The Best Security Resolutions for the New Year


It happens around the globe at this time of year. People make resolutions to eat better and exercise more, or to live a better life in general. Here at M&H Consulting we suggest a resolution list that will help the health and security of your data and computer systems for the new year. While our list may not slim your waistline or lower the scale, it can decrease your stress factor when it comes to safeguarding both your business and personal information on one or more of the devices you own. So here it goes, our list of best security resolutions for the New Year.


  1. Set Up a Password Manager – Sure, you always mean to change those passwords or at least strengthen them but it somehow gets lost in the day-to-day events at work. A password manager can help you choose a secure password for each separate account – and you probably have a lot of them! The password manager can also help you when you fail to remember usernames and passwords.
  2. Back it Up – The IT department or consultant is always telling you to get in the regular habit of doing this, but, yet again, it can be overlooked unless it becomes a priority. Make it one this coming year. A disaster could hit at any time and you will need a way to access your information.
  3. Set Up a VPN – A virtual private network can help keep your business data secure. VPNs create an encrypted connection between your device and a secure server, which then allows you to browse and use the internet normally through an encrypted channel that protects you from eavesdroppers.
  4. Create a Disaster Recover Plan – What happens if your company floods, catches fire, or loses power unexpectedly? It is vital to plan for disasters so that you have a plan when you can not access your computers or data.
  5. Employee Education – Your company is only as strong as the security practices that your employees use. Train your employees to be the best line of defense against security attacks and to be aware of red flags so they are not duped into opening a virus or malware attachment.


Check back with M&H Consulting as we stay on top of recent breaches and will keep you up-to-date. Call M&H Consulting at 1-(866)-964-8324 or visit our website at


The Right Social Media for your Business

It seems like everyone is on social media these days and that means that your company should be too. Not only should you have a presence on social media, but your business needs to have a clear and deliberate message on at least one, if not, several social media platforms. So, which social media platform is right for your company? There are so many to choose from including: Facebook, Twitter, LinkedIn, Instagram, Snapchat, or any of the number of industry specific social media channels. Unfortunately, most small- and medium-sized businesses don’t have the staff or budget to keep up with the influx of ways to market on all the social channels.


M&H Consulting suggests, in addition to studying your analytics and discovering who your target audience is and what audiences you hope to expand to in the future, that your business should have instead a professional examine where your time and money will be spent best in regards to social media. In the meantime, here is a quick cheat sheet of some of the top social media platforms and what audience they tend to attract.



  • American men and women between the ages of 25 – 54 make up 29% and 32% of Facebook users, respectively.
  • Only 9% of users are between the ages of 18 – 24. In other words, if your audience is under 24 years old, you may want to spend your money elsewhere when it comes to budgeting.
  • More than half of Facebook users check their accounts multiple times daily. That means if your audience is a little older that your business can get some serious bang for the buck with ads and posts on Facebook.



  • This social media platform is used largely in a B2B (business to business) capacity. LinkedIn is more of a growth tool for independent businesses, as opposed to a way to connect with your audience.
  • LinkedIn is a perfect place to connect with other business owners for partnership opportunities, recruit employees, or share business-related content relevant to your industry.



  • No wonder Instagram is a great place to make your business presence known, with 500 million users on the app and 59% of those users checking the app every single day.
  • A great place to build a brand with strong visuals or infographics that can be shared. Unfortunately, direct links back to your company site is not part of the Instagram algorithm.



  • 60% of snapchat users in the U.S. are under the age of 24, so if your target audience is young, this may be a great place to start.
  • There are 100 million users (mostly Millennials) consuming 30 minutes of content every day!

Customer Relationship Management Software

In the world of business, managing customer relationships is key to gaining and maintaining loyal return customers. CRM, or customer relationship management software, can aid businesses in handling customer data, customer interactions, customer support, client contacts, automate sales, access business information and other client needs. While CRM software is most commonly used to manage a business-customer relationship, CRM software systems are also used in the same way to manage business contacts, employees, clients, contract wins, and sales leads. Are you looking for CRM software to help your small- or medium-sized business manage client relationships? Here are some of the top rated CRM suggestions that can be customized for your specific client needs.


  • Salesforce – The Salesforce cloud is an on-demand customer relationship management (CRM) suite offering applications for small, midsize and enterprise organizations, with a focus on sales and support. The Salesforce app has capabilities that include sales management, marketing automation, partner relationship management and customer service. This CRM can grow with your business, which is especially important if you are just starting out. These applications help organizations manage customer accounts, track sales leads, conduct and monitor marketing campaigns, and provide service post-sale.
  • Hubspot – HubSpot offers a visual dashboard with a real-time view of the entire sales funnel. Users can track customer interactions automatically through email, social media, or phone calls, and every interaction is stored in a timeline organized by lead. It is considered best for companies with 10-1,000 employees.
  • InfusionSoft – InfusionSoft is a cloud-based sales and marketing platform that brings Customer Relationship Management (CRM), Marketing Automation, and E-Commerce together in one centralized system, so small businesses can deliver personalized sales and customer service experiences.


For a side-by-side comparison of multiple CRM software packages, check out the PC Magazine research for 2017. For specific assessment of your business needs when it comes to CRM talk to the professionals at M&H Consulting at 1-(866)-964-8324 or visit our website at

Personal Cyber Security

Cyber security can be so huge and sometimes abstract, that it can overwhelm even the most technically savvy people. So imagine what happens to the typical smartphone, desktop, laptop, or tablet user when they begin to consider steps they should take to prevent viruses, malware, ransomware, data breaches, and hacking events. Sometimes it may seem like it is inevitable that a cyber crime will happen to you. Cyber predators can steal personal information and use elements of an identity to commit fraud in addition to damaging your computer, potentially permanently. But there are steps that even novices can take to personally protect themselves from malicious cyber events. Here are a few suggestions to protect yourself:


  • Be Cautious Online – When surfing the net or shopping online, be sure that you are on secure sites, especially if you are entering your credit card or personal information. To be secure, check that you are on a HTTPS (Hypertext Transfer Protocol Secure) site in the URL.
  • Update Software – Those pesky updates are not only meant to install the updated version of the software you already have, but also to install the latest security fixes and patches for weaknesses in your security.
  • Social Networking Warning – Avoid giving out personal information on social media such as your birthday or other sensitive information that could be used to create a fake identity.
  • Attachments – Do NOT open attachments or links if you do not know who the sender is or if the attachment seems out of the ordinary.
  • Use Secure Passwords – Always practice good password protection. Never use a word or number that is easily figured out from learning a little bit about your life such as your dog’s name, anniversary, or birthday. Use a password manager to help you remember them and create distinctly different passwords for each account.


If you need help creating your own personal security plan, call M&H at 1-(866)-964-8324, or visit our website at

Preventative Cyber Security

There is a growing movement of IT professionals who are looking at the idea of preventing cyber-attacks and data breaches before they happen – otherwise known as Preventative Cyber Security. Small- and medium-sized businesses are leaning toward this technique as a way to stop a hack, breach, or malware in advance from happening to their company as they are realizing that even smaller businesses are vulnerable. Here are some things to consider if your company hopes to avoid becoming an all-too-familiar statistic of cyber crime.


  • Understand Threats – Know what security threats are out there and may find their way to your doorstep. This may mean bringing in an IT specialist or beefing up the IT department you already have.
  • Understand Vulnerabilities – Have a risk assessment done on your network, look for problems that may red flag your software, internet connection, or computer devices as open to hackers, malware, or data breaches.
  • Make a Plan – Create a security plan that includes every single one of your devices, including mobile devices used by people who work remotely or salespeople who often connect to the company data remotely.
  • Simulate – With help from IT experts, your company can simulate a breach or hack, and pinpoint your business’s strengths and weaknesses.
  • Follow the Plan – Depending upon what the conclusion of your research shows about your company, you may need to consider: training for employees about about password management and mobile device usage, routine checkups for software updates, licenses, and patches, an increase in front-line defenses such as firewalls and web-filtering devices, and an increase in anti-virus/anti-malware software.


Call M&H Consulting for any IT security issues 1-(866)-964-8324 or visit our website at

Hackers: The Good and the Bad

Between pop culture movies such as The Matrix, Mr. Robot, The Net, and Hackers, and the constant news coverage of cyber events such as the recent Equifax, Verizon, or WannaCry breaches, most Americans have a pretty good idea of what hacking is all about. But is this accurate? Are all hacking incidences bad? Let’s take a closer look at the types of hacking and how it can impact users as well as IT departments globally.


When asked what a hacker is, most of us would answer something like this: Someone who has expert computer programming knowledge and uses this to gain unauthorized access to systems, corporations, governments, or business networks, in order to cause problems, delays, or lack of access. This type of hacker, who usually has malicious intent, whether it is stealing data, passwords, or money/valuables, are considered Black Hat Hackers.


There are, however, other types of hackers. These hackers are considered White Hat and Hacktivists. White Hat Hackers or “good hackers” are those individuals who break into computer systems to root out security flaws or bring attention to a cause. Their intentions are not necessarily to wreak havoc, but rather to do a public service. Many times these White Hat Hackers are hired by security companies or the businesses themselves to pinpoint network vulnerabilities that should be shored up in order to prevent a Back Hat from discovering the weakness.


There are still other types of hackers known as Hacktivists. They are groups that have ideological beliefs about government, politics, and/or the greed of large corporations, and they tend to use their hacking expertise to further their groups cause or ideology. One such group that you may have heard of before is Anonymous or Lulz Security group. So, as you can see, there is more than meets the eye to the groups we tend to lump together into the criminal hacking type. While there are a multitude of malicious hackers, there are still some out there with good intentions and those who hope to use their expertise for the greater good.

Red Flags for the latest Phishing Scam – “Office 365 Account Compromise”

Are you one of the 70 million active users of Microsoft’s Office 365? Since 1 in every 5 corporate employees and most federal and governmental employees use this, you are not alone if you have fallen prey to the latest phishing attack. According to the Better Business Bureau, “Scammers send an email claiming to be from Microsoft and notify the user that their account has been suspended. The message then states that in order to take action, you must click on a link in the email. Once the user has clicked on the link, they are asked to provide their login credentials. If the user follows through, their account is compromised. This will only allow the criminals to gain access to the user’s contacts, but also to confidential information about your company that could leave it susceptible to internal hacks.” How can you tell whether an email is real or a phishing attempt by scammers? First and foremost, specific to this particular phishing scam, Microsoft does not issue suspension notices by email. Second, there are tell-tale signs of a fake email.


These Red Flags should put you on alert:


  • You don’t recognize the sender’s email.
  • The sender’s email is from a strange domain name.
  • The email seems to be from someone you know but it is out of the ordinary that they would send you an email of this kind.
  • The email has an embedded hyperlink.
  • The email is addressed to an unusual mix of people or people who have no connection to you.
  • When you hover your mouse over a hyperlink that’s displayed in the email message, the link-to address is for a different website.
  • The hyperlink has a misspelling of a common website.
  • The email is blank except for the hyperlink.
  • The email was sent at an unusual time for business – say 4 am.
  • The email is a reply to something you never requested.
  • You notice an attachment with a possibly dangerous file type. The only file type that is always safe to click on is a .txt file.
  • The title of the email claims a negative consequence will happen if you ignore the email.
  • The email has bad grammar or spelling errors.
  • You have a gut feeling that something seems illogical or off by the sender, content, addressee, or other item.


Want to know more about phishing scams and how to protect your business? Call M&H Consulting at 1-(866)-964-8324 or visit our website at

Data Breach at Yahoo

Do you Yahoo? Or more accurately, did you Yahoo in 2013? Well, if the answer is yes, then you may want to continue reading and find out more about the latest breach that has hit the internet world. Chances are that if you had a Yahoo email account in 2013, you may be one of the billions, (yes billions with a B), with your personal information compromised including: your name, email address(es), password(s), birthday, phone number(s), and, in some cases, security questions and answers could have all been compromised.

According to investigative reporting by the Associated Press and CNN, “it’s unclear who exactly was behind the 2013 break-in, but cybersecurity analysts reported in December that the stolen data was up for sale on the dark web, a murky network only accessible through certain software.” On its part, Yahoo will send emails to the additional affected accounts and continue forensic investigations to find out who is responsible for the hack.

Some advice from the technical experts on this case suggest:
Deleting your Yahoo account and then checking later that it actually was deleted as many users are finding it difficult to delete.
Check all of your online accounts – especially if you use identical passwords for multiple accounts. This may limit the fallout of the breach for your personal information.
Install a password manager to help you come up with new passwords and try not to reuse old passwords.
Change your password and enable 2-factor authentication. This essentially ties your account to a device, such as your phone, and makes it more difficult for any hacker to login remotely. Although this does not undo the damage of your compromised info it does stop a person from logging in under your Yahoo account somewhere else.

Check back with M&H Consulting as we stay on top of recent breaches and will keep you up-to-date. Call M&H Consulting at 1-(866)-964-8324 or visit our website at

Physical Security – Best Practices

Safeguarding client and consumer information is a top priority, and many business owners spend countless hours researching and investing in the best antivirus, antispyware, and antimalware options out there. But while creating a great cyber defense is a good idea, it is also a good idea to make sure that you are doing the same for the physical security of your office as well.


  • Lock Up the Server Room – Your servers are the core of your digital information. Without them things will go from bad to worse in a heartbeat. Be sure to lock all server rooms and create policies requiring that those rooms be locked when not in use.


  • Protect from Fire – Be sure that your servers are protected in the case of a disaster such as a fire. Most server rooms and high tech companies are using fire suppression systems that use Halon to protect critical business systems.


  • Protect Portables – Most companies have numerous mobile devices that are used by employees. Be sure to have a system in place to lock these up after hours. All devices that would be easy to walk away with should be locked and stored in a special location or potentially go home with the employees nightly.


  • Surveillance – It is important to know who has physically accessed your computers daily, so it is best to not only have individual logins, but also consider surveillance that can keep an eye on your physical property.


  • Rack Mount Servers – When designing your server room consider using rack mount servers that take up less space and are easily locked and bolted to the floor.


  • Secure Workstations – If your office sees a fair amount of traffic you will want to create protocols for employees to lock or safeguard against someone logging in at their desktop while they have stepped away.


Do you have questions about securing your hardware? Call M&H Consulting today at 1-(866)-964-8324 or visit our website M&HConsults

Keeping Client Information Safe

Business owners and managers have quite a lot on their plate. One of the more serious jobs is keeping client information safe and secure, especially if your company regularly maintains client data that includes sensitive information. Protecting this information is not just good business but it is also in compliance with the law. For example, the Federal Fair Credit Reporting Act (FCRA) allows for significant company fines for businesses that don’t adequately protect client information. The Better Business Bureau also reports that protecting client data should be a top priority for all businesses. Here are a few ways that you can ensure you are providing the best possible protections for your clients.


  • Add Protection Layers – Every company should have multiple layers of security both for the physical hardware as well as the software and stored information. There really is no such thing nowadays as too much protection. Add firewalls, antivirus, and anti-malware programs to all of your computers.
  • Train or Limit Employee Access – Training employees, who are many times the first line of defense against a cyber attack, is critical. If that is not possible, limit who has access to certain data so that it can be protected.
  • Keep Updated – One of the best practices is to maintain periodic updates of software. Updated software means it has the most recent security updates as well.
  • Hire a Pro – Hire a professional IT consultant, like M&H Consultants who can evaluate your system for weaknesses. With the ability to think like a hacker, the professionals can create a security plan for your company.
  • Passwords – Obviously, passwords and multi-level authentication can assist with breaches, so discuss how you can take your passwords to the next level with an IT pro.
  • Notify When Breached – Notify clients and customers when your data has been breached so they can take appropriate action.


Do you need help protecting your client information? Call M&H Consulting today at 1-(866)-964-8324 or visit our website M&H Consults