Advice from a failed disaster recovery audit

2017February28_Business_A

By EDITOR

We can write about disaster recovery planning (DRP) until our fingers bleed, but if we never discuss real-world scenarios it’s all just fumbling in the dark. Examining these successes and failures is the best way to improve your business continuity solutions, and the recent audit of a state government office is rich with valuable takeaways.

Hosting certain types of data, or managing a government network, legally binds you to maintain DRPs. After an audit of the Michigan Department of Technology and Budget, several failures lead to a trove of helpful tips for small- and medium-sized businesses attempting to create a bulletproof disaster recovery plan.

Update and test your plan frequently

One of the first and most obvious failures of the department’s DRP was that it didn’t include plans to restore an essential piece of their infrastructure. The plan didn’t include steps to restore the department’s intranet, which would leave employees unable to complete even the most basic of tasks.

The reason for the oversight? The last time the plan was updated was in 2011 — leaving out more than six years of IT advancements. If annual revisions sounds like too much work, just consider all of the IT upgrades and improvements you’ve made in this year alone. If they’re not accounted for in your plan, you’re destined to fail.

Keep your DRP in an easy-to-find location

It may seem a bit ironic that the best way to store your top-of-the-line business continuity solution is in a binder, but the Michigan Department of Technology and Budget learned the hard way that the alternatives don’t work. Auditors found the DRP stored on the same network it was meant to restore. Which means if something had happened to the network, the plan would be totally inaccessible.

Your company would do well to store electronic copies on more than one network in addition to physical copies around the office and off-site.

Always prepare for a doomsday scenario

The government office made suitable plans for restoring the local area network, but beyond that, there was no way for employees to get back to work within the 24-hour recovery time objective.

Your organization needs to be prepared for the possibility that there may not be a local area network to go back to. Cloud backups and software are the best way to keep everything up and running when your office is flooded or crushed beneath a pile of rubble.

DRPs are more than just an annoying legal requirement, they’re the insurance plan that will keep you in business when disaster strikes. Our professionals know the importance of combining both academic and real-world resources to make your plan airtight when either auditors or blizzards strike. Message us today about bringing that expertise to your business.

Posted in Uncategorized | Leave a comment

Selecting the perfect Office 365 plan

2017March8Office_B

By EDITOR

Office 365 Business, Business Premium, Enterprise E1, E3, and E5. Each of these Office 365 plans offer different features and services. Implement the wrong one, and you may end up with a solution that doesn’t fully meet your company’s needs. To help your business select the right Office 365 license, we’ve summarized and listed the different features of each plan.

Business or Enterprise?
If you’re running a cloud-first business, you’ll have to decide between Office 365 Business and Enterprise. Both may have access to Office Online and OneDrive, but there are some notable differences between the plan.

For one, Office 365 Enterprise E3 and E5 plans have unlimited archive and mail storage space, while Business plans have a 50-GB storage limit and don’t provide archive access from the Outlook client.

When it comes to SharePoint, Business plans are short on enterprise search, Excel services, and Visio features. Additionally, unified communication solutions, Power BI, and Delve analytics are also missing from the Office 365 Business offering.

Although it may seem like Enterprise subscriptions are superior — and in some ways they are — Business plans are perfect for smaller companies running on a tight budget. Office 365 Business and Business Premium cost $10 and $15 per user per month respectively, while E5, the biggest Enterprise plan, costs $35 per user per month.

As a general rule, start looking for Enterprise plans when your employee headcount exceeds 50 people and users require more storage space and solutions.

E1, E3, or E5?
If you do opt for Office 365 Enterprise plans, you’ll have to examine the features and choose one of three plans (E1, E3, and E5) that suits your needs.

E1 offers basic enterprise solutions such as Outlook and Word, OneNote, PowerPoint, and Excel online for only $8 per user per month. Apart from this, users also get access to SharePoint Team sites, video conferencing, and Yammer for enterprise social media.

E3 provides all E1 features and adds data loss prevention, rights management, and encryption to ensure business security and compliance. While E5 is a full enterprise-grade solution with all the aforementioned features plus analytics tools, advanced threat protection, flexible Skype for Business conferencing, and unified communication solutions.

Small- and medium-sized enterprises will usually select either E1 or E3 subscriptions and decide to add third-party applications to meet cloud security and VoIP demands. But if you have the resources and prefer a fully-managed suite of Microsoft applications, E5 plans are the way to go.

Migrating to an Office 365 platform is a big step, and if you’re still undecided about which plan to opt for, contact us today. We don’t just provide Office 365, we assess your business and find the best solution that meets your budget and objectives.

Posted in Uncategorized | Leave a comment

Apple’s new year comes with new malware

2017January25_Apple_C

By EDITOR

We love Mac computers as much as anyone does, but even we have to admit the notion of superior cybersecurity can be a bit overblown. Malware still finds its way onto Apple devices, and the only remedy is preparedness. Take a minute to brush up on the first Apple malware of 2017 before it puts a damper on your new year.

Where did it come from?

Dubbed ‘Fruitfly’ by the powers that be at Apple, it looks as though this relatively harmless malware has been hiding inside of OS X for several years. Fruitfly contains code that indicates it was adapted to move from a previous build of OS X to ‘Yosemite,’ which makes it at least three years old.

In fact, there are some lines of code from a library that hasn’t been used since 1998. It’s possible these were included to help hide Fruitfly, but experts have no idea how long it has been holed up inside the infected machines, or who created it.

What does it do?

So far, most of the instances of Fruitfly have been at biomedical research institutions. The administrators who discovered the malware explained that it seems to be written to grab screenshots and gain access to a computer’s webcam.

Considering the specific nature of its victims, and what it can accomplish, Fruitfly seems to be a targeted attack that won’t affect the majority of Mac users. However, Apple has yet to release a patch, and dealing with malware is not something to be put off for another day.

How should I proceed?

We’re always harping on the importance of network monitoring, and now we finally have proof that we are right. Fruitfly was first discovered by an administrator that noticed abnormal outbound network traffic from an individual workstation. Until Apple releases a patch, a better-safe-than-sorry solution is to contact your IT provider about any possible irregularities in your network traffic.

If you don’t have a managed IT services provider, this is the time to start considering one. Despite misconceptions, Apple devices need just as much care and attention as Microsoft and Linux PCs. And it’s not just security; if you want to optimize workstation performance, create a disaster recovery plan, or upgrade your database. Message today to get started.

Posted in Uncategorized | Leave a comment

Hackers use browsers to get credit card info

2017January27_Security_C

By EDITOR

Does filling in web forms sap all your browsing energy? Do you find it especially taxing to shop or register online using a mobile device? Google’s Chrome alleviated this dilemma when it introduced the Autofill feature in 2011, which made filling in forms much faster and making credit card purchases online more convenient. Unfortunately, it didn’t take that long for cyberthieves to find a way to take advantage.

How do they do it?

By concealing other fields in a sign-up form, users are tricked into thinking they only have to fill out a few fields. The trickery at work is that upon auto-sign up, other fields, which could include your billing address, phone number, credit card number, cvv (the 3-digit code used to validate credit card transactions), and other sensitive information, are auto-filled with the user none the wiser.

This sinister trick is nothing new, but since there hasn’t been any countermeasure since it was first discovered, the threat it poses is worth emphasizing. Finnish whitehat hacker Viljami Kuosmanen recently brought to light how users of Chrome and Safari are particularly vulnerable, and he even came up with a demonstration of how this phishing technique is perpetrated. The technique is so sneaky, it’s enough to make one give up online shopping forever.

Using plugins and programs such as password managers is also fraught with the security risk, as having access to such a utility empowers cyberthieves to do more than just obtain your credit card info; it opens them up to a great amount of personal details.

Preventing an autofill-related theft

So what can you do to avoid falling prey?

Using Mozilla Firefox is one of the easiest available solutions. As of today, Mozilla hasn’t devised a mechanism that affords its users the same convenience that Chrome and Safari users enjoy with autofill. When filling web forms on Firefox, users still have to manually pre-fill each data field due to a lack of a multi-box autofill functionality – a blessing in disguise, given the potential for victimization in autofill-enabled browsers.

Another quick fix is disabling the autofill feature on your Chrome, Safari and Opera (for Apple mobile devices) browsers. This would mean that when filling out web forms, you’d have to manually type responses for every field again, but at least you’d be more secure.

It’s not exactly the most sophisticated form of online data and identity theft, but complacency can result in being victimized by cyber swindlers. Take the first step in ensuring your systems’ safety by getting in touch with our security experts today.

Posted in Uncategorized | Leave a comment

3 Reminders for HIPAA compliance in 2017

2017January30_HealthcareArticles_A

By EDITOR

Even if notable punishments and fines for HIPAA non-compliance have only been doled out over the last 6 years, data privacy regulations have been around for 14. And with each passing year, these rules evolve in ways that make it near impossible to keep up without an expert on hand. As we kick off 2017, we want to review just a few of the most important talking points about HIPAA compliance.

Compliance leaves the office with you

When you take your phone, laptop, or tablet with you — as you return home, or go to a meeting outside your office or a seminar out of state — your data needs to get the same treatment it does inside the office. If you access data from unsecured devices or connections, you could be looking at stiff penalties when audit time rolls around.

As an extension of this principle, business partners with any involvement in your data storage, transfer, or protection are also required to employ best practices. If you have a legal firm on retainer with access to your network, it’s your responsibility to ensure that firm also adheres to compliance rules. Business Associate Agreements are the best way to shield yourself from mistreatment of data by a business partner, and they should be reviewed at least every year.

Most “optional” measures…aren’t actually optional

Confusingly, HHS’s Summary of the HIPAA Security Rule page has a heading titled Required and Addressable Implementation Specifications. The synopsis can be interpreted as, “Although we listed some safeguards as addressable, we actually mean that they have to be implemented. But how you do so is up to you.”

2016 saw a massive uptick in the number of HHS audits and the fines the government entity doled out. Consequently, whenever safeguards or measures allow for wiggle room or subjective interpretation, we always recommend going above and beyond. Compared to fines that soar into the millions of dollars, hiring a managed IT service provider is more than worth it.

This is about more than being “careful”

Some providers are quick to point out that compliance is about stringent safeguards to prevent even the tiniest of breaches. How do you think those practices would respond if you told them one Ponemon survey found that 90% of healthcare practices experienced a data breach during a two-year period?

Managing cyber security is becoming a problem for organizations in every industry. Business owners need to acknowledge that the threats are real, and that solutions must be exhaustive. In fact, most states have enacted their own variation of patient privacy legislation. So if you’ve found a thorough walkthrough of compliance written by someone located in another state, that’s not going to cut it.

To confidently achieve HIPAA compliance, you need IT technicians with experience adapting to years of changes to this complicated legal framework. Call us today so we can help you secure and manage your electronic medical records and protected health information.

Posted in Uncategorized | Leave a comment

Tips for a cloud-based unified communications

2017February1_VoIP_C

By EDITOR

The number of small businesses that will move their unified communications to the cloud is predicted to increase from 10% to 48%, while medium-sized firms and large enterprises follow, albeit in smaller percentages. These numbers are not surprising because migrating unified communications to the cloud presents a host of benefits to communication systems: simplicity, flexibility, and lowered costs. You probably have given it some thought, but haven’t concluded that migrating your unified communications is a good decision. These five tips for a successful migration could help your decision-making.

Opt for a gradual transition

Migrating unified communications to the cloud doesn’t have to be done at one fell swoop. You can move UC for departments that can benefit from it, while those with no pressing need for a cloud-based UC, such as a company’s call center, can keep using on-premise systems. This way, users can ease their way into the new system without experiencing network disruptions, which could lead to reduced productivity.

Secure sufficient bandwidth

Issues on speed and performance will inevitably arise, so make sure to cover all the bases before migration. That means securing a reliable internet service provider, checking the stability of your internal network, and having a Plan B. This is a particularly critical point to ponder if you have operations in locations where unstable or slow networks could pose serious difficulties. Determine the level of bandwidth your entire business needs, and get it from an ISP that can deliver.

Test, test, test

Transitioning UC to the cloud may appear seamless, but there may be a few unexpected kinks that would need ironing out long after the migration is declared a success. To soften the potentially costly and time-consuming impacts, test the systems throughout the duration of the migration. Whether you’re testing voice, data, or video, conduct tests, set benchmarks for performance, and predict future usage patterns.

Go live and act on identified problem points

After going live with your cloud UC, consider the overall user experience and availability of support for devices, applications and other components. Are persistent connectivity issues going to cause troublesome conference calls? This and similar issues may prove detrimental in the long-run, so keep them in mind when deciding to keep, enhance, or discontinue a cloud-based UC. Cloud migration should be solving problems, not causing them.

Constantly monitor performance and quality

Don’t be surprised if you encounter a few issues even after extensive testing. Migrating to the cloud simply requires planning and a sustainable strategy, whether your organization is dependent on instant messaging, voice conferencing, or video calling. There’s also a good chance that you will be working with several vendors, so always demand for the best service.

Having your UC moved to the cloud may seem like a daunting move, but with our cloud technology and VoIP know-how, we’ll make sure your unified communications in the cloud precipitates just benefits. Contact us today for advice.

Posted in Uncategorized | Leave a comment

No more extended support for Windows 7

img-window7-170px-op3

By EDITOR

When you grow accustomed to something — like a morning routine, a particular type of coffee, or in this case, an operating system — attempts at change aren’t always successful. Case in point, the struggle between Windows 7 and Windows 10. Users have until 2020 to make up their minds, and unless you don’t mind other businesses leaving you in the dust, it’s time to make a move.

Windows 7 was given extended support in 2015. And with that, Microsoft warned its users that this outdated version would drive up operating costs due to remediating software attacks that Windows 10 systems could otherwise avoid. The three-year countdown toward Windows 7’s twilight officially kicks off with a warning to enterprises that they could face hefty fines for sticking with the platform’s outdated security.

According to Markus Nitschke, head of Windows at Microsoft Germany: Windows 7 does not meet the requirements of modern technology, nor the high security requirements of IT departments. How would this make current Windows 7 users feel? Why are users choosing to remain faithful to the platform’s outdated security? Users can delay upgrades until January 13, 2020, after which extended support for the 2009 OS will end and it will no longer receive patches — unless the customer is paying for a pricey Microsoft Custom Support Agreement.

Markus also added that “As early as in Windows XP, we saw that companies should take early steps to avoid future risks or costs.” The message came as Microsoft published studies that showed Windows 10 Anniversary Update’s built-in security managed to neutralize zero-day exploits, even without patches needed to protect earlier versions of Windows.

Failing to upgrade to Windows 10 means that you and your networks will miss out on noteworthy security features such as the Windows Hello biometric login, the AppContainer sandboxing technology, and Windows Defender Advanced Threat Protection, which will gain new features after upcoming Creators Update.

On top of missing out on all the security features that Windows 10 has to offer, enterprise organizations on Windows 7 soon won’t have the additional zero-day protection that EMET, or the Enhanced Mitigation Experience Toolkit, offered since 2009. Last November, EMET’s expiration date was extended from January 2017 to July 31, 2018.

With the help of newer tools, migrating from Windows 7 to Windows 10 is considerably easier when compared with migrations from XP. Microsoft is still urging corporate users to make the shift before Microsoft permanently terminates support for Windows 7, stating that their business could be looking at real trouble if they fail to comply.

Business owners always do their best to ensure the future of their organization. That includes knowing which tech resources to rely on and which ones to avoid. If you still have questions about Windows 7, feel free to give us a call.

Posted in Uncategorized | Leave a comment

Microsoft ending support for Office 2013

2016September29_Office_C

By EDITOR

To make sure enterprises get the most out of their Office 365 package, Microsoft announced it will no longer support Office 2013 by the end of February. Instead, the tech giant will push enterprises to upgrade to Office 2016. If your business is still using the 2013 version, here are some things you need to know right away.

Effective February 28, Office 2013 client applications and language packs will no longer be available from the Office 365 self-service portal and Admin Center. On top of that, Microsoft will no longer release feature updates for Office 2013 and will focus solely on upgrading the recent 2016 version. And because Office 2016 doesn’t support Microsoft Exchange Servers 2007 or earlier, you’ll need to upgrade your mail server as well.

The end-of-support changes apply to Office 365 Pro Plus, Small Business Premium, Business, Project Pro, and Visio Pro subscriptions. Although critical security updates for 2013 products extend to April 10, 2018, businesses should really consider making the move to Office 2016 to take advantage of the latest productivity features.

With Office 2016 versions of Word, Excel, and PowerPoint, users can look up web information right from the document interface. What’s more, employees have access to advanced, collaborative features like Skype integrations, Office 365 Planner, and Delve.

If your business plans to migrate to Office 2016, don’t forget to consider the minimum system requirements:

  • 1 GHz processor
  • 2GB RAM
  • 3 GB of available disk space
  • 1280 x 800 screen resolution
  • Windows 7 OS, or above

To make the transition process smoother, Microsoft is offering FastTrack migration, a service providing organizations with the tools to help them make the move from one Office version to another.

However, if you need more advice on moving to Office 2016, contact us today. We’ll make sure your Office 365 is always up-to-date.

Posted in Uncategorized | Leave a comment

Choosing the best small business computer

2018December8_Hardware_A

By EDITOR

Your employees are some of your business’s best assets. With that in mind, it is imperative that they work with high-performance computers that will unlock their full potential and contribute to your business’s profitability. If only it were that simple. Selecting a computer often involves several factors such as mobility, quality, and price – there are simply too many things to consider. Choosing the right computer requires careful thought, and this is what we’re here to discuss.

Laptop or desktop?

Laptops are highly portable, efficient, and inexpensive. If these are the most important qualities your business requires in a computer, then by all means, choose them. Clearly, desktops aren’t built for mobility, but what they lack in portability, they more than make up for in storage, processing capacity, and security. Although laptops make perfect sense for small businesses with great need for portability, they are much more prone to security threats and are not as easy to upgrade and maintain, unlike desktops.

Processor

The Central Processing Unit (CPU), or simply processor, determines the speed at which you can access your data and perform business-critical tasks. Speed is measured in Gigahertz (GHz), and a processor that runs from 2 to 4 GHz should be plenty for small enterprises. Arguably the most important item on the list of a computer’s specifications, the processor plays a crucial role in your computer’s speed and efficiency.

Storage

As critical hardware components, hard drives indicate how much information you can store and use. Storage capacity typically ranges from 128 gigabytes on “light computers”, all the way up to 2+ terabytes on more critical machines. If your business doesn’t need to store large files such as videos and images and will be used mostly for email and a few applications, 250- or 500-GB storage should do the job. If processor speed is number one on your list of computer requirements, it’s followed closely by hard drive storage.

Operating System

Operating system (OS) decisions often boil down to choosing between Windows or Mac. It might help in your decision-making to know that Windows remains the most widely used OS mainly due to its high compatibility with business software, not to mention, its relatively cheaper price. Macs can perform just as brilliantly as Windows-operated systems can. And although Macs are usually more expensive, they’re well known for their own outstanding features, such as being less prone to crashes.

Other Components

Not to be confused with storage drives, a computer’s Random Access Memory (RAM) is only used to run open applications. It is responsible for keeping your computer performing at optimum speeds, especially when you’re working with several applications or programs at once. For small businesses, a 1200-2600-MHz RAM should suffice. The higher the MHz of your RAM, the higher its performance will be. To keep your basic programs running, 6-8 gigabytes of RAM is often satisfactory.

Ready to Buy a New Computer?

Deciding which computer to buy is an important business decision. While there are a handful of factors to consider, what you aim to accomplish in your business’s day-to-day operations should be your main consideration when choosing a computer. Businesses that require plenty of remote and mobile work should definitely go for laptops. Those that require regular transfers of large datasets could benefit from the increased storage capacity associated with desktops.

Do you need expert advice in choosing the best computers for your small business? We’re happy to guide you in every step of your purchase decision. Give us a call today.

Posted in Uncategorized | Leave a comment

Adobe Flash Blocked by Microsoft Edge

2016December29_Windows_A

By EDITOR

Recently, Microsoft has made new upgrades to their web browser platform. Despite numerous changes, one making the biggest waves for users of all kinds is the lack of instant and easy compatibility with Adobe Flash. Adobe Flash is a web platform and add-on that many business websites have put to extensive use. However, now that Microsoft has made these changes, it can mean big things for business owners and web designers alike. Get to know more about why Microsoft has blocked Adobe Flash and the possible ramifications for those changes.

The primary purpose behind the recent changes made to Microsoft Edge is to make it more competitive with the popular Google Chrome web browser. Among efforts to do just that is the change to how Adobe Flash works on the Edge browser. Now, instead of Adobe Flash plugins playing and loading immediately when a person navigates a website, the application will be blocked.

An alert will come up near the address bar, letting users know that Adobe Flash has been blocked and will give the option to run the add-on or continue blocking it. For businesses that use Adobe Flash throughout their websites, this can be a frustrating change as visitors will need to take an extra step to access the full website.

However, there are numerous legitimate reasons for these changes to the Microsoft Edge browser. The most important of these issues is the fact that Adobe Flash is a security risk and is easily hackable, making it more likely for information and control to be lost to web users. Another issue is the fact that Adobe Flash is a big drain on battery life for computers and other devices.

The theory is that Adobe Flash is on its way out, and that newer, better systems are on their way in. As of now, Windows Insider users are the only ones with access to these updates, but soon the updates will go global and be made available to all users. In fact, Microsoft plans to eventually automatically load HTML5 web information first without loading Adobe Flash content at all.

Because so many sites use Adobe Flash, this can mean major renovations to existing web content. If you worry about the impact this will have on your business, contact us for immediate help and assistance in maximizing your website usability before these changes go live for all Microsoft Edge users.

Posted in Uncategorized | Leave a comment