Envision IT - Louisville Computer Support

//
JUL
07
2015

Windows Server 2003 End of Life is Looming

Envision IT  would like to inform you that Windows Server 2003 support is ending July 14, 2015. In the interest of protecting and informing our clients and others using Windows Server 2003, we share this information so that the necessary steps may be taken to safeguard the continuity of their systems.

Migrate before it’s too late:

  • No updates or patches after Windows Server 2003 end of life support
  • No compliance—or a complete lack thereof—with standards and regulations (HIPAA, PCI, and others)
  • No safeguards because instances of Windows Server 2003 will be susceptible and exposed

July 14, 2015 is right around the corner. This is the moment to ensure that you have a plan to migrate the applications and infrastructure currently relying on Windows Server 2003.

Envision IT recommends migrating to maintain optimal performance and security. If your business utilizes Windows Server 2003, contact us regarding your service and migration options. Call us today to discuss, 502-694-9446!

JUN
15
2015

Why is Software Patching Important?

For many businesses, especially those in the small to mid-size sector without Managed Servcies Support, basic network maintenance and IT security strategies can have a serious impact on the overall success of the company. The outcome of gaps in these areas are not only directly time consuming and costly to rectify, but could also lead to more serious threats to your company’s confidential data. One of the most basic principles of system maintenance and IT security is to implement regular software patching.

Microsoft, Adobe and Java products are operating in our technology components everywhere. Devices such as servers, desktops, laptops, and smartphones to name a few have all incorporated these products for various commonly used functions, and this ubiquitous nature is part of what makes these products attractive targets to hackers around the world. Mitigating your risks in this area through diligently managing and installing software patches (or updates) in a timely manner is not only a key activity but is also one of the most basic and easy actions for your IT department or managed IT provider to implement. Check with your IT support provider. If they do not currently manage this basic maintenance level activity, you should be asking them why.

Impact of Neglect
While patching servers is of moderate importance (malware infections are largely mitigated by a general lack of web browsing or the opening of potentially poisoned PDFs ), patching of workstations is critical. Without the proper safe guards such as up to date software and antivirus programs, malicious software such as malware, spyware, and viruses can be unknowingly injected into a PC through avenues like infected website advertisements and easily trick users into unwittingly installing something that can annoy the them at best or completely corrupt a Windows installation, steal confidential company data or financial documents, or ransom the user’s data at worst.

The direct costs of infections and/or breaches due to an unmaintained network can increase overall costs of network support and strain what are often tight technology budgets. For example, malware removal could take up to 2 hours per PC, and if the infection cannot be removed in that time, it often becomes more effective to either rebuild or scrap and replace the PC. The direct cost in the technician’s time to troubleshoot and/or the cost of new equipment coupled with the user’s downtime add up to a high price tag that could possibly have been avoided by proactively keeping up on software updates.

Simple Solutions
The second Tuesday of every month is what is known in the IT world as “Patch Tuesday” – the day Microsoft releases its latest batch of software updates for the products it sells and supports. These updates typically correct known issues with software programming, to improve system performance or application integration with Microsoft operating systems, and to address security vulnerabilities that have been found and/or exploited (also known as zero-day vulnerabilities). Microsoft will also, on occasion, release “out-of-band” patches if a zero-day vulnerability is actively and pervasively being exploited by malicious software. Microsoft does provide update management software free of charge (called Microsoft Windows Server Update Services, or WSUS) that can facilitate patch management and delivery to workstations in a managed domain environment. In smaller, workgroup environments, automatic updates can be set to download & install patches and reboot the PC at a specific time when it will minimize the impact on the end user’s productivity. Adobe and Java release their software patches with somewhat less regularity.

Although it is near impossible to completely prevent infections or breaches in a network that is attached to the Internet in any way, by not taking at least the basic preventative measures to protect your information technology investments and sensitive data, you may be inviting trouble right through your door.

Be sure to contact Envision IT today if you don’t have a monitored, software patching plan in place.

APR
26
2015
Business IT Support & Services

How to Ensure a Successful Office Move

When a company decides to relocate their office space, it is an exciting time for their employees. Changing a work environment can have benefits for any organization. It is a time for the implementation of new processes and can be a morale and productivity booster. But, moving an office can become a huge undertaking for the employee who is put in charge of managing the monumental task. Communication, prioritization, and planning can cause undue stress for anyone regardless of their experience or skill level. Whether you are moving a corporate headquarters or a small office, the following are pieces of advice on how you can ensure a successful office move.

Selecting your new space and creating a floorplan

You may be starting with a blank space or you could be moving into an office space that was previously configured for another organization, either way, you are probably going to need to reconfigure your new space to best meet the needs of your company. You must first consider if this reconfiguration is going to be cosmetic or if a general contractor will need to be involved. If the space requires building individual offices, break rooms, or other space such as conference areas, starting with a general contractor with a good reputation should be your first step. Asking for references from other companies can ensure you hire a reliable general contractor. If no renovations are needed, you should begin with a floor plan which provides a sketch of each employee’s work space and miscellaneous spaces (kitchen, bathrooms, server/IT rooms, etc.). This can be done by the project administrator themselves or by hiring a professional space planner. This is a great time to see if your existing furniture will fit, if you will have to purchase additional items or if you need to purchase all new furniture. It is also important to take into consideration any growth your organization may have during this planning stage. Making sure the space is properly configured for your company’s needs can ultimately save money by eliminating future changes to the space.

Hiring professional installers, office movers, and working with other vendors

Moving your ISP and phone services – This part of the project usually requires the most notice to your providers (at least 30 day but 60 days to be safe as the waiting list to have it installed could be quite long). You should contact your current ISP and phone provider as soon as you know your office will be relocating. You should ensure that they provide service at your new location, verify the length of your contract, and contact new providers if your current providers do not provide service in your new area. This is a great time to discuss contracts and pricing as well as considering increasing your bandwidth. With new technologies such as cloud computing, mobile BYOD (bring your own device), and a growing mobile workforce, this is a great time to plan for the future of your business.

Hiring a cabling provider – If you have any existing IT provider they may provide this service or can help you to find a vendor in your area. Most new offices will need new cabling, new drops, jacks, face plates, and patch cables. A simple walkthrough with your cabling provider can help them determine if you need Cat 5e or Cat 6 cabling and whether conduit or other infrastructure needs to be installed. This is also dependent on your floor plan. As you can see, doing things in a particular order is important. The cabling and ISP/phone installation needs to be in place and tested before moving any network/IT infrastructure. This is a great time to consider moving phone service to new platforms such as Skype for Business and/or integrate video conferencing and instant message services to improve internal and external communications.

Moving your network/IT hardware – Informing your current IT provider or contacting a provider in your area should be next on your list. Hardware such as servers, firewalls, switches, racks, and other expensive and fragile equipment can be damaged by office movers and is rarely insured. This is a wonderful time to look at upgrading antiquated equipment, ensuring that all equipment is under an active warranty, and decommissioning any equipment that is no longer in use. It is also important to make sure all of your necessary data is backed up prior to the move as well. Also, consider the need for an electrician at this time as large network equipment such as UPS battery backup systems may need special outlets installed if they are not available in the new space. Next, consider any HVAC and ventilation needs in your server room/closet (servers cannot withstand excessive heat and this equipment also puts off a lot of heat as well). Consider using an audio/visual consultant to move any large televisions, audio equipment, Smart Board technology, or other equipment not supported by your IT provider.

Moving security systems – Most likely you will need to involve whomever installed this equipment originally to move the hardware. It is also a great time to make sure your equipment is under warranty, is up to date, and does not need to be replaced. You will also need to consider adding or removing cameras and other security hardware depending on if you are moving to a larger or smaller space. And, at the risk of sounding repetitious, this is also a good time to review your contract.

Moving your desktops, laptops and printers – Most office movers can move this type of equipment, but, if you have a service contract with a printing company they can also move your printing/copying equipment as well. Most likely, your IT provider will need to be involved in this portion of the move as well to re-establish connectivity of all devices once they arrive at the new location. Your IT provider can also usually provide this service as well.

Moving office furniture and/or company signage – Hiring professional office movers is always the best option. These companies tend to be bonded and insured along with having many years of experience. Your location Better Business Bureau or fellow business owners can be the best source to find a qualified office moving company. Make a list of all of the items that need to be moved (including your exterior or interior signage) and provide this list to the moving company to ensure the most accurate quote possible.

Miscellaneous vendors – Although often overlooked, you may need to consider notifying or changing vendors such as janitorial services or vending machine providers. Once again review your current contracts and contact them to see if they provide service in your new location. You will also need to make sure couriers such as UPS, FedEx and the USPS know when to stop picking up or delivering to your old location and begin at the new location. Lastly, make sure your website, flyers, stationary, business cards and other branded items get updated with your company’s new address and phone/fax numbers.

**All vendors should provide a project plan, statement of work or other form of documentation telling you exactly what you are paying for and any down payments that are required.

Organization, Archiving, and Destruction of Antiquated Paperwork or Hardware

Moving provides the perfect time to get organized. Consider archiving old data from your server, hiring a shredding company to shred outdated documents, decommissioning old hardware and donating unused office furniture and supplies to a local charity. This will help to ensure that your new office space is clutter-free and productive from the very beginning.

The Big Grand Finale: Moving Day

Finally, after months of planning, moving day has arrived. This is normally the most chaotic day your company will experience. But, with proper communication to staff members and a company organization plan, this too can be a stress-free day. Start by creating a well thought out announcement to help employees pack and label their items and distribute a timeline for the week prior to the move. Provide boxes and other storage to your staff members to pack their personal and work items. Create a number or color-coded system to ensure the boxes get placed into the corrected rooms/areas by the movers (make sure the movers have a copy of this as well). Lastly, try to schedule your key providers (IT, printing, other contractors as needed) to be on-site the day of the move to help resolve last minute issues. In closing, remember that an office move is exciting for your employees, celebrate the day and your company’s achievements, and enjoy your new, up-to-date, organized office space with increased sales and company profit!

NOV
26
2014
HIPPA Medical Checklist

HIPAA Compliance Checklist for Small Medical Practices

If your experience is similar to that of most doctors who decide to take the plunge and start their own small medical practice, you probably had no idea how many  non-medical things you have to take care of to ensure your fledgling business is setting out on the right foot. Securing a business loan, hiring a staff, finding office space and moving in—so much to do. Well, here’s another thing to worry about: compliance with the data security requirements of the Health Insurance Portability and Accountability Act (HIPAA).

When you’re the employee of a hospital or large healthcare network, HIPAA compliance is largely taken care of for you. When you own a small medical practice, the responsibility for protecting your patient’s sensitive health information (and protecting your own business from steep HIPAA penalties) rests squarely on your shoulders.

IT—computers, software, Internet connections, networks—is what makes most modern businesses run smoothly, and doubly so for medical practices, as paper-based patient records become a thing of the past. As you build your practice, choosing how to spend your IT investment is a huge decision. Part of the decision has to be ensuring that whatever configuration and vendors you go with, the protected heath information (PHI) of your patients is safe from falling into the wrong hands.

To help you make the right IT choices for your small medical practice, here is a checklist of the main HIPAA requirements for data security:

Area 1: Access Controlcheckmark

Access Control is tech-speak for the concept of allowing users access to the functions they need to perform their jobs—and none of the functions they don’t need. This limits the likelihood any user will jeopardize information security by using systems they have no business accessing. Here is what HIPAA requires in the area of access control:

  • Unique user identifications. Every user on your system must have his or her unique login ID and you must be able to trace all activity back to one of these unique IDs.
  • Emergency access procedure. There must be a plan in place to access the patient information you need in the event of an emergency. For example, to protect against a power outage, you could keep a fully charged laptop on hand equipped with a mobile hotspot.
  • Offsite backups. In case all the data stored on servers or computers in your office is destroyed (by a natural disaster or otherwise) you must have up-to-date offsite backups ready to take over.
  • Automatic logoffs. Your system should automatically log users off when their station is left unattended. This prevents unauthorized users from seeing information left open during somebody else’s session.
  • Encryption. Digital information must be encrypted (basically, secured by a computerized secret code) as it’s transmitted within your practice.

Area 2: Audit Controlscheckmark

When IT people talk about auditing, what they mean is the ability to record and examine activity by every user in every system. HIPAA prescribes no specific requirements for auditing, but a big part of complying with HIPAA is being able to determine when and if a security violation occurred. There are no requirements for how often audit reports should be reviewed or even what specific data should be gathered, but:

  • A medical practice must keep, at minimum, basic audit reports.
  • These reports should record when a totally unauthorized user (somebody outside the system entirely, like a hacker) logs in or attempts to log in.

Area 3: Integritycheckmark

Maintaining the integrity of your data means, from HIPAA’s point of view, that your data is neither altered nor destroyed except by someone who is authorized to do so.

  • To maintain integrity, HIPAA requires that you have a mechanism to authenticate electronic protected health information (PHI). This could take the form of, for example, a function that can check the number of records in a database to ensure that nothing has been deleted without being properly accounted for.
  • Backups are essential here, too, so you can recover any information that has been destroyed without authorization.

Area 4: Person or Entity Authenticationcheckmark

In the eyes of HIPAA, this is slightly different from the access controls requirements we discussed earlier. When we talk about person or entity authentication we’re talking about procedures that verify that a person (or entity) is who they say they are. All Internet users are familiar with this one. Think of the password you use to log in to your email or Facebook account.

  • HIPAA’s minimum requirement is a password or personal identification number (PIN) that only the authorized user knows.

Area 5: Transmission Securitycheckmark

Transmission security refers to guarding against unauthorized access to protected information as it is being transmitted outside your practice—via email, over the web, etc. HIPAA’s requirements for transmission security include:

  • Integrity controls. In this case, the integrity of the data means that it has not been modified during transmission. Standard network protocols should be used to ensure the data received is the same as the data sent.
  • Encryption. Sending and receiving encrypted information to and from organizations outside of your practice can be tricky. For encryption to work, both the sender and receiver have to be using the same encryption and decryption method. For example a small medical practice like yours would have to encrypt patient information (like procedures performed) as it’s transmitted to and from insurance providers and other kinds of patient information (medications, for example) as it’s transmitted to and from another medical office. The encryption to and from the insurance office might be a different kind of encryption than to and from another medical office.  So, the HIPAA requirement is to have in place as many kinds of encryption as necessary.

 

Find All This Overwhelming? Get Help

As you can see from this checklist, ensuring HIPAA compliance can be a monumental task for any owner of a small medical practice. And this is just the IT side. There are that aren’t strictly related to the IT tools you use, like drafting employee computer policies.

Often, your best bet it to find and work with an IT partner with special expertise in helping practices like yours achieve and maintain HIPAA compliance. This will allow you to move on to all the other things you need to do to establish your practice and keep it running. Call Envision IT today at 502-694-9446 to discuss how we can help your medical practice.

COMMENT 0
TAG
JUN
12
2014
Louisville Network Security & IT Support

10 IT security risks that small businesses can’t afford to ignore

 By Ellen Messmer, Network World |  Security

Generally thought of as having up to 500 employees, small businesses constitute the vast majority of companies in the United States, making them a critical part of the economy. Their customers naturally expect personal and financial data to be kept secure, and a data breach is a painful and expensive ordeal. Like the larger enterprises, small businesses that accept payment cards have to follow Payment Card Industry rules. It can be daunting for a small business that may not even have an IT department to think about how to tackle network security.

But here are 10 top tips to get started:

1. Business managers need to gain the basic knowledge of where the most important data is held, whether it’s on site in traditional desktops and servers, or in cloud services and mobile devices (including possibly those in “Bring Your Own Device’ arrangements).

Whether this knowledge is presented by the in-house IT manager or an outside technology provider, the data storage, access permissions and data processing should be documented, including whatever security controls are in place. There needs to be a conscious decision by business and technology managers, preferably with legal advice, that these security controls are adequate relative to risk. That lays the foundation for what is also needed: a back-up and disaster recovery plan.

2. Bad things happen to good businesses. Floods, fires, earthquakes, the outside thief and the insider threat, and of course malware are all factors that can impact the safety of stored data.

Automate the back-up process. Since virtually every business now depends on some form of computer processing, ask the question how employees could proceed if your physical site is suddenly not available. Plan for disruptions that could last weeks if not months — and test it to make sure it’s viable.

3. Train employees about the nature of today’s cyber-attacks. SMBs tend to think that cyber-criminals are going after the really big guys, not them, but that’s simply not true.

Cyber-criminals in particular target SMBs to compromise the PCs they use for online banking and payments in order to commit fraud in a big way by emptying out business accounts. Unfortunately, there’s actually less protection for recovery of stolen funds under the law for businesses than for consumers. Banks may even give the small business a hard time, questioning the security it has in place. How does cybercrime often begin? In many cases, the victim opens a “phishing” e-mail message with an attachment laden with malware that will let the attacker begin infiltrating the network. To tamp this down, spam filters should be in place to try and catch phishing e-mails and other junk. But some of it, especially highly targeted, will get through and employees should be trained not to open anything that seems even remotely unusual. Because web-based malware is also commonplace, applying Web-surfing controls on employees’ Internet use is also a good idea. The big companies are starting to use advanced malware protection systems that can track targeted attacks in various ways, and small businesses should too — if it’s affordable. There is also a strong argument to consider setting up a dedicated computing resource strictly for online funds transfer. There are many phone-based social-engineering scams out there now as well and employees need to be wary.

4. Deploy the security basics. That means firewalls for wireless and wired-based access points, and anti-malware on endpoints and servers, acknowledging that traditional signature-based anti-virus is a limited form of defense.

Consider technologies such as ‘whitelisting’ to prevent computer software downloads. Over the years, security vendors have frankly conceded they’ve often had a hard time marketing to SMBs, establishing channels of sales and support, and often tried to create editions of their basic products oriented towards fewer numbers of users and less technical expertise to manage them. But some practices are critical for all: Be rigorous about patching all operating systems and applications as quickly as possible. If your business is short-staffed in terms of security expertise, seek outside technical support under a managed security services arrangement. If there’s a malware outbreak, for instance, you will need that expertise. Read articles, join technology user groups, speak with industry colleagues to get tips about outside assistance. Keep in mind that if your business accepts payment cards, it’s mandatory to adhere to the data privacy requirements spelled out in the PCI guidelines, which also includes encrypting sensitive information. The government’s HIPAA and HiTech security rules also require encryption of personally identifiable information in the healthcare industry. Encryption of data at rest and in transit is just a good idea — so why not do it?

5. When disposing of old computers and other devices that store data, remove the hard disks and destroy them.

This goes for other types of media, too. And don’t forget paper holding sensitive information as well.

6. Get detailed when it comes to each individual’s access to data.

This takes time, but determine what employees or outside business partners really need to have in terms of network and applications to do their jobs. Keep a record of this and consider using more than passwords, perhaps two-factor authentication or even biometrics. This also goes for systems administrators, whose jobs give them huge power over all the information systems in use. Options include requiring a dual-authentication process — something the National Security Agency claims to be doing more vigorously after former NSA tech contractor Edward Snowden leaked all those secrets. Your business is probably not as top secret as the NSA’s, but your internal network and all the most critical data may well be under the control of a sys admin whether you think about that or not. And finally, have procedures for immediate de-provisioning of access and credentials when an employee departs or a business arrangement is altered.

7. Trust but verify, as the old saying goes.

Do official background checks on prospective employees to check for criminal history (some companies are even evaluating prospective employees by looking at what their public social media history might indicate about them).

And when it comes to technology vendors or cloud service providers, make sure whatever they promise is in a signed contract with some kind of consequences spelled out for failure to deliver. Consider paying a visit to data-center operations operated by business partners with whom you plan to electronically share your customer data, for example, and have them provide details on their security, backup and personnel involved.

8. The era of mobile smartphones and tablets is here and it’s disruptive.

Whether a transition to using smartphones or tablets in your business has begun or not, the recognition needs to be there that they represent new operating system platforms with different security requirements and methods of updating and control than older PCs and laptops.

Though the mobile-device marketplace is fast-paced in terms of change, both business and IT managers alike should be strategizing on the management and security options — and that includes “Bring Your Own Device” situations where employees are allowed to use their own smartphones and tablets for business. It will mean balancing the security needs of the business with the personal data usage of the individual, who after all, owns the device.

At the very least, BYOD raises legal questions since business data is no longer being held on a device issued directly by the business. Mobile-device management software is often in consideration for use, with the question of whether to move to so-called “containerization” options for data segmentation. If it’s any comfort, the big companies are all struggling with questions like these as part of the mobility revolution. There are no pat answers.

9. Don’t forget physical access in all this.

There should be a way to prevent unauthorized individuals from getting near business computer resources. That might mean the cleaning crews at night as well. Challenge unexpected visitors in a polite but determined way.

10. Though the business may be small, think big. Focus on policy.

That means devising an employee acceptable-use policy that clearly defines how employees are expected to behave online, how data is to be shared and restricted. Have them read and sign it, making it clear if there’s monitoring of online activities. There should be possible penalties for non-compliance. But just clamping down on employees is not usually a way to encourage the kind of creative thinking and productivity that businesses need in the world where online communications is critical. The challenge is finding the right balance.

Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com

MAY
30
2014
Louisville Microsoft Tech Suppot

How Microsoft’s Internet Explorer Fix Reinforces the Need for Proactive IT Management

On Thursday, May 2nd, Microsoft issued an out-of-cycle security update to address the Internet Explorer security flaw publicly disclosed last week. The remote code execution vulnerability lured IE users, who make up over half of the Internet browser share, to click on malicious links, which potentially could have then granted hackers full control of individual PCs.

Microsoft reported that only a limited number of targeted attacks had been identified, but still urged users of Internet Explorer versions 6, 7, 8, 9, 10, and 11 to immediately install the patch. They even showed a little mercy on Windows XP users by pushing the update to that outdated OS, too. “When we saw the first reports about this vulnerability, we decided to fix it, fix it fast, and fix it for all of our customers,” said Adrienne Hall, general manger of Microsoft’s security unit.

This all-encompassing patch should resolve any Internet Explorer issues. However, don’t let the fix keep you from always following these rules of the road for smart, secure Internet usage:

DO NOT click ANY embedded links in email messages or on public web pages unless you know the sender or source DO NOT browse public web pages from PCs that access confidential data like credit card, protected health, or personally identifiable information Call a trusted IT provider BEFORE clicking on anything that appears suspicious, or if you think your computer has been affected

 

So how will this fix be implemented?

Microsoft said that, for customers who have automatic updates turned on, the security patch would install automatically. But many computers are wary of such programmed updates — and many don’t know how to verify they’re enabled.

Which is where proactive IT maintenance and monitoring comes in. Envision IT’s around-the-clock service began deploying the Internet Explorer patch less than 12 hours after Microsoft issued it, and many of our clients had it installed on their machines when they showed up to work on Friday. All without stressing over whether to click “Yes” when prompted for an unfamiliar update or waiting for an internal IT resource to come by their desk and manually install it.

Beyond keeping your computer safe from the hackers behind this recent Internet Explorer bug, how else can proactive IT services benefit your business?

  • By keeping your employees productive and efficient, which saves you money
  • By keeping your data and network secure, which gives you peace of mind
  • By keeping your systems running 24/7, which allows you to better serve your customers
  • By keeping your IT goals in focus, which helps you strategize for the future
  • By keeping human intelligence — high-level consultants, help desk technicians, and on-site support — in charge of your technology, which provides a valuable competitive edge in today’s rapidly evolving marketplace

 

Want to stop worrying about the security of your systems? Ready to stop spending hours trying to fix issues yourself? Contact Envision IT today to find out how we combine superior customer service with complete, proactive IT support.

APR
19
2014
Louisville Managed Services

Focus on managing your business. We’ll focus on managing your IT.

When someone asks, what your business does, you wouldn’t say “managing information technology”, would you? For an easy and fixed monthly fee – a mere fraction of the cost of hiring a full time employee – we’ll take away the worry, frustration, and considerable cost of managing your IT services in Louisville. No more hiring, managing, sick time, training or firing.

With Envision IT as your business outsourcing partner in Louisville, you can take back control of your network. Our IT managed services watch over your systems 24/7, and we step in the moment something goes wrong. This proactive approach to Louisville network support solves small problems before they become big disasters, not to mention expensive. Your employees will have a full team of IT professionals at their fingertips to answer and solve their computer and network issues in Louisville.

We also offer Consulting Services and Cloud Services like:

  • Office365
  • Hosted Exchange
  • Remote Data Backup
  • Remote Monitoring
  •  

So, if your Louisville business has between 5 and 200 employees, call us today and find out how we can lower your operating costs, provide a higher level of service, and get you back to what you do best…running and managing your business.

Call us now! 502-694-9446

AUG
14
2013
Envision IT - Louisville Network Security

5 Tips for Business Security

No business is too small for cyber-thieves to target. For National SMB Week, here are a few ways small businesses
can protect their data from thieves and their customers from malware.

By Fahmida Y. Rashid
Article Date: June 30, 2013 / PCMag.com

The most pervasive security myth is the one that has business owners sticking their heads in the sand,
ostrich-style. “It won’t happen to me,” small business owners say when they hear about targeted attacks,
phishing scams, and sophisticated malware. “I’m too small for the criminals to bother with,” they think,
when they hear about data breaches, network intrusions, and website attacks.

If that was ever true, it’s wishful thinking today. It’s increasingly clear that cyber-criminals don’t look at the
size of the company when launching their attacks. Data is data, and even the smallest organization has
valuable data the criminals can steal and sell. The days of “I’m too small for them to find me” are long
gone. In many cases, the small business may just be a stepping point in a chain of attacks, with the
criminals targeting the smaller and weaker networks as part of a comprehensive campaign against larger
partners.

Both the volume and sophistication of attacks are growing, making it difficult for SMBs to keep up their
defenses. In honor of National SMB Week, the Certificate Authority Security Council has provided a few
simple steps SMBs can follow to secure their online presence. With these tips, business owners can make
sure their site visitors can safely visit, search, enter personal information, and complete a transaction.

Passwords Are Essential

The first suggestion is to “Create unbreakable passwords” for accounts related to your online presence,
such as the domain registrar, hosting account, SSL provider, social media, and PayPal, among others,
said Rick Andrews, technical director of Symantec, on the behalf of CASC. While there is a lot of
discussion about the need for better authentication schemes, passwords are still the main way to protect
online accounts, making strong passwords essential.

Criminals can easily set up computers to cycle through random combinations to brute-force attacks. If the
password is weak, this process takes very little time. PCMag.com recommends using a password
manager
to randomly generate strong passwords and to store them securely. If the service offers
two-factor authentication, you should really take advantage of the extra layer of protection.

Scan Your Sites

Websites can be infected with malware, just like your PC. Regularly scan your site for vulnerabilities and
malware. Attackers can take advantage of vulnerabilities to infect the site with malware or inject malicious
code to redirect visitors somewhere else. Infected sites may load slowly, display unwanted
advertisements, and infect user computers with malware. Look for a site scanner—something like
StopTheHacker Web-Malware Scanning, that will monitor your site for problems and alert you when
necessary.

Update & Patch

Is your Web server regularly being updated and patched? It’s not just the server, though—your Website
also needs to be regularly patched. If you used a popular content management system (CMS) such as
WordPress or e-commerce platform such as Zen Cart, then you need to make sure you are updating your
software regularly. Attackers frequently target plugins in WordPress, so installing patches regularly is a must.
Check with your hosting provider or site maintainer to find out if all the software is being updated on a regular basis.

“Updates must be installed on your website, just like installing the latest
Windows Updates on your PC,” Andrews said.

SSL Certificates

Consumers need to trust you are a legitimate business, and SSL certificates help verify your identity. No
site should attempt to collect personal information or e-commerce without a trustworthy SSL certificate to
assure users their information is safe.

Don’t Lose Control

No matter who you hire to work on your site, the business should always retain control of the domain
name, SSL certificate, and actual Website. It’s all too common for business owners to hire someone to
build their website, and when that person leaves, there goes the only person with access to the SSL,
domain name, and hosting account. It’s harder to add people to the account or transfer ownership when
the original account holder is not around. If building and maintaining the website is outsourced to a third
party, make sure someone within the organization is also on the accounts to retain control. If the
employee leaving is the one who had access to the accounts, make sure to add a new person to the
account beforehand. This way you will be able to still manage your certificate, domain name, and hosting
account.

This article originally published June 30th, 2013 on PCMag.com

AUG
08
2013
Envision IT - Louisville IT Support

What Does IT Support Offer Your Business?

Every business at some time or another will need IT support. When times are busy the last thing that staff members need is to stop what they are doing to deal with IT problems. These are best left to professionals, and IT support is available in various formats. Businesses can choose to hire a full-time IT professional, or outsource to another company to cover any issues that may arise.

What does IT support involve?

The chosen IT professionals will examine the existing network within the business to ensure that it meets specified requirements, is running efficiently, and has proper security in place to protect business and client data.

IT support can also extend to the company’s telecommunications. This could mean dealing with the installation of phone lines, the set up of smartphones per company policies, or installing an entire VoIP phone systems. More and more companies are relying on mobile devices in the field for their communications, and having a professional on hand to provide security advice is sensible. What happens when one of those devices turns up missing? How much company and client data could someone access? As more employees bring their own devices (BYOD), there’s more need for companies to make sure their data is protected from wherever it can be accessed.

Getting the right IT support

As there are plenty of options for IT support it can be hard to know where to start. Getting a good deal from an external organization is important, but given that services on offer can be very similar then prices will often be very similar too.

A business may need a specialized service such as data protection, HIPAA compliance, POS, etc. So with this in mind, a specialist professional should be sought. It is important to know that the appointed IT professional is local but will also be available to help in the event that the business decides to move or expand. Off-site monitoring is a bonus but it is worth noting that physical visits will be needed from time to time.

A large firm will offer a wide range of IT services while a smaller one-man band may be a little limited in how much help they can provide. A bigger firm can be an advantage for a company that has multiple sites but it may lack the personal touch that many people expect these days. Most companies will expect to have a long-term relationship with their IT professionals, so it is important to know that a good relationship can be built with them.

A dedicated account manager is often a bonus as it gives the company a single point of contact in the event of a problem. The account manager should be able to fully explain all details of the service agreement and both parties’ obligations at the start of the contract.

Look for a firm that can guarantee their response times. It is important to know that the business will not be left waiting for days on end for the IT firm to get around to fixing a problem. The Service Level Agreement should include a clear statement on how long the maximum waiting time is for a visit. The technicians may not be able to fix the problem immediately, but they should at least be out fairly quickly to inspect it and make an assessment.

If you think you might be in need of local, Louisville IT support, we’d like to talk to you.

JUL
31
2013
Louisville Firewall Support & Network Security

Why Your Business Needs A Firewall

What is a Firewall?

Firewalls provide protection against outside attackers by guarding your network from malicious or unnecessary Internet traffic. Firewalls can be configured to block data from certain locations while allowing the relevant and necessary data through. They are especially important for users who rely on continually accessible connections.

Firewalls, whether hardware of software (or a combination of the two), provide a security boost to any environment. For businesses, firewalls are such an important part of having a reliable computing environment and dramatically reduce threats that can lead to costly data loss, breaches, and down time.

Small to Medium Size Business and the Standard Router

Larger companies understand the risks of their large computing environment and with that understanding often employ multiple business-grade firewalls. However, for the small to medium size business, often run from a home office or other unconventional space, the threats are equally hazardous and require more than the basic ISP-provided router (intended for household use only).

These routers are the address of your connection to the internet. An ISP router is the go-between from your business to the internet and only directs the traffic flow. These routers just do not address the vulnerabilities of a business’s information transactions.

These ISP routers do not filter or inspect the traffic, nor do they detect intrusions. Basically, this leaves your business open to web risks at large, which is only multiplied when you are transferring any sensitive data in order to conduct work. The risk is not just the compromise of this data, which means losing clients in the event of a breach, but also opens you up to some hefty fines from any number of compliance commissions.

Firewalls Put You in Control of Your Network

A firewall allows you to control the gateway (your front door) of information and gain awareness to security problems that may be attempting to enter. There are a number of different kinds of attacks that are caught via this gateway, the top three are:

  • Network packet sniffers – a hacker intercepts unprotected network information packets and steals the data
  • IP spoofing – an outsider tricks your computers into recognizing them as a trusted source, by posing as a familiar IP address
  • Password attacks – hackers guess or crack passwords used by employees, allowing them to access the computer and entire network to steal further data

A business-grade firewall allows you to filter the incoming and outgoing traffic for suspicious activity, putting you in control and minimizing your risk of attacks.

What Does a Good Firewall Do for Your Business?

In a nutshell, it protects you from costly threats. With the correct settings and subscription renewals, it offers the following functions:

  • Block incoming traffic based on rules – ex. keep employees off of Social Networking sites
  • Block websites – ex. eliminate adult website access, which reduces the associated virus risks
  • Dedicate internet network resources – ex. prevent a group of workers from accessing the web for any reason
  • Firewalls also create logs of users and instances so you can track the events of a particular time period. This kind of log is critical to pin-pointing a breach to contain or fix problems.

Asses Your Security

At the end of the day, your business data needs more than just a router from your ISP. Ask your IT advisor to do a security assessment of your network and find out where your vulnerabilities are so you don’t have to learn the hard way…

12