TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Mobile Device Management Is Key In Securing Your Network

by Jeremy Miller, Technician
Mobile devices have been finding their way into the workplace since the cell phone was invented. Since the evolution of mobile devices in the workplace is rapidly growing and changing it can be hard to make sure that your device is not leaking company information intentionally or even unintentionally.

Information Technology (IT) has had to evolve alongside mobile technology and how to secure devices without restricting too much access.

There are usually two options of allowing mobile devices in the workplace. You can provide your employees with a company owned device or you can allow them to use their personal device.

Providing your employees with a company owned device allows you to monitor every detail about the phone including calls, messages, installed apps and location of the device. This is possible because the employee can expect no privacy from the company on this device.

When you allow an employee to use their own device at work you have to take their personal privacy in consideration. You might not want to monitor their phone calls, messages and apps installed.

Instead you can make the device more secure. You can install monitoring software that will allow you to lock the device if it gets lost, wipe the device if you know it may have fallen into the wrong hands, or find the device by using GPS location.

We have the ability to install our monitoring software onto any Android or iOS device and choose a profile that will suit a personally owned device, a company owned device or we can even customize a plan that will suit your needs even more specifically.

Since mobile devices are prone to getting lost or stolen they need to be protected in the best way that you can. In most cases installing monitoring software is the best solution.

This is because we can monitor the phone without interfering with the device usage. Once the device is compromised we can act quickly to get the device secured.

On the other hand if you notice an employee is acting suspiciously you can monitor their phone usage to determine if they are wasting time or acting maliciously against the company and take action before something more serious happens.

The best part about managing your mobile devices through Tech Experts, is that we are very competitive with other personal phone security managers out there in both price and features.

Our prices are very affordable and services can be easily customized to meet your needs.

It takes just about as long as installing an app to your phone as it does to setup our management software on any mobile device running Android or iOS.

You will be able to rest assured that your mobile devices are virtually safe from data loss, your employees are using their resources and time accordingly, and in the event of an issue we will be there to assist you in any way we can.

If you are interested in trying out our mobile device management service please contact us and we will be happy to help you with any questions.

Network Security: Top Tips For A Secure Network

by Michael Menor, Network Technician
As the first layer of defense in your network, it is important to take a step back and review the design of your perimeter security.

To ensure a sound architecture, you want to start with what ultimately must be protected and then design your perimeter security so it can scale as your needs grow/change. Since the threats you know about and face today may not be the ones you face tomorrow, you want to be sure your design is flexible enough to meet future needs.

Think of your network perimeter like a castle during medieval times, which has multiple layers of defense – a moat, high walls, big gate, guards, etc. Even in medieval times, people understood the importance of having layers of security and the concept is no different today in information security. Here are four tips:

Build layers of security around your castle
No defense is 100% effective. That’s why defense-in-depth is so important when it comes to building out your security. The traditional first line of defense against attacks is typically the firewall, which is configured to allow/deny traffic by source/destination IP, port or protocol.

It’s very binary – either traffic is allowed or it’s blocked by these variables. The evolution of these network security devices has brought the Next-Generation firewall, which can include application control, identity awareness and other capabilities such as IPS (Intrusion Prevention Systems), web filtering, advanced malware detection, and more baked into one appliance.

Whether or not it’s part of your firewall or a separate device, IPS is another important perimeter defense mechanism. Having your IPS properly optimized and monitored is a good way to catch attackers that have slipped past the first castle defense (firewall/router).

The popularity of moving more into the cloud has brought cloud-based malware detection and DDoS (Distributed Denial of Service) services. Unlike appliance-based solutions these are cloud-based services that sit outside your architecture and analyze traffic before it hits your network.

Harden your device configurations, software updates and security policies
Here is where we start building those walls to prevent attackers from getting inside the castle. The first line of defense typically involves network security devices such as routers, firewalls, etc. which each act like the guards, gate, moats, etc. of long ago.

For each layer of security, you want to ensure they are running the most up-to-date software and operating systems, and that devices are configured properly.

A common misstep occurs when organizations assume they are secure because of their many layers of defense, but a misconfigured device is like giving an attacker a key to the castle. Another important practice is to tighten security policies (of course without impacting the business), so for example you don’t have a router allowing just anyone to Telnet to it from outside your network.

Enable secure network access
While firewalls, routers and other security layers are in place to prevent unauthorized access, they also enable access that is approved. So how do we let authorized personnel into the castle? The drawbridge of course! Next-generation firewalls can help here by scanning inbound and outbound user traffic, all while looking for patterns of suspicious behavior.

Password complexity also plays a big part in Secure Network Access. Ensure your users are following these common rules.

  • The password must be exactly 8 characters long.
  • It must contain at least one letter, one number, and one special character.
  • Two of the same characters sitting next to each other are considered to be a “set.” No “sets” are allowed.
  • Avoid using names, such as your name, user ID, or the name of your company or employer.
  • A new password shouldn’t be too similar to the previous password.

Another way to have secure access from the outside through the perimeter is to install a VPN (Virtual Private Network) that is configured to allow encrypted communication to your network from the outside. Utilizing two-factor authentication with a VPN contributes towards ensuring the integrity of the users making the request. This is external-facing to your network and allows users to tunnel into your LAN (Local Area Network) from the outside once the appropriate measures are taken to secure access.

Create and segment the DMZ
If firewalls, routers, web filters, etc. are the guards, moat, gate, walls of a castle, then the DMZ (De-Militarized Zone) is like the courtyard once inside the castle – another area before the private quarters.

When creating a DMZ, there should be at least a front-end firewall for the external traffic and a back-end firewall for the internal traffic. Firewall rules should be optimized and tightened on all publicly available systems to allow traffic to only the necessary ports and services in the DMZ. From an internal perspective you also want to limit who can access systems within the DMZ. One approach is creating firewall rules to only allow the source IP addresses and port to the specific server and then adding proxies in the network from which admins are allowed access to the systems.

Segmenting systems within the DMZ is also something to strongly consider so that if a system is breached in the DMZ, it can’t spread as easily. For example, you don’t want a web server passing data to an application or database server in a “public DMZ.” Configuring systems within different VLANs (with a layer 3 switch) will help you isolate and respond to incidents if a server in a DMZ is compromised.

A sound network security perimeter architecture requires multiple layers of defense, up-to-date and hardened policies and controls and segmentation. All of these things make it harder for an attacker to gain access to your crown jewels and easier for you to isolate and respond to breaches when they occur.

BlackBerry To Profit From Patents

by David Stone, Technician
After a little over a decade of being a main mobile power in the business world, Blackberry (NASDAQ: BBRY) is fading to black.

The smartphone and tablet manufacturer is getting edged out by an array of factors: First they waited too long to release a device that could compete with Android and iOS, and then fell short on innovative features and operability. Secondly, they failed to market their devices to generate the kind of “tech buzz” needed to drive consumer sales these days.

While Blackberry reigned supreme as the go-to business message service and mobile emailing solution, they were surpassed by changes in industry and social popularity.

Perhaps they made changes too little too late, or perhaps they thought that their grip on the business world would ever cease. Either way, they will forever be an example of how refusing to adapt and change or not being able to see the coming change will extinct your business.

The announcement of profit losses was preceded by a work force reduction plan and the possibility of going private. Both indicate a company in turmoil, not a tech giant about to reinvent the way people connect and share data. The future for new devices looks bleak at Blackberry, but the future of the company looks like it might have some options that provide low-maintenance profitability.

In addition to being the 6th largest manufacturer of mobile devices (smartphones & tablets) Blackberry also provides mobile internet service to 91 countries on a worldwide network of over 500 mobile carriers.

Blackberry also holds a lot of proprietary patents, which much like Microsoft will generate plenty of income with little to no cost. This would essentially turn the company into a technology holding company, with a focus on maintaining licensing not developing new hardware. In effect, this would hand the company over to the lawyers and wrestle it away from the engineers. That does not bode well for any company that wants to be an industry trend-setter.

With stiff competition from Android and iOS, a former industry standard in the world of mobile computing is all but gone. Perhaps it will remain in the ring for a few more rounds with a cult-like following of users, or maybe they will break into the services sector and resurge as a mobile-enhancement services company.

It’s A Scary Time For Your Company’s Systems And Data

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

We sent out an email a few days ago alerting folks to a new and particularly nasty virus that’s making the rounds. It’s called CryptoLocker and, if your systems get infected with this particular kind of “ransomware,” it is, frankly, a nightmare.

CryptoLocker scans your system and looks for all of your file storage locations – your local C: drive, any USB thumb or external drives, and even network shares (if you save files on your S: drive, for example).

It then encrypts every file it finds using a sophisticated, spy-level type of encryption. Your files – Word, Excel, Powerpoint, etc. – all become unusable.

Pay up, or else
You’ll then get a pop up on your system, letting you know that your personal files are encrypted, and if you want the key to unlock them, you’ll need to pay the cyber crooks to get it. The ransom (thus, the term “ransomware”) is anywhere from $300 on up. And, there’s a deadline – 72 to 100 hours – after which, the key to your files is destroyed, and you’re simply out of luck.

Prevention
This nasty virus is spread by opening email attachments or through other “social engineering” means.

Spam/virus filtering are generally aware of the threat and actively block emails that contain elements of this and other malware.

We suggest notifying your employees immediately of this new virus and making sure everyone is following some basic preventive measures:

  • Do not click on attachments in emails from someone you don’t know or companies from which you haven’t expressed interest in receiving information.
  • Do not click on links, advertisements or pictures that pop up on your screen when visiting other websites.
  • Do not engage in social media games or click on links that appear on social media platforms.

The virus emails come in the form of a shipping notice from UPS or FedEx. It is obviously fake, but the scammers make it look very real.

Why aren’t you backing up your data?
I’ve been in the IT business for nearly 27 years and I can say I’ve pretty much seen it all. But I’m still astounded when we run across a business owner who isn’t backing up their data.

Studies show that only six out of every 10 people back up their computer files. The 40% that don’t said that it was because they didn’t think they needed to.

According to a report by PricewaterhouseCoopers, 70% of small businesses that suffer a significant data loss go out of business within a year.

These ransomware and other destructive viruses are becoming more and more prevalent. We work hard to keep your systems safe and protected, but no antivirus software catches 100% of everything.

More than ever, it is vitally important that your business have a solid backup system that is managed, monitored and tested. Too many times we’ve gone in to help a new client who is in the middle of a disaster, only to find out they were religiously changing tapes in a system that hadn’t successfully ran a backup in months – or years.

How You Can Benefit From An Annual Security Assessment

by Jeremy Miller, Technician
Most companies have an IT service provider or an IT department to take care of all of the IT needs of the company.

These technicians can easily address any issues that arise. Most issues are not addressed until they become known and are reported to the IT service provider either from the person having the issue or monitoring software they have installed.

It is best to have your IT service provider run an assessment once or even better twice a year.

This can make you and your IT provider aware of any security issues that are not easily monitored or would cost too much to monitor.

A security audit can be implemented for a number of reasons.

Some organizations are required to have them if the information they are using needs to be secure based on a compliance standard such as HIPPA or PCI.

Every day new vulnerabilities are discovered and it is too time consuming to test every device on every network for each security risk that is discovered as they are discovered.

This is where the security audit shines; it can be used to check for any known vulnerability on every device on your network.
Even with all of the security software commonly installed on all business computers such as anti-virus, service checks, and patch management there can still be security risks running behind the scenes that can be detrimental to your company.

A security assessment can let you know if any software is using an insecure port to an employee’s malicious actions.

It can show you if an application is using more bandwidth than it should, which may be causing other issues on your network.

Security assessments are the best tools to test for data leakage. Data loss is every businesses problem. Significant data loss causes a business to fail almost 70% of the time.

There are other times beside annually that it is good to get a security assessment. It would be best to get them before and after changing IT providers.

It is good to get one after any large installation or migration. This can be a business application, hardware such as new computers or a new server or even a physical migration such as moving to a new location or building an addition.

Security assessments are increased in effectiveness when you run a baseline security assessment. A baseline security assessment is when you run an assessment before you do any changes to your current IT setup.

This will let you know where you are before any changes are made. You can then have a comparison to verify that your security is improving.

A baseline security assessment will also let you know what vulnerabilities you need to address. Some of these vulnerability issues can be quite costly to repair and are great to plan for.

The sooner you get an assessment the sooner you will be able to make informed decisions based on your actual network risks security requirements.

Everyone’s security needs are different; we can assist you with any questions or concerns that you may have about security assessments.

Top Tips To Avoid A Virus Or Malware Infection

by Michael Menor, Network Technician
Malware is short for “malicious software.” It includes viruses and spyware that get installed on your computer, phone, or mobile device without your consent.

These programs can cause your device to crash and can be used to monitor and control your online activity. Criminals use malware to steal personal information, send spam, and commit fraud.

Avoid Malware
Scam artists try to trick people into clicking on links that will download malware and spyware to their computers, especially computers that don’t use adequate security software. To reduce your risk of downloading unwanted malware and spyware:

Keep your security software updated. At a minimum, your computer should have anti-virus and anti-spyware software, and a firewall. Set your security software, internet browser, and operating system (like Windows or Mac OS) to update automatically.

Don’t click on any links or open any attachments in emails unless you know who sent it and what it is. Clicking on links and attachments – even in emails that seem to be from friends or family – can install malware on your computer.

Download and install software only from websites you know and trust. Downloading free games, file-sharing programs, and customized toolbars may sound appealing, but free software can come with malware.

Minimize “drive-by” downloads. Make sure your browser security setting is high enough to detect unauthorized downloads. For Internet Explorer, for example, use the “medium” setting at a minimum.

Use a pop-up blocker and don’t click on any links within pop-ups. If you do, you may install malware on your PC. Close pop-up windows by clicking on the “X” in the upper right-hand corner of the title bar.

Resist buying software in response to unexpected pop-up messages or emails, especially ads that claim to have scanned your computer and detected malware. That’s a tactic scammers use to spread malware.

Talk about safe computing. Tell your kids that some online actions can put the computer at risk: clicking on pop-ups, downloading “free” games or programs, opening chain emails, or posting personal information.

Back up your data regularly. Whether its text files or photos that are important to you, back up any data that you’d want to keep in case your computer crashes.

Detect Malware

Monitor your computer for unusual behavior. Your computer may be infected with malware if it:

  • slows down, crashes, or displays repeated error messages
  • won’t shut down or restart
  • serves up a barrage of pop-ups
  • displays web pages you didn’t intend to visit, or sends emails you didn’t write

Other warning signs of malware include:

  • new and unexpected toolbars
  • new and unexpected icons in your shortcuts or on your desktop
  • a sudden or repeated change in your computer’s internet home page
  • a laptop battery that drains more quickly than it should

Get Rid of Malware
If you suspect there is malware on your computer, take these steps:

  • Stop shopping, banking, and doing other online activities that involve user names, passwords, or other sensitive information.
  • Update your security software, and then run it to scan your computer for viruses and spyware. Delete anything it identifies as a problem. You may have to restart your computer for the changes to take effect.

If your computer is covered by a warranty that offers free tech support, contact the manufacturer.
Before you call, write down the model and serial number of your computer, the name of any software you’ve installed, and a short description of the problem.

  • Tech Experts offers technical help on the phone, in our office, or in your home or business, based upon what is most convenient for you.

Telephone and online help generally are the least expensive and most time efficient, but you may have to do some of the work yourself. Bringing the computer to our office is usually less expensive than having a technician visit your business or home.

  • Once your computer is back up and running, think about how malware could have been downloaded to your machine, and what you could do differently to avoid it in the future.

 

Looking For Good Career Advice? Avoid These Stale Clichés

Books, blogs, and motivational gurus are full of career advice for beginners and veterans alike. Much of it can be useful, but you’ve got to be careful to separate the good from the misguided and obsolete.

Don’t blindly follow these “words of wisdom” without a healthy dose of skepticism:

“Any job is better than no job.”
Working at a job you hate can sap your morale and make any change harder to accomplish.

You probably won’t be motivated to do good work, and if you quit out of frustration, you could be labeled an undependable job-hopper.

No job is fun all the time, but you’ll generally do better at a job you can find some enjoyment in, even if that takes longer to find.

“Follow your passion.”
On the other hand, don’t wait forever for your dream job to present itself.

You need to know what you’re good at, and what you like doing, but chances are you can do well in a job that satisfies less than 100 percent of your ambitions.

You don’t want to give up worthwhile career opportunities because they don’t fit with an unrealistic dream of success.

“You need an advanced degree to get anywhere.”
Education is always a good thing, but without a clear purpose, you could waste years and thousands of dollars on studies that don’t necessarily translate to career success.

Decide on what you want to learn, be clear on how it will help you, and make sure the investment will really pay off in terms of increased opportunities and career satisfaction.

“Never quit a job.”
You shouldn’t jump ship at the first sign of trouble, but staying at a dead-end job with no hope of advancement and little chance of learning anything doesn’t help your career.

Look for opportunities to improve your situation wherever you’re at, but keep an eye on the job market so you’re never trapped.

“The one thing you need to do is …”
Be wary of any advice that offers a quick fix. Managing a career is complicated. You don’t know what’s coming up, and you won’t always know the right decision to make. You’ll make mistakes and encounter bad luck.

Commit to learning and moving forward, and don’t waste time following short-lived trends or depending on gimmicks to land your dream job.

How To Beat Job Burnout

If you are finding it more and more difficult to cope with the demands of your job in addition to the rest of your life, you are definitely not alone. More and more people are putting in additional hours at work or being on call even when they should be at home relaxing.

The good news is there are ways to make your daily routine a little more balanced. One of the best is to actually build downtime into your schedule. As you plan your week you should make a point of including time with friends and family as well as activities that will allow you to recharge such as a sport of some kind.

Being proactive about scheduling can be very helpful and also prevent free time from being wasted. Another good idea is to drop activities that are sapping your energy or time, including online activities. Making time for exercise can also assist you with becoming more alert and boosting your concentration and overall energy level.

Why Virtualization Is A Good Idea For Your Small Business

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Server virtualization is the partitioning of a physical server into smaller virtual servers to help maximize your server resources.

In server virtualization, software is used to divide the physical server into multiple virtual environments, called virtual or private servers. This is in contrast to dedicating one server to a single application or task.

Server virtualization provides a small business with almost unlimited storage space. Let’s look at some of the ways that server virtualization could benefit your small business.

Efficiency
Virtualization maximizes server space, which reduces the number of servers needed to store important company data.

Since multiple virtual servers reside on a single physical server, your infrastructure will require less space, saving occupancy costs.

Economy
Virtualization will cut down on your energy consumption, which will lower your monthly bill. Because you’ll need fewer servers, you’ll save on hardware costs, as well.

For a small-business owner, these savings can mean a lot in the long run, especially if energy costs are high.

Disaster Recovery
Fires, theft and natural disasters happen, often without warning.

What would happen to your business if all of your important files were stored on in-house servers that got destroyed in a tornado or fire?

With virtualization, that becomes less of a worry, especially if you conduct regular checks to ensure that your data is being properly backed up.

It is equally important that you take steps to ensure the data can be recovered if necessary and that when recovered, the data is usable.

Virtualization cuts down on the risk that an employee or thief could walk off with important company files, something that can happen if you back up company files on external hard drives.

Business Continuity
Unlike disaster recovery, business continuity is about quickly recovering from things like power outages and server crashes.

These two common occurrences could cost a small-business owner a lot of money depending on how long employees remained idle waiting for power to be restored or a server to be repaired.

With a virtualized server environment, server images are often backed up to the cloud – where they can be enabled in real time and act as a replacement server until resources are restored.

Virtual Desktop
This is a growing trend in the business world. Also known as client virtualization, desktop virtualization separates the PC desktop environment from the physical machine and operates in the cloud.

With virtual desktop infrastructure, employees can access the company network from their laptops, tablets or smart devices.

Virtualization has worked well for large enterprises for a number of years, and now the technology is affordable for smaller businesses.

Choosing virtualization for your company is no small matter. You’ll want to make sure you use an experienced, trusted IT partner to make sure your project goes smoothly.

The Benefits Of VoIP Over Traditional Phone Service

by Jeremy Miller, Technician
Voice over Internet Protocol (VoIP) is the general term used for transmitting two-way voice communication over a network.

This can work on any network, whether it be at home or work, connected to the Internet. VoIP can also be used for internal communications and do not necessarily need to be transmitted out to the Internet.

Plain old telephone system (POTS) is the traditional phone service that everyone is used to, and it is commonly known as a home phone.

This system is designed to run on dedicated electronic circuits and is transmitted using analog signals where VoIP uses digital.

There are many reasons that you should use VoIP over POTS many of which include cost and expansion. Where ever you have a network connection, VoIP can be implemented. POTS often are much more costly.

As I said before POTS requires a dedicated circuit to transmit on. This means every time you add a new phone you would have to run a phone line and a network drop.

POTS can become quite expensive for an office building if you have to run phone lines to each person’s office.

In the event of expansion POTS will require costly hardware upgrades and provisioning of new lines. VoIP will only require more bandwidth and possibly software upgrades which are generally inexpensive and very easy to do.

There is much more competition in the VoIP market. Where POTS may have a few providers to choose from in your area, VoIP will have hundreds to choose from on the Internet.

When using VoIP you have control over the traffic of the phone calls as well. This makes it easy to manage, record, and maintain all phone calls.

Many of the features such as call waiting, conference calling, music on hold, multiple extensions and voice mailboxes are all free with VoIP. These features have always come at a premium when using POTS.

VoIP does not limit you to what you can transmit over its call. For instance you can make a video call or a voice call using VoIP. While in your call you can send over an attachment which is quite similar to email.

There are downsides to using VoIP as well, but most of them can be mitigated. The first is unpredictable quality of service. You may not always get great sound or video quality.

This is usually dictated by the available bandwidth. If you notice your quality is not as good as you like, then you may need to upgrade your Internet speed or you network equipment.

VoIP may not always get you to the correct 911 responder in the event of an emergency. They are not centralized like POTS. The traffic could be routed around the world.

Since VoIP relies on the Internet and the Internet relies on electricity, you will lose your VoIP service if either Internet or electricity goes down.

This can be avoided by having a redundant Internet connection and battery backups for your network equipment.

You can also install an IP based private automatic branch exchange (PABX) which will allow you to integrate your POTS with VoIP so you can take advantage of VoIP and not lose the benefits of POTS.

If you are looking into VoIP or have any questions we would be happy to help.