Be Proactive: Avoid Potential Network Failures

For small to mid-sized businesses (SMBs), a network failure could become devastating, due to the loss of active resources. Preparation against such disasters is the only course of action to avoid failure or receive minimal damage. Companies must become proactive in their IT approach, realizing that disasters could come from a wide range of causes, including cyber-attacks or human error.

Be Prepared:

Being proactive is an essential step for preparation against a disaster. There are two essential steps to prepare for potential failures of your infrastructure. First, identify the weaknesses throughout your systems. Second, determine how you plan to repair those weaknesses and protect your network.

Identify the Weaknesses:

Determine how and why your system could fail, examining your hardware and software. Assess internal and external factors that could contribute to the failure of your networks.

Here are some questions you need to know the answers to:

– Does employee productivity often stall because of downed systems? In these situations, how fast is your IT support able to respond?

– Can you say with certainty that your business will be back online and able to access lost data with minimal disruption in case of failure?

– Your critical data should always be backed up.

– Are all backups stored in a off-site location accessible in the event of corruption, fire or flood?

– Are you using any custom made software? Can it be reinstalled and updated when needed?

– Is your system protected from hackers and viruses? Do you change passwords when employees leave the company?

– How often do you test your backup processes?

Here are four notes that you can take to protect your networks:

1. There are a large number of businesses that never back up data. Only 23% of SMBs are backing up their data daily, and only 50% are doing it weekly. Many issues can result in loss of data. You should back up data every day.

2. Don’t find out by mistake that your backup system isn’t working properly – by then it’s too late! It may seem like your data is being backed up normally, but check frequently to ensure it is backing up the way it should be.

3. Make sure virus and firewall protection is always enabled. Many companies either don’t have virus protection installed or it’s disabled. This could render their networks vulnerable to virus attacks from emails, spam, and data downloads.

4. Monitor your environment. Full drives and built-in logs, can cause many problems, ranging from application crashes to sluggish email. Diligent monitoring and maintenance can mitigate this risk.

We now know IT system failures have very serious consequences for SMBs. We also know that they can avoid such failures by being proactive. As a result of so much uncertainty, many SMBs are turning to cloud and virtualization backup solutions to mitigate downtime.

Virtualization and cloud computing have recently enabled cost-efficient business continuity options.  This is done by allowing entire servers to be grouped in one software bundle or virtual server – including data, operating systems, applications, and patches. This simplifies the backup process and allows for quick data restoration when needed.

Three Things Your Business Continuity Plan Needs

Very few business owners would dispute the wisdom behind having a business continuity plan This doesn’t stop many (if not most) businesses from having an outdated, ineffective, incomplete or untested plan.

Similar to insurance, this provides the “peace of mind” in knowing you have a disaster recovery and/or business continuity plan, but may never use it. As a result these plans are frequently incomplete in design, and execution.

“Every business continuity plan should have these elements, at a minimum!

Data and Image Backup

Business level Applications – Without Image and data backups, you won’t get your business back online and running after a disaster.

– Store backups on and off site – local backups are great for a quick recovery solution from minor issues. While off site storage (automated) can only greater ensure the disaster that affected your office, can’t affect your backup.

– Perform frequent and regular test restores of backed up data. If you think a disaster hurts – discovering that your backed up data is corrupt will only adds insult to injury.

 

Communication Considerations

– Have a plan to notify employees how, when, and where they can work if something happens to your facility.

 -Have a plan to notify partners and suppliers if a disaster affects your place of business. Alternate contact info, and expected duration of downtime. This will help your supply chains adapt to your circumstances after a disaster

– Have a plan to notify clients if a disaster affects your business. They will need to know how fast you will be able to resume operations. Lack of communication along these lines will cause them to assume your business is in dire straits and take their business elsewhere

 

Drilling and Testing

– Test backups and conduct drills often, ensuring you can restore a down server from your backed up data.

– Document procedures for conducting all the phases of your Disaster Recovery plan. Having this documentation in the hands of trusted personnel within your organization.

– Don’t assume your IT person will be available after a disaster – make sure more than one person knows how to restore your systems.

– Store important information offsite – a list of phone numbers to call after a fire won’t do any good if it burns up in the fire.

– Update your plan yearly. Personnel change, phone numbers change, suppliers change and technology changes.  A business continuity plan that hasn’t changed in 2 years may be useless when a disaster strikes.

You’ll still hope to never use your business continuity plan. Of course, if you were to need it, your business will be on the fast track to to resume operations as soon as possible. It will give your business a leg up on your competition.

Clare Computer Solutions has helped many companies design and put in place a business continuity plan – we’d be glad to help your company, too. Contact us today to get started.

Tax Season Means Big-Game Phishing for Cybercriminals

With tax season upon us, cyber-criminals have begun focusing new tax-related scams towards employers and employees using social engineering techniques. Social engineering is at the heart of the two most common cyber-scams plaguing business and individuals today: Ransomware and phishing scams.

 For more information on Ransomware or phishing scams, you can see this blog article here

The IRS is warning the public of this latest phishing scam – a variation on a technique known as “spearphishing.” Most phishing attempts appear as though they’re being sent from a trusted source or company, in an effort to get the recipient to let down their guard. Spearphishing is a little more sophisticated – sending emails that appear to be from within your own company from people you already trust, in management positions or from human resources.

“The IRS saw a big spike in phishing and malware incidents during the 2016 tax season. New and evolving phishing schemes have already been seen this month as scam artists work to confuse taxpayers during filing season. The IRS has already seen email schemes in recent weeks targeting tax professionals, payroll professionals, human resources personnel, schools as well as average taxpayers.”

-Internal Revenue Service, IRS.gov

How the Phishing Scam Works:

Cyber-criminals use various spoofing techniques to disguise an email to make it appear as if it was from an organization executive. The email is sent to an employee in the payroll or human resources departments, requesting a list of all employees and their W-2 Forms.

In some cases, the cyber-criminal follows up with an “executive” email to the payroll or comptroller and asks that a wire transfer also be made to a certain account. Although not tax related, the wire transfer scam is being coupled with the W-2 scam email, and some companies have lost both employees’ W-2s and thousands of dollars due to wire transfers.

“This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme.”

-John Koskinen, IRS Commissioner

How to Avoid Theft:

The IRS suggests users should remain vigilant and use caution when searching for tax help online. For more information about the scam and how you can protect yourself, check with IRS.gov. To better protect yourself, it may be a good idea to learn more about how to spot a phishing email.

Clare Computer Solutions provides onsite training to businesses to educate network users on how to avoid being victimized by ransomware or phishing.

By utilizing education and safeguard systems,  you can protect your staff and management team from making such a costly mistake. Using advanced techniques in email filtering, group policies, employee education and endpoint protection your company data will be safer. To find out exactly how we can protect your business,  and what you can do to prevent your personal data from being stolen, contact us today.

See https://www.clarecomputer.com/resources/events/ransomware-survival-guide/ and let us know if your business would like to offer this training to your employees.

clare computer Bay area leader in IT

How Managed Cloud Technology Adds Agility to Your Business

One of the more interesting promises of cloud technology is the agility added to business operations. In today’s fast-paced world, a company that can make changes quickly, as needed, carries a competitive advantage. How does managed cloud technology enable that?

Right-Size Your IT Environment

In a virtual (cloud) environment, computing resources can be purchased to precisely match a company’s need. Since a business’s need for IT resources can change for a variety of reasons (seasonal business cycles, or company growth, for example), the old paradigm would have been to purchase on-premises IT to match the anticipated maximum need. With cloud-based Infrastructure-as-a-Service (IaaS), a company can add or subtract things as needed to match the circumstances – CPU, RAM, disk space – all of these can be easily adjusted for need.

Agile Disaster Recovery and Business Continuity

Not only can existing cloud infrastructure be adjusted quickly; whole new assets can also be deployed, and this can be instrumental in a quick recovery from a crashed server, assuming the IT infrastructure has image backups. In this scenario, a new virtual server can be created from backed up images and shorten the time to recovery. This would work in many virtual environments (it doesn’t have to be in the cloud), but cloud-based solutions also offer rapid recovery when a company’s on-premise environment is affected by the disaster. Moreover, it’s possible to create a cloud-based version of the entire IT infrastructure and enable a business to resume operations quickly, even when their brick-and-mortar location is unavailable.

Access from Anywhere

More and more, workers are expecting to be able to do their jobs from a variety of locations – not just from the company’s office. Having even some of a company’s IT infrastructure in a managed cloud can make a mobile workforce more productive, more collaborative and more connected.

These are general benefits we’ve outlined – every business and every environment is different. Careful planning is required to reap these benefits while preserving productivity and network security. But competitive edge is very important, so managed cloud computing is a solution worth investigating.

Clare Computer Solutions has helped companies get into cloud computing – and sometimes out of cloud computing, depending on the needs and circumstances of the client. We can help you determine which part of your company’s IT infrastructure would benefit from cloud technology. It all starts with a conversation – contact us today to get started!

clare computer Bay area leader in IT

What Can Businesses Do For Resiliency Against Cyber Threats in 2017

Looking at the cyber threat landscape for 2017, it doesn’t appear businesses will receive any relief from hackers, malware, or ransomware anytime soon. In fact, all these threats continue to grow in sophistication. What can you do to help your business gain resilience against cyber-attacks? Here are three things you can do to help

Work With, Not Against, Front-Line Providers

Since technology has introduced the cyber threats mentioned above, it’s tempting to distrust technology or those who provide or service it. In all reality, the exact opposite is true. Once you choose an able IT service provider or vendor – listen to them and follow their advice. They will understand your need to balance easy access of information while keeping your data secure, and provide solutions to satisfy both needs – but you have to do it right.

Introduce New Technology Mindfully

Technology should be selected and used to introduce efficiencies while assisting in making your business more agile and serve clients better. There are enough choices out there that you can start with how you want your business to operate, then select tech solutions to meet these goals. Don’t let technology tell you how to run your business.

Don’t Neglect the Human Factor

Regardless of your technology, it’s humans that make your business run. Your employees need to be trained and vigilant when it comes to their use of technology. Make sure your company’s stance on security is ingrained in your corporate culture. Humans decide whether to buy a product or not, so make sure your technology aids – not impedes – the quality of interactions between employees and clients.

Clare Computer Solutions has helped many companies adopt technologies and practices to make their businesses more resilient to cyber threats.  We can help your business, too –just contact us to get started.

We also provide onsite ransomware prevention consulting for companies – at no charge. Education is one the best ways to prevent social engineering tactics for launching malware.

See https://www.clarecomputer.com/resources/events/ransomware-survival-guide/ for more information.

clare computer Bay area leader in IT

Choosing a Managed Service Provider Whose Goals Match Your Own

Picking the right managed service provider (MSP) to manage your business technology can can quickly become an overwhelming task for anybody. Rather than having repairs as needed, you’re partnering with a company to assist you in assessing your current technology, building a scalable plan for growth, and responding in a timely fashion.

What’s the difference?

A fundamental difference between the two methods is, the transaction-based “break fix” service has the client and provider working at cross purposes: The provider needs the client to have problems in order to have work to do. All the risk for the network’s health and performance is on the client’s side. A managed service provider (MSP), assumes some of the risk by charging a flat fee for an allotted amount of hours to keep the network running smoothly.

So how does a company choose their managed service provider? Here are some things to check for when evaluating an MSP.

Procedure

Managing multiple networks takes a very organized operation, with state-of-the-art procedures and tools. There should be a definable, and repeatable process for receiving service requests (whether generated by clients or monitoring tools), evaluating them, prioritizing them and assigning resources to resolve each one.  Any good MSP should be able to describe this process clearly while providing metrics as to how they meet their service level goals.

Experience

An MSP that’s only now getting into the game is unlikely to be as effective as one that’s been through the growth pains and has deep experience with the procedures and tools that constitute the best practices in this field.  Similarly, ask about the service provider’s staff – do they have enough experience to be considered experts in Managed Services, too?

Capacity

Modern tools may enable a very small organization to become a Managed Services Provider. Many things that used to require site visits can now be done by remote means. However, at any given time, some percentage of an MSP’s client base is going to require some “hands on” service. Make sure the MSP you choose has enough people to effectively service their client base. What’s the size of their field force? Do they offer an on-location support center?

Communication

If a company decides to rely on an MSP to manage all or part of their IT infrastructure, it doesn’t mean they should be “out of the loop”.  The relationship is a partnership, and that means information about the health of the IT infrastructure needs to flow back to the client company on a regular basis, in the form of monthly reports and regular meetings. Similarly, to get the maximum value out of the relationship, the client company should seek to get the MSP involved in strategic planning, to ensure the network will continue to meet the company’s needs as it grows.

Clare Computer Solutions has been in business since 1990, and been providing Managed Services since 2003. We have proven procedures and processes in place to deliver a consistent level of service, and we track key metrics to ensure we maintain our clients’ service level goals. We also help clients with their IT budgeting. It’s time your company’s information technology was properly managed – contact us to get started.

View our video on the importance of documenting your network.

Clare computer solutions managed service provider business IT support

Harden Your Operating System To Prevent Cyber Attacks

When attempting to compromise a device or network, cyber criminals look for any way in. Many small and medium-sized businesses aren’t aware that operating system vulnerabilities provide easy access.

5 Operating System Hardening Tips

While different operating systems have their own intricacies, there are recommended practices that apply universally. This list is not all-inclusive and you may implement additional best practices when applicable. However, in order to minimize your risk of suffering a cyber-attack, adhere to the following protocol:

  1. Programs clean-up– Remove unnecessary programs. Every program is another potential entrance point for a hacker. Cleaning these out helps you limit the number of ways in. If the program is not something the company has vetted and “locked down,” it shouldn’t be allowed. Attackers look for backdoors and security holes when attempting to compromise networks. Minimize their chances of getting through.
  2. Use of service packs– Keep up-to-date and install the latest versions. It’s that simple. No one thing ensures protection, especially from zero-day attacks, but this is an easy rule to follow.
  3. Patches and patch managementPlanning, testing, implementing and auditing patches should be part of a regular security regimen. Make sure the OS is patched regularly, as well as the individual programs on users’ computers.
  4. Group policies– Define what groups can or can’t access and maintain these rules. Sometimes, it’s simply user error that leads to a successful cyber-attack. Establish or update user policies and ensure all users are aware and comply with these procedures. For example, everyone should be implementing strong passwords, securing their credentials and changing them regularly.
  5. Security templates – These are groups of policies that can be loaded in one procedure; they are commonly used in corporate environments.

Clare Computer Solutions can help your company harden the operating systems on your network, providing another layer of defense against cyberattack. Contact us today to get started!

clare computer Bay area leader in IT

3 Internal Threats to Your Network You Should Know About

The media always seems to have some reports of hackers gaining access to sensitive company data, and those threats are very real. The nature of our connected networks means attacks can come from anywhere in the world.

Most prudent companies make a concerted effort to protect their IT infrastructure from attacks from the outside – using firewalls, address translation, intrusion detection and other schemes to thwart cyber-criminals.

However, there is another attack vector many companies overlook: threats from within the network. Disgruntled employees behaving badly is an obvious concern, of course, but here are three others to consider with regards to internal threats:

Unintentional Threats from Employees

Remember the old days when well-meaning employees might introduce a virus through the use of an infected floppy disk? We don’t have to worry about that so much but consider these points of entry for malware, enabled by an innocent employee:

* Infected websites – even when using the Internet for legitimate business purposes, search results often include sites infected with malware, and visiting those sites can introduce a virus or worm into the user’s computer, and then into the network.

*Infected thumbdrives – this is the modern equivalent to the old floppy disk danger, it’s just a different storage device. The employee gets some data or a program from outside the network and when they plug that drive in, any infection on that thumbdrive can propagate through the network.

*Email social engineering – good virus software can prevent malware from launching automatically when attached to emails. But links to infected sites, or “phishing” attempts can get employees to follow a link or be fooled into providing malware a way into your network.

A clear (and enforced) Company Security Policy, coupled with a corporate culture of security awareness and education, can greatly reduce these types of internal threats.

Inside Access from Non-Employees

It’s not just employees who access the company network. In many cases, suppliers and even clients may have some access to data or applications on your network. Your company’s Security Policy should define the level of access for all users on the network.  The rule of thumb is, everyone should only have the minimum level of access they need to do what they need to do. One size does NOT fit all when it comes to user access policies!

In addition, the Security Policy should provide for immediate deletion of user accounts whenever the need for the account goes away (employees who leave, changes in suppliers, etc.) Every extra active account is an internal threat to your network security.

Controlling Access Within Cloud and Virtual Environments

Cloud and virtualization technologies have provided some great benefits with regards to manageability, flexibility and cost savings.  However, close attention must be paid to ensure that users accessing systems in the cloud, and/or virtual machines can only access the systems and applications that they need.

There are tools for securing these environments, and they should be used. Also, pay some attention to what regulations your business must follow to demonstrate compliance. The financial and healthcare industries, for example, have very specific requirements with regards to data storage and security.

In general, it’s best to address the issue of Network and Data Security from the top down, rather than the ground up. Devise an appropriate Security Policy and make security awareness a part of your corporate culture. Make sure it applies to everyone, and enforce it. You should also re-assess your infrastructure’s security at least annually.

Clare Computer Solutions can help with a lot of the planning, evaluation, implementation and maintenance of your company’s data and network security. A place to start is with a Disaster Recovery and Business Continuity plan. Security breaches can be very costly – they could put you out of business. Take the time to protect your business!

For more information on ways to avoid these internal threats and protect your business, watch this short video on Business Continuity and Disaster Recovery Tips, or contact us.

CTABanner_OutsourcingIsntADirtyWord

Web Content Management – Big Brother or Smart Business?

Web content management has become more important for business than ever before. There can be little doubt on the liberating effect on workers and businesses of widespread internet access. Having ready access (from a variety of devices) to a wealth of information and easy communication has transformed society and business.

But with any transformational technology, there are good and bad aspects.

Here are three areas where unfettered internet access could have a negative effect on your business, and why web content management is so important:

Bandwidth

Your business-grade internet connection can seem like an old modem connection if too many demands are placed on your available bandwidth. Any business should aim for enough bandwidth to handle the businesses’ anticipated needs with regards to web access (for business), email, phones (VoIP), file transfers (for business) and data backup. But what if the employees at your company are also listening to streaming music, watching videos or downloading large media files for personal use? That drives your network performance down, and your costs up – does this make good business sense?

Malware/CyberCrime

Most modern businesses take steps to catch viruses attached to emails, and prevent hacking from the outside of the network inwards. Now, many modern cybercriminals turned to enlisting the help of your employees, usually without their knowledge. Many seemingly benign websites have malware within their site’s code which can infect users’ machines and be very difficult to eradicate. In addition, phishing attempts exploit users and trick them into following bogus links to infected sites or open innocent-looking email attachments.

Time Theft

How many of us have casually looked for something on the internet, which led to something else which led to something else (and so on), and suddenly, two hours have gone by?  Multiply that by the total number of employees at your company, and the potential loss of productivity is enormous.

Given these facts, it’s not inappropriate to protect your company’s investment in personnel and technology by using web content management to control the use of your company’s internet connection. There are a number of solutions to choose from, and many are very sophisticated – allowing controls on internet usage based upon each employee’s legitimate needs, and even the time of day.

Clare Computer Solutions has helped quite a few companies take back control of their corporate internet connection, and save thousands of dollars in the process. Contact us today to see how we can help your company!

5 Tips for Safer Online Holiday Shopping

There’s no doubt that online shopping is convenient. Shoppers have access to an incredible selection of products and can easily comparison shop for the best quality and lowest prices. The online shopping experience is here to stay – the consumers have spoken!

With the convenience comes some risks, however, and while they shouldn’t deter shoppers from making online purchases, it’s wise to make sure you shop safely, and not become of victim of cybercrime. Here are 5 tips to help you shop safely.

1: Shop from your own device, from home

Don’t use public terminals for online shopping and avoid public wireless networks. You have no way of knowing what malware might be installed on a public machine or how secure a public wireless network is.

2: Always make sure your shopping connection is secure

The address to a shopping site should always be via a Secure Socket Layer (SSL) connection. How can you tell? Look at the address bar in your browser – the address should start with “https” instead of “http”.  Some browsers also have a little “lock” or “key” symbol that appears when you’re connected via SSL, but the “https” is the best way to be sure.

3: Try and stick to sites you already trust

It’s easy to get creative and find some unusual or special items via a search engine, but you’re generally better off shopping at sites you’re already familiar with. That doesn’t limit you to large chain stores – just businesses you already trust. Never shop at a site you found through an emailed link.

4: Keep your antivirus and anti-malware software up-to-date

Cybercriminals are always busy finding new ways to exploit vulnerabilities in PCs, tablets and phones – make sure you’re protected before shopping.

5: Use good judgment

Don’t let “shopping fever” cloud your judgment. Avoid buying anything – even something you want – from a site that looks “wrong” in any way. You should never give up any more information than necessary to complete the transaction. NEVER give your social security number. If you have to create an account on the site to purchase, use a strong password, and never use an emailed link to go to a site to shop. If a deal sounds too good to be true – chances are it’s NOT a real “deal”.

Cybercriminals (like most criminals) are always looking for the easy victims. Keeping these tips in mind can help you avoid being a victim! Clare Computer Solutions can help your company to protect your network – contact us today to get started!