by Felicien | Dec 10, 2018 | Education
Anyone who owns or runs a business knows that there is always more work that could be done, and there are almost endless ways to improve or help the business. Running a business is a full-time enterprise, and a good leader will need to learn how to be efficient to meet the company’s goals.
The bottom line is crucial to keeping any business alive. Resources are by nature limited, so it is essential in saving money without sacrificing quality or results. IT is one of the areas which, if not managed correctly, can cost unnecessary time and money and lead to problems down the road. Using managed IT services is a way that many businesses save time and money, protecting their investment while offering more efficient services.
How Managed IT Services Save You Time
As a manager, you need to use your time in your business. Your business is your business, and other issues and problems keep you from doing the important and necessary work you do every day. Companies have become increasingly dependent on tech, using it for everything from human resources to security to finance or manufacturing. Unless your business is IT, you probably don’t know how to manage, troubleshoot and upgrade all those systems without help.
You are probably like most people who try to fix computer problems yourself first. If your solution doesn’t work, you may have made it worse, and you may have just wasted time spent trying to diagnose your own computer problems. If you use specific IT vendors for certain tasks, you probably spend too much time talking to them and trying to get them to fix your problems.
With managed IT services, you have a system where problems are assigned to technicians who are professional in their field. They don’t spend as much time working on a solution, because they have experience with those kinds of problems and have a pool of experts to call on. Your business isn’t left waiting while you try to solve computer issues. Perhaps more importantly, your clients and customers don’t see the chaos which can be created when you are struggling with problems outside your area of expertise.
How Managed IT Services Save You Money
While your company has its own values which define it, such as the core values which define your vision, you also cannot stay in business forever if you’re not making money. That means not funneling money down an endless black hole when you encounter a security breach or a problem with your hardware or software.
When you use managed IT services, you get the benefit of all the experience your IT service has. With the best IT jobs being competitive, you can choose an IT company which has recruited the best of the best. Instead of paying these top techs full-time salaries with benefits, you only have to pay for the services you specifically order. The IT company makes sure they are compensated as needed so they can help a broader range of clients.
You can choose the level of service you want and what kinds of problems you need help with. When you need an upgrade or new software, the IT company can seamlessly install the new product and assist if training is required.
Employee Tech Preferences
Surprisingly, the people who work at your business probably already have brand loyalty as far as the kinds of tech they enjoy using. Many of those who work in business bring in their own tech when possible, or introduce tech they are already familiar with to the company. This is especially true for those who work from home.
As long as everyone is able to communicate their needs, this is actually a positive thing. If employees collaborate, they can usually find common ground and solve their problems more efficiently. Almost half of professionals or business team members have introduced technology into the workplace, meaning they brought in products which work for them and which they’re comfortable with.
Flexibility is an excellent quality to have while working out any conflicts you have when personal tech is integrated into the workflow. In the end, you may have to make compromises or force some changes. Using managed IT services may also solve some of these problems as the wide variety of experienced techs may have more familiarity with popular alternatives. The most important thing is making sure that you are taking advantage of the resources you have while giving your employees the job satisfaction they deserve.
by Felicien | Dec 10, 2018 | Education
Looking for a new computer for your home office?
Year-end sales and tax returns often lead to boosted sales in computers. But purchasing a new computer can feel overwhelming. The technology changes quickly and the jargon can be confusing. Here is an explanation of what you want to consider when looking at getting a new home computer.
Central Processing Unit: The faster the CPU (central processing unit), the faster your computer can complete tasks. Currently, the i5 and i7 for Intel are the best choices for average users. The i9 is likely too expensive for the value, but the i3 is pretty low end. The number of cores tells how many parts are doing different functions, so getting a CPU with multiple cores is a good thing. The CPU is really the backbone of the entire computer and an inferior processor is going to limit any other features you get. Start with a robust system.
Storage/Disk Space: The disk space on your computer is what stores your information. There are both solid state drives (SSD) and hard disk drives (HDD). The SSD is far faster than HHD and purely electrical (no moving parts). You want to get a drive that is at least double the amount of space you are currently using, with most getting 500GB or 1TB (1,000GB) of storage. You can also get external drives that plug in when needed and store information or pictures in a second location as a backup or to free up space on your computer.
Memory (RAM): To support newer OS and programs, you will want at least 8GB of RAM. This is how your computer operates temporary tasks quickly. If the RAM is used up because the computer too many things are running at once, a temporary working space has to be set up in the storage system. Too little RAM and you will notice the sluggishness. You can’t have too much and there are options for 24GB, 32GB, 64GB or more.
Operating System: Whether you are going with Mac or Microsoft, you will want to make sure you get an updated version on your system. For MS, Windows 10 offers Home or Professional versions. You really only need the professional OS if you are joining your computer to a corporate network. The operating system is going to dictate a lot of the programs you can use, the control you have as the computer administrator and the interface you are working with on the computer.
Support: You can get warranty protection when you are purchasing your machine. You will want to look over what the fine print says and what the warranty includes. A one-year warranty is enough in most cases—just something to make sure the computer isn’t wired wrong. A security system for anti-virus protection is also something you should have included. Some of the excellent AV systems include, Panda, MS, Trend Micro, Bitdefender, Webroot, ESET and F-Secure. Watch out because many anti-virus software is subscription based and you will only be given one year of a subscription before you have to decide if you are going to pay for the security service or not.
Extras: Depending on what you want to use the computer for, you will want to consider what extra features come with your system. The optical drive is going to include CD, DVD, Blu-ray or a combo. Some computers now aren’t including drives at all since so much is downloaded, but buying an external drive is relatively cheap and plugs in quickly when you need it. Some computers come with special graphics cards for gaming or art programs. Many computers now offer WiFi connectivity, but not all provide a hardwired port for a direct internet connection. The programs you need are another point to consider and some computers will even come with some software pre-loaded. Most computer deals are really going to try to wow you with the “extras” you receive. Most of the time, the extra software is only going to be a subscription for one free year. One year after the computer is purchased, you may lose your access to those programs and have to pay to get them operating again on the computer.
If you are looking for IT support, call {company} first. We help small home businesses and large corporate offices outsource their tech for additional support as needed. Let us make your computing smoother, easier and more efficient.
by Felicien | Dec 7, 2018 | Education
As the year-end sale adverts come flooding into our Inboxes and delivered to us in print form, it can often be confusing as to which computer you want to buy. Here is an explanation of most of the jargon you’ll want to compare when looking at pre-built computers.
Processor / CPU: This is the “Central Processing Unit” or otherwise the “main chip” of the computer. The faster the CPU is, the overall greater speed at which the computer can complete tasks. The CPU speed is measured in gigahertz (GHz). Modern CPUs will have a number of “cores” built into them. Grotesquely oversimplifying it, a core is a processing unit of CPU. One physical CPU chip, that you can hold in your hand, will have multiple cores. All cores work together to complete the functions the computer has to do (running Word, browsing the web) – think of the phrase “many hands make for short work”. It’s common for a CPU to have 4, 8 or more cores. Each core can also support multiple “threads”. Think of a core as a person and each person can do up to two things at once. It’s easy to get too deep in the weeds. You will want an Intel i5 or i7 CPU. Intel makes an i3 CPU but it’s low end. Intel is on their 9th generation of CPUs: i3, i5, i7 and new this year, the i9. It doesn’t make sense to get an i9 CPU. Sure, it has the fastest running speed at 5GHz but speed:price is extremely high. An i5 or i7 running at/near 3GHz+ is what you’re looking for. AMD is Intel’s direct competition. The CPU to look for from AMD is their Ryzen family of CPUs.
Hard Drive Storage: Disk space for storing user-generated content (Word, Excel, Outlook files) and installing programs to is what I’m referring to here. Not to be confused with RAM. RAM is volatile – meaning, when you turn off the computer, everything in RAM is erased. Disk storage is non-volatile. The two types of disk storage are solid state drives (SSD) and hard disk drives (HDD). SSDs are new in the past few years and are extremely fast compared to a (now what we call “legacy”) platter, aka HDD, drive. HDDs are mechanical – meaning, they have little platters that look like CDs that are enclosed within the disk enclosure and a head, sort of like a record player, reads the content off the platter as the platter spins at 5,400, 7,200, 10,000 or 15,000 RPMs. Desktop HDDs are in the slower range of RPMs. Even a fast HDD can’t compare to the speed of a SSD. SSDs are purely electrical – no moving parts. Navigating and playing an MP3 is faster than navigating and playing content on a reel-to-reel system. Once again, mechanical vs electrical. When looking for a new computer, spend a few extra dollars and opt for an SSD. Storage capacity is measured in gigabytes (not to be confused with gigabits) or GB for short. If your home PC has 1,000GB, also called 1TB (terabyte) for storage and you’re using 50% of that or, 500GB (roughly) then when you get another PC, you’ll want to get an SSD with 500GB or more. Manufactures are still using the “Hard Drive” nomenclature to describe SSDs as well as SSD’s replacements: M.2 drives. Briefly: M.2 are basically the same as SSD – just a much smaller physical size and usually faster than SSDs.
Memory (RAM): With Windows 10 you’ll want at least 8GB of RAM. RAM is the temporary work space the CPU uses to perform tasks in very quickly. When the RAM is all used up (meaning the computer is working on a lot of different things all at once and it needs temporarily space to work in) it then creates temporary working space within the storage system. Ideally, you’ll want enough RAM to never have to use your disk storage as RAM but often times the consumer doesn’t want to purchase 24GB, 32GB,64GB of RAM, or more, to accomplish this goal. Years ago, when HDDs were “king”, you could always tell the time when the computer began to use temporary swap space on the HDD because the machine felt “slow”. Now with the introduction of SSDs, this is hardly ever noticed. RAM is faster than SSDs. RAM is also measured in gigabytes (GB), the capacity, and megahertz (MHz), the speed at which it runs. You can never have too much RAM but you’ll definitely feel it when you have too little. Start with 8GB as the minimum.
Video Card: With general business use, excluding CAD, medical and other specialized fields, the built-in video card of the computer is sufficient for use. The exception comes in when you want to hook up multiple monitors to the computer. It can get confusing when hooking up a new monitor to an old computer and vice-versa. With today’s modern computers you’ll want to make use of HDMI or DisplayPort connections. These are digital and send a very clear, crisp picture to the monitor. If the monitor supports this format then you’ll want cables for this. Most computers will have the ancient VGA, analog, output port as well as a modern type plug. Some monitors still support VGA and some only support new hook up types. You’ll need to pay attention to this: computer output vs monitor input. There are always adapters to convert if needed. Next is the video card itself. If the computer has discrete graphics, meaning an add-on card, it will either be from Nvidia or AMD. In the NVidia family you’ll want something in the GeForce 1050+ family. In the AMD camp, you’ll look for Radeon 500 series. And of course, the graphics card also has RAM on it. This really only gets important when you’re gaming or using one of the specialized fields mentioned above. Built-in graphics, meaning the graphics chip is soldered to the motherboard, are usually of the Intel brand, but others do exist, including AMD and Nvidia. For the Intel family of built-in video cards, you’ll want something in the 600 series.
Operating System: Windows 10 – do you go with Home or Professional? The difference is that if you’ll be joining the computer to a corporate network, you’ll need Pro. Otherwise, stick with Home. There are no performance gains or losses for either version. I doubt you’ll find a new computer with Windows on it that is not 64-bit, but I’ll just throw this in to make you aware of it. You’ll want the 64-bit version of Windows.
Optical drive: This is in reference to your CD, DVD, Blu-ray or combo there of drive. It used to be common to always include an optical drive in a new computer but now everything is downloaded so use of this technology is fading – fast. More than likely the computer manufacturer will include this in their build. If you absolutely need an optical drive and the PC you want doesn’t have it, it’s simple to buy an external unit and plug it in when needed. If you keep important backup files on CD or DVD, you’ll have to have an optical drive (optical drive means it shoots a laser at the media in order to access data stored there on. Not to be confused with a hard disk drive which uses magnetism to access data on its medium.).
Office: You will want to get Office 365 Home. It allows you to have the Office suite of applications at your fingertips. It allows for 5 installs of the suite using one license. It’s $99/year. If you don’t want the recurring payment and if staying current for the latest version of Office isn’t important then do a one-time buy of Office 2016 or latest version, 2019. That will cost you approximately $230 to $400 depending on which Office suite you need. These can both be purchased from the Microsoft store after time of purchase. Amazon also carries the one-time-purchase version of Office.
Wireless: Wireless connectivity makes connecting to your home network easy if a wire doesn’t already exist. Wireless, by nature, will incur a slight lag in the connection compared to a hard-wired system. Will you notice that lag? Really only if you’re playing an online game.
Warranty Support: Personally, I never buy the “big box” add-on warranty at time of purchase. The only warranty I will ever get is from the manufacturer. If purchasing your computer directly from the manufacturer, read the fine print on what each warranty plan includes. Normally, a one-year warranty is enough: if the PC doesn’t die within 90 days of turning it on, it holds a strong chance it will live many more years. This used to be especially important and true of computers with, legacy, HDDs. If the price is good on the warranty, go for it. With Dell, and probably with others, you can buy a machine from a big box store and then purchase an additional warranty from Dell just as you could if you were to have bought from Dell direct.
Anti-Virus: Go with a good anti-virus (AV) system right off the bat. What are good anti-virus systems?
Webroot, ESET, Panda, F-Secure, Trend Micro, Bitdefender and believe it or not, the Microsoft built in AV. Microsoft has really stepped up their game of late. Ones to avoid: McAfee, Quick Heal, Emisoft, Kaspersky Lab, K7, Norton, Symantec.
by Felicien | Dec 7, 2018 | Education
As a business owner, it’s up to you to make sure that the information and data collected by your company are secure and protected against the many different types of cyber threats lurking within the dark web. Many people believe it is the responsibility of their IT company to handle this type of situation. While that may be true to an extent, they can only do so much. It is up to the company’s management team to understand what threats are out there and take proactive measures to prevent their clients’ information from falling into the wrong hands.
Social Responsibility Starts With You!
As a company, you are responsible for your client’s information. If they provide it to you, it’s up to you to make sure it remains secure. Enlisting an IT company to create a strong, security network is ideal. If you don’t take matters into your own hands and include a few measures of your own, however, your system will still have gaps. Multi-factor authentication, firewalls, and intrusion detection systems are just the beginning. Your clients depend on you to give them quality products and services, not internet liability risks. It’s up to you to be socially responsible when it comes to maintaining security protocols and protecting the sensitive information that you use during your business.
Owning Your Risk
Hardening your own environment by implementing cybersecurity protocols over and above what your IT management offers is essential if you want to truly protect your client base. Owning your risk is more than just taking control of your internet security. It involves working with your IT company to create a multi-level security network. You can start by working within the NIST (National Institute of Standards and Technology) framework which includes features that:
Identify potential risks and issues
Protect against cyber attacks
Detect possible intruders
Respond to possible breach or risks
Recover after an attack
By using this framework and adding your own security measures, it will be more difficult outsiders to access your system and steal your client’s or company’s confidential information. The key is using the tools and resources provided by your IT company and then expanding your efforts to achieve a level of automated security that doesn’t rely solely on human interaction.
Competitive Advantage
Companies that take the initiative and work to harden their cybersecurity often gain a competitive advantage over those who are lax and at a higher risk of cyber attack. Small to mid-size businesses can’t afford the danger of being breached. The fact is that once a small business experiences a breach, the majority of them end up going out of business after just a few months. As a business owner, if you want to maintain that competitive edge, you need to be proactive regarding cybersecurity. It means working hand in hand with your IT company on a regular basis to ensure you are doing everything possible to protect all of the data your company uses.
Perform cybersecurity audits. Beef up your firewalls. When it comes to internal data and information like financial reports and a client’s confidential information, use multi-factor authentication. This limits who has access to the data within the company, preventing those who don’t need the information from accidentally (or intentionally) tapping into it. Your IT company can help you find the right protection features so that there is little risk of any type of breach.
Regarding social responsibility, it’s up to you to ensure your company’s information is protected. If you aren’t socially responsible, then you’re overall liability dramatically increases and your business can find itself in jeopardy if a breach occurs. As a business owner or member of a management team, It is your responsibility to hire the right IT company and to also ensure that you are doing your part. It’s your responsibility to maintain accountability for your company’s assets. Separately, risks can tear your business apart. When you work with your IT company, you are better able to manage your company’s information and dramatically reduce your risk of a cyber attack.
by Felicien | Dec 7, 2018 | Education
The Department of Homeland Security and the Federal Bureau of Investigation issued a critical alert Dec. 3, warning users about SamSam ransomware and providing details on what system vulnerabilities permit the pernicious product to be deployed.
According to the alert, which came from the DHS’s National Cybersecurity and Communications Integration Center (NCCIC) along with the FBI, the SamSam actors targeted multiple industries—some within critical infrastructure—with the ransomware, which also is known as MSIL/Samas. The attacks mostly affected victims within the United States, but there was also an international impact.
As pointed out in the alert, organizations are more at risk to be attacked by network-wide infections than individuals because they are typically in a position where they have no option but making ransom payments.
“Organizations that provide essential functions have a critical need to resume operations quickly and are more likely to pay larger ransoms,” the alert states.
That does not mean individual systems cannot or are not attacked, but they are targeted significantly less by this particular type of malware.
How do SamSam actors operate?
Through FBI analysis of victims’ access logs and victim-reporting over the past couple of years, the agencies have discovered that the SamSam actors exploit Windows servers and vulnerable JBoss applications. Hackers use Remote Desktop Protocol (RDP) to gain access to their victims’ networks through an approved access point and infect reachable hosts. From there, the cyber actors “escalate privileges for administrator rights, drop malware onto the server, and run an executable file, all without victims’ action or authorization,” the report states.
RDP ransomware campaigns are typically accomplished through stolen login credentials—sometimes purchased from darknet marketplaces—or brute force attacks. Since they do not rely on victims completing a specific action, detecting RDP intrusions is challenging, according to the alert.
Ransom notes instructing victims to establish contact through a Tor hidden service are left on encrypted computers by the SamSam attackers. Victims are assured that once they pay the ransom in Bitcoin, they will receive links to download cryptographic keys and tools for decrypting their network.
Where did SamSam originate?
The Department of Justice recently indicted two Iranian men who allegedly were behind the creation of SamSam and deployed the ransomware, causing approximately $30 million of damage and collecting about $6 million in ransom payments from victims. The crippling ransomware affected about 200 municipalities, hospital, universities and other targets during the past three years, according to an article from Wired.
Keith Jarvis, a senior security researcher at SecureWorks, reiterated the sophistication of the SamSam ransomware and how it gains access to systems through weak authentication or vulnerabilities in web applications, methods that don’t require the victim to engage in a particular action. Hackers also go out of their way to target specific victims whose critical operations rely on getting systems up and running as quickly as possible, making them more likely to simply pay up.
What technical details about SamSam are important?
In the joint DHS and FBI report, the federal agencies provided a list, though not exhaustive, of SamSam Malware Analysis Reports that outline four variants of the ransomware. Organizations or their IT services administrators can review the following reports:
MAR-10219351.r1.v2 – SamSam1
MAR-10166283.r1.v1 – SamSam2
MAR-10158513.r1.v1 – SamSam3
MAR-10164494.r1.v1 – SamSam4
What mitigation and prevents practices are best?
In general, organizations are encouraged to not pay ransoms, since there is no guarantee they will receive decryption keys from the criminals. However, relying on a contingency plan or waiting out an attack, as advised by the FBI, is difficult when an entire operation has been compromised.
The best course of action is for organizations to strengthen their security posture in a way that prevents or at least mitigates the worst impacts of ransomware attacks. The FBI and DHS provided several best practices for system owners, users and administrators to consider to protect their systems.
For instance, network administrators are encouraged to review their systems to detect those that use RDP remote communication and place any system with an open RDP port behind a firewall. Users can be required to use a virtual private network (VPN) to access the system. Other best practices, according to the report, include:
Applying two-factor authentication
Disabling file and printer sharing services when possible, or using Active Directory authentication or strong passwords for required services
Regularly applying software and system updates
Reviewing logs regularly to detect intrusion attempts.
Ensuring third parties follow internal policies on remote access
Disabling RDP on critical devices where possible
Regulating and limiting external-to-internal RDP connections
Restricting the ability of users to install and run the unwanted software application
This just scratches the surface of actions that administrators and users can take to protect their networks against SamSam or other cyber-attacks. The National Institute of Standards and Technology (NIST) provides more thorough recommendations in its Guide to Malware Incident Prevention and Handling for Desktops and Laptops, or Special Publication 800-83.
Information technology specialists can also provide insight and advice for how organizations can detect gaps or vulnerabilities in their cyber-security that leave them susceptible to SamSam or other malware infections.
by Felicien | Dec 7, 2018 | Education
If you own or run a healthcare organization, you probably have someone on staff who acts as your security compliance officer. However, is it their primary job or area of expertise? Having a knowledgeable and experienced security compliance officer or resource is very important since the consequences of violating privacy regulations can be quite serious.
For example, did you know that federal regulators can fine an organization up to $50,000 per HIPAA violation and as much as $1.5 million per year in fines for releasing a patient’s protected health information (PHI)?
That’s why you need to know what a security compliance officer does and if it makes sense for you to work with an external company to help your organization comply with security regulations to avoid hefty fines.
What are a security compliance officer’s responsibilities?
According to the American Health Information Management Association (AHIMA), a healthcare security compliance officer oversees activities for developing, implementing, maintaining, and following an organization’s privacy policies and procedures. This is to ensure a patient’s PHI is kept secure and you’re complying with federal and state privacy laws.
Some of the compliance officer’s responsibilities include:
Understanding government privacy regulations, especially HIPAA rules, to make sure your organization is complying with them.
Assessing your organization’s risks and what steps are necessary to prevent and minimize exposure of your patients’ PHI.
Creating, testing, and reviewing an organization’s information security systems to protect PHI.
Setting up a security awareness program to meet HIPAA reporting requirements.
Overseeing a reporting and management system to record and investigate a data breach, and prevent future violations.
Maintaining a budget to fund information security management programs and processes.
Managing a training program for employees to help prevent a privacy breach.
Who should be your security compliance officer?
Since this is such an essential role in your organization, it’s critical to have the right person for this job. It shouldn’t be just a part-time or extra job for one of your employees, such as an office manager or human resources director. As mentioned, the consequences of a data breach can be very serious and expensive.
While having IT experience can be helpful, this position also includes auditing, training, handling an incident, and managing business associate agreements with external partners and vendors. Other responsibilities may consist of making and updating a disaster recovery plan and overseeing facility security.
An ideal candidate is someone with the ability to organize, understands HIPAA and other privacy rules, and is knowledgeable about IT and computer systems.
In addition to picking the right person for the job with the relevant experience, the position should have the authority and power to implement needed changes to ensure compliance with HIPAA and privacy rules.
What if you use a cloud-based IT service?
You might assume if you use a cloud-based service for your IT systems, then you don’t need to worry about HIPAA compliance. However, an organization must ensure such services are secure and perform a risk analysis before using a cloud service for storing or transmitting electronic protected health information (ePHI).
In 2015, St. Elizabeth’s Medical Center in Brighton, MA had to pay $218,400 in penalties for violating the HIPAA Security Rule when they uploaded data without doing a risk analysis of the cloud service. An organization needs to set up risk management policies to lower the chances of a data breach as much as possible, even if they use a cloud-based service.
If you manage a healthcare organization, a cloud service provider is considered as a “HIPAA business associate.” This means they must sign a business associate agreement (BAA) before patient data is uploaded to the cloud service. You must have a signed BAA even if the information you upload is encrypted and the cloud service doesn’t have a decryption key.
What can happen if you don’t have a signed BAA from a cloud-based service provider? In one case, Oregon Health & Science University was fined $2.7 million by the Department of Health and Human Services’ Office for Civil Rights because they didn’t get a signed BAA from a cloud-based IT vendor.
The business associate agreement should outline how ePHI is used and disclosed and that both parties have security procedures to prevent the unauthorized release of PHI. This includes verifying that the cloud service vendor:
Has reliable systems so information is readily available to a healthcare organization.
Maintains a back-up and data recovery system in case of a natural disaster, ransomware attack, or other emergencies.
Allows you to obtain data from their systems if you stop using their cloud services.
Keeps information as secure as possible.
Limits the use, retention and disclosure of PHI.
Should you work with a consultant or IT provider?
In some cases, you may decide that you need to work with an IT professional or consultant to assess your IT systems and infrastructure for potential weaknesses that can lead to a privacy breach.
Also, it may not be ideal for your internal staff to perform a risk assessment since it can be a challenge to objectively evaluate their practices and identify weaknesses. If you decide to contract with a third party for a risk assessment, make sure they’re experienced and knowledgeable about HIPAA and privacy rules.
Another option is using compliance software that’s customized for your organization’s needs and structure to help perform a risk assessment, train employees, and handle other functions.
