The 20 | Business Archives | Page 26 of 26

5 Reasons Why Your Company Should Outsource IT Support

Companies commonly outsource its accounting and bookkeeping duties, customer service, and HR management… so why should technical support be any different?

It shouldn’t.

Outsourcing provides a lot of benefits, especially to small businesses with limited resources. Plus, good IT support teams are especially hard for companies to build and maintain.

Here are 5 reasons as to why outsourcing is a good business move:

1. Reduces Costs

Reducing labor and equipment costs is one of the major reasons why companies outsource IT support. Employing a company to do the work for you is cheaper than hiring a whole IT staff. The employees’ initial training to get them onboarded, plus the regular training to ensure their knowledge is up-to-date, add to the cost as well.

Buying all the equipment you need for a functional IT department and maintaining the system also costs a lot of money. Removing these factors and paying a fixed cost contract will help you manage your annual operating costs more easily.

And If your operating cost is high, you will likely pass it on to customers by raising your product prices. This makes you lose your competitive edge.

2. Provides Support 24/7

If your business is one that needs to be open to customer calls 24 hours a day, that’s one of the reasons to outsource IT support. Instead of getting another IT staff, which will only cost you more, solely for answering calls outside of your normal working hours, outsourcing to a company will guarantee that someone is always available to help your customers.

A 24/7 team will also allow you to recognize flaws and bugs even before they affect your infrastructure and business.

3. Adjusts According to Demand

When the demand suddenly increases, and more calls start coming in, what do you do if you have a permanent staff?

Hiring temporary employees poses a lot of issues. You don’t know when the demand decreases, which will force you to terminate them immediately. You’re also not sure of the technical skills and personality if you’re in a rush to get someone onboarded.

Meanwhile, an IT company can easily scale up or down depending on your needs because of their access to vast resources.

4. Gives Access to Cutting-Edge Technologies and Industry Experts

Security of your data and your customers’ data is paramount. That’s why Facebook is in a lot of heat nowadays — its platform is vulnerable to third-party entities mishandling the users’ data. Even large companies are susceptible to attacks, with hackers successfully gaining access to JP Morgan’s 76 million households plus 7 million small businesses in 2014.

To keep your data safe and secure, however, you must have the newest technologies and the knowledge of industry experts. You and your staff must be up-to-date with the industry standards, which might be hard to do if you’re a small-time player.

Outsourcing solves this problem. It’s their job to get cutting-edge technologies and train their employees regularly so you don’t have to do it. Getting access to these will also ensure that your systems are working smoothly.

5. Allows You to Focus on Your Business

When you no longer have to worry about the security and integrity of your system, it allows you to focus on what you need to do in order to grow your business. Your employees, without network interruptions and possibly the added IT responsibilities, will also be able to perform with their best for the company.

You can focus on improving your products and services while the outsourced IT team deals with the technical issues so you and your staff can keep on working without worry.

Yep, sorry, everyone… this is a real problem. In fact, it’s a HUGE problem. Your company’s vulnerability, in large part, comes from your employees. And with a little know-how and finesse from the bad guy, here’s a few ways this happens AND a few ways your employees can be active participants in stopping them.

1. Carelessly opening email

Employees often spend the day checking their email — and hackers know it. This makes email a prime entry point for cyber criminals. Employees MUST approach their email with care so they can identify signs of an attack and mitigate the risk.

Common signs of an attack include fake/forged email addresses ([email protected]), unprofessional subject lines, bad grammar/typos, and creating a sense of urgency to respond with personal information.

Employees should be able to identify a potential threat, and report to IT. They shouldn’t click on links (including unsubscribe), submit information, open attachments, or respond to such an email.

2. Giving password over the phone/leaking passwords

How would your employees respond to this call? “Hi, this is Sam, from IT. We noticed your certificate is about to expire, so I need your password to reset.”

Well, hopefully they’d know that IT would never ask you for a password, or other sensitive information like a social security number, address, or common password reset questions/answers.

Another big one is writing passwords on a notepad, or taping it to the computer. I wrote about this a couple of weeks ago. Not a good idea.

3. Losing mobile phone

It’s easy to lose a device with sensitive information. it’s actually not a matter of if, it’s a matter of when.

So, the question then is, how do we mitigate the loss of information? The 2 most important steps for you to take are 1) requiring that phones automatically lock and require a password to access and 2) making sure you have the ability to remotely wipe a device.

The employee plays an important role here, too. Should this happen, they need to be aware of the risks involved, and report immediately, even late on a Friday night. This allows your IT team to quickly wipe the device and prevent information loss.

Pro tip: Make sure employees know who to contact (direct manager, IT, etc) and let them know they will never be punished for losing a device and reporting it immediately. They could, however, be at risk if they try to hide it.

4. Weak passwords

Employees (and well, everyone) typically use the same password for their social sites, bank login, and work password.

Is that bad? Yes!

If one is compromised, then the list of password possibilities for everything in your life significantly dwindles.

You should have a company policy that requires employees to use an unrelated password for all company logins and enforce that these passwords are updated regularly.

5. Improper disposal

Proper disposal of information is often overlooked.

Let’s say an employee is cleaning their desk, and the primary culprit appears to be the large stack of papers, mail, envelopes, sticky notes, and other junk that’s piled up since the last time they cleaned. Well, they haven’t needed anything in the stack for 6 months, so it’s safe to say they won’t need it in the next 6, right? Everything is pushed in the trash.

But wait — what all was in that stack? Maybe a flash drive? Maybe a flash drive with sensitive customer data, confidential company information, passwords…?

Work with your IT team to develop an information disposal policy. This should include wiping all read/writable media like hard drives and flash drives. CDs and DVDs should be shredded. Paper should be shredded or placed in a special bin in which your IT team can properly dispose of them.

So, who should be held responsible when a company’s data system gets breached? Historically, the CIO, the CISO, or both have shouldered the lion’s share of data breach responsibility; well over half of security decision-makers expect to lose their jobs if a hack happens at their organizations. However, breaches don’t happen in vacuums, and CIOs and CISOs don’t operate in them, either. Many CIOs report directly to the CEO, and some security experts feel that CISOs should be elevated to the same reporting level.

Whatever an organization’s reporting structure, the bottom line is the same: the responsibility for everything that happens within the organization, positive or negative, ultimately falls on the CEO and the board of directors. This includes data breach responsibility. This has been reflected in the numerous CEO firings (or resignations) that have followed bad breaches over the past few years, including those at Target, Sony Pictures, and the Democratic National Committee.

Apparently, Yahoo didn’t get the memo about this a couple of years ago. After years of poor cybersecurity practices caught up with them, resulting in multiple breaches affecting over a billion user accounts, putting its acquisition by Verizon into question, and making the Yahoo brand name synonymous with the phrase “data breach,” the company decided to fire its General Counsel, Ron Bell. Shockingly, CEO Marissa Mayer remained in place, albeit with a pay cut (she then went on to leave Yahoo after the Verizon acquisition, however, but it was of her own choosing).

In Yahoo’s case, the CISO and the rest of the security staff couldn’t be fired. Fearing that a major security incident would eventually happen, they’d already run for the hills. The New York Times reported that former CISO Alex Stamos and his team had spent years warning Mayer of potential security issues, but Mayer insisted on putting “the user experience” ahead of cybersecurity and even cut the team’s budget.

Preventing Breaches Is Everyone’s Responsibility

Cybersecurity isn’t just an IT issue. It impacts every individual and department in an organization — from the board of directors all the way down to minimum-wage clerical and retail employees. The overwhelming majority of data breaches originate inside an organization, either because a negligent or untrained employee makes a mistake or a malicious insider decides to strike back against the company. No cybersecurity policy is complete unless it addresses the human factor behind data breaches by promoting a culture of cybersecurity awareness. This culture must start at the top of the organization; if the board, the CEO, and the rest of the C-suite do not take security seriously, front-line employees certainly won’t.

Yahoo’s firing of Ron Bell certainly shook up the legal community and caused much debate over where data breach responsibility ultimately lies. While this may have served to light a fire under organizations with questionable cybersecurity practices, the focus should not have been on whose heads would roll if a breach happened; it should have been on implementing proactive cybersecurity and compliance measures to prevent hacks from happening in the first place.

As for Yahoo, they settled in September a worldwide class-action lawsuit that alleged security issues dating back as far as 2003. Yahoo’s attorney and lead plaintiffs’ counsel told the U.S. District Judge in federal court that both sides had reached an “agreement in principle” — $47 million to be exact.

One of Asia’s top airlines, Cathay Pacific Airways, said a hacker accessed personal information of 9.4 million customers, becoming the target of the world’s biggest airline data breach.

Oh boy.

The airline’s shares sank dramatically, shaving $201 million off its market value, after the Hong Kong-based carrier disclosed the unauthorized access late Wednesday, 7 months after discovering the violation. While passports, addresses and emails were exposed, flight safety wasn’t compromised and there was no evidence any information has been misused, it said, without revealing details of the origin of the attack.

“This is quite shocking,” said Shukor Yusof, founder of aviation consulting firm Endau Analytics in Malaysia. “It’s probably the biggest breach of information in the aviation sector.”

“We are very sorry for any concern this data security event may cause our passengers,” CEO Rupert Hogg said in a statement. The airline is in the process of contacting affected people, he added.

It’s the latest embarrassing data breach to hit a major international airline. British Airways said the hack on its system lasted for more than 2 weeks during the months of August and September, compromising credit-card data of some 380,000 customers. Delta said in April that a cyberattack on a contractor last year exposed the payment information of “several hundred thousand customers.”

The hackers who hit Cathay gained access to 27 credit card numbers but without the cards’ security codes, and another 403 expired credit card numbers. They also accessed names, nationalities, dates of birth, telephone numbers, emails, physical addresses, numbers for passports (roughly 860,000), identity cards and frequent-flier programs, and historical travel information according to the airline.

“Upon discovery, we acted immediately to contain the event and to thoroughly investigate,” Hogg said. “We engaged one of the world’s leading cybersecurity firms to assist us, and we further strengthened our IT security systems, too.”

Hong Kong’s privacy commissioner expressed serious concern over the leak and said the office will initiate a compliance check with the airline. A dedicated website provides information about the event and what affected passengers should do next.

Some local lawmakers criticized Cathay for taking so long to reveal the breach. Lam Cheuk-ting, a member of the Legislative Council’s security committee, told reporters that many people in Hong Kong are angry and the airline should’ve taken the initiative the very first day it found out. Cathay’s Chief Customer and Commercial Officer, Paul Loo, said the airline wanted to have accurate grasp on the situation and didn’t wish to “create unnecessary panic.”

Cathay is in the midst of a 3-year transformation program, as part of which Hogg has reduced jobs starting with the carrier’s head office in Hong Kong to cut costs and introduced better business-class services on long-haul flights to help lure premium passengers.

Cathay was ranked as the 6th best airline in the world this year by Skytrax, a London-based firm that provides advisory services for carriers and airports.

As I wrote earlier this month, IT problems in the airline industry seem to be growing. And while the causes are complex, when an airline cancels your flight and blames technology, you can’t accept it with a shrug. It sounds like they need to be introduced to an unbeatable IT service with decades of experience and demonstrated expertise to solve their problems…

Imagine you’re a top executive at a company hit by a major crisis within the last 72 hours. First, and most importantly, there may have been serious damage to the community in which you operate. Your customers may have suffered, people’s livelihoods destroyed. The environment may be irretrievably damaged.

What do you do?

The threat is growing

Many incidents inside companies never hit the headlines, but recent evidence suggests that more are turning into full-blown corporate crises.

Why is this a bigger problem now than it has been in the past? First is the growing complexity of products and organizations. A new pickup truck today includes computer controls programmed with more than 150 million lines of computer code, while the average deepwater well is the height of seven Eiffel Towers. Goods travel thousands of miles and move through supply chains that comprise multiple intermediaries and multiple jurisdictions. A second reason for the significance of the problem is a higher level of stakeholder expectations. Customers, often in response to messages on social media, are more willing to sue or shun a company they believe is unethical. Governments are more willing to seek redress from companies they believe are breaking the law, and shareholder activism is on the rise. Third, the changing social contract is driving anxieties and mistrust in institutions, making irreversible knee-jerk reactions more likely. Finally, the raw speed of business operations—from rapid communications to shorter product-development timelines—makes crises more likely.

Understandably, companies spend more time trying to prevent crises than preparing for them. However, crisis readiness has become at least as important as risk management, takeover readiness, and vigilance over safety.

Five parallel paths to resolution

It helps to think of a crisis in terms of “primary threats” (the interrelated legal, technical, operational, and financial challenges that form the core of the crisis) and “secondary threats” (reactions by key stakeholders to primary threats). Ultimately, the organization will not begin its recovery until the primary threats are addressed, but addressing the secondary threats early on will help the organization buy time.

When a crisis hits (or is about to hit), one of the first actions should be to create a cross-functional team to construct a detailed scenario of the main primary and secondary threats, allowing the company to form early judgments about which path the crisis may travel. This helps the organization set out major decisions it needs to make quickly and is the first step toward wresting back control—improving the headlines of tomorrow, rather than merely reacting to the headlines of today.

1) Control the organization

An effective crisis team is central to mounting a satisfactory response. The best crisis organizations are relatively small, with light approval processes, a full-time senior leader, and very high levels of funding and decision-making authority. The team should be able to make and implement decisions within hours rather than days, draw a wall of confidentiality around the people who are responding, and protect those not involved from distraction in their day-to-day activities.

A common error is to choose an external expert as leader of the company’s crisis response. External hires typically struggle to motivate and organize the company in a crisis situation. The right leader usually will be internal, well known, and well regarded by the C-suite; will have served in an operational capacity within the industry; and will enjoy strong informal networks at multiple levels in the company. He or she should possess a strong set of values, have a resilient temperament, and demonstrate independence of thought to gain credibility and trust both internally and externally.

2) Stabilize stakeholders

In the first phase of a crisis, it’s rare for technical, legal, or operational issues to be resolved. At this stage, the most pressing concern will likely be to reduce the anger and extreme reactions of some stakeholders while buying time for the legal and technical resolution teams to complete their work.

For instance, an emergency financial package may be necessary to ease pressure from suppliers, business partners, or customers. Goodwill payments to consumers may be the only way to stop them from defecting to other brands. Business partners might require a financial injection or operational support to remain motivated or even viable. It may be necessary to respond urgently to the concerns of regulators.

3) Resolve the central technical and operational challenges

Many crises have a technical or operational challenge at their core. But the magnitude, scope, and facts behind these issues are rarely clear when a crisis erupts. At a time of intense pressure, therefore, the organization will enter a period of discovery that urgently needs to be completed. Frequently, however, companies underestimate how long the discovery process and its resolution will take.

It’s best, if possible, to avoid overpromising on timelines and instead to allow the technical or operational team to “slow down in order to speed up.” This means giving the team enough time and space to assess the magnitude of the problem, define potential solutions, and test them systematically.

4) Repair the root causes

The root causes of major corporate crises are seldom technical; more often, they involve people issues (culture, decision rights, and capabilities, for example), processes (risk governance, performance management, and standards setting), and systems and tools (maintenance procedures). They may span the organization, affecting hundreds or even thousands of frontline leaders, workers, and decision makers. Tackling these is not made any easier by the likely circumstances at the time: retrenchment, cost cutting, attrition of top talent, and strategy reformulation.

For all these reasons and more, repairing the root cause of any crisis is usually a multiyear exercise, sometimes requiring large changes to the fabric of an organization. It’s important to signal seriousness of intent early on, while setting up the large-scale transformation program that may be necessary to restore the company to full health.

5) Restore the organization

Some companies spend years of top-management time on a crisis, only to discover that when they emerge, they have lost their competitiveness. A large part of why this happens is that they wait until the dust has settled before turning their attention to the next strategic foothold and refreshing their value proposition. By this stage, it is usually too late. The seeds for a full recovery need to be sown as early as possible, even immediately after initial stabilization. This allows the organization to consider and evaluate possible big moves that will enable future recovery, and to ensure it has the resources and talent to capitalize on them.

In conclusion

Risk prevention remains a critical part of a company’s defense against corporate disaster, but it is no longer enough. The realities of doing business today have become more complex, and the odds of having to confront a crisis are greater than ever. Armed with the lessons of the past, companies can prepare in advance and stand ready to mount a robust response if the worst happens.

It would appear that the airline industry needs The 20.

If you had a ticket on Delta Air Lines a couple of weeks ago, your flight may have been delayed a few hours – and this is something we’ve had to get used to. Flight delays due to a “technology issue” are quickly becoming the new normal for air travelers.

The number of technology-related outages among domestic airlines has risen unevenly during the past decade, from 3 in 2007 to 6 in 2017, with the highest number being 11 in 2015.

IT problems seem to be growing. And while the causes are complex, the contingency plan is as simple as ever. When an airline cancels your flight and blames technology, you can’t accept it with a shrug.

Technology “issues” are getting worse

A recent study conducted by Qualtrics noted that just a single outage can drive away a significant number of customers. More than 34% said they would not book another ticket on an airline with a technology-related service disruption.

In August, Spirit Airlines experienced a system-wide service interruption, which prevented it from checking in passengers. And in June, American Airlines suffered a service outage after a “serious” computer problem. More on that in a minute.

And it’s a worldwide problem as well. Earlier last month, for example, Pakistan International Airlines reportedly delayed its flights after its entire booking system “went down.” Turns out the carrier was switching to a new Turkish web-based product appropriately named “HITIT.”

Delta’s IT problem remains something of a mystery. At 8:28 p.m., the airline announced that its IT teams were “working diligently” to address a technology issue affecting some of its systems. “We have issued a Delta ground stop as we work to bring systems back up as quickly as possible,” the airline said. “There has been no disruption or safety issue with any Delta flight currently in the air.” By 9:20 p.m., Delta announced that it had restored all IT systems, blaming the flight delays on a “technology issue” that “briefly affected some systems this evening.”

And they apologized.

What’s causing these technology glitches?

“While the root cause of each occurrence varies, IT issues among the travel industry can be attributed to several overarching factors,” says Michael Levine, a senior associate at Schellman & Company, an independent security and privacy compliance assessor.

Airlines don’t like to spend a lot of money on technology, so their systems are antiquated before they receive long-overdue upgrades, say experts.

“The complex nature between many integrated systems — reservations, flight scheduling, staff scheduling, and so forth — can lead to breaks in the chain,” says Levine. “Airlines often work with regional subsidiaries, which means that they are affected by their IT infrastructure and outages as well.”

That’s what happened with American Airlines in June. PSA Airlines, a regional subsidiary of American, had a hardware issue with one of its staff scheduling systems. “It appears there might not have been a proper backup system in place, so the outage lasted a lot longer than necessary,” says Levine.

“It’s not just technology. The major airlines have made sufficient investment in redundant systems on multiple networks,” adds Levine. They have “incredibly redundant” storage arrays where the transactional databases running all their operations reside, and that data is backed up in near real-time to multiple locations and private clouds.

“The weak point in the chain,” he explains, “is humans.”

Employees and contractors aren’t adequately trained to monitor the system or to ward off cybercrime.

“It only takes 1 human to do something incredibly ignorant or stupid,” says Levine. The mistakes range from a programmer handling data insecurely or a marketing executive uploading client data into an unsafe third-party app.

“It takes a serious commitment from the highest level of executives to spend intelligently and adequately, to deter possibilities of major outages or data breaches,” he says.

Sounds like they need to be introduced to an unbeatable IT service with decades of experience and demonstrated expertise to solve their problems…

It would appear that IT administrators are campaigning hard for Microsoft to slow their roll when it comes to their Windows 10 upgrade schedule.

Approximately 78% of more than 1,100 business professionals charged with servicing Windows for their firms said that Windows 10’s feature upgrades — now released twice annually — should be issued no more than once a year. The 78% was split almost evenly, with 39.2% arguing for one upgrade per year while 39.3% picked one every two years from a questionnaire on Windows patching, updating and upgrading.

Only 11% agreed that the current twice-a-year release is their preference, and a very small 1% wanted an even quicker tempo than that.

The questionnaire, created by Susan Bradley, who moderates the PatchManagement.org mailing list, asked administrators about whether feature upgrades are useful to their businesses and if Windows 10 has met company needs. Bradley used the responses to support her plea that Microsoft’s top executives address what she and her colleagues believe is an ongoing deterioration in the quality of Microsoft’s monthly patch updates.

But she also raised the issue of the Windows 10 feature upgrades’ release calendar. “If Microsoft is not realizing that [their] enterprise customers are having issues with the timing of the feature updates, then Microsoft is not listening to their enterprise customers.”

And questionnaire commentary by IT administrators vividly paint the frustration felt from the feature upgrades’ frequency.

“Most feature updates introduce so many bugs and problems,” said one respondent. “With the current pace of releases of new feature updates, the entire IT department is busy constantly dealing with all the problems that follow, instead of spending time on activities that actually create value for users.”

“At twice per year, you’ve barely got over one before you need to do it all again, leading to the temptation to skip every other update,” asserted another.

“This may come as a shock to Microsoft management, but our bonuses aren’t geared to the matrices that their bonuses are geared to,” said another participant. “We have better things to do with our time than run on the treadmill that is their business cycle.”

Windows 10’s upgrade tempo has gone through several iterations since mid-2015, when the OS debuted. Initially, Microsoft envisioned four upgrades annually. In 2015, it released the first upgrade, labeled 1511 using the company’s now standard yymm format, about three and a half months after the original 1507. But then Microsoft issued just one upgrade in 2016, the mid-year 1607.

Shortly after that, Microsoft announced that it was formalizing a two-times-each-year schedule, with March and September as release targets. Since then, it’s delivered 1703 (April 2017), 1709 (October 2017) and 1803 (April 2018); it appears to be on track to release 1809 next month.

To complicate matters, for a time Microsoft extended support from the usual 18 months to 24 months for Windows 10 Enterprise and Windows 10 Education. Microsoft justified the extension – which ended with version 1803 – as necessary because “some customers” asked for more time to migrate from one feature upgrade to another.

With 24 months of support, it was feasible for IT to skip one feature upgrade in any given year. But with the return of 18 months of support, it will again be tough for companies to move all PCs to a supported version before the one currently powering the machines stops receiving patches. That was one reason Gartner Research urged enterprises to pressure Microsoft into making permanent the 24-month support period.

Gartner has assumed that Microsoft will not retreat from its two-times-a-year cadence but that it will be pressured, likely by or before the end of 2020, into making the 24 months of support permanent. While that won’t change the release frequency, it will, Gartner has said, allow adopting just one upgrade each year.

We’ll see what happens.

I’ll end with what Michael Wayland, Managing Director of Byte-Werx in Houston (Elite member of The 20) told me:

With the major releases there are often several unforeseen issues that can crop up. This can cause several hours of downtime for endpoints and cost small businesses money. It’s one reason you want a managed IT department to follow the releases, the issues, and release in a methodical and planned way after lab testing. They’re also available to quickly backstop, remediate, or walk through end-users for issues that arise.

So, I stumbled upon an interesting article over Labor Day weekend (do I know how to party OR WHAT?) that warned businesses of the risks that come with letting domain names expire. It’s a side of buying expired domains that most domain investors will never think of: the fact that expired domains, despite not having traffic coming to them, still could have emails with incredibly sensitive information attached. The piece gives a very solid example of domains from law firms that expire after the firm takes part in a merger:

To test just how bad the problem is, [security researcher, Gabor] Szathmari re-registered old domain names for several law firms that had merged, set up an email server, and without hacking anything, he says he received a steady stream of confidential information, including bank correspondence, invoices from other law firms, sensitive legal documents from clients, and updates from LinkedIn (Szathmari is working to return the affected domain names to their original owners).

Well, not too surprisingly, it turns out that some of these expired domains are used for fraud since the new owner could essentially gain access to a large amount of sensitive data.

This got me thinking about whether or not there’s an entire market of expired domain buyers; fraudsters and scammers that aren’t looking to resell the name, but instead are looking to use the domain to gain access to email.

It certainly sounds like that might be the case.

Email holds the keys to the kingdom. All your password resets go through email and abandoning an old domain name makes it easy for attackers to re-register the old domain and get your stuff.

According to the article, it appears that the technique of re-registering old domain names could also be used for collecting money. “By reinstating an online web shop formerly running on an abandoned domain name,” Gabor Szathmari writes, “Bad actors could download the original web pages from archive.org, then take new orders and payments by posing as a fully functioning web shop.”

“If the former web shop had a CRM system or MailChimp running marketing campaigns,” he adds, “criminals could access the list of the former customers by taking over those accounts with an email-based password reset. They could offer them a special discount code to encourage them to submit orders which would never be delivered. The sky is the limit.”

Expiring domain names are published daily by domain name registries in the form of domain name drop lists. It doesn’t take a criminal mastermind to download those lists daily and cross-reference them against news of mergers and acquisitions in the relevant trade pubs, or just re-register any domain name that catches their fancy.

So how long should you hang onto those old domains for?

Better to be safe than sorry in this case. Domain names aren’t expensive, and keeping old domains in your possession is the cheapest cybersecurity insurance policy you’ll ever purchase. I mean, is it really worth it to sell at the expense of fraud? I wouldn’t take that chance.

Szathmari recommends setting up a catch-all email service that redirects all incoming email to a trusted administrator, someone who can review correspondence addressed former and current staff, and password reset emails for online services.