Blog

Microsoft Teams and Google Meet: A comparison of video conferencing platforms
Remote collaboration and virtual meetings have skyrocketed due to the increase in telecommuting. To facilitate face-to-face communication, companies often turn to popular video conferencing solutions like Google Meet and Microsoft Teams. However, these platforms are not created equal. To help you figure out which tool is best suited for your needs, we will take an in-depth look at the features offered by both Google Meet and Microsoft Teams.

Pricing

For those on a tight budget, Google Meet and Microsoft Teams both offer a free version with limited features, which include basic video conferencing, screen sharing, and chat capabilities.

However, most businesses may require more advanced features and may need to opt for paid plans. Google Meet’s pricing structure is slightly simpler with its three-tiered plan: Basic ($6/month), Business ($12/month per user), and Enterprise ($18/month per user). Each tier offers additional features such as larger participant limits, meeting recording, and advanced security options.

Similarly, Microsoft Teams offers a range of plans, including Microsoft 365 Business Basic ($6/month per user), Microsoft 365 Business Standard ($12.50/month per user), and Microsoft 365 Business Premium ($22/month per user). Higher tiers include more advanced features such as advanced security and compliance tools, phone system integration, and flexible cloud storage.

In terms of pricing, both platforms offer fairly similar options, with Microsoft Teams having a slight edge in terms of features offered for its more premium plans.

Call features

Google Meet and Microsoft Teams offer standard call features such as HD video, screen sharing, chat, meeting recording, and live meeting transcriptions on paid plans. Both platforms also provide joining restrictions, hand raising, and background replacement settings for a more organized virtual meeting.

When it comes to video conferencing, you can’t go wrong with either platform, but if you’re looking for a more advanced calling experience, Microsoft Teams offers Voice over Internet Protocol (VoIP) phone systems. These features enable companies to make and receive internal and external calls through Teams. Plus, they get robust business phone system features such as automated attendant features, music on hold, call queues, call forwarding, and so much more.

Number of participants

If you tend to have virtual meetings with a large number of participants, Microsoft Teams may be a better option. While Google Meet allows up to 500 participants in a single meeting, Microsoft Teams allows up to 1,000 participants in a call session for higher-tier subscriptions. This can be particularly useful for those conducting webinars or virtual events with a large audience.

Meeting length

On the free plan, Google Meet and Microsoft Teams limit meeting lengths to 60 minutes, which is sufficient for short team meetings or catch-ups.

Meanwhile, paid plans on both platforms allow longer meeting times, with Google Meet offering up to 24 hours and Microsoft Teams allowing a maximum of 30 hours. This is more than enough for virtual conferences, seminars, and online events.

User interface

While the intuitiveness of a platform’s user interface is subjective, both Google Meet and Microsoft Teams offer clean and organized layouts. Those already familiar with Microsoft’s ribbons, side menus, and tabs layout may lean toward Teams. The downside is that it can look cluttered to new users.

On the other hand, Google Meet maintains a simple and straightforward interface with a minimalistic design. This layout makes Meet easy to navigate and doesn’t require a steep learning curve, especially if users are already familiar with the Google Workspace ecosystem.

Native integrations

Google Meet and Microsoft Teams are both part of larger ecosystems, which allow for integration with other tools and apps. Google Meet is part of Google Workspace, formerly known as G Suite, which means seamless integration with other popular tools such as Gmail, Calendar, and Drive.

In contrast, Microsoft Teams is part of the Microsoft 365 environment, allowing for easy integration with Outlook, OneDrive, and other Office productivity apps. It also includes Power BI for data analytics, Planner for task management, and Viva for employee engagement. When it comes to integrations, it all comes down to personal preference and which ecosystem your team is already using, but Microsoft’s more extensive range of native integrations may give it an edge over Google Meet.

Security

Google and Microsoft both take security seriously, and have implemented various measures to ensure secure virtual meetings. Meet and Teams, in particular, come with advanced security features like end-to-end encryption, multifactor authentication, access controls, and data loss prevention policies.

Although Microsoft’s ecosystem also includes notable security features such as mobile device management, device encryption, and Windows defender antivirus. Google’s security measures may fall short on paper, but they have been fairly unscathed when it comes to security breaches unlike Microsoft.

It’s clear that both Google Meet and Microsoft Teams offer robust video conferencing solutions, each with its own unique strengths. Your choice will largely depend on your specific business needs and the ecosystem you’re already familiar with. But if you’re still unsure, contact our team today to discuss which platform would be the best fit for your business.
```
Published with permission from TechAdvisory.org. Source.
```
December 13, 2023
QR code Scam – SCAM OF THE MONTH
As the holidays approached, Ed planned to meet some family and friends out for dinner. When the day finally came, he drove to the restaurant and parked his car in a lot nearby. Ed walked over to the pay station and noticed it had a QR code on the side of it that said, “Scan & Park”. Ed examined the machine. It looked old and had some buttons missing. He decided it would be easier to scan the QR code and pay for the parking digitally.

After entering his card details, email address, and phone number, he waited for a confirmation message. But the message never came. Eager to get to dinner, Ed shrugged it off and continued on his way to the restaurant. The night went swimmingly until Ed walked back to his car after the dinner. Not only did he have a parking ticket, but when he went back to the website from the QR code and examined it closely, he realized it didn’t have any details related to an official parking company.

Did you spot the red flags?
- Ed should have examined the website before entering his personal information.
- Since the pay station was functional, Ed could have paid directly through this more legitimate source, even if it took a little more time.
- If Ed looked at the QR code closely, he would have seen it didn’t have a company name or other sign of legitimacy
What you should know about this scam

QR codes can be made by anyone and stickers can be placed in public settings. Avoid scanning random QR codes before verifying the source.

Be wary of QR codes placed randomly on pay stations, especially if they don’t state any details about the website or company involved.

Some cybercriminals stick their malicious QR code over legitimate ones. Even if the sticker is from a well-known company, examine it closely for any signs of tampering.
December 13, 2023
The Unsubscribe Scam – SCAM OF THE MONTH
Leo was hard at work when he got a new message in his inbox. It appeared to be from his company’s trusted supplier. However, upon closer inspection, he realized the sender’s address was misspelled and that the message did not match the style typically used by the supplier. He decided it was likely a fake. Leo clicked the “unsubscribe” button on the email to take himself off the scammer’s list. Little did he know, the unsubscribe link was part of the phishing attempt and was malicious.

After unsubscribing, he went back to work as usual. Despite his assumption that the message was a scam, Leo did not think it was necessary to report the message to anyone since he did not fall for it. Weeks later, the company suffered a major breach as many of their employees also fell for the phishing email. The cybercriminals infiltrated the company’s systems and gained access to important data from many different departments.

Did you spot the red flags?
- Leo should not have clicked “unsubscribe” on the email if he had any suspicions that it was a phishing message as scammers often use this tactic to trick users.
- Leo did not alert his company about the phishing message. This simple step could have prevented the breach, or mitigated its impacts.
What you should know about this scam

Do not respond to or unsubscribe from phishy messages. Just delete and block the sender.

Report any suspicious messages to your IT team and manager, whether you click on them or not.

Why incidents are often underreported:
- 43% feared the repercussions of reporting an incident.
- 36% felt that reporting was unnecessary.
- 32% simply forgot to report.
Cybersecurity is a shared responsibility, but the proper authorities need to be informed when something occurs in order to provide the proper support. Only then can we come together as a team to combat cybercrime.
November 14, 2023
Email protection made easy: Why Microsoft Defender for Office 365 is a must-have for your RIA firm
For registered investment advisors (RIAs), every email ping is a potential opportunity, a client query, or an industry update. But hidden within these email exchanges could be messages carrying malicious intent. Unfortunately, email remains one of the most common methods of cybercrime, with phishing attacks and malware being the top threats.

So, what can you do to protect your RIA firm from the cyberthreats lurking in your inbox? Look no further than Microsoft Defender for Office 365 for a comprehensive, intelligent solution designed to keep your email, and your business, safe.

What is Defender for Office 365?

Microsoft Defender for Office 365 is a cloud-based email filtering service that integrates with your RIA firm’s email system. It uses advanced, AI-powered technology to detect and block cyberthreats in real time, ensuring that only safe emails reach your inbox. It also helps you respond quickly to any security incidents, even if you’re not a tech expert. If you have a Microsoft subscription, then you may already have access to this powerful tool.

What makes Defender for Office 365 the top choice for RIAs?

Microsoft’s commitment to providing state-of-the-art security solutions isn’t just a claim; it’s an achievement recognized by industry experts. In The Forrester Wave™: Enterprise Email Security, Q2 2023 report, Microsoft emerged as a leader, thanks to Defender for Office 365’s advanced threat protection, email encryption capabilities, and ease of deployment and management.

What does this mean for your RIA or financial advisory firm? It means that by using Defender for Office 365, you’re not only getting a trusted and reliable solution but also staying ahead of potential threats. Let’s look at some of the key features that make Microsoft’s email security stand out:
- All-around protection – Defender for Office 365 protects your email from all types of threats, including spam, malware, ransomware, and phishing attacks. It also prevents accidental data leaks by detecting and encrypting sensitive information in emails. What’s more, it doesn’t protect just your inbox, but also other Microsoft apps, such as Teams and SharePoint.
- Top-notch performance – With Microsoft’s vast network of threat intelligence and machine learning capabilities, Defender for Office 365 can quickly analyze billions of emails every day to identify and block any potential threats. It also continuously learns from new patterns and trends, ensuring that your email security is always up to date.
- Quick incident response – Imagine having a security team that jumps into action as soon as something seems fishy. That’s what you get with Defender for Office 365. It provides real-time alerts and reports, allowing you to quickly assess any security incidents and take action.
- Seamless integration – If you’re like most RIA firms, you likely already use Microsoft 365 for your daily business operations. Defender for Office 365 integrates seamlessly with this suite of productivity tools, you’re essentially adding an extra layer of security to your work apps without making things complicated. It fits right in with your existing workflow and can even enhance it.
- User-friendly interface – You don’t have to be a tech expert to use Defender for Office 365. Its intuitive and user-friendly interface makes it easy for anyone in your firm to manage and monitor email security. Plus, with automatic updates and maintenance, you can focus on running your business without worrying about cybersecurity.
Microsoft delivers communication protection with streamlined analyst experience. Now a security tech powerhouse, Microsoft’s continued investment in security is paying off as it protects end users from attacks that target communication and collaboration environments in addition to email.
– The Forrester –

Leverage your Microsoft subscription to the fullest

If your RIA firm is already using Microsoft 365, then adding Defender for Office 365 to your arsenal is a no-brainer. You get all the benefits of this advanced email security service without any additional cost. Work with your IT services provider to ensure you have this service configured properly to take advantage of all it has to offer. But even if you don’t have a Microsoft subscription, investing in Defender for Office 365 is a wise decision that can save you from potential data breaches and financial losses.

It’s also worth noting that Microsoft’s commitment to security extends beyond email protection. Microsoft Defender for Endpoint, a part of Microsoft’s security offerings, has also been recognized for its excellence. In the 2022 Gartner Magic Quadrant for Endpoint Protection Platforms, Microsoft was named a Leader. According to the report, Microsoft Defender for Endpoint delivers outstanding endpoint security and is a top choice for organizations looking to secure their endpoints effectively.

By leveraging your Microsoft subscription to its maximum potential, you’re investing in a safer, more secure future for your firm. You’re ensuring that every email ping remains an opportunity instead of turning into a potential threat. Don’t let cybercriminals disrupt your growth — take action today with Defender for Office 365, and let your business continue to flourish in a secure digital environment.

Our team at RIA WorkSpace can help you set up and manage Microsoft Defender for Office 365, along with other essential tools to streamline your RIA operations. Get in touch with us today to learn more about our services.
November 12, 2023
Common IT benchmarks to measure the effectiveness of your IT provider
Measuring the effectiveness of your IT provider is essential for ensuring that your registered investment advisory (RIA) or financial advisory firm is getting the most out of your partnership. By tracking key IT benchmarks, you can assess your provider’s performance and identify areas for improvement. You can also use this information as a basis for comparison when considering other potential providers.

Here are some common IT benchmarks that you can use:

Ticket response and resolution times

These are perhaps the most important factors to consider when evaluating the effectiveness of your IT provider. How quickly do they respond to your requests for support or assistance? Are they able to resolve issues in a timely manner?

A good IT provider should have a well-defined process for handling and prioritizing tickets, as well as a system in place to track response and resolution times.

The average ticket response time for common IT issues is around 1–2 hours, while critical or urgent issues should ideally be responded to within 15–30 minutes. As for resolution times, they can vary depending on the complexity of the issue, but a good benchmark is to have most issues resolved within 24–48 hours. Any delays or prolonged response and resolution times could indicate a lack of efficiency or resources on the part of your IT provider.

As an example, at RIA WorkSpace, we classify all tickets based on severity and each severity has its own target response rate.
- Emergency response service tickets are logged within 5 minutes with a 30-minute response time. These are for critical problems where your ability to conduct business has stopped (e.g., a server, a network, or an application is down).
- Fast response service tickets are logged within 5 minutes with a 30-minute response time. These are for situations where an individual user is unable to conduct business (e.g., the user cannot log into their computer or access their email).
- Quick response service tickets are logged within 30 minutes with a 1-hour response time. These are for urgent problems where service is seriously degraded but you can continue to operate for a short time (e.g., very slow network performance or an app function is down).
- Normal response service tickets are logged within 1 hour and our response time is within one business day. These are for situations where an employee can still work but is not as productive (e.g., a user has a slow computer or cannot print to multiple printers).
Number of tickets per month

In addition to response and resolution times, the number of tickets your IT provider handles each month is also a good benchmark to measure their effectiveness. A high number of tickets could suggest ongoing issues or recurring problems that are not being properly addressed by your provider.

The ideal number of tickets per month can vary depending on the size and complexity of your business. For small RIA or financial advisory firms with fewer than 10 employees, an average of 10–15 tickets per month is considered normal. However, for larger firms with more extensive IT needs, this number can be significantly higher.

Onboarding time for new employees

The speed and efficiency of your IT provider in onboarding new employees is another important benchmark to consider. A good IT partner should have a streamlined process in place for adding new users, setting up devices and software, and providing training or support as needed. Delays or complications in this process can disrupt productivity.

The benchmark for onboarding time varies depending on the complexity of your firm and the number of employees being onboarded, but a good timeframe to aim for is 1–2 days. This allows new employees to quickly get up to speed with your firm’s tech stack and start contributing to the company.

Ideally, onboarding should not result in any downtime for your existing employees or business operations. However, if there are any issues or delays, your IT provider should have a contingency plan in place to minimize disruptions and ensure a smooth transition for new hires.

Uptime and availability

Finally, the uptime and availability of your IT systems are crucial benchmarks that can directly impact your business operations. Downtime or system failures can result in lost productivity, data loss, and potential security risks. A good IT provider should have systems and processes that ensure high levels of uptime, as well as a backup and disaster recovery plan in case of any unexpected events.

The industry standard for uptime is 99.9%, meaning your IT systems are expected to be available 99.9% of the time. This translates to roughly 40 minutes of downtime per month, which should ideally only occur during scheduled maintenance or upgrades. If you experience more frequent or prolonged periods of downtime, it may be time to reassess your IT provider.

Related reading: Hiring an IT Services Company for your RIA? Here are the things you should know

Other considerations

In addition to the core benchmarks mentioned above, assessing your IT provider’s customer satisfaction and experience working with RIAs are valuable aspects to consider.

Customer satisfaction

Some IT companies may provide data from Smileback reports to indicate how happy their current customers are. Smileback reports gather feedback and ratings from clients, offering a real-world assessment of the IT provider’s performance and the satisfaction levels of their clients. Positive Smileback reports can be a strong indicator of a reliable and customer-focused IT provider.

History of meeting industry-specific needs

While not a benchmark in the traditional sense, the IT provider’s experience in meeting industry-specific needs is an important consideration. Ideally, clients should partner with an IT provider that has five or more current or past clients within the RIA sector. This demonstrates a track record of understanding the unique challenges and technology requirements of RIAs, ensuring that the IT provider can offer tailored solutions that align with industry standards and compliance regulations.

In addition to these benchmarks and other considerations, it is also important to regularly review and communicate with your IT provider about their performance and any areas that may need improvement. By setting clear expectations and using the above to measure their effectiveness, you can ensure that your IT provider is delivering the best possible support and services for your RIA or financial advisory firm.

If you feel that your current IT provider is not meeting your needs, you can always explore other options and try to find the best fit for your firm. We at RIA WorkSpace are dedicated to providing top-notch IT support and solutions tailored specifically for RIA firms, so feel free to reach out to us with any questions or concerns. Let’s work together to ensure your technology needs are being met effectively and efficiently.
November 7, 2023
Seven Microsoft Gems: Empowering Your RIA For Security & Compliance: RIA Tech Talk Episode #1
The RIA Tech podcast, presented by RIA WorkSpace, is on a mission to simplify the complex world of technology for Registered Investment Advisors (RIAs). Watch Episode 1 here:

Listen To The Audio

Read The Transcript

In this episode, hosts Todd Darroca and David Kakish discuss seven key Microsoft features that can empower RIAs in terms of security and compliance. These features are often underutilized by RIAs and implementing them can enhance cybersecurity and ensure regulatory compliance.

Here’s the list we cover in this podcast:
1. Multi-Factor Authentication (MFA). MFA adds an extra layer of security by requiring users to provide two or more forms of authentication before granting access. It’s a fundamental security measure that every RIA should implement.
2. Email Encryption. Microsoft offers a user-friendly email encryption feature that enables users to easily encrypt sensitive emails on demand, ensuring the secure transmission of confidential information.
3. Email Archiving. Many RIAs are already paying for third-party tools like Smarsh or Global Relay for email archiving, but Microsoft’s email archiving option can save money and provide a seamless solution that meets SEC compliance requirements.
4. Microsoft Teams Archiving. RIAs using Microsoft Teams for communication can efficiently archive their Teams chats and conversations without the need for third-party tools.
5. File Archiving. For RIAs using OneDrive or SharePoint, Microsoft offers file archiving options that meet SEC compliance requirements. This feature allows you to keep records of previous document versions.
6. Data Loss Prevention (DLP). DLP helps prevent accidental data leaks by automatically detecting and protecting sensitive data, such as social security numbers or client information in emails.
7. Secure Single Sign-On for web-based applications. This feature enhances productivity and security by allowing employees to access various web applications with a single sign-on tied to their Microsoft Active Directory account.
These Microsoft features are fundamental to improve security and compliance, particularly in the context of remote work. These features are user-friendly and accessible, making it easy for RIAs to safeguard their sensitive data and ensure the security of their operations. RIAs are encouraged to take action, whether by configuring these features themselves, reaching out to their technology provider, or contacting RIA WorkSpace for assistance.

Don’t be a sitting duck; take action to protect your business and client information.

Listen To The Audio:

Read The Transcript:

Todd Darroca (00:00):

Hello and welcome to the RIA Tech Talk podcast, brought to you by RIA Workspace. I’m Todd Darroca, and alongside me is David Kakish. Together we’re on a mission to simplify the complex world of technology for RIAs just like yours. Now in this podcast, we’ll be your tech guides breaking down those often confusing tech topics into plain and practical terms. So we hope you join us for each episode as we dive into the latest tech trends, we’ll share expert insights and help you navigate the ever-changing world of RIA technology. So let’s get started. David, what are we talking about today?

David Kakish (00:36):

Sure. Well listen, thanks Todd. I want to welcome you and I want to welcome the listener. The title of the session that we’re talking about today is seven Microsoft Gems, and that’s empowering your RIA for security and compliance. And actually the subtitle that I like to use is these are seven security and IT compliance features that are probably part of your Microsoft subscription that your R I H just doesn’t know about that. And here’s why this is important for the RIA that’s listening to us. Number one is a lot of RIAs are paying for third party tools that they’re already part of their subscription. It’s kind of like throwing money out of the window. So why pay for something that I’m already paying for? And then the other thing is every RIA we work with or we talk to, we want to make sure that you’re able to maximize your cybersecurity and your IT compliance.

(01:28):

And so from my perspective, the really big problem that I see is a lot of RIAs don’t know that this is part of their subscription. And the worst part is a lot of, and you and I talked briefly about this before the session, a lot of IT providers don’t know that it’s part of their Microsoft subscription either. And there’s so much that you can do. And the analogy that I keep coming back to is that people have this airplane, these RIAs have this airplane, and they don’t need a new airplane, they just need a better pilot, somebody that can sit in the cockpit and know what to do. So we’re going to talk about seven things that are part of your Microsoft subscription that you’re probably not using. And I can assure you, even if you think you’re using everything, there’s probably two or three that you’re not using. And from our experience, once we start talking with RIAs, most of them, they’re only using 20% of their Microsoft subscription.

Todd Darroca (02:19):

And I guess it’s not abnormal, not using everything in your subscription for any product. And when I think about the IT pros out there and anybody else, sometimes there’s so much that they have to do every single day and hundreds of tickets coming through, different equipment problems, software and infrastructure, all that stuff. So you can’t blame ’em for just kind of missing out on this. So this is great that hopefully when you talk about these seven things will be some cool tidbits in there for them. Yeah,

David Kakish (02:46):

And what I’ll do is to be clear, we really target when we’re working with RIAs, we’re working with the managing partner or the chief compliance officer or the chief operating officer. Most RIAs don’t have an in-house IT person. So that’s another really big challenge. So our messaging, we’re not really, as much as I’d like to geek out and get into the details of the technology, I’ll keep it really high level so that we don’t lose the chief compliance officer or the managing partner. And so we we’re going to share these seven things with you, and by the end of the session, you’re really going to, I think most RIAs, if they’re, I mean, I can assure you they’re probably not using five of these seven things that I’m talking about. Maybe they’re using one or two. But by the end of the session, A C C O, as a managing partner, you can walk away with this and either do it yourself. That is an option. You can contact your IT provider and say, Hey, I was listening to David and Todd and these are three, four things that we want to have in place that we’re not. Or you can contact us, we’d love to help you. But I think my goal is I don’t want you to be listening to this and then walk away and not do anything. Because again, we want help you increase your cybersecurity posture and help you increase your IT compliance.

Todd Darroca (04:03):

Yeah, absolutely. Alright, so I think what I want to hear from you more David, is the costs that people may be throwing out the window when they’re using this subscription, but not really knowing what it’s supposed to be used for. Can you kind dive into that just a bit to tell some real world stories or what you’ve seen so far in the world right now?

David Kakish (04:26):

Yeah, yeah. So I first heard this story by Dan Kennedy who’s like the godfather of direct response marketing. I’m sure you’re probably familiar with them, but I can’t remember if he said, take $20 and throw it out the window or take $20 and flush it down the toilet. And he goes, do that and then do it every day and then do it every day. And how does that make you feel, right? And you’re like, well, I feel stupid. I feel like an idiot. And he goes, and so I’m taking that same analogy and I’m challenging that RIA, that person that’s listening to us today, I’m challenging you and telling you every single day in your business you’re taking a lot more than $20 and you’re flushing it down the toilet and you’re doing it every single day, every single week, every single month. And so personally I feel, I don’t know, I feel stupid when I do that. I’m like, oh my goodness, I didn’t know that that’s an option. So I guess Todd and maybe the listener, some people might feel angry, they might feel, I don’t know what the feeling is, but I’m

Todd Darroca (05:22):

Here to

David Kakish (05:24):

From, yeah,

Todd Darroca (05:24):

I don’t like throwing out 20 bucks a day. We’re on a budget over here. So yeah, anything to save me 20 bucks a day, times that with 365 days, I’ll take it. That’s

David Kakish (05:34):

Right. That’s a lot of happy meals. That’s how I measure things sometimes. All right, so again, so just a little bit of context. We don’t really work with very large financial institutions. Vast majority of RIAs we work with typically have, let’s just say between five and 25 employees. And we even have smaller ones and bigger ones and things like that. But I think what happens is because we work with these RIAs so much, we understand some of the unique challenges that they have. And the fundamental challenge that you as an RIA have that’s different than that business across the street is you’ve got millions of dollars in a u m. That business across the street does not. So your requirements for IT compliance for cybersecurity are exponentially higher than that business across the street. And again, it’s not that the current IT provider you work with doesn’t care about you, or they’re used to working with smaller clients. And so some of these enterprise, big business security, it’s really difficult for ’em to take it and apply it to an RIA with employees. And so we tend to see that quite a bit. So I just wanted to give some context for the story to why we see that. And then I’m just ready to go down the list one by one, let’s do it and then talk about that. Yeah. Okay.

Todd Darroca (06:55):

Cool. So we’ve got seven lists, or excuse me, seven tips to keep in mind. So David, start us out with number one. Sure.

David Kakish (07:02):

Well listen, everybody should be doing this if they’re not, get this done by the end of day tomorrow, right? Multifactor authentication for every single person on your team. So actually Todd, let me rewind a little bit. This would apply whether you’re using Google or Microsoft or Amazon or whatever, but I’m really going to focus in and talk about the people that are using the Microsoft subscription because Microsoft in this space, they’re kind of like they’re the 800 pound gorilla. That’s kind of like the defacto standard over 80 if not 90% of RIAs. That’s what they’re using. They’re using the Microsoft platform. So I’m going to really focus in on that. But again, it applies to other platforms. So number one, multi-factor authentication for every single person on your team. And ideally, I would encourage you to use the authenticator app, the authenticator application on your smartphone rather than getting the text messages.

Todd Darroca (07:58):

So I have three different types of authenticators. So is there any one that you recommend over the other, or is it just to have an M F A just so you can make sure that, again, you’re adding that extra layer of security?

David Kakish (08:14):

Yeah, it’s really having that M F A to have that extra layer of security. At the end of the day, it doesn’t really matter whether it’s Google or Microsoft or whatever, but that’s just a higher level of security rather than getting that over text messages. So if you don’t have, listen, if you don’t have multifactor authentication enabled for everybody, you definitely want to have that enabled for every single person on your team. And ideally you’re using the authenticator app, don’t care if it’s a Google, Microsoft or whatever. We like the Microsoft ecosystem, but you can really use anything. So this is the easy one. This is the easy one. A lot of people are doing it. We kind of put an easy one in the beginning. The second one, and I am amazed at how many RIAs are paying for a third party tool that’s clunky, that’s cumbersome, is email encryption.

(09:04):

And what I mean by that, when it comes to email encryption, and maybe I’ll just kind of open up my email for those of us that are watching the demo of this. So the really beautiful thing about the Microsoft email encryption is you can encrypt it on demand. There are people that are using a lot of third party tools where you have to type the word encrypt, where you have to put it in brackets, and if you don’t do it, it doesn’t encrypt it and so on. And so they’re paying for a third party tool that’s clunky. That’s a pain in the butt here. I’m going to open up.

Todd Darroca (09:38):

Yeah, I use Microsoft and I’ve never, that’s a new thing I’ve learned here is the encrypt part. I’ve never seen that the bracketing done. That’s really helpful. You’re going to walk us through. I’d love to see too, how do I even set that up? Is it easy? Is it difficult? You

David Kakish (09:55):

Know what? So let me share my screen here really quick and I’ll share that. I usually don’t do it on these things, but it’s so easy that I want to go ahead and I want to share that. So I’m going to go ahead and I’m going to share my screen,

Todd Darroca (10:11):

And for those of you listening, we’ll make sure to walk you through as close as we can. Thanks Todd. But yeah, we’re on video, so join us over here on YouTube and we’ll get to watch us there.

David Kakish (10:21):

Sounds good. Todd, you see my screen right now, right?

Todd Darroca (10:24):

Yeah. I see you got your email open, all that good stuff,

David Kakish (10:27):

All that I have to do, all that I have to do to send out an encrypted email is just click on this button right here, encrypt and it sends it out. That’s it. It’s that simple. I don’t have to type encrypt in brackets or anything like that. Yeah, exactly. That is really it. It’s that simple. And you can send it on demand, a lot of other solutions, third party solutions you have to type in, come in here and type in encrypt. And if you don’t put it in brackets or if you don’t type it or whatever, it doesn’t do that. And here it’s really nice, you can encrypt it on demand. Now the other really nice, well, so yes, so Todd, you want to explain to the person that’s listening to us?

Todd Darroca (11:03):

Yeah, and I’m like you ladies and gents listening in, I’m learning this stuff as I go in the encryption part. So what he actually did is he went inside of his email inbox and right above the email body copy, there is a button that says encrypt. And he simply just pressed that and it automatically does it. And you don’t have to do the other bracketing and all that stuff. Make your life harder. It just looks like you just press a button. So I’m definitely going to be using that in my own instance as well.

David Kakish (11:34):

Yeah, exactly. And this is part of the Microsoft 365, like the E three subscription or the E five subscription. And if you don’t have that, you need to upgrade that. And again, it’s a nominal cost for that, and I don’t want to get into pricing too much, but yes, you might have the package where you might need to upgrade a little bit, but you get so many more features that it’s just absolutely worth it. So again, it’s the Microsoft 365 subscription, either the E three or the E five, not the Office 365 subscription.

Todd Darroca (12:08):

Got it. Okay. Yeah. Nice, nice. Cool. So what’s the third one here?

David Kakish (12:13):

Alright, so the third one, and this is a really big one, A lot of people do not know that this exists.

Todd Darroca (12:18):

Don’t, I’ve never

David Kakish (12:20):

Heard of it. Email archiving is the email archiving. And so in the financial advisory world, there’s two big players, the Pepsi and the Coke, it’s Smarsh and Global Relay. So if you’re archiving, 90% of you are using either Smarsh or Global Relay. Nothing wrong with that. Those are two really good platforms. But if you’re already paying Microsoft for the email archiving and you don’t know it, you might as well use that. And I would even go out and I would argue that it’s even a better solution than those third party tools because your email’s already sitting at Microsoft, and so it’s archiving your emails. You don’t have to pay for that third party tools, and it’s really phenomenal.

Todd Darroca (12:58):

What is it? So why is it beneficial?

David Kakish (13:03):

So a lot of RIAs, they’re required financial advisors, a lot of ’em are required to archive their emails in the future, if there’s an S e C audit or they get sued by a client or anything like that, they need to be able to produce that.

Todd Darroca (13:21):

Got it. Alright, cool.

David Kakish (13:22):

Yeah. And again, I know Todd, you don’t necessarily work in this space. I work a lot in this space. The Pepsi and the Coke, the two big players. What’s the economic term? Duopoly or

Todd Darroca (13:37):

Duopoly?

David Kakish (13:39):

It’s Smarsh and Global Relay. And historically that’s what it’s been. And Microsoft and Microsoft solution is actually a really, really, really good solution too. But anyways, I don’t want to get too much into weeds on that.

Todd Darroca (13:51):

Alright, what’s number four?

David Kakish (13:52):

All right. Number four is Microsoft Teams archiving. So you and I at the beginning were joking, I was having issues with Zoom because I’ve been using teams for so long and I’m recording on Zoom today for various reasons. But anyways, if you’re using Microsoft Teams, you can actually go ahead and you can archive that too. A lot of people are paying for a third party tool to do that. You do not need to pay for a third party tool to do that. We can set that up. And again, to be fair, I should say these are not things that are configured out of the box. You need to either go in and set that up or you need to work with your IT provider to set this up, or you can contact us and we’re happy to help you set that up.

Todd Darroca (14:32):

Got it. And so number five on the list here is file archiving. Lots of archiving going on. So let’s talk about file archiving.

David Kakish (14:40):

So a lot of clients are using OneDrive or SharePoint. And one of the things that we do by default during our clients when we onboard them, we do a seven year archive and then 500 revisions of a document. So you know how if you accidentally override a document, you can quickly go to a previous version of that document. So we do that by default. Very few clients know that you can actually do the archiving. Now people will talk about backup and disaster recovery and things like that. And yes, you want to do that, but this is actually file archiving that meets the S E C compliance requirements. It’s really fantastic. Very few people know that that’s even an option that you can actually do within the Microsoft ecosystem. Again, this is if you’re using SharePoint or OneDrive.

Todd Darroca (15:25):

Yeah. Okay. So let’s talk about number six on the list as data loss prevention.

David Kakish (15:32):

Yes, data loss prevention. I love talking about this or D L P because in my previous lifetime, and this was probably, well, I was going to say 10 years ago, but it’s a lot more than 10 years ago,

Todd Darroca (15:43):

It’s,

David Kakish (15:45):

It’s more like 20. So I used to work at a security specialist where we provided security for really Fortune 1000 type of companies and data loss prevention. I kid you had to buy all this gear from Cisco and then just the initial setup, the configure, it was like the initial implementation was over a hundred thousand dollars.

Todd Darroca (16:06):

I was going to say that’s pricey. That’s a pricey infrastructure build.

David Kakish (16:09):

And today, if you’re an RIA with 10 employees, you have access to that same technology. We can provide that. And it’s even better than what it was 20 years ago where these big enterprises were paying all this money. So all that, that means data loss prevention is if I work for your RIA and I send out an email with a social security number or an account number or a passport number for that matter, whatever, it can automatically detect that, encrypt it, and send it out. Wow. It can also notify your chief compliance officer, Hey, you know what, David just sent out an email with this. The other nice thing about data loss prevention is you can actually put in specific keywords. We have clients, for example, that’ll go in and say, Hey, look, every time the word illegal or guaranteed returns sent out from one of our financial advisors, I just want to get notified.

(17:03):

Let that email go. That’s okay, but I just want to get notified so I can just go ahead and take a look at that. So if I were to break out data loss prevention, there’s two levels. There’s stuff that, oh my goodness, this. And usually it’s not intentional. It’s a mistake. Somebody will send out a p d that has a social security number or account number, so it’ll automatically detect it, encrypt it, and send it out. And then there’s another category. The second category is where your C C O, from a compliance perspective, chief compliance officer wants to know that, hey, the reps that are sending out things like, Hey, you know what? Invest in this. You’re going to get guaranteed returns. That’s not compliant. And so they need to have the ability to do it. And this is actually this tool that we set up for our clients, phenomenal, very sophisticated. And we set up our clients with a baseline, but then they can really tweak it and they can go deep into it. Again, very, very, very few RIAs and financial advisors know that this is something that they can go ahead and they can set up.

Todd Darroca (18:11):

So on data loss prevention, I know, and I have taken so many courses working for companies that bring me through a data loss prevention training exercise, how much of the D D L P is even before things are placed in your infrastructure or in your email outlook, all that stuff. So how much training should somebody dedicate to this in person with the team members? Or is it simply just how often do we need to train people, I guess is my question. I remember taking it every quarter.

David Kakish (18:45):

So you’re touching on a couple of things. I think your question to me is like, Hey, how often do we train our financial advisors or employees? That’s what you’re asking me. Yeah. So that’s part of, I would say a broader, we have something, and again, we provide that for our clients. A lot of RIAs have something in place is security awareness training, right? So if we do security awareness training and simulated phishing campaigns for our clients, but D L P is sort of part of that. And then every RIA to meet the S E C compliance requirements needs to make sure that they have security awareness training. We’ve actually done it for our clients where we use a third party tool. And it’s really fantastic, just very short three to five minute videos where, hey, how to better secure yourself when you’re traveling, how to better secure the elderly. And it’s a training, and we’ve gamified it in the sense of all your employees get a score, and then you don’t want to be the team member with the lowest score.

Todd Darroca (19:44):

A little bit of shaming there, huh?

David Kakish (19:47):

It works.

Todd Darroca (19:48):

Yeah, it does. Sure it does. Brene Brown would probably be like, no, we don’t need to shame people. That’s right.

David Kakish (19:54):

Well, there’s two categories of people, people that want to be at the top and then people that just like, I don’t want to be the last one. I could be second to last, but I don’t want to be last.

Todd Darroca (20:03):

That’s right.

David Kakish (20:05):

Yeah. So each RIA is a little bit different in terms of how often they have that, but we have a really nice security awareness training, and that’s really part of that.

Todd Darroca (20:15):

And so now we’re going to move on to the last part of the list. Number seven, it is the always helpful s s o or secure single sign on. And so I know I have done this quite a bit lately where either I sign in through a program like Okta or I sign in. I think even Google now has single sign on in many cases. So tell us about this and why has it taken off so strong more in recent time?

David Kakish (20:47):

So yeah, secure single sign-on for web-based applications, A lot of people might confuse that with a password manager, or I would even say a consumer grade version of secure single sign-on for your web-based applications. But if you don’t know what that is, let me just kind of maybe briefly talk to the listener. So imagine you come into a dashboard and then now you see in there, you see e-money, you see Orion, you see Redtail, you see Salesforce, you see QuickBooks online. Me as an employee, I can just click on Redtail or Orion and it automatically logs me in. So as an employee at that RIA am a lot more productive because I could just go ahead and do that. Now, on the backend, it’s a lot more secure because it’s tied into my Microsoft Active directory account. So from a productivity perspective, we hire Mary.

(21:39):

Mary starts working at this RIA, she logs into her computer, she goes to that web dashboard. Now she has access to all these web-based applications. I don’t know, three years from now, Mary leaves, we disable her main account and she can’t access her computer, she can’t access the web-based application, she can’t access her email or anything like that. So again, much more productive and much more secure. A lot of people are familiar with the consumer grade that Chrome provides, right? And that’s okay, but this is more enterprise grade. This is kind of like the consumer versions on steroids where you can actually do a lot more with that. And so again, we do this during our onboarding process with our clients, but a lot of RIAs don’t know that you can actually do that. And it’s really a phenomenal productivity tool. I use it every single day, but it’s also, it really, really helps from better securing your web-based applications.

(22:41):

And so there’s a couple of ways to set this up. You can set it up for your employees so they don’t know what their credentials are, or you can allow employees to set that up. I guess I don’t want to get too much into the weeds. It’s easy for me to do it. But again, I want to keep in mind that as a listener listening to us, they’re not an IT person. They’re an executive that wants to know, Hey, how can I apply and use that technology? So I would say, Todd, out of the seven things that I mentioned, I kind of put the multifactor authentications like easy number one. I think a lot of people are doing that, but two through seven. So the six other things that I mentioned, the very few RIAs are using all that. If you are pat yourself on the back because you’re in the minority. If you’re not gold star, yeah, exactly. If not, these are things that you could really use in your practice.

Todd Darroca (23:33):

I guess too, just real quick to wrap that up, since a lot of it is now remote work too, and so these executives are dealing with employees who may not be in the building, so to speak. And so I would think all of these steps, probably they need to follow those now as a best practice. But now even more so because of the increased cyber attacks. I mean, you saw in Vegas those cyber attacks recently and even in other countries. So I’m assuming this is all pretty best practice stuff that we should start doing now, and if you’re not, get on it quickly.

David Kakish (24:07):

Yeah, absolutely. And I’ve mentioned seven. I mean, there’s a lot more that we do for our clients. People have a computer, they’re working in the office, they’re working at home, they’re working from a hotel room when they’re traveling. So how do you sort of secure that endpoint? And again, we can have separate sessions, we can talk, there’s a lot of other things that we can do, but these are like seven. I don’t want to say that they’re easy. I mean, these are seven quick things. I’m like, look, every RIA can and should take advantage of these things. That’s kind of how I’m thinking about that. There are other things that kind of gets a little bit more complicated in the weeds, but these are things that I just wanted to mention. So multi-factor authentication, email encryption, email archiving, teams archiving, file archiving, data loss prevention, and secure single sign-on for web-based applications. Those are the seven. As a recap, if you’re doing all seven, congratulations. If not, go for it.

Todd Darroca (25:03):

So all this information, how do we enable or activate these RIAs to do? What are the next steps that they can take when they leave the podcast? Yeah,

David Kakish (25:15):

So there’s three things you can do, right? Number one is you can do it yourself, right? If you are tech savvy and you want to go in, absolutely go do it yourself. If not, reach out to your IT provider and say, Hey, David and Todd, we’re talking about these things. We’d like to get these things set up in place. And so that’s the second option. The third option is contact us. We’re happy to help. Just go to staging-riaworkspace.kinsta.cloud and contact us, and we’re happy to help. I guess what I don’t want you to do is I don’t want you to be complacent, because again, you don’t want to be a sitting duck. You’ve got millions of dollars in AUM M you want to go ahead and you want to protect that. So that’s probably the call to action, the C T A that we like to, it’s like look, either do it yourself, contact your IT provider so they can help you with this or contact us. We’re happy to help.

Todd Darroca (26:06):

Big takeaway, don’t be a sitting duck, folks. Just take one of those steps, really easy steps. Well, hey, we want to thank you for listening to the RIA Tech podcast, brought to you by RIA Workspace. And so for more resources and even more podcasts as we make these, go to ria workspace.com and check out the learning center. Now, we always want you to be a part of this conversation, and so as we’re building new stories and new shows for the podcast, we’d love to hear from you. What do you want us to talk about? What questions do you have that you’d like to be answered? Or maybe myths that you want demystified? So feel free to reach out to us with any questions. You can either fill it in the YouTube comments or just simply email us and stay tuned for more of our RIA Tech Insights on our next episode. So I’m Todd Rocha for David Kakish. Thanks so much for listening and we’ll see you next time. Thank you.
November 1, 2023
Data backup: 5 Most common solutions to protect your data

Backing up data is an essential task for any organization that wants to ensure the security and integrity of its information. There are various methods and tools available for data backup, each with its own benefits and limitations. In this blog post, we will discuss the five most common solutions for data backup to help you choose the best option for your specific needs.

Cloud backup

This solution leverages the power of the internet to store your data in a remote, off-site location. A third-party provider manages the infrastructure and offers storage space, often on a subscription basis. This means you don’t have to invest in expensive hardware or worry about maintaining it, as the provider takes care of everything.

Cloud backup solutions offer scalability, cost-effectiveness, and high accessibility. However, they require a stable internet connection to transfer data, and there may be additional costs for exceeding storage limits. The cloud may also not be suitable for storing highly sensitive data due to potential security risks.

Local backup

Local backup involves storing data on physical devices such as external hard drives, USBs, or tapes. This offers complete control over your backups and allows for quick restoration in case of data loss. Additionally, local backup doesn’t require an internet connection and can be a more cost-effective solution in the long run compared to cloud backup.

However, local backups are susceptible to physical damage, theft, or loss due to natural disasters. They also require regular maintenance and updates to ensure data is backed up properly. It’s crucial to have multiple copies of your backups and store them in different locations for added security.

Hybrid backup

As the name suggests, this solution combines both cloud and local backup options. It offers the best of both worlds by providing on-site storage for quick data recovery and off-site storage for added protection against disasters. This hybrid approach allows businesses to customize their backup strategies according to their specific needs and budget.

However, setting up a hybrid backup can be complex, and maintaining it may require additional resources. It’s essential to have a well-defined plan in place to ensure data is backed up correctly and restored efficiently when needed.

Backup appliances

Also known as backup and recovery appliances, these are specialized hardware devices designed to streamline the backup process. They offer a comprehensive solution by integrating both hardware and software components into one device. This simplifies data management and reduces the risk of human error.

Backup appliances come with a higher upfront cost but can be more efficient in the long run by providing faster backups and recoveries. They also offer better security features such as encryption and data deduplication.

Removable media

This is a traditional method of backing up data by using physical storage media such as CDs, DVDs, or Blu-ray discs. While it may seem outdated, removable media can still be a viable option for small businesses with limited data storage needs. It’s a cost-effective solution that doesn’t require an internet connection and allows for easy portability.

However, as with any physical storage, there is a risk of damage or loss. The media may also become obsolete over time, making it difficult to access data in the future.

While these five solutions are the most common data backup options, there are many other methods available depending on your specific needs and preferences. Some businesses may opt for traditional tape backups, while others may choose virtual or server backup solutions. Consult with our data backup experts today to determine the most suitable option for your business and ensure the safety and accessibility of your valuable data.

Published with permission from TechAdvisory.org. Source.

October 18, 2023
A short guide to Microsoft 365’s Bookings feature

Microsoft Bookings is not just any scheduling app; it’s a powerful tool that lets you create an effortless booking experience for your customers. What sets it apart is its seamless integration with Outlook, ensuring that you have a real-time overview of your availability and simplifying the appointment booking process. In this article, we discuss some of the most useful benefits of Bookings.

Enhanced visibility

With Bookings, you gain access to an innovative scheduling application compatible with desktop computers. It allows your customers to choose their preferred times and dates, all in alignment with real-time availability. They just need to input the necessary contact details, and the system takes care of the rest.

No more hassles caused by cancellations

Cancellations and no-shows can leave valuable time slots empty, resulting in lost income, unless you have a system to fill those gaps. Bookings helps prevent revenue loss by allowing you to set specific cancellation notice requirements.

Moreover, Bookings automatically sends a confirmation email to customers upon booking, followed by a timely reminder just before their appointment. If customers need to reschedule or cancel, they can do so easily. They can simply click on a link in the confirmation email and select a more convenient time for them.

Seamless synchronization

Once a booking is confirmed, it seamlessly syncs to a centralized calendar, which you and your staff can all view. This allows you the flexibility to reschedule, cancel, or reassign appointments to different staff members as needed.

When it comes to reassignment, Bookings offers a handy feature called “split view.” This intuitive tool displays the schedules of all staff members side by side, making it easy to see who is booked at specific times.

Furthermore, this adaptable system accommodates various calendar services, including Office 365, Outlook, and even Google Calendar. This ensures that clients and staff can use their preferred calendaring service, offering convenience for both parties.

More than just appointments

While appointment scheduling is the primary function of Bookings, it goes the extra mile by helping you expand your company’s customer database. When customers input their information into the system during the booking process, it automatically generates contact entries for them. These contact cards include essential personal details such as names, addresses, phone numbers, and email addresses, all conveniently stored for future reference.

Scalability and cost-effectiveness

As your company grows, Bookings accommodates your expansion plans effortlessly. You can easily onboard more staff members and create additional booking pages at no extra cost. What’s even better is that staff members don’t need Office 365 subscriptions to utilize this service, making it accessible and cost-effective for your growing team.

One way to differentiate yourself from competitors is to use a comprehensive appointment management solution like Bookings. If you have any questions about this feature or need more tech tips, don’t hesitate to reach out to us.

Published with permission from TechAdvisory.org. Source.

October 18, 2023
Third-party website scams – SCAM OF THE MONTH
In the aftermath of a devastating flood, Adriana found herself grappling with the loss of her family’s belongings and important documents. She stumbled upon an online advertisement promising quick and hassle-free document replacement services.

Intrigued and desperate to regain some sense of normalcy, Adriana clicked on the link that led her to a seemingly legitimate website. The site, adorned with reassuring testimonials and professional graphics, convinced her that they could swiftly replace all her lost documents for a reasonable fee. Adriana provided her personal information and credit card details, believing she had finally found a solution to her problems.

Days turned into weeks, and Adriana still had not received her documents or any updates from the supposed service. It wasn’t until a friend shared a news article about fraudulent disaster relief websites that Adriana realized the documents were not coming, and she had been scammed.

Did you spot the red flags?
- In her desperation and hurry to obtain the documents she had lost, Adriana clicked on the first website she saw, instead of researching and reading reviews.
- The website promised quick document replacement for a fee. Many government agencies will replace documents for free after an emergency.
What you should know about this scam

Verify URLs and phone numbers before giving any information to a company. Many scammers use look-alike websites or phone numbers.

While there are some legitimate third-party websites that help with document replacement, make sure to research and read reviews first.

Even if you were not impacted by a natural disaster, be on the lookout for these scams. Scammers often text or call and say you need to replace your Medicare card, Social Security card, or driver’s license. Always go to official agency websites and verify their phone number or go in person.
October 13, 2023