21 Jul 2023

Data Loss Disasters Come in Many Forms

Data loss disasters encompass a wide range of events, from natural calamities to cyberattacks to simple human mistakes. Such disasters can have a severe impact on businesses, leading to operational disruptions, financial losses, damaged reputation, and even legal consequences due to the loss of valuable data.

To mitigate these risks, it is imperative for businesses of all sizes to establish a Business Continuity and Disaster Recovery (BCDR) plan. By implementing a robust BCDR strategy, you can ensure a swift recovery and restoration of your business in the event of a disaster, while also meeting governmental and industry regulatory requirements.

In this article, we will explore the different types of data loss disasters and highlight the key components of a BCDR plan that can effectively navigate you through such disruptive events.

The many forms data loss can take

Various forms of data loss disasters can impact your business. These include:

Natural disasters

Events such as storms (including electrical), floods, fires, hurricanes, and (to a lesser extent in our area) tsunamis and volcano eruptions can cause infrastructural damages, power failures, and mechanical failures, leading to data loss.

Hardware and software failure

Disruptions in software and hardware, whether caused by bugs, glitches, configuration errors, component failures, or outdated technology, can result in data loss if appropriate BCDR measures are not in place.

Unforeseen circumstances

Data loss can occur due to incidents not easily predicted. For example, a portable hard disk may be stolen, a water leak in the server room due to plumbing issues, or a pest infestation in a data center.

The human factor

Human errors contribute significantly to data loss incidents. These errors range from accidental file deletions, overwriting existing files, and naming convention mistakes to forget to save or back up data or damaging storage devices.

Cyberthreats

Malware, ransomware, viruses, and unauthorized access by malicious insiders pose significant risks to data security. Such attacks can corrupt and render data and backups irrecoverable.

Key components of BCDR

To build a robust BCDR strategy, consider the following key components:

Risk assessment

Identify potential risks and threats that could impact your business operations. Quantify and measure these risks to effectively address them.

Business impact analysis (BIA)

Assess the potential consequences of a disruptive event on critical business functions and prioritize them in your recovery plan.

Continuity planning

Develop procedures and protocols to resume critical business operations with minimal downtime during a disruption.

Disaster recovery planning

Create a well-defined plan to recover critical IT functions and data following a disruptive incident.

Testing and maintenance

Regularly test your disaster recovery and backup plans to ensure they can be successfully executed during a real disaster. Identify any weaknesses or gaps and make necessary enhancements.

Wondering where to begin?

Embarking on the journey of developing and implementing a BCDR plan may seem daunting. However, we are here to assist you in building the right BCDR strategy tailored to your business requirements. Feel free to contact us today to initiate the process.

29 Aug 2023

Why Your Business Needs to Beef Up Employee Security Awareness

We all have a tendency to avoid our weaknesses. When we do that, we never progress or get any better.

Jocko Willink

In today’s rapidly evolving landscape of cybersecurity, organizations are increasingly recognizing the critical importance of fortifying their defences. Despite substantial investments worldwide to repel digital threats, malicious actors persistently exploit vulnerabilities, even within the most fortified systems. Their primary focus? Employees. These individuals are regarded by cybercriminals as the weakest link in the cybersecurity chain. However, a solution exists—a beacon of hope in the form of a “beefed-up” security awareness training.

Enhancing security awareness among employees is undeniably a top priority. In this article, we will delve into the motivations behind cybercriminals’ fixation on employees and explore the profound implications of enriching their security knowledge. By acknowledging vulnerabilities and taking proactive measures, businesses can significantly reduce risks and empower their workforce to effectively counter cyber threats.

The Vulnerabilities Within – Identifying the Challenges

Does your organization grapple with these common challenges?

1. Lack of Awareness: The unfortunate reality is that many employees remain unfamiliar with cybersecurity hazards, tactics used by cybercriminals, and essential best practices. Malicious actors exploit this knowledge gap to launch deceptive campaigns, distribute malicious software, and orchestrate elaborate social manipulation tactics.

2. Privileged Access: Employees often possess access to critical systems, sensitive data, and administrative privileges coveted by cybercriminals. Breaching these accounts can provide malicious agents with access to valuable assets, leading to significant disruptions.

3. Social Manipulation: Cybercriminals excel at manipulating human emotions, trust, and curiosity. They employ these tactics to coerce employees into divulging confidential information, sharing login credentials, or unknowingly compromising security protocols.

4. BYOD Risks: The “Bring Your Own Device” (BYOD) trend introduces additional risks to businesses. Personal devices lacking robust security measures create vulnerabilities that cybercriminals are eager to exploit.

5. Remote and Hybrid Work Challenges: The shift to remote and hybrid work environments presents novel challenges. Home networks with weaker security, shared devices, and domestic distractions make employees more susceptible to digital attacks.

Constructing a Cyber-Resilient Workforce: Best Practices

To build a solid foundation for cyber resilience within your organization, consider these best practices:

1. Assess the Landscape: Gain a deep understanding of the specific cybersecurity risks your organization faces. Identify areas where employees are most vulnerable.

2. Define Objectives: Clearly define the knowledge and skills your employees need to acquire through your security awareness program.

3. Develop Engaging Content: Craft compelling content that captivates your employees’ attention and seamlessly integrates cybersecurity concepts. Use real-world scenarios to instill cybersecurity wisdom.

4. Tailor Content: Customize your content to address unique challenges within your organization. Align the material with employees’ roles and responsibilities.

5. Embrace Continuity: Establish a consistent rhythm of instruction to reinforce cybersecurity principles. Keep your workforce updated on emerging threats and countermeasures.

6. Measure Effectiveness: Regularly assess the impact of your security awareness program through behavioural outcomes, evaluations, and feedback. Use data to refine and improve your program continuously.

7. Foster a Cybersecurity Culture: Encourage proactive engagement by fostering open communication, providing spaces for incident reporting, and emphasizing shared responsibility for protecting the digital realm.

Uniting for a Secure Future

We stand united in our mission to usher in a new era of digital guardianship. Let us seize this opportunity to transform our employees into an unwavering bulwark against cyber threats. The investment in employee security awareness serves as the crucible in which our defences are honed, ensuring a future marked by unwavering resilience. As the cybersecurity landscape evolves, the empowerment of our workforce will prove instrumental in safeguarding our business from the persistent threats of the digital age.

16 Aug 2023

Avoid the Common Mistakes Your Cybersecurity Training

Leadership and learning are indispensable to each other.

John F. Kennedy

In today’s fast-paced digital landscape, the importance of employee cybersecurity training cannot be emphasized enough. It acts as the first line of defence against cyber threats, arming your team with the knowledge and skills to identify and counter potential risks. However, to ensure the efficacy of your training program, it is crucial to sidestep common errors that can compromise your efforts.

Navigating Common Mistakes for Effective Cybersecurity Training

Let’s take a deep dive into these pitfalls and develop avoidance strategies. By proactively addressing these challenges, you can magnify the impact of your employee cybersecurity training, fostering a culture of security awareness that empowers your workforce to stand guard against cybercriminals. Together, we will empower your team with the competencies needed to safeguard your organization.

Key Blunders to Dodge

1. Treating Security Training as a One-time Occasion:

Resist the urge to treat cybersecurity training as a mere checkbox to tick. Instead, foster an environment of perpetual learning by consistently offering opportunities for employees to stay abreast of the latest threats and best security practices. Elevate security awareness to an ongoing journey rather than an isolated event.

2. Providing Stale, Unengaging, and Irrelevant Training:

Engagement is the linchpin of effective training. Steer clear of dry and outdated content that fails to captivate employees’ attention. Strive to deliver training that is timely, captivating, and relatable. Harness interactive platforms and user-friendly tools to craft an immersive learning experience that resonates with your team.

3. Prioritizing Activity Over Behavioral Outcomes:

Avoid the trap of focusing solely on tracking training completion rates or the number of simulated phishing exercises. While these metrics offer insights, they only reveal part of the story. Shift your attention to measuring behavioural outcomes, showcasing a genuine grasp of security principles and driving concrete changes in employee conduct.

4. Nurturing a Culture of Blame and Mistrust:

Approach security training as a conduit for growth and improvement rather than a finger-pointing exercise. Foster a nurturing atmosphere where employees feel at ease reporting security concerns and seeking clarification. Promote a collective sense of responsibility, emphasizing that cybersecurity is a shared responsibility.

5. Lack of Leadership Support and Engagement:

Leadership wields substantial influence in setting the tone for your security training initiative. Without visible endorsement and active involvement from executives and managers, employees might perceive security as a peripheral concern. Rally leadership to champion security endeavours and actively participate in training, showcasing their dedication to safeguarding the organization.

6. Hesitating to Seek External Aid:

Crafting and managing a comprehensive training program can be daunting, particularly when internal resources are limited. Do not hesitate to solicit assistance from external experts or specialized IT service providers versed in cybersecurity training. They possess the expertise and guidance required to implement a robust and impactful program.

A Collaborative Journey Towards Success

By proactively addressing these potential missteps, you possess the capability to instill a resilient security culture within your organization. If support is required, do not hesitate to seek it. We are here to provide the necessary aid. Our wealth of experience and expertise perfectly align with your needs, making security training a minor concern.

Additionally, we invite you to walk through our Assessing the Strength of Your Cybersecurity Culture checklist to gauge your progress along the right trajectory. Together, we can fortify your defences and shield your enterprise from the ever-evolving landscape of cyber threats. Your organization’s security is our shared commitment.

28 Jul 2023

Why Your Business Needs a Business Continuity and Disaster Recovery Plan

Even on a good day, being a business owner is challenging. Apart from dealing with and effectively solving multiple problems, you also need the foresight to arm your business with the right tools and solutions to tackle any issues that might arise later.

One issue you should always prioritize is data loss/data corruption and business disruption that cause downtime and productivity dips. Remember that data loss/data corruption and business disruption could happen due to various reasons, such as:

· Natural calamity

· Hardware failure

· Human error

· Software corruption

· Computer viruses

Adopting a comprehensive backup and business continuity and disaster recovery (BCDR) strategy is the best way to tackle this problem

What is a comprehensive backup and BCDR strategy?

A comprehensive backup and BCDR strategy emphasizes the need for various technologies working together to deliver uptime. It even highlights technologies associated with cybersecurity. A robust strategy:

Protects all systems, devices and workloads

Managing all systems, devices and workloads efficiently, securely and consistently can be challenging. Mistakes, errors, mishaps and outright failures across backup and recovery systems could happen at any time, leading to severe downtime or other costly business consequences. That’s why it’s essential to have a reliable and secure solution to back up and protect business data as well as business systems, devices and workloads.

Ensures the integrity, availability and accessibility of data

The complexity of IT, network and data environments that include multiple sites — cloud, on-premises and remote — makes monitoring and protection difficult. It negatively affects the integrity, availability and accessibility of information and all IT network assets. That’s why it’s a best practice to simultaneously deploy tools or systems that cover all IT and network infrastructure (remote, cloud and on-site) with the same level of protection and security.

Enables business resilience and continuity

A comprehensive and realistically achievable backup and BCDR strategy prioritizes, facilitates and ensures the continuity of business operations. It represents a business’ resiliency against downtime or data loss incidents.

Prioritizes critical protection and security requirements against internal and external risks

No backup or BCDR solution can be effective if your business does not proactively identify and mitigate internal and external risks. You need tools that focus on internal and external threats through constant monitoring, alerting and tactical defence to empower your backup and BCDR strategy.

Optimizes and reduces storage needs and costs through deduplication

With the amount of data skyrocketing day after day, it poses serious storage and budgetary challenges for businesses. What makes things worse is the existence of multiple unnecessary copies of the same files. Therefore, adopting the deduplication process can identify data repetition and ensure that no similar data is stored unnecessarily.

Manages visibility and unauthorized access and fulfills data retention requirements

Your business data must never be visible to every employee in the same way. There must be policies and tools to ensure that an employee accesses only data essential to completing their tasks. Also, unauthorized access must be identified and blocked immediately. This is crucial not only for the success of backups and BCDR but also for maintaining compliance with all regulatory mandates related to data protection and retention.

Comprehensive backup and BCDR for your business

By now, it must be clear to you that adopting a comprehensive backup and BCDR strategy is not an option but a necessity. An occasional, severe data loss incident or disruption even could open the gates for your competitors to eat into your profits and customer base.

You must do everything possible to bring all the right tools and strategies together so your business can operate seamlessly, even in the face of chaos. Are you ready to approach the concept of comprehensive backup and BCDR practically?

It isn’t as difficult as you might think. Collaborate with an expert partner like us with the knowledge and experience to take care of your backup and BCDR needs.

Get in touch with us today to learn more.

27 May 2020
data security

Patch Compliance Reports

If you’re one of our patch management clients, we are handling your Windows, Mac and Third-party updates to maintain the security of your network. Beginning this month, we will be sending a formal Patch Compliance report to keep you up to date on the patching process.
If you’re not having us handle your Patch Management, I want to encourage you to do so. Unpatched computers are a serious security risk, being the easiest point of entry into your network.
27 May 2020

What is DNS over HTTPS (DoH)?

Chrome had it, now Firefox.  Be aware:
DNS over HTTPS is specifically designed to address the fundamental privacy and security limitations of DNS by leveraging the HTTPS protocol your browser already uses when connecting to a secure website. With DoH enabled, DNS requests are sent via encrypted HTTPS, securing the connection request between you and your verified DNS provider

When these DNS requests are DoH encrypted your network logs no longer provide visibility into what DNS requests are occurring and by which device.

So, starting January 1st. 2020, Webroot DNS Protection will automatically categorize all DoH and DNS over TLS (DoT) domain requests under our Proxy Avoidance and Anonymizers URL category. By default, all DoH and DoT requests will automatically blocked as a security risk.

27 May 2020

Email Threat Protection

Effective 1 June, we will be increasing the security of your email by adding Link Protection. URLs in emails will be rewritten to protect you and your team. When your staff clicks a link in an email, the target will be checked to see if it’s malicious. If so, you’ll receive a warning.
We are hopeful that this added protection will dramatically limit the infections or introduction of malware to your workstations.
This additional security will not increase your cost of Email Threat Protection (formerly SecureTide).
We will be offering Advanced Email Threat Protection against ransomware and zero-day threats next month, including Attachment Assurance. Stay tuned!
27 Apr 2020

Discounts and Payment Plans

As a reminder, we are offering to waive all setup and onboarding fees (WinInit, MacInit) for your employees’ home computers. If you would like us to provide antivirus, OS updates and monitor their safety and compliance, we will install our remote management software for free if their office workstation is already being monitored in our support system.

Quo Vadis is offering a credit to your account for any users that have been furloughed, please let us know your situation so we can help. We want to work with you on payment options – if you would like to set up a payment plan for your invoices please contact us.

27 Apr 2020

Microsoft Teams for Free!

We’ve talked about using Microsoft Teams in past posts and newsletters, so you should be familiar with this tool.

Microsoft Teams is a communication tool that combines individual and group chat, voice calls, video calls, file sharing, collaboration, and much more. We use Teams to communicate with our Engineers and Admin staff spread across four states in the U.S. and Ontario, Canada. Teams is part of your Basic and Standard 365 licenses (formerly Essentials and Premium). Exchange Online Plan 1 licenses do not include Teams.

Now here’s the fun part…

Microsoft is providing a 365 Business Basic license (formerly Business Essentials), an $8 per month value FOR FREE until the end of the year! This license is called Teams Exploratory, so you can test ride Teams for your organization. If you’re interested in using Teams, or adding your EOP1 users to Teams as a trial, call the Help Desk (704-814-8819).

27 Apr 2020

Microsoft License Rebranding

Microsoft is rebranding the most popular Office 365 licenses we provide to our clients. Quo Vadis will use these new names on the invoices you receive going forward.

Those services which include mailboxes…

  • Office 365 Business Essentials is now Microsoft Business Basic
  • Office 365 Business Premium is now Microsoft Business Standard 

Those services which are strictly Office software without a mailbox…

  • Office 365 Business is now Microsoft 365 Apps for Business 
  • Microsoft 365 Business is now Microsoft 365 Business Premium 

It appears that Microsoft is subtly removing the “Office” term from the product line. Prices remain the same.


In addition to Microsoft’s name changes, our partner AppRiver has also taken this opportunity to rebrand some of its popular services as well:

  • SecureTide now is Email Threat Protection
  • Zix Encryption is now Email Encryption
  • CipherPost Pro is now Email Message Privacy