Strategically Upgrading Your Computer Systems

Michael Menor is Vice President of Support Services for Tech Experts.

With technology growing faster than most businesses can keep up with, organizations have to continuously upgrade their solutions in order to maintain a semblance of modernity. The only issue with this is that many businesses can’t keep up, simply because they don’t have a team that’s dedicated to this important task.

What technology upgrades should be made a top priority and why?

Naturally, the first thing you need to know about workstation and technology updates is that you need to integrate them periodically in order to ensure optimal security for your organization.

Most viruses and malware will attempt to take advantage of weaknesses in your infrastructure in order to infiltrate it.

These weaknesses in your software and operating systems’ source code will ultimately allow these threats to force their way into your network, putting any contained information at risk.

These flaws are often addressed in software patches and system updates issued by the software developer, but tackling the updates in a timely fashion is a whole other monster.

Managing all software updates is easier said than done, especially without a dedicated IT department watching over your technology. Regular maintenance is often pushed to the back burner and dangerously close to being forgotten about.

Therefore, the best way to make sure that your systems are prepared to handle the threats that are found in today’s computing environment is to make upgrading your technology a priority for your organization.

Software Updates
There are several programs that your organization needs in order to stay functional, so your software updates aren’t limited to just your workstations’ operating systems.

The fewer unnecessary security flaws that can be found in your IT infrastructure, the safer your information will be.

Furthermore, users who are working with top-notch, optimized technology will be far more productive than they would be if they were using sluggish, bogged down computers.

It doesn’t make any sense to let your employees use machines that hold them back from achieving their maximum productivity.

In fact, sometimes you might encounter a situation where using a different software will be better for your business strategy.

It’s always recommended that you consult with a professional technician before making drastic changes to your business’s software infrastructure.

Antivirus Updates
Your antivirus solution is often a software solution, but virus and malware definitions are continuously being updated.

If your antivirus and other security software solutions aren’t properly maintained, it’s like you’re “leaving your keys in the front door,” so to speak.

Your antivirus solution needs to be managed on all workstations – or, better yet, centrally controlled from the server to ensure that all users are protected and up to date at all times.

Hardware Updates
Older hardware that’s been around the block a time or two might have proven reliable, but it will eventually start to show signs of its old age. Hardware failure becomes more likely and you run the risk of losing information due to the degradation of your technology.

This is why monitoring your systems for faulty tech and periodically upgrading to more recent models is preferable, if not necessary.

Granted, all of these software and hardware upgrades may feel overwhelming. This is why Tech Experts offers a remote monitoring and maintenance solution that’s designed to administer patches to your mission-critical systems remotely.

This helps your organization ensure that your systems are always up-to-date. We can also monitor your infrastructure for any irregularities that might be caused by hardware malfunctions, hackers, and much more. Call us at (734) 457-5000, or email info@mytechexperts.com to learn more.

IT Consultations: Trust In Those That Know

Scott Blake is a Senior Network Engineer with Tech Experts.

It seems that these days anyone can read an article or watch a video online and consider themselves an expert in one way or another, but when it comes to upgrading or making changes to your business infrastructure, is it wise to take and follow the advice of someone that has no hands-on or working knowledge of the IT industry or your business?

Ask yourself this: if your car needed repairs, would you take it to a lawyer or a mechanic?

Instantly, you answer “the mechanic” because the mechanic works on cars.

So in comparison, should you follow the advice of a visiting client, sales rep, or friend of an employee?

No, because none of these people know the intricacies of your business IT needs and functionality.

Will they know to check with your software vendors to verify compatibility with a new operating system?

If the plan calls for upgrading workstations and/or servers that are running outdated, unsupported operating systems, you need to check and make sure your existing software is supported on the new operating system.

Usually, accounting and office productivity software are the types most affected by changes in operating system platforms.

In some cases, a business may have spent large amounts of money to have specialized software written years ago, but unfortunately, it may not install or run on a modern operating system.

Will they know how to check and see if your internal network wiring needs to be upgraded?

If the plan calls to move your business phone system to a VOIP system, you need to make sure your existing network cabling will support it.

Cabling has categories and certain categories are more applicable to your needs than others.

Whoever is handling your IT needs to recognize what would be best and what wouldn’t work in your situation.

Keep in mind that when upgrading, you’re also future-proofing. It’s best to spend a little more on higher-quality equipment to extend the life of your upgrade.

Will they know how to calculate the amount of disk and cloud storage your business will require?

Electronic storage for your business is key. Knowing what needs to stay local and what needs to be stored in the cloud is paramount to your business’ success (and recovery, should there be a disaster).

The cost of secure cloud storage needs to be weighed against the cost of maintaining on-site local data storage. Localized storage will allow for faster access while in the building.

However, if your business has remote employees, cloud storage would be the optimal way to allow access to documents, applications, and software without having to support RDP or VPN connections into your network. This reduces the risk of outside intrusion.

Are they able to suggest the correct security devices and software for your business?

The security needs for every business are different. What works for Bob’s Golf Land may not be the best solution for your business.

A proper evaluation of your business network needs to be performed. Certain questions need to be asked and answered, such as “is a software-based firewall best for your business?” or “will you need dual WAN routers to allow for multiple ISP connections?”

If you have any doubt after considering these questions, you’ve got the wrong person for the job.

Seek out an experience and established IT professional and before making any changes, consult with them. Trust their advice. They will evaluate your business infrastructure and build a plan of action for successfully upgrading your business network and equipment.

Interested in a network evaluation or an infrastructure upgrade consultation? We can do those too… and we do it right! Contact us at Tech Experts — (734) 457-5000, or info@mytechexperts.com.

Buying A New Printer? Here’s What To Look For

Printers are essential in day-to-day office use. Whether one is needed to create fillable forms or prepare handouts for a presentation, a printer is a valuable tool in general productivity and collaborative projects.

As such, the investment in a new printer is a big deal, and here are some of the most important things to consider when choosing one.

Black vs. Color
Monochrome printers that just use black ink or toner are usually cheaper and may be sufficient for office needs. Full color printers, however, can be used in creating eye-catching booklets, brochures, or flyers, but these are often more expensive for the initial purchase and upkeep.

Functions
Printing isn’t the only thing a printer can do. There are a host of other functions available from copying to faxing to scanning. Review what other office equipment is on hand, and that may narrow the functions needed. For instance, if the office already has a copier, then that function really isn’t necessary in a new printer.

Paper Handling Characteristics
A printer’s paper handling encompasses more than one thing. It refers to how much paper it can hold, which can be crucial for busy office settings, and also the sizes of paper it can handle. The ability to do double-sided printing or presence of an automatic document feeder are other things to consider.

Type of Connectivity
There are three primary modes of connectivity for printers – USB, Ethernet, and wireless – and a printer could have just one or all three. Nowadays, nearly all printers have USB connectivity, but Ethernet connectivity is important for wired office networks. If you want to reduce cords and use it on your wireless network, wireless connectivity is a must.

Replacement Toner/Ink Cost
The total cost of a new printer does not end with the initial purchase; the toner or ink will need periodic replacement. Often, toner and ink are far more expensive than the printer itself, so getting a good deal on the device doesn’t necessarily translate into a good deal for the long run.

It only takes a few moments to check the price of replacement toner and ink, and this can save the company a lot of money in the future.

Leasing vs Buying IT Equipment: Which is Better?

When you plan to upgrade or replace computer equipment, there are two ways to do it: Either leasing or buying the necessary IT equipment. As there is no hard and fast rule as to which alternative is better; it heavily depends on your business’ unique situation and needs. Here is an overview of each alternative’s pros and cons to help you decide between the two options:

When you lease IT equipment, the upfront costs are low, which allows a business to set aside moneys for more pressing needs.

There will be a set monthly payment with no surprises, and your business can keep up with the Joneses when it comes to having the most cutting-edge technology. If some new tech system pops up in a year or two that could help your business operations, upgrading is simple to do when leasing.

There are, however, downsides to leasing. Over the long term, you may pay more for the equipment your business uses. With a lease, there’s also the issue of having a contract that usually requires the business to rent the IT equipment for a set length of time.

This means that – even if your business opts to stop using that equipment or it becomes obsolete – the payments still must be made.

When you purchase your business’ IT equipment outright, there is only a single, albeit large, hit to the budget, and there’s no complicated paperwork to fill out or built-in caveats in the contract to look out for. It belongs to the business and decisions regarding maintenance and method of use are entirely up to those within the company instead of being governed by an outside entity. The purchased equipment can even be deducted from the business’ taxes.

On the other hand, putting a lot of money at once into a company’s IT needs may draw too much money out of other divisions’ budgets, such as marketing, for example. This can negatively impact the business’ bottom line. Another consideration is how often technology equipment should be updated. With buying such equipment, it’s far harder to upgrade to the latest technologies, which could require waiting for your recently purchased items to sell before making a fresh IT equipment purchase.

For Pete’s Sake, Back Up Your Data Folks!

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

I’ve been supporting small business computers and network systems for more than 25 years, and believe me when I say, the number one thing that still boggles my mind is the lack of sound backup systems and procedures.

It is a topic we cover a lot in our newsletters, and for good reason: Not a month goes by where we aren’t witness to some sort of catastrophic file loss or system/server failure.

If you’ve ever lost an hour of work on your PC because it locked up in the middle of writing a proposal, you know the grief it causes. Now imagine if you lost days or weeks of work – or imagine losing your client database, financial records, and all of the work files your company has ever produced or compiled.

Or what if a major storm, flood, or fire destroyed your office and all of your files? It’s raining as I write this, perhaps the twentieth day of rain in the last 30, and we’re under a flood watch yet again. [Read more…]

Does Your Company Need An Internet Usage Policy?

Scott Blake is a Senior Network Engineer with Tech Experts.

With the growth and expansion of the Internet, it is important to make sure that your business has a policy in place to protect its assets.

Depending on your business, an Internet Usage Policy (IUP) can be long and drawn out or short and to the point.

An IUP will provide your employees with guidelines on what is acceptable use of the Internet and company network. IUPs not only protect the company, but also the employee.

Employees are informed and aware of what is acceptable when it comes to websites and downloading files or programs from the Internet.

When employees know there will be serious consequences for breaking the IUP, such as suspension or termination of employment, companies tend to notice a decrease in security risks due to employee carelessness.

You will need to make sure your IUP covers not only company equipment and your network, but also employee-owned devices such as smart phones and tablets. You may be surprised at the number of employees that feel they do not have to follow the IUP because they are using their own device to surf or download from the Internet.

Make sure you address proper usage of company-owned mobile devices. Your business may have satellite employees or a traveling sales force. Even when they are away, they need to be aware they are still representatives of the business and must follow the business IUP.

After all, it would not go over well if your sales staff was giving a presentation to a prospective client and suddenly, “adult content” ads popped-up on the screen because one of your employees was careless in their web habits.

The downloading of files and programs is a security risk in itself. Private, internal company documents and correspondence downloaded from your company’s network can become public, causing unrepairable damage.

On the same thought, employees downloading from the Internet open your company’s network up to malware attacks and infections.

There are a lot of hackers that prey upon the absent-minded employee downloading a video or song file by hiding a piece of malware within the download. Once the malware makes it into your network, there’s no telling what damage it can cause.

As for non-work related use of the company network and Internet, make sure your employees know there is no expectation of personal privacy when using the company’s network and Internet connection.

Make it well-known that the network and Internet are in place to be used for work purposes only. Improper use of the network can reduce bandwidth throughout the company network.

This includes all mobile devices owned by the company. This way, your employees know that no matter where they are they still must follow the guidelines of the IUP.

Make sure all of your employees sign the IUP and fully understand what it is they are signing. Make sure you answer any and all questions they may have.

This will help clear up any confusion your employees may have. This way, there can be no excuses as to why the IUP was broken.

Whenever you update the IUP, make sure you have all of your employees sign and understand the new additions and/or changes to the IUP. It may seem like overkill, but you’ll be glad you did if you ever run into any violations of your company’s IUP.

For assistance in creating Internet Usage Policies or if you have any questions, call the experts at Tech Experts: (734) 457-5000.

Should Your Company Install The Windows 10 Preview?

In short, no. While the Windows 10 Technical Preview is free of charge, there are too many dangers in downloading what is essentially the Beta release of Microsoft’s newest operating system.

There’s a reason why the preview is available, and it’s not to generate excitement about its coming release this fall. The preview exists for Microsoft to discover bugs and glitches that are present in this version, so they can fix them before Windows 10 officially hits the market. Unless you just enjoy being part of that process, it’s best to leave the testing to others.

It is especially important to wait for the official Windows 10 release if you only have one PC or mobile device.

Since all the kinks have not yet been worked out, you could find yourself unable to use accessories like printers or scanners if you make the premature jump into the new operating system. You also can’t be assured that the Windows 10 preview is safe for your devices, and it’s simply not worth the risk of incurring problems that can not only be costly moneywise but in the ill use of your time trying to correct any damage.

Furthermore, the technical preview isn’t complete. The features you’re looking forward to may not be included. The Spartan web browser and Holograph feature are missing from the Windows 10 preview.

So, even if the test version of the operating system functions seamlessly, you’re apt to be disappointed. Although you may be chomping at the bit to get rid of your old operating system, the wise thing to do is wait until Microsoft perfects Windows 10 and then fully explore it when it’s finally released, making sure it is compatible with your business applications.

The Basics Of HIPAA Compliance

Michael Menor is Vice President of Support Services for Tech Experts.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is federal legislation that created national standards to protect the privacy of patients’ medical records (including electronic records) and other personal health information.

The legislation makes organizations and individuals who collect and manage personal healthcare data legally liable for its security, including health care providers, health plans, health clearinghouses and business associated with any of these. Consequences of negligence and misuse of private information can include civil and criminal penalties.

As a result of HIPAA, the Department of Health and Human Services created specific regulations for the handling of Protected Health Information (PHI), including electronic or digital forms (ePHI). HIPAA has two main sets of requirements related to privacy and security.

The HIPAA Privacy Rule governs the saving, accessing and sharing of health-related and other personal information, either oral or written.

This rule defines the guidelines safeguarding the confidentiality of PHI. Standards for identifying and authenticating people and organizations requesting PHI are outlined in this rule.
The HIPAA Security Rule more specifically outlines national security standards to protect health data created, received, maintained or transmitted electronically.

This rule primarily focuses on the technological measures used to enforce policies keeping ePHI out of the wrong hands. Failing to comply with these rules can result in penalties for not only organizations, but for the responsible individuals.

Any entity that deals with protected health information must make sure that all the required measures are established and continuously observed — physical (actual data center server access), network, and process security (audits, policies and staff training).

While the legislation is clear on the privacy, security, and accessibility requirements for organizations, over 91,000 violations were recorded between April 2003 and January 2013. These resulted in 22,000 enforcement actions (which included settlements and fines) with 521 referred to the US Department of Justice for criminal investigation.

HIPAA Compliant Best Practices
1. Review and evolve your policies and procedures. HIPAA is not a “set and forget” proposition; compliance must be a living, changing process that is regularly audited for effectiveness and legality. A lot has changed since 1996 and organizations’ policies must reflect those changes.

2. Accessibility rights are as important as rights to privacy. HIPAA gives patients certain control over their healthcare information, including the right to access it on demand and the right to revoke authorization to store their data. Organizations must act quickly when patients ask for their PHI.

3. If you store your data with a third party hosting provider, make sure that they are HIPAA compliant. The Security Rule hands down many stringent administrative, physical and technical requirements for such providers. Make sure that a full-scale risk assessment of the provider is performed on a regular basis and that a process is in place for monitoring compliance.

Apply common sense to your technology platforms. Shut down computer programs and servers containing patient information when not in use, and don’t share passwords among staff members.

The US Department of Health and Human Services has found that storing patients’ information in a HIPAA compliant cloud server can be safer than using a localized server or paper documents, so consider this option for increased security.

A HIPAA violation can be as small as a health care worker discussing a patient’s private health information in the elevator or as large as a $1.2 million fine for not erasing PHI from photocopier hard drives before returning them to the leasing agent.

More than ever, common sense and sound corporate governance must be applied to the technologies and processes that manage confidential data. Protecting that data will protect clients and the organization as well.

Data Breaches And The Building Blocks Of Cyber Security

Michael Menor is Vice President of Support Services for Tech Experts.

The data breaches at Target, Home Depot, Staples, Michaels, Anthem, and Sony Pictures Entertainment are just the tip of the iceberg and the stakes are very high. They’re costly for both businesses and customers and once the breach is announced, customers often terminate their relationship with that business.

You may ask, “What constitutes a data breach?” It is an event in which an individual’s information, including name, Social Security number, medical record and/or financial record or debit card is potentially put at risk. This can be in either electronic or paper format. The data set forth in this article is based on Ponemon Institute’s “2014 Cost of Data Breach Study.” Ponemon conducts independent research on privacy, data protection and information security policy.

New methodologies developed by the National Institute of Standards and Technology (NIST) and other industry standards bodies, such as the Department of Health and Human Services (HHS), are being implemented by many organizations, but best practices for addressing cyber security threats remain vague.

So what can be done to minimize cyber security threats? An effective starting point is to focus on the following essential building blocks of any cyber threat defense strategy.

Most organizations rely on tools like vulnerability management and fraud and data loss prevention to gather security data. This creates an endless and complex high-volume stream of data feeds that must be analyzed and prioritized. Unfortunately, relying on manual processes to comb through these logs is one of the main reasons that critical issues are not being addressed in a timely fashion.

Implementing continuous monitoring, as recommended by NIST Special Publication 800-137, only adds to the security problem as a higher frequency of scans and reporting exponentially increases the data volume. Data risk management software can assist organizations in combining the different data sources, leading to reduced costs by merging solutions, streamlining processes, and creating situational awareness to expose exploits and threats in a timely manner.

One of the most efficient ways to identify impending threats to an organization is to create a visual representation of its IT architecture and associated risks.

This approach provides security operations teams with interactive views of the relationships between systems and their components, systems and other systems, and components and other components. It enables security practitioners to rapidly distinguish the criticality of risks to the affected systems and components. This allows organizations to focus mitigation actions on the most sensitive, at-risk business components.

Effective prioritization of vulnerabilities and incidents is essential to staying ahead of attackers. Information security decision-making should be based on prioritized information derived from the security monitoring logs. To achieve this, security data needs to be correlated with its risk to the organization. Without a risk-based approach to security, organizations can waste valuable IT resources mitigating vulnerabilities that, in reality, pose little or no threat to the business.

Lastly, closed-loop, risk-based remediation uses a continuous review of assets, people, processes, potential risks, and possible threats. Organizations can dramatically increase operational efficiency. This enables security efforts to be measured and made tangible (e.g., time to resolution, investment into security operations personnel, purchases of additional security tools).

By focusing on these four cyber security building blocks, organizations can not only fulfill their requirements for measurable risk reporting that spans all business operations, but also serve their business units’ need to neutralize the impact of cyber-attacks.

These methodologies can also help improve time-to-remediation and increase visibility of risks.

Risks When Employees Use Their Own Mobile Devices

Michael Menor is Vice President of Support Services for Tech Experts.

BYOD (Bring Your Own Device) is an exciting development for increasingly mobile and interconnected employees, but also a new challenge for IT security teams.

Gone are the days where security professionals can lock down a finite set of machines and facilities; instead, they must manage an ever-growing, ever-changing landscape of employees, devices and applications, many of which have access to information that needs to be protected.

According to an article on eWeek, a survey was done on organizations with mobile devices connecting to their networks: only 33 percent have any official BYOD policy governing the use of personal portable devices, 67 percent do not.

The security risks are inherent in BYOD between viruses, hacking, improper security, and more. Flat-out thefts of smartphones, laptops, and tablets are also an issue.

In New York City alone, police data show that Apple products were stolen in a total of 11,447 incidents in the first nine months of 2012. That is an increase of 40 percent compared to the previous year.

Of course, employee education and awareness are important as informed users are more likely to act responsibly and take fewer risks with company data. Unfortunately, employees can be careless and criminals crafty, which is why network security defenses and policies are so critical.

Although implementing a restrictive device policy may feel like the most secure approach for your company, it can easily backfire.

Your craftiest employees are going to find a way to connect their devices to your network no matter what. And employees who do obey your “no iPhones” message will probably resent the policy and experience lower productivity.

Bring Your Own Device conceptToday’s workers expect to have 24/7 access to their information. They want to be able to catch up on emails on the evening train ride home or access information while away from the office.

BYOD lets IT staffs eliminate the hassle and expense of provisioning, distributing, and maintaining hundreds of corporate-owned mobile devices.

But setting up a BYOD program isn’t without its challenges. For starters, when you give employees free rein to bring in their own devices, you put your corporate documents and data at the mercy of the native security on these devices.

When you consider that many of your employees probably have “1234” as the PIN on their iPhones, that’s a pretty sobering thought.

Another major concern is your network. When you allow today’s increasingly powerful smartphones and tablets to request resources from your network, you really put your infrastructure to the test.

Are you ready to serve data instantly to hundreds of increasingly powerful hand-held mobile devices?

What if your mobile employees want to watch training videos, play back webinars, or listen to conference call recordings on their devices – can you deliver this kind of bandwidth?

Like most things, there are upsides and downsides, but a decision should be made on what best suits you, your employees, and your business.

When it comes down to it, BYOD isn’t a completely ridiculous idea. In fact, the benefits of BYOD may be worth the extra security precautions required to implement it.

(Image Source: iCLIPART)