Turn to Face the Strain: The Importance of Employee Training in 2021

Coming up on our one-year pandemiversary (yes, I just made that word up), one thing that has become very clear is how different the workplace has become. No more water cooler chats or unexpected pop-ins, team meetings gone remote, difficulty measuring employee productivity or maintaining employee morale, and that’s just a few. The changes are massive and all-encompassing, and the longer this goes on, the more we realize that the “new normal” is going to look a lot different than what we remember. How do we equip our employees with the necessary tools, skills and confidence to face these daunting ch-ch-changes, as David Bowie would call them? Let’s explore.

The first thing I noticed when converting to the work-from-home environment was the sudden absence of communication. It’s so easy to just walk over to someone else’s desk and ask them a question when we’re all in the same building, but when sitting alone in my home office, the hurdle to communication has become much greater. It can feel foolish calling up a coworker for a 10 second chat to answer a question, and it can feel equally foolish sending a text to a coworker that doesn’t get responded to for hours. Confidence is the key, knowing what is effective with whom, and what works best for you. But instilling that in employees can be quite difficult, especially when you’re physically distant.

As consistent communication decreases, echo chambers increase, what I like to refer to as the disparity of experience. Sure, we’re all working from home, but as far as relating to one another goes, the shared experience ends there. All of our home situations are different, how we are responding to the continued isolation and how it is affecting us are different, even our perspectives on larger community and world events may be different. This makes the critical skill of empathy quite difficult to practice, but at the same time even more important. The only thing worse than facing extreme challenge is the feeling of facing it alone.

As the shared experience dissolves and empathy decreases, conflict lies right at the surface, a misplaced word or uninvited opinion away. Maybe you consider yourself a conflict resolution expert, maybe you have tons of experience diffusing situations in the office. But how do you even detect a conflict when it’s occurring in virtual meetings you aren’t even privy to? When everyone is separate and oversight of intra-org communications is minimal, how do you see the red flags before the conflict erupts? These are difficult questions to face, even for the most experienced behaviorist.

One unique benefit to having everyone working from home comes through the transition of many training companies such as Vermont Panurgy to virtual classrooms. Working from home eliminates the distractions of a busy office, but the expectation of sitting in front of the computer for long blocks of time is still there. This brings a unique opportunity to provide truly engaging training content in a comfortable and relatable atmosphere for the student, with minimal distraction, thereby increasing their chances of retaining the knowledge gained.

Vermont Panurgy holds a vast portfolio of talent development courses covering all the above topics and more. Whether we’re discussing inter-office communication, practicing empathy, conflict resolution, leadership techniques, writing skills or stress management, we’ve got a class for that.

The best part? Our small class sizes, properly-paced content and highly-skilled instructors allow for a highly interactive virtual classroom, where students can ask questions, discuss with each other and share experiences with ease. Couple this with the quiet, familiar space of your own home, in front of your own computer, and you’re looking at a learning experience unlike any other, the possibilities greater than ever before.

Maybe you feel like your team has acclimated to the work from home environment well enough, maybe you think all these soft skills are already in the bag. Don’t let that confidence allow you to overlook the importance of training though! As with even before the pandemic, investing in professional and personal development of your employees demonstrates a caring attitude and can create a sense of purpose and security, translating into more productivity and job satisfaction. In 2021, you can also add in the opportunity to interact with others for an extended period, something most of us have longed for since last March!

Vermont Panurgy also offers technical training in common software applications such as Microsoft Office 365, Quickbooks, Adobe Creative Suite, and more. We even have higher-level technical classes for IT professionals, such as CompTIA certification boot camps, server and database administration, Exchange Server and Office 365 administration. These offerings bring even more opportunities for you to provide some valuable education to your employees and show them how valued they are. It’s a win-win!

Take a look at our full class schedule to see all of our offerings and upcoming dates. We are excited to help you and your employees take advantage of this unique opportunity for learning and growing, especially while we are all working from home. Bowie had it right, the best way to deal with change is to “turn to face the strain,” let’s turn together!

Managing Employees Remotely: The Importance of Updates

Back at the beginning of last year with the pandemic closing most in-person businesses, a wide variety of businesses started letting their employees work from home — all at the same time, with virtually no preparation or planning. Now, nearly a year later, it is clear that work-from-home is likely going to be a part of nearly all businesses’ infrastructures, whether total or in part.

This hybrid in-person/remote environment has continued to present surprises to business owners and managers even now, over 10 months in. One thing that has become an issue is running manufacturer updates on company-managed computers that are physically in the homes of employees. This article will detail the updates issue and discuss some potential solutions, particularly for the less-than-computer-literate business manager. If you have employees using your machines at home and you don’t have your own IT department managing those PCs, then this article is for you.

Typically, system and software updates continue to run automatically on the operating system of employees’ PCs. However, computer manufacturers periodically release updates to their Drivers and Firmware to keep the communication between the hardware and the software flowing smoothly. If only one side of this relationship stays current and the other side doesn’t, your employees will start experiencing problems with their PCs.

A lot of hardware manufacturers have attempted to resolve the communication issue by setting up their update software to run automatically. There are two main issues that cause these auto-updates to fail: first, a lot of hardware updates require the computer to reboot and the second is if an employee’s PC requires administrative privileges for an update to occur.

The updates won’t happen if there is trouble scheduling a reboot or running it automatically. If you have employees who never shut down or don’t routinely restart their computers, this type of issue is most likely to be the cause of whatever oddities are occurring on your employees’ PCs. Have them restart their computers so the updates can occur and, voila! That should solve the problem.

However, an issue that can cause the auto-updates to fail is when all modifications to hardware or the communication between hardware and software require administrative privileges. Chances are you created an account for your employees to use on their PCs that do NOT have admin rights. This makes sense because you typically don’t want employees installing software that may compromise the security or functionality of their PCs. Unfortunately, unless you installed a remote access tool on each employee’s PC with its own admin privileges before you let employees leave with company PCs — or let employees use their own PCS (more on related issues to that another time!), then you’re going to need to get your hands on each PC to be able to run the updates using your stored admin credentials. What a pain that would be if you need to get them all back! But that is what you’d need to do in that situation unless you have remote access software. 

Remote access software is the primary tool that Remote Management and Monitoring companies such as Vermont Panurgy use to remotely support clients. Similar tools can be purchased and used by business owners, but they are generally rather complicated and expensive. Most importantly, configuring them so the connection to each employee’s remote PC and the contents of the PC itself remain secure can be quite challenging and pose security issues if not done properly.

Some remote access tools are free or cheap, but generally require someone on both ends of the PC to initiate the connection. This means taking up valuable work time from your employees while you run updates on their PC that could otherwise be done while the users are offline.

If you are looking for assistance managing your company’s workstations and the updates that they need, Vermont Panurgy has a number of flexible offerings that can help you with this. Contact us to let us know what your needs are today — don’t wait for an employee’s PC to stop working because no one is there to run its updates!

How Many IT Companies Does it Take?

You all have heard the old joke, told in numerous permutations, starting with the simple task of screwing in a lightbulb. If you’ve been following business and government news over the weekend, you probably heard about the security breach at SolarWinds, an IT company that services clients from Government Agencies to Fortune 500 companies. I want to talk today about how these two things, an absurd generalization turned into a joke, and a serious security threat to the stability of our society.

Let’s first get some preliminaries and disclosure out of the way. SolarWinds is a Managed Services Provider for IT products and services. I also work for an MSP company, and have worked in the Technology sector for over a decade. That said, the connections stop there. Vermont Panurgy does not function in the same ways as SolarWinds, does not service the same types of clients, does not offer the same types of services.

That all said, with the background that I have, I am in a good position to provide a bit of perspective, so I wanted to write this article to point out a commonly misunderstood aspect of the particular product that was compromised, why it is potentially dangerous and what you, as a business owner with valuable and irreplaceable IP, can do about it.

According to news reports and filings by SolarWinds, the specific product that was compromised was something called The Orion Platform. I did some cursory research on this product and it claims to solve a lot of headaches by giving you one single point for all of a company’s IT-related needs. It bundles together several of SolarWinds’ proprietary products into a “single pane of glass,” dangling a tempting carrot of simplicity and streamlined efficiency. Hard to resist, especially for the less-than-technically-minded of us.

How many times have you had trouble with some piece of technology in your office, only to have various Help Desks pass the buck between each other, always saying it was the other company’s fault? How many times have you called one help desk only to be told that you need to call a different one? Who makes what, and how easy are they to get ahold of? What is my warranty on this product, and what does that entitle me to? The headaches of having to deal with multiple IT companies is entirely understandable, but is the right solution to just find some giant that claims to do it all and put all your eggs in their basket?

The problem with bundled, proprietary services is that if there is only one point of access for you, there need be only one point of access for a hacker to get in and crash the party. Decentralizing, especially when it comes to cloud-based and networked IT solutions, helps you be confident that if one company gets hacked, maybe one of your systems will go down but it won’t bring down the whole house. Switching from a complex VOIP phone network back to calling each other on cell phones for a few days is much less catastrophic than your phones, your financial systems, your production lines, everything going down at once.

At Vermont Panurgy, we do our due diligence in researching and carefully considering all the factors that go into making a decision on which provider to choose for a particular service. The services we recommend are all highly commended in their field, and they all come from companies that specialize in the particular area that they service. Need good network security? We’ve got recommendations. Need good Wi-Fi access points? We’ve got recommendations. Need a cloud-based backup system? We’ve got you. And no, they’re not all the same company!

If you are a business owner or manager and this recent SolarWinds hack has got you reconsidering whether or not an MSP is really a good idea, keep in mind that there are a wide variety of MSP types out there, we are not one-size-fits-all! And if you are now concerned about companies that will try and steer you to their own sub-par in-house solutions instead of making honest recommendations about what is best for your business’s success, then give us a call!

“I Didn’t Send That!” Domain Impersonation and You

How many of you were affected by the #Ransomware attack on the UVM Medical Center’s IT network last week? Whether it was a delayed or cancelled appointment, an issue with work orders and partnerships, or just dropped communication, this type of attack is a tragically real example of the importance of network security.

One of the biggest vulnerabilities that malicious actors tend to exploit in order to gain access to a network is through #emailsecurity. There are numerous methods for using email as an attack vector, a big one being what is known as #DomainImpersonation.

image says "you've been hacked!"

Domain Impersonation is when someone purchases domain names very similar to the appropriate domain that they are impersonating, and then send emails from that domain with malicious links, attachments, etc, to infect unwitting recipients’ machines and networks.

Consider this example: You’ve been going back and forth with a vendor (say, sales@panurgyvt.com) in emails about purchasing a product for an upcoming project. Suddenly, you receive an email that appears to be coming from that vendor with an invoice and a request for payment through a link in the email. Whether or not you were expecting this email, take a close look at the domain (what comes after the @ symbol). If you notice the typo (maybe something like sales@panrugyvt.com), you’ll easily identify the email as suspicious and know to delete it.

But how many of us actually look at the email address that every single email is sent from? Chances are, you’re busy and overloaded, you’re distracted, or you’re just the type of person who does not handle their email inbox with suspicion. Under these circumstances, you get the email, remember you’ve been communicating with this person already, and just assume that this is related to that communication. You click the link, or open the attachment, and boom, malware has infected your PC and potentially your entire network. Bad news.

No alt text provided for this image

Thankfully, there are solutions out there to monitor and protect from these potentialities before the email even hits your inbox. Through the use of artificial intelligence and intelligent monitoring, advanced email security systems today can take record of the domains of emails recently delivered to your inbox, and if an email comes in with a similar but false domain, it gets blocked even before it hits your email server.

There are also increasing amounts of opportunities for end user training on how to identify suspicious emails. As nearly all email attacks rely on carelessness, ignorance or manipulation to get people to click on malicious links and attachments, the biggest vulnerability point is, in fact, the end users themselves. Implementing regular training and reminders for your workforce surrounding the importance of email security is a top priority for securing modern networks.

If your business could benefit from a more robust email security plan, contact us today! We offer flexible options tailored to your company’s needs that include both server-side monitoring as well as end user training. Reach out today to start the conversation on how Vermont Panurgy can help your business stay protected in today’s modern work environment.

The Human Element of IT Security

Firewalls. Backups. Anti-Virus. Device Management. There are many tools in the IT professional’s toolbox for protecting technology from the threats of the internet. Unfortunately, even the most protected devices are only as secure as the humans that use them. No amount of software is going to prevent a user from clicking on a link in an email, and the inherent flaws of the human condition make the easiest target for an internet attack the end user. Because humans are the leading cause of IT security incidents, it is imperative for business owners and security professionals to integrate the Human Layer into their IT Security framework.

When considering the methods for implementing a security plan for the humans working in your business, the nature of human vulnerability becomes quickly clear: humans are subjective, distracted and easily influenced. Thus, the most effective method of attack comes through what is known in the IT Security world as Social Engineering, or the use of deception to manipulate individuals into divulging confidential or personal information to be used for fraudulent purposes. Hit people where they’re psychologically weak, and they are easy targets for manipulation.

puppet master controlling puppet

Examples of social engineering are everywhere. As one example in just the past week, a blast of emails recently made it through a client’s email security system informing several senior staff members that their Anti-Virus license had expired and required renewal. Several folks who received that email had no knowledge of the status of the Anti-Virus software on their systems, let alone its license’s expiration date. Thanks to overworked and underslept mental states, red alarms started going off, but for the wrong reasons. Emails quickly came in asking not if the email was legitimate, but why their Anti-Virus software had expired and whether their computers were at risk. Thankfully, they reached out to us before anyone clicked on the link in the email, but one errant finger could have placed the company and everyone who worked in it at serious risk.

Here’s a hypothetical example, uncovering another, even more urgent layer of the human element. In adjusting to a work-from-home workforce placed abruptly on us by the pandemic, members of your organization have migrated to relying heavily on Microsoft Teams for internal communication. Being based in the cloud, this means your server and all of your employees’ workstations are connecting to Microsoft servers regularly. Sniffers pick this scent up and suddenly you start seeing emails coming in offering all sorts of add-ons, freebies, enhancements, support, training, anything that might get you to click on the link in the email. They now know that you’re using Microsoft products for cloud communication, just from the act of you using it. They also know you’re new to it, which makes you more vulnerable. They use everything they can find out about you, in that very moment, to target you with content that strikes at your most vulnerable spots, and they are always adapting.

No alt text provided for this image

This shifting field of attack vectors causes us to realize that the implementation of IT security for the human layer must be an ongoing process, with regular reviews, trainings, updates and simulations. They didn’t make us do fire drills in school just to test the bells. Conditioning and repetition are vital parts of training humans in how to recognize and respond to threats.

Let’s next consider the impact of technology on how we form and maintain relationships, especially within the context of social distancing. Different types of people may have different opinions on the effectiveness and authenticity of virtual relationships, but even before government mandates brought compulsory hurdles to physical connection between people, many, especially in the younger generations, had already accepted virtual reality as their primary platform for connecting with others. Now, we’re all finding ourselves there, like it or not.

Just think of all the social engineering vulnerabilities this new paradigm poses. Thanks to the popular MTV show, the term “catfish” comes to mind, or people who subsume a fake identity online in order to connect with others behind a mask. The subject of the TV show, however, developing romantic relationships over the internet, is child’s play when compared to the sophistication with which similar tactics are used in spear-phishing and other social engineering attacks on businesses and their employees.

Consider the portions of your Facebook profile that are set to be visible to the public. Maybe you don’t think showing people that you live in Vermont and love cats is particularly concerning for the whole world to know. But what about that one Monday morning at work after a long weekend hiking and camping, sleep-deprived and sore, an email comes in marked important that appears to be coming from someone you work with about how they really need your help taking care of their cat? Do you stop and think if this person has ever told you they have a cat before? Do you check the email address the message is coming from, rather than just trusting the displayed name? Or do your instincts kick in and tell you “cat in trouble, must respond”?

Just like getting arrested, anything you say and do on the internet can be used against you in the court of social engineering. The simplest solution, just not doing anything on the internet, is not feasible in today’s business environment. So we are left to implement as comprehensive a strategy to protect ourselves, our business, and our employees, from these threats we will inevitably face.

Vermont Panurgy has been at the forefront of IT security and support for over 30 years. We would love to start a conversation with you about how we can implement a thorough, effective and ongoing strategy for your business to protect the Human Layer of IT security. Contact us today!

Technical Support for COVID-impacted Businesses – Funds Available!

Vermont Panurgy has been selected as an Approved Vendor in the Restart Vermont Technical Assistance (#ReVTA) program! Vermont Panurgy is able to offer services for Technology & Software Assistance (including, but not limited to: remote work setups; system design; installation; support of computers, network infrastructure and equipment, network security; 24×7 monitoring; remediation, anti-virus protections; and backup solutions). Technical Assistance also includes our Training services with live instructor-led remote and in-person technical (PC applications) and Professional Development/Soft Skill classes.

Any for-profit or non-profit Vermont entity conducting activities in Vermont that has been impacted by the COVID-19 pandemic and has a path to recovery that can be advanced with professional technical assistance, is eligible to receive these Technical Assistance funds. Approved businesses under the ReVTA program that use Registered Vendors and receive Technical Assistance services can have them paid for under the program. Any work done under this program must be completed by December 4, 2020, so act fast!

Go to vermonteconomicdevelopment.com for more information.  We look forward to helping your business!


Presenting Your Best Virtual Self – A Free, 45-minute Webinar [Video]

Join us for this free 45 minute seminar covering tips and tricks for presenting your best virtual self. You will learn ways to improve your communication effectiveness and online presence. Participants will gain an awareness of their physical environment, body language and non-verbal cues, as well as gaining helpful tips to engage your audience when presenting through an online platform such as #Skype, #Zoom or #MicrosoftTeams.

Recorded on August 19, 2020.

3 Ways to Respond to Difficult Behavior

Why do we argue? Why can’t everyone agree? Why are some people just… difficult? Challenging interactions have been with us since the dawn of humanity, they are a part of the fabric of the Human Experience. But boy are they hard! There is one pivotal concept that must be accepted before any one of us is going to be able to respond to these situations positively: We are faced not with difficult people, but with difficult behavior.

Ask yourself this: how does it feel to be labeled “difficult?” There is a great Seinfeld episode exploring this feeling, when Elaine receives much societal rejection for having this word written on her doctor’s reports. Doesn’t feel very good, does it? That’s because, as we all know, humans are capable of great things, and nothing is permanent. Labels help us identify things and their uses, purposes and intents. When we apply labels to people though, it dehumanizes them and implies permanence. Not good.

Behaviors, on the other hand, are actions occurring in moments of time. They need not be tied to the person committing such behavior’s identity, unless they choose to do so. Thus, applying labels to behaviors is a much more constructive means to approach the situation at hand.

From a very-wide-lens, we can identify all reactions and responses to difficult behavior under three primary categories:

No alt text provided for this image

1.  Do Nothing

The easiest thing to do when faced with difficult behavior is to just ignore the problems you perceive and hope they go away. Remember that bully in middle school who wouldn’t leave you alone? Everyone told me to just ignore him, don’t give him what he wants. How did that work out? For me, as I would imagine for most of you as well, this tactic backfired spectacularly. It seemed to goad the bully on, and he just kept on messing with me.

Ignoring difficult behavior does nothing to make the person causing it to be aware of how you are perceiving it, how it is affecting you. It’s a non-starter, and many times the person may even consider your lack of response to be tacit approval. Yikes.

No alt text provided for this image

2.  Change The Person

How many of you read this one and immediately thought “no, I would never want to CHANGE someone!” Well, this is a tricky one, because intention is very important. I lived in housing Co-ops in college, where a house of at least 20 people shared chores, meals and maintenance in a hyper-intense level of immediate proximity hard to imagine for most people. As you can imagine, difficult interactions were an everyday experience.

I remember one summer I was managing a Work Holiday where we all banded together to get some more major projects done. One member was being very lazy, disappearing to his room for hours at a time, much to the chagrin of those with whom he was assigned to work. In my naiveite, I thought I could go up there and motivate him to get to work, somehow giving him the energy I felt to make him want to go join in the collective experience.

But what was I really doing? As good intentioned as I felt I was, I was actually trying to change this person’s identity, make them into something they were not. I didn’t even consider what was going on with them, I just wanted them to buck up and conform. You can imagine how that worked out. Ultimately, my failures in communication as a leader that year led, in part, to a complete membership turnover. I had learned a very important lesson.

An individual’s personality is a result of that person’s unique life experience. Each person’s perception of reality is uniquely their own. Because of this, any change in their personality requires conscious effort by that very individual. When it comes to people, we can only change ourselves. Trying to force someone else to change their own personality is incredibly difficult, and when you think about it, incredibly selfish, too.

No alt text provided for this image

3.  Modify Your Style For That Person

When realizing the failures of the above two methods of response, one of the most challenging relationships where difficult behaviors occur is in that of superior to subordinate. As a manager, you have a responsibility to the people you manage to make sure difficult behavior is not detrimental to co-workers or the organization. The style that you use to manage people may have to vary in order to meet the different challenges that different people present. To each their own.

This is the greatest challenge of all, but ultimately it is the only way that works. And it works because it takes the other person into account. You’re not just managing your way, you’re managing in a way that works for both of you, and not only does this make the interaction more comfortable, it empowers the other person and can even inspire them to change.

I know you’re all thinking, “Oh, great, more lofty platitudes about big-picture concepts. How does that help me today? How do I apply this to my own situation?” Well, the good news is, Vermont Panurgy has got you covered! We regularly host a plethora of virtual career development classes, several of which focus specifically on these types of interactions. Our virtual classrooms are small, highly personalized and live-led by one of our cohort of fabulous instructors. Our classes typically run for at least one full day, giving students and instructors plenty of time to dive into the topics and answer all questions. Our next class on this topic is called Managing Difficult People, and will occur from 9:00 am to 4:00 pm on Thursday, August 27th. If you are interested in attending, or if you want to learn more about our offerings, contact us today!

Office 365 and Backups, DON’T Lose Your Data!

Microsoft 365 is a great platform for connecting a team across wide distances. However, Microsoft only commits to providing you access to your data, they do not provide guarantees that it is backed up. What if you accidentally delete a file from OneDrive? What if an employee quits and you lose access to their Outlook Mailbox? Watch this video and contact us today to learn more about how protect your Office 365 data!

For those using Office 365 or are considering implementing Office 365 email, please read the following:

There are known attacks against Office 365 that can compromise associated email accounts. Basically, hackers take over someone else’s email account through Office 365.  Hackers may send out spam to directly to attack an individual or company. Another common attack is to contact a company’s customers while impersonating high-level employees to get the customer to reroute financial transactions or to confirm/send sensitive data to the hackers.

One of the main symptoms of a compromised email account in Office 365 may include server side rules that redirect email into a Deleted Items folder or other folders like the Junk folder or the Really Simple Syndication (RSS) Feed folder. These emails often go unseen by the actual email account user and permit the hackers access to information in the incoming emails.


Fortunately, there are some preventative steps that can be taken to reduce the ability of hackers to compromise via Office 365. The main security implementation that we highly recommend is to enable Multi-Factor Authentication (MFA) for all Office 365 accounts. There are additional settings and configurations Vermont Panurgy can assist you with to log and audit account usage, which will better enable us to track any attempted hacks.


If you use Office 365, please contact us to make sure you are protected again such attacks. We are here to answer any questions or concerns you may have.