Catch up with Single Path
Technology is constantly advancing. And so are we.
Single Path, in conjunction with Cisco, recently hosted a presentation by renowned cyber security expert Bryce Austin. Bryce shared his experiences while at Target during their breach. The discussion also included valuable information on creating a cohesive tactical plan for a “post-breach” scenario. After the event, we all headed up to a United Center suite to have some fun and watch the Chicago Blackhawks take on the Minnesota Wild.
In April of 2016, after four years of debate and preparation, the EU Parliament approved the GDPR (General Data Protection Regulation). This landmark regulation was designed to protect data privacy, access and provide a way for EU citizens to seek damages should they suffer from misuse or breach of their data.
This regulation affects any company that does business with EU citizens, regardless of where that company is located. Among its components are:
- Mandatory breach notification. Data processors must notify their customers and business partners within 72 hours of becoming aware of any data breach.
- The right for customers to obtain confirmation on how and where their personal data is being processed, and for what purpose
- The right for customers to have their personal data “forgotten” or removed from electronic data (under certain conditions)
- The right for customers to receive their own personal data, and a right to “data portability,” or the ability to easily transfer information between service providers
- Privacy by Design. Data protection protocols need to be in place before a company collects personal information, and also limits who at the organization can access that data.
- Data Protection Officers. Certain companies must appoint an officer in charge of all data protection and privacy issues, and follow certain internal record keeping requirements.
What you need to do now
According to research and advisory firm Gartner, most companies are not ready for this change. In fact, Gartner predicts that more than 50 percent of companies affected by the GDPR will not be in full compliance with its requirements.
Unfortunately, if a company doesn’t adhere to the GDPR regulations, they could face a HUGE fine. Here are a few areas you’ll want to take a closer look at:
Are you a controller or a processor?
The regulation breaks out responsibility for protecting data into two roles: controllers and processors.
Which one are you? A “controller” is the person, business or public authority that “determines the purposes and means of the processing of personal data.” The “processor” is the person or organization that processes the personal data on behalf of the controller. In other words, the controller is the one who uses the information and the processor gathers it on their behalf.
Or, in an example given in an article on the website gdpreu.org, “If Acme Co. sells widgets to consumers and uses Email Automation Co. to email consumers on their behalf and track their engagement activity, then with regard to such email activity data, Acme Co. is the data controller, and Email Automation Co. is the data processor.”
Some companies are both. You may want to seek legal advice to ensure your role is properly defined.
Audit your data
Per a recent article on informationweek.com, auditing your data, while time-consuming, can have numerous benefits. The article suggests you “Find out what data you have, where you have it, why you have it, how long you need it and any current processes for deleting it.” Since information may have to be deleted, shared and immediately accessible, enabling a single view of all information, and where it is stored, can be a vital time and cost-saving measure.
Conduct a Privacy Impact Assessment (PIA)
You will need to assess how customers’ personally identifiable information (PII) is collected, used, maintained and disclosed to ensure it is protected adequately. As shared in an article at gdpr.com, “The PIA should be conducted throughout the development lifecycle of a system, but especially before you even start collecting the data. When risks are identified, the GDPR expects you to employ measures to address them, such as encryption, continuity plans or backups of the data.”
Remember, it’s not just about having a secure system. The real trick is in controlling who has access to the information and how it can be used. As stated in the same article quoted above, “security is about who has access to the data, privacy is about what you do with the data you have access to. Assuming security is good, the main risk will be the way in which you use the data.”
Let an expert help
At Single Path, we’re well known for “providing accountability for technology from the start.” Our team will work with you to put the processes and protections in place to ensure you are compliant with the GDPR, and any other regulations or requirements. From storage to security, we have the experience and resources to collaborate, educate and connect you with the tools you need.
Don’t risk a large fine from a lack of compliance. Let Single Path help you take the steps now to ensure you’re ready by May 25.
As nearly everyone knows, Equifax recently reported a data breach, which has put more than a hundred million people at risk. As the Federal Trade Commission puts it bluntly, “If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.”
The facts are undisputed. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. Yet Equifax didn’t inform the public until September 7th. Within a week of that announcement, both Equifax’s Chief Security Officer and Chief Information Officer were fired, Equifax became a source of anger from the public, a source of investigation by the U.S. government, and a source of ridicule on late night television.
As Wired Magazine stated in an article dated September 14 titled Equifax Officially Has No Excuse, “Capping a week of incompetence, failures and general shady behavior in responding to its massive data breach, Equifax has confirmed that attackers entered its system in mid-May through a web-application vulnerability that had a patch available in March … As the security community processes the news and scrutinizes Equifax’s cybersecurity posture, numerous doubts have surfaced about the organization’s competence as a data steward.”
Even Worse, It was Entirely Preventable
According to Equifax itself, the data breach was due to a flaw in the Apache Struts Web Framework, a widely used enterprise platform. Equifax discovered the bug months before the breach occurred, yet did nothing to fix it. This decision is surprising, as the remedy to fix it was a relatively simple procedure. Equifax was provided clean and simple instructions on what to do. Instead, they chose to do nothing.
At best, the refusal to fix this major flaw was negligent. At worst…well, that’s still to be determined.
Once Trust Is Gone, It’s Gone
Since this ongoing fiasco was first made public, how many people are excited about the immediate prospects of Equifax? Its stock lost more than 35% of its value within days of the news coming out, and has remained significantly lower than its pre-breach levels. Meanwhile, the Department of Justice is looking into criminal charges against high-level Equifax executives who sold nearly $2 million in stock before Equifax released the data breach information.
While it is too early to determine the long-term future of Equifax, if it has one, individuals and municipalities have filed numerous lawsuits (including one by the city of Chicago on September 28 of behalf of its citizens, following in the footsteps of San Francisco which filed suit just two days earlier; more cities are expected to follow) and politicians are calling for more investigations. As the lawsuits go through the system and people’s lives are disrupted—this breach affects nearly everyone who has had a credit report run—the news of Equifax’s lax security standards and insufficient response will only linger, as will public outrage.
Are You the Next Equifax?
While it’s true a breach can affect any business at any time, arrogance and a refusal to protect your data will only hurt your business’s rebound and make the prospects for its success questionable. Recent and well-publicized data breaches from Target, Home Depot and others have demonstrated that open communication can go a long way to restoring public trust; a path that Equifax has so far seemed reluctant to follow, at its own risk.
But openness after the fact is only one step—the best step is to be proactive and do all you can to avoid a breach in the first place. That means not only ensuring appropriate safeguards, but also backing up data in case you are hit by a malicious cyber attack that compromises, erases or prohibits access.
As we detailed in a recent blog post about cypersecurity attacks, “formulating a multi-layered plan including continual back-ups and implementing best practices, such as employee education, is of paramount importance.” This includes back-up protection, strong email security, artificial-intelligence-based security and more. In short, you not only need to protect your customers, but yourself. Safeguarding information rewards your customers’ trust but also ensures your company doesn’t miss a beat in the event of a cybersecurity breach.
Learn more about how Single Path’s Security Offerings can help you create a cyber strategy and protect your data and your reputation.
You probably have heard a lot about Unified Communications. As an ‘untethered’ workforce expands—a workforce free of geographic restrictions and traditional workspaces—the need for Unified Communications (UC) to the cloud has exploded. Unified Communications refers to the unification of business communications into a single platform, and often includes email, instant messaging, smart phones, landlines, fax capabilities and real-time data access. UC is also usually capable of handling both audio and video content. In general, UC allows businesses to have more flexibility, enhanced collaboration and greater responsiveness.
The explosion of Unified Communications is easy to understand when you look more closely at today’s workforce and their technology expectations.
As we shared in a previous blog post, BYOD continues to expand due to the reduced business costs and ease of use; smart phones are commonplace and working at home or while travelling is expected. Access to files, constant communication despite geographic borders, and easy access to video conferencing—all with mobile devices—allow employees to stay connected anytime, from anywhere.
As the workforce gets younger, led by the influx of Millennials, so does the comfort level of using newer technology. The vast majority of Americans own smart phones—they are owned by more than 90% of those between the ages of 18-29 according to the Pew Research Center—and the use of broadband technology at home is nearly as pervasive. Employees want the same level of communication for work that they have for home. These expectations will only continue to increase with a new generation of workers.
Video conferencing is playing an increasing role in daily business interactions due to the cost savings in travel expenses while increasing productivity, especially with features like multichannel capability, HD screens, advanced meeting controls and easy interoperability. But video solutions need clarity and elimination of disruptions or lag. Cloud-based UC solutions are particularly effective for video conferencing, without the need for expensive hardware.
UCaaS to the Rescue
Larger enterprises have already addressed the shift to UC, but SMB’s have been slower to react due to the high cost of initial deployment and ongoing support.
That’s because UC requires quite a bit of network infrastructure to accommodate the necessary bandwidth for phone calls, data sharing and more. Building infrastructure is costly! As the Huffington Post reports, “While small- and medium-sized businesses’ (SMB’s) telecommunications networks have become more proficient at serving more devices and connecting them to the cloud, they may not be able to offer the effective bandwidth increase, speed and security required.”
That’s why a cloud-based UC solution, Unified Communications as a Service (UCaaS), is becoming more and more popular. UCaaS refers to the growing practice of outsourcing these services to a third-party, who then delivers them over an IP network, usually the public Internet.
With UCaaS, businesses don’t have to worry about managing and updating their communication technology—that will be handled by their UCaaS provider. Businesses avoid those expensive infrastructure expenditures, take advantage of the newest IP-based communication technologies, and have scalable and reliable communication services should they need to expand or downsize.
Let Single Path Collaborate
Is it time for your business to consider UCaaS? Whether or not you and your business are currently tech savvy (see if you are here), a partner like Single Path can help. We can assist you in weighing the advantages and disadvantages of Unified Communications, see if UCaaS is right for you, and help you determine the timeline and the immediate expenditures, if any, that are needed to unify your business.
History teaches us that cyber threats are not merely the stuff of Hollywood movies, or only relevant to ‘someone else.’ They are real. They are happening now. And without proper protection your system—and even the continued operations of your business—can be greatly compromised.
As we’ve detailed in previous blog posts, a malicious cyber attack can be devastating to your business—from the loss of information or money, to the loss of confidence from your customers. Our blog post on Cyber Insurance for example, outlined how general insurance policies exclude cyber threat protection, leaving a business liable for losses associated with data destruction, ransomware, hacking, denial of service attacks, crisis management activity related to data breaches, and legal claims for defamation, fraud and privacy violations.
Let’s dive into three recent attacks and see how a lack of safeguards crippled businesses.
This worldwide ransomware attack occurred in May 2017 and targeted computers running Microsoft Windows. It encrypted data and demanded ransom payments to decrypt them.
The attack hit on Friday, May 12. Within a day it affected more than 230,000 computers in more than 150 countries. Among its victims was the UK National Health Service. Hundreds of UK health clinics were affected, as were several hospitals. As reported by online trade publication techrepublic.com, “The incident forced surgery delays, cancelled appointments, and generally made a mess of healthcare for several days.”
A fortuitous discovery by a 22-year-old web security researcher from England found a flaw in the virus, which dramatically slowed the infection. Still, his discovery, and subsequent patches provided by Microsoft and others, were too late to help computers already infected. Also, new strains have since been detected that continue to spread, and are significantly more difficult to halt.
According to security software company Symantec: “WannaCry is far more dangerous than other common ransomware types because of its ability to spread itself across an organization’s network by exploiting critical vulnerabilities in Windows computers.”
When your files are encrypted and you have no viable backups, what are your options? As of June, it is estimated that just over $130,000 of ransomware had been paid to the perpetrators of this attack.
Pinkslipbot is a worm capable of spreading over a network, downloading files, controlling networks and stealing user information. First introduced in 2011, once a computer is infected, Pinkslipbot can extract email addresses, accounts, certificates, web addresses, and login credentials, allowing cyber terrorists the ability to compromise banking information, credit card information and engage in personal identity theft.
Pinkslipbot is a derivative of Qakbot, a virus that emerged in the late 2000’s and has been a continual source of problems and threats, with new variants continuing to pop up—a particularly malicious strain was detected as recently as May, 2017.
From a post on business technology news website zdnet.com, “There has been a resurgence of the malware, according to [Cyber security software company] Cylance, which had been made even more evasive and persistent with new, polymorphic features that enable the malicious code to squat in business networks for longer.” Unlike ransomware, this malware does not lock out a system, but uses stolen credentials to “spam neighboring hosts and disrupt corporate activities. In turn, this may result in the compromise of additional hosts and further spread.”
The CryptoLocker ransomware attack started in September 2013 and continued for more than 20 months. The virus targeted computers running Microsoft Windows, encrypting files and offering to decrypt the data only if a payment was made by a certain date. While the virus was fairly easy to remove, the affected files remained impossible to decrypt without the ransomware payment.
The exact amount of money the operators of CryptoLocker successfully extorted vary wildly, but some sources put that number at close to three million dollars. The University of Kent released a survey reporting 40% of CryptoLocker victims paid ransom. According to the same report, “28.2% of respondents in the survey claim not to engage in any security practices online, such as using antivirus software, firewalls and password management tools.”
Avoid The Next Threat
While no one knows what threat will hit next, the one thing everyone can agree on is that every business needs to be prepared for the worst.
Our blog post on Four Foundational Layers Every Organization Should Have outlined the importance of back-up protection, strong email security, artificial-intelligence-based security and other critical programs that can self-guard against cyber attacks.
As history shows us, getting rid of malware is at best a challenge, likely expensive, and at worst, impossible. That’s why formulating a multi-layered plan including continual back ups and implementing best practices, such as employee education, is of paramount importance. Single Path can help you get protected and stay protected. We work with small- to mid-size businesses like yours, creating a multifaceted approach that will leave you prepared for the next headline-creating cyber threat.
At Single Path we’re ready to work with you, and discuss our array of security offerings. Our certified and highly skilled security specialists understand the complexities of protecting your network, and our security solutions leave you feeling confident and secure.
Let’s make sure the next cyber attack doesn’t cripple your business and make you a footnote to tomorrow’s headlines.
Thousands of companies crippled by cyberattack!
Millions of customers’ credit card data compromised!
Hundreds of thousands of computers hit; ransomware demanded.
Unfortunately, headlines like these are becoming commonplace, and the range of companies hit by such attacks are both global and wide-ranging by industry. Small- to medium-size businesses are hardly immune. In fact, due to lower protections, they may be more vulnerable to cyber terrorists and hackers.
As we shared in our last blog post, IT security needs be at the very top of every business’s priorities. The simplest malware can cripple a business. The most vicious can bankrupt it.
Are Your Protected Already?
In case of a cyber-attack, what sort of insurance protections do you have in place? Probably very few. Most businesses are surprised at how scant their coverage is; and how costly the damage.
Most traditional commercial general liability and property insurance policies exclude cyber risks. That means most businesses have no means to recover their losses. This has led to the rise of Cybersecurity Insurance (sometimes referred to as Cyber Liability or Data-Breach Liability Insurance) as a new, ‘stand-alone’ line of coverage. That coverage can include protection from data destruction, extortion demands, hacking, denial of service attacks, crisis management activity related to data breaches, and legal claims for defamation, fraud and privacy violations.
Cybersecurity Insurance is so new, there are no real industry standards. Insurance company prices and exclusions vary widely. This makes finding the right insurance policy complicated. Businesses should carefully read their Cybersecurity Insurance policy to understand what is covered in the event of a security breach.
The Two Types of Cybersecurity Insurance
As explained by Techinsurance.com, Cybersecurity Insurance falls into two categories: first-party and third-party insurance, although some—but not all—policies cover aspects of both.
First-party coverage is most suitable for non-IT firms. It includes the payment of ransomware, the costs for notifying clients that their information was compromised or exposed, the costs of monitoring services for customers affected by the incident, and the expenses involved in launching a public relations campaign to restore the reputation of the company affected by the breach.
Third-party Cybersecurity Insurance covers companies who are responsible for the systems themselves. These may be the same companies who were breached, or it may involve an outside IT company or independent contractor. It offers liability protection resulting in the release of confidential data and the failure to anticipate or prevent the transmission of a virus to a third party.
Other areas Cybersecurity Insurance can cover include money stolen through an electronic crime, security breaches of employee confidentiality and business interruption insurance.
Will Cybersecurity Insurance Cover Everything?
Unfortunately, Cybersecurity is hardly a panacea for all your cyber threats. As Data Central Journal reports, “Cybersecurity Insurance is so new that underwriters remain unable to easily and accurately assess risk. As a result, they exclude items—such as product designs, software code and reputation loss—that are hard to quantify.”
International Data Group, the world’s largest tech media company, agrees. Per a recent article from their CIO magazine, “Cybersecurity Insurance doesn’t do a good job of covering intellectual property theft or the reputational damage and business downturn that can be caused by a security breach.”
Because of these gaps, you should always start by building a defense against the sorts of malicious attacks that Cybersecurity Insurance is designed to cover. Single Path can provide both—assistance in uncovering your Cybersecurity Insurance needs through a complete risk assessment, but also developing comprehensive IT security, from managed firewalls to proactive Desktop, Server and Network infrastructure patch management.
Cyber threats continue to increase, but by adapting the best security measures, combined with a recovery plan that includes Cybersecurity Insurance, a business will be poised to bounce back quickly. At Single Path, we have already helped businesses like yours do just that. As your IT partner, we will guide you every step of the way, providing expert and personalized advice on all areas of your technology.
It’s not a question of if your business is at risk for a cyber attack. But when. IT security should be at the top of every business’s priorities, and rigorous attention and multiple facets of protection are essential.
Hackers and cyber terrorists are smart and growing smarter. They have access to ever improving technology. While you’re sitting and reading this post, they are probably actively looking for ways to get and exploit sensitive information.
And if you think only big businesses are at risk, then think again.
As we wrote in an earlier blog post, more and more small- to medium-size businesses are falling victim to cyber attacks, often due to the perception of laxer security measures. In the same post, we mentioned that cyber victims may not even be aware of security leaks for months or even years after they happen.
Of course, sometimes a business knows immediately when it has been the victim of an attack. A malicious attack can immediately cripple a network, and the business may even receive ransomware demands—blocking access to data, and possibly deleting or publishing it, until money is paid. But there is no guarantee the payment of a ransom will discourage future attacks; often it encourages them.
So how do you protect your business, and your customers? Here are four layers of protection you should implement immediately, if you haven’t already.
Incorporate artificial intelligence-based security
Endpoint protection is the most common form of security—arming work stations and electronic devices with programs that block or root out malware. We’re all familiar with standard anti-virus software programs, but they are hardly enough to fight off today’s attacks.
Older systems rely principally on signature-based security—software that checks programs against a list of known malicious files, or the signatures of those files within programs. But that form of protection is ineffective against new malware strains, or encrypted ones.
Artificial intelligence-based security works differently. Rather than limiting analyses to specific codes, these programs identify techniques and patterns often associated with malware. They analyze both good and bad software, figuring out what factors, or combinations of factors, are associated with each. The program then calibrates the probability that something could be harmful before accepting it. The more software and malware it examines, the smarter the security system gets. For example, a program that starts encrypting files without notifying the user could be identified as malicious.
But as this article from Forbes explains, analyzing the necessary amount of data to make such decisions would be overwhelming for an IT team; however, “With machine learning, [a] mountain of data could be whittled down in a fraction of the time, helping organizations quickly identify and then mitigate a security incident. Artificial intelligence could be a game-changer for security teams.”
Ensure strong email security
Email is a common entry point for malware, spam and phishing attacks. Deceptive messages can entice recipients to divulge sensitive information, open attachments, or click on hyperlinks that install malware on the victim’s device.
A strong email security system is important which can quarantine dubious emails while letting safer ones through. The best security systems will examine the origin of the email, and analyze its attachments. Tighter security systems often implement email authentication policies, only allowing emails from approved sources.
There are many practical strategies businesses can create to prevent email entry of malware. According to digitalguardian.com, these include:
- Educating employees of email security risks
- Requiring employees to use strong email passwords
- Utilizing email encryption
- Insist on best practices for BYOD
- Implement scanners and other tools to scan messages and block emails containing malware or other malicious files before they reach your end user
Limit web access to halt Command and Control
Command and Control capability is a critical component of most malware.
For example, let’s say a user searches online for information, and stumbles on a website embedded with small, malicious files. These files reach out to a central server, which then sends malicious commands to a network of compromised computers. These computers can number in the thousands, their malware lying dormant, hidden, waiting to be activated.
These infected computers, each known as a ‘botnet’ (a combination of the words robot and network) can then launch a concerted, organized and overwhelming attack. Botnet attacks are difficult to defend against using traditional security solutions, and can cause considerable, sometimes irreversible damage.
The best defense? Avoid the infection from happening. Software systems can block user access to different websites or even entire website categories. The same systems can also block links.
Have sufficient and timely back-up protection
Once you’ve been hit by a cyber security breach, avoiding damage and removing it from your system can be costly and even impossible. In the end, your best security may be only as good as your last, best back up. For example, rather than paying ransomware, a better option is to restore your blocked information.
Cloud computing offers easier access to files from any location, seamless integration with existing systems, and also superior back-up opportunities and security protocols. Electronic devices can be backed up regardless of where they are located and who is using them, and can rapidly restore a compromised network.
Ramp up your own IT security
Rooting out malware and keeping your system protected isn’t always easy, and getting rid of it can be expensive. But SinglePath can help you get and stay protected, with an IT security bundle that falls within your budget. We work with small- to mid-size businesses like yours, and make sure the size of your budget doesn’t compromise the size of your security. We’ll create a multifaceted, layered approach that will leave you safe from most attacks.
At Single Path we can provide comprehensive IT security, from managed firewalls to data loss prevention threat solutions to risk assessment. We’re a true collaborative partner that can provide expert advice, ongoing analysis of your needs and support. For your IT security needs and beyond, Single Path is ready to serve … and protect.
You’re not just an experienced business owner, but an adept juggler. You have so many balls in the air—so many areas of your business to keep aloft—and you need to keep your eye on them with fine-tuned precision.
So, are you juggling all your IT, too? You probably have a hard enough time with your existing challenges, that even thinking of adding one more seems impossible.
We can help.
Here are seven keys to ensure you remain an expert owner, and IT juggler.
Update your hardware
You may think that hardware updates are an unnecessary luxury. But being proactive is smart business. If you treat hardware as replaceable only in the case of an emergency, it will be impossible to budget. With careful planning you can improve your hardware incrementally, avoiding an ‘all at once’ situation. Create a schedule. Invest in degrees, and only with the technology appropriate for your business.
Of course, the expenses may still not add up. In which case you’ll most definitely want to …
Keep an eye on your budget
IT costs can quickly balloon if you’re not sticking closely to your budget, and one of the fastest ways to ensure your costs are out of balance is to invest in costly infrastructure, which likely needs continual investments and training. One better option may be to rely on a Managed Services provider, like Single Path. We give you access to leading technology without the high initial costs, and by throwing us the IT ball, that makes the rest of your responsibilities a lot easier to keep in the air. We can also review invoices and contracts, negotiate rates with IT vendors and more.
Amp up your cyber security
Keeping your information safe, and the information of your customers and clients, is of vital importance. Nothing shakes the trust of your clientele faster than to suffer from a cyber attack. Big businesses are crippled by such breaches, but smaller businesses can be wiped out entirely.
And don’t think you’re immune. Many hackers find smaller businesses easier to attack, due to laxer security protocols. According to a report by Keeper Security and the Ponemon Institute, 50 percent of small businesses have been breached in the past 12 months.
Embrace big data
As detailed in one of our recent blog posts, more and more small to medium-sized businesses are discovering the importance of big data. But with an estimated 77% of businesses lacking a big data strategy, for most owners it is not top-of-mind.
But maybe it should be. Big data refers to the large volume of data hitting your business every day, from web hits to sales information to data storage. You can bet big businesses are taking hard looks at big data—to plan, to market, and to capture more share. Organizing, analyzing and learning your key performance indicators (KPIs) from such data can make you more intelligent, more agile and better poised to compete. A partner like Single Path can help you navigate big data, and ensure it’s a tool you understand and use to maximum benefit.
Go to the cloud
If you haven’t already, you should strongly consider moving your information to cloud-based services. Not only do cloud-based services save hard drive space, and give you peace of mind from automatic backups, they also make information sharing easy and instantaneous. Pairing them with mobile devices or home-based computers means your team is armed with the data they need, wherever they are.
Manage Your data
Managing data appropriately is a challenge for many SMBs. As we detailed in a previous blog post, data is king, but only if you can find it. Unorganized and poorly named data make accessing it challenging, too much data merely adds clutter, and the lack of a steady back-up system leaves you prone to significant problems. Fortunately, you don’t have to manage it yourself. A partner like Single Path can help with all those challenges, while ensuring regulatory compliance, cost savings, and security.
Find the right partner
No one can juggle every ball out there. According to Guinness World Records, the most balls juggled is eleven, but the record holder couldn’t keep it going very long. You need to keep your balls juggling every day! When you partner with Single Path you get personalized attention and expertise. You get a partner keeping a close eye on your growing network infrastructure, while taking the complexity of managing your servers and desktops off the table. You’ll still have lots of balls to juggle, but we’ll make sure this big one doesn’t get dropped.
The jockeys will be wearing their silks. You can wear your finest too, and participate in the best-dressed contest at Single Path’s 10th Annual Day at the Races, our yearly client appreciation and networking event.
Date: August 4, 2017
Start Time: 2:00pm
Post Time: 3:15pm
Where: Arlington Park
2200 W. Euclid Ave.
Arlington Heights, IL 60006
We’ll serve refreshments and lunch so you can relax and have a galloping good time.
This year’s fantastic prizes include:
Win: Samsung Galaxy TabS2 White Android Tablet
Place: Beats® Pill+ Black Bluetooth Speaker
Show: Men’s Fossil Q Crewmaster Black Silicone SmartwatcH
You can bet it will be a great afternoon!
OK, you’ve made the decision to invest in new EdTech resources. Now what? Not only do you have to wade through the nearly overwhelming array of tools at your disposal, but there are so many other things to consider. How? When? Why? What?
In a previous blog post we discussed the four main steps when choosing technology for your school. They were:
- Set your goals
- Evaluate your tools
- Align professional development with your goals
- Evaluate and re-evaluate
While each of these is a critical component of your EdTech decisions, we’d like to present a fifth step when choosing technology: ROI. Or, better yet ROE, Return on Expectations…or, as we prefer to call it, Return on Education.
ROE vs. ROI
While ROI (Return on Investment) is generally computed from purely monetary considerations by businesses when investing in new equipment, educators must rely on other, harder to define metrics. Simply, cost alone won’t determine the effectiveness of your EdTech.
To use ROE, you not only need to determine your specific goals, but uncover ways to measure them. Otherwise, how can you gauge success? If your goal is student achievement, will you measure it through standardized testing, grades, or some other means? If your goal is to increase student engagement, will you measure that through increased attendance or graduation rates? How will you measure improved teacher performance?
Per the online source The Journal, “ROI is calculated by measuring benefits in dollars. But schools are not in business to make money, and should not measure success in terms of dollars. The business of schools is learning. Of course, if technology projects save money or improve efficiency, then a business-focused ROI is useful, but in general it is important to define the “value” of learning in education.”
How To Measure your ROE
With each and every EdTech expenditure must come the expectation of reward or improvement, but the goal of each new tool can vary widely. The more time and money you put into a tool the more results you should expect from that investment. Only by measuring its effectiveness, and continuing to measure its effectiveness, can you know if the investment was a wise one. Then you can decide if it is worth the effort to continue with that tool, or move on to a different one.
Don’t forget, that your initial investment is not the only cost. Do you need to increase your broadband capabilities or incorporate new hardware? What is the cost of training your educators on using the new tools, and is ongoing training needed? When defining the total monetary costs, consider the total expenditures and time needed over a four-year span to determine the true expenses of your investment.
According to a post from educational consultant The Flipper Group, here are the 5 Key Indicators of School Performance:
- Student Achievement
- Discipline Referrals
- Attendance Rates
- Graduation Rates
- Teacher Satisfaction
Fortunately, each of these can be measured, whether from statistical comparisons to developing questionnaires and observation (such as in the case of Teacher Satisfaction). Before looking at these numbers, however, you must set your goals. Keep them realistic, but also lofty. Often you may create a range, determining the minimum number for success, but also striving for a ‘best case’ scenario. Once you reach that minimum number, keep aiming for better and greater results.
As discussed in an earlier blog post, defining goals is a critical component of gauging technology’s success. In that post, we referred to a study by the Center for Digital Education, which came to the conclusion that schools should, at minimum, strive to meet these five technology goals:
- Make learning engaging and individualized
- Measure student progress against college and career ready standards
- Connect teachers to tools and individuals who can help them become effective
- Provide broadband connectivity for students
- Use technology to become more productive, improve student learning and manage costs
When looking at your EdTech investment, consider each of these points to determine which your new tool will improve. Then, set your method to evaluate them.
We know that defining those goals is not always simple, and neither is setting the gears in motion for measuring them. Finding the right path for your EdTech can be difficult. At Single Path, we work closely with school districts, to help them navigate that path. We provide custom IT solutions for K-12 schools and districts, working closely to help them understand the technology options and choose the right ones. We help implement them, ensure mastery of them, and help maximize their potential. At Single Path, we pride ourselves on not just being an IT resource, but a true collaborative and consulting partner providing advice and ongoing service and support.