • 06/01/2024 9:02 AM | Abby Pytosh (Administrator)

    In today's rapidly evolving technology landscape, safeguarding your investment in technology is good business sense. With the ever-present threat of cyber-attacks to companies of all sizes and the need for scalability, businesses must adopt proactive measures to protect their assets while maintaining flexibility for growth. This article explores a concept called “continuous threat exposure management” and strategies to ensure scalability in the face of these evolving challenges.

    Continuous Threat Exposure Management

    1. Vulnerability Assessment: Scope for cybersecurity exposure
    2. Develop a discovery process for assets and their risk profiles
    3. Prioritize the threats most likely to be exploited
    4. Validate how attacks might work and how systems might react
    5. Mobilize people and processes
    SUMMARY

    Continuous Threat Exposure Management (CTEM) is a formal, proactive approach to identifying, assessing, and mitigating risks to an organization's digital assets. It involves continuously monitoring the organization's technology infrastructure, applications, networks, and data for vulnerabilities and potential threats. The goal of CTEM is to minimize the organization's exposure to cyber threats by identifying and addressing weaknesses before they can be exploited by attackers. The need for processes like CTEM in organizations of all sizes is an unfortunate reality of today’s world.

    According to Gartner, the 5 major steps in CTEM are:

    Vulnerability Assessment: Regularly scanning and assessing the organization's systems and networks to identify vulnerabilities, misconfigurations, and weaknesses that could be exploited by cyber threats.  

    The full vulnerability assessment process is an ongoing investigation of not only what ports might be accessible from the Internet, but also a complete scan of internal resources and what might be accessible to a “bad guy” if they do get inside the network.  In years past, it was often deemed sufficient to do a scan of your company’s “public” footprint to see what ports might be open to internal resources and identify any misconfigurations or flawed security from that perspective. More recently however, since over 90% of cyberattacks begin with a phishing email, which ends up either compromising a local system, or a cloud email platform, looking at the technology from the perspective of the bad guy is the better approach.

    Most organizations, especially smaller companies, may not have the internal resources or tools to conduct these types of scans internally. The use of an external 3rd party resource which specializes in Cyber Security Penetration Testing is advised. Even MSPs (Managed Service Providers) find it wise to outsource this specialized service to 3rd parties on behalf of their clients.

    Threat Intelligence Integration: Incorporating threat intelligence feeds from various sources to stay informed about emerging threats, attack techniques, and indicators of compromise relevant to the organization's industry and technology environment.

    Keeping up to date on everything technology related is a daunting process, and now we need to keep a close eye on Threat Intelligence as well. While there are many open-source, online resources that provide lots of up-to-date information on threats, keeping up to date on them is difficult, especially for small businesses.

    The FBI’s InfraGard program is a collaborative product between the FBI (Federal Bureau of Investigation) and members of the private sector. Authorized users of the InfraGard program can share information, networks and educational workshops to keep up on threats relevant to 16 specific infrastructure categories.

    There are also 3rd party resources providing consolidated resources for vulnerability and intelligence.

    Patch Management: Implementing a structured process for installing security patches and updates promptly to address known vulnerabilities in software, operating systems, and applications.

    It is common knowledge that Microsoft, as one of the predominant software providers, releases their standard patches on “Patch Tuesday” -- the second Tuesday of each month. Patch Tuesday is the unofficial term for the day when Microsoft releases update packages for the Windows operating system and other Microsoft software applications, including Microsoft Office. In some cases, Microsoft will issue "out-of-band" updates for particularly critical security flaws, especially ones that are being exploited in the wild.

    As Microsoft patches security vulnerabilities, it doesn't release those patches immediately. Instead, the company gathers those fixes into a larger update, which is released on Patch Tuesday.

    Windows workstations and servers automatically (by default) check for updates about once per day. The average system should automatically download these updates quickly but may delay installation.

    With the number of issues with Microsoft updates over the past several years, many organizations hold off on applying updates for a week or two, to make sure there are no issues noticed.

    Security Monitoring: Using monitoring tools and technologies to continuously monitor network traffic, system logs, and user activities for signs of suspicious or malicious behavior that could indicate a security threat.

    Network monitoring is crucial for small businesses to ensure the health and functionality of their computer networks. In today’s digital landscape, where businesses heavily rely on technology, having a robust network monitoring system is essential to find issues and potential threats. As small businesses often have limited IT (Information Technology) resources, it becomes even more vital to have efficient network monitoring in place.

    Incident Response Planning: Developing and regularly testing incident response plans to ensure the organization is prepared to detect, contain, and respond effectively to security incidents when they occur.

    Businesses should have a written plan that identifies those steps to take in an incident, including notifications to Cyber Insurance carriers, customers, and law enforcement. Preventive steps to keep business functionality include backup and recovery procedures to help a business recover and get back to normal operation as quickly as possible.

    Risk Prioritization and Remediation: Prioritizing vulnerabilities and security risks based on their severity, likelihood of exploitation, and potential impact on the organization's operations, and implementing proper remediation measures to mitigate these risks.

    The formal Continuous Threat Exposure Management (CTEM) process is an approach to identify, assess and mitigate risks to an organization's technology assets. While this approach is ideal in a perfect world, it does entail significant investments in processes and resources.

    For smaller business without the internal resources for this process, a Managed Service Provider may be able to provide these services or coordinate with 3rd parties for some of these steps such as Vulnerability Assessments, understanding threats, implementing Patch Management controls and Security Monitoring.

    Bio: Barry Hassler is the founder and President of Hassler Communication Systems Technology, Inc (HCST), a business IT Managed Services Provider based in Beavercreek OH. HCST has been in business since 1991 and serves a variety of small businesses primarily in the Dayton and Springfield Ohio

    Panetta, Kasey, “How to Manage Cybersecurity Threats, Not Episodes”, Gartner, 3 May 2024, https://www.gartner.com/en/articles/how-to-manage-cybersecurity-threats-not-episodes

  • 06/01/2024 9:00 AM | Abby Pytosh (Administrator)

    Copiers (MFPs) and Printers are often forgotten when it comes to a company’s security policy.  As IT professionals continue to invest time and money into tightening their cybersecurity, it is vital to include MFPs and Printers in their policy.   Copiers of years ago were simple devices, not connected to a network and they only made copies.   As technology has advanced, so have MFPs.  These devices are just like any other device on your network and are a gateway to an enterprise’s most sensitive data.

    According to a 2023 Print Security Landscape Survey by Quocirca, 61% of organizations have experienced a print-related data loss over the past year and 39% struggle to keep up with printer security.  

    Below are the top MFP and Printer security risks and how to mitigate them:

    1. Physical Access: Documents left on the output tray pose a significant security risk.  We recommend a “follow you” print strategy to enable the device to “hold” the job until an end user authenticates and releases at the device.

    2. Default passwords: Factory preset credentials need to be changed by administrators.

    3. Lock Down Scanning Access: MFPs are often used more for scanning than copying.   Scanning should be locked down at the minimum to scan only to your company’s domain.  To take it a step further, having users authenticate with their user credentials and enabling “scan to myself” is a best practice. If scanning isn’t locked down, confidential documents can be sent to “Gmail or Yahoo” addresses and your company wouldn’t even know it was sent.

    4. Lack of Security updates: Your Vendor should work with you to ensure these devices have updated firmware and software patches.

    5. Hard drive wipes: Before these devices leave your environment to either be shipped back to a leasing company or decommissioned, it is vital to wipe or destroy the hard drive.

    6. Track and audit device usage: Many companies are investing in print management software to track who is using these devices and how they are using them.  You can limit what a user has access to and have audit trails of how each employee is using the device.

    7. Home office printing: With the trend of a hybrid workplace continuing to grow, it is vital to make sure that home office printers are configured and set up with the same security settings as your in-office devices are.

    8. Standard security features on devices: Many devices now come with SIEM integration, Verify System at Startup, SSD Data Encryption, and Encrypted Secure Print.  It is important to ensure that these security features are enabled and set up properly.

    9. Cloud printing risks: Cloud printing services are on the rise, but it is important that your provider has robust security measures in place.  End-to-end encryption of print jobs, reviewing activity logs and reviewing access control all need to be in place.

    MFPs and Printers are an integral piece of technology in organizations, but if left unmanaged can pose a high security risk.   Confidential data regularly moves between user’s PCs, Servers and MFPs/Printers, so it’s important to have a security plan in place to protect your print environment. 

    Bio: Leah Seymour is the Senior Sales Director for Modern Office Methods (MOM) and has 26 years of experience in the Office Equipment Industry.  She specializes in working with IT Leaders in Healthcare, Manufacturing, Logistics and Higher Education to help them improve productivity, control costs and secure their devices.

  • 06/01/2024 8:00 AM | Abby Pytosh (Administrator)


    Building a technology organization involves substantial investments – from hardware, software, and cloud solutions to the critical processes governing, modernizing, and maintaining operations, not to mention the invaluable talent driving these initiatives. 

    Your investment in people is particularly crucial, as skilled personnel play a pivotal role in developing, managing, and effectively utilizing technology. Identifying, recruiting, and onboarding the right talent requires significant time and resources. However, the journey doesn't end there. Retaining these team members necessitates a strategic plan and continued commitment of time and resources. 

    Here's how your business can safeguard its investment in people: 

    Leverage Technology First:

    • Attend peer group meetings for insightful peer-to-peer sharing and learning. 
    • Transform a peer group meeting into a one-on-one development opportunity by bringing a team member along. 
    • Expand knowledge and strengthen networks by attending conferences. 
    • Encourage subject matter experts (SMEs) to submit presentations at conferences, enhancing their speaking skills. 
    • Foster collaboration by actively participating in our peer resource group forums. 
    • Join a committee and contribute resources to give back to the community. 
    • Share volunteer opportunities with your team to promote team building. 
    • Nominate a team member for a Technology First Leadership Award and attend the event to support all finalists.

    Prioritize Well-being and Development: 

    • By prioritizing the well-being, growth, and development of your technology workforce, your business can ensure a resilient and motivated team that drives innovation in the dynamic technology landscape. 

    Connect, Strengthen, and Champion Your People: 

    • The more you invest in connecting, strengthening, and championing your people, the more invested they will be in the career you're developing together. 

    As you focus on protecting your technology investment, take a moment to enjoy summer activities that energize you. We hope to see you at one of our upcoming Tech First events! 

    Melissa


Meet Our Partners

Our Cornerstone Partners share a common goal: to connect, strengthen, and champion the technology community in our region. A Technology First Partner is an elite member leading the support, development, and expansion of Technology First services. In return, Partners improve community visibility and increase their revenue. Make a difference in our region and your business. 

Become A Partner

Cornerstone Partners



1435 Cincinnati St, Ste 300, Dayton Ohio 45417

Info@TechnologyFirst.org
937-229-0054

Cancellation Policy | Event Terms and Conditions | Privacy Statement