Security of technical systems and devices used in the office environment is an issue that is important to many companies. Businesses often go to great lengths to ensure that their systems are secure from external threats, yet often fail to take into account inner threats. One of the most common inner security threats is that employees have too much access to systems. A recent survey’s findings have highlighted this problem too.

According to the survey, conducted by Viewfinity, 68% of the 600 IT professionals surveyed don’t know who has administrative access to computers in their office. While this survey looks at the numbers from the IT viewpoint, it’s highly likely that many managers don’t know who has what access rights to computers.

The survey also found that 20% of all respondents noted that between 15% and 30% of users in their company had administrative rights. Is this a bad thing? Yes and no. Some users need to have full access to their systems, especially if they manage other systems, while others don’t.

Is this a big deal?
One of the biggest drawbacks of unnecessary access privileges is security. If users have more access than they need, the chance of a security breach is higher. For example, malware on a locked down system likely won’t spread to other systems in the network without direct transmission. Similarly, if a user can’t install programs because they lack the administration privileges, malware, for the most part, won’t be downloaded and installed.

If a user with full administrative privileges and downloads a piece of malware, chances are high that they won’t even notice it’s been installed and it will be transmitted to other systems with ease. In fact, one of the main ways hackers gain access to networks is through exploitation of administrative rights. They first look for an unsecured computer with administrative rights, hack it and then follow the chain up to more vital network systems.

What can we do?
While the survey was largely centered around IT professionals, business owners can learn from these findings too. They should take steps to audit their network and figure out who has access to what. Then they need to validate the findings and ensure that users have an appropriate level of access privileges. If some employees have no need to download and install programs, then they likely don’t need administrative access privileges.

If this sounds like a chore, it’s a good idea to work with a service provider who can help determine not only the type of access employees should have, but also the appropriate security and management that’s needed to ensure a more secure organization. If you’re unsure of who has access to what, please contact us, we may be able to help.

Virtualization is a buzzword thrown around the tech community on a seemingly hourly basis. From the outside looking in it seems that everything is, and has to be, virtualized these days, and if it isn't you're lagging behind the times. This has led to somewhat of a craze, that can be quite confusing at times. One of the more popular forms of virtualization that has got many experts talking is the somewhat confusing issue of server virtualization.

Here is a brief overview of server virtualization, when you should use it and what you should look for in a virtualization solution.

What exactly is server virtualization? In a nutshell, server virtualization is the practice of taking physical servers and digitizing them into virtual ones. In truth, this isn't a fully virtual solution; your servers will continue to be on a physical server, just in virtual format.

Modern virtual solutions run multiple systems - commonly called instances - on one existing server. Traditionally, servers were inefficient especially when it came to use of physical resources and hardware - much was left under utilized. Virtualization ensures that use of physical resources and hardware are maximized, leading to users getting better value from servers.

This stacking of existing systems onto a smaller number of systems decreases acquisition and overhead costs - maintenance and power - while increasing the amount of physical space available for other functions including room to grow.

Virtualization is largely made possible due to increases made in technology. For example: A server with four processors costs about 1/10th of what it did a decade ago, and is more powerful. More power and cheaper cost has given companies of all sizes the capabilities to virtualize.

When should I employ server virtualization? Virtualization is ideal for functions that are small to medium scale, ie., most simple or day-to-day business functions. If you have applications that are resource intensive and rely on more than one or two servers to be able to run, then it's probably safer to not virtualize that particular service.

Most companies will run physical servers with virtual solutions to a maximum of 50% CPU usage during peak operations. If you have multiple servers running applications that, at peak, only use about 5% of the server's power, these would be ideal to virtualize - you could virtualize up to 10 physical servers.

If an application uses 48% of available computing power at peak usage, it's probably not the best candidate for virtualization as it will cause other instances on the same server to run slower, thus negating any advantages gained from virtualization.

What should I look for in a virtualization solution When looking for a virtualization solution many companies will have different needs that they need to take into account. There are three factors that almost every company should be aware of when shopping for a virtualization solution:

1. It's not 'all-in-one' - This seems to be an increasing demand of many clients; they want one system or server to take care of everything. This is not a good idea, as if something happens to the server all of your systems could be rendered useless. The best solutions take steps to ensure your solutions are redundant. That way if one fails, or needs to be fixed, it can easily be switched to the other with no loss of service.
2. There's a migration solution - Most businesses, especially small to medium enterprises, will likely be looking to migrate servers from a physical to virtual (P2V) solution. This can be a time consuming experience for the uninformed. Therefore, a good service will have P2V migration tools or options to help make the transition as smooth as possible.
3. The service is supported - Due to the increasingly complex nature of virtualization, good services should offer support. The best services should be able to manage your whole virtualization solution, including installing patches and updates and prompt service. They should also be able to work with your existing licences and ensure you're not paying extra, meeting your licensing needs.

There are many different aspects to take into account when virtualizing your systems, and if you don't have the IT support or knowledge, it could be a complete failure. That's why we recommend contacting us if you plan to virtualize. We have plans that can help, or will be able to point you in the right direction. So, call before you start.

Superstorm Sandy, the recent storm that pummeled the Eastern US, brought with it a lot of lessons for all affected. For those in the IT industry the most important lesson was that their disaster preparedness may not be as robust as they thought. Many businesses will react to this by wanting to be better prepared for major disasters. This is positive action but it is important to stress that there are also a million little issues that could pose a bigger threat to your organization. One of those is password management – who is in control of the important passwords.

Search for Terry Childs online and you’ll find a number of articles about a former Network Administrator for the city of San Francisco who is currently in jail for supposedly doing his job. His job, as a network administrator, was to manage the city’s network. When he was asked by his boss for the passwords to critical parts of the network, he refused on the grounds that the request went against the established network policy.

Issues like this: One employee or vendor in control of vital passwords, can pose a big problem to companies, especially during times of disaster. Imagine if you work with an administrator who is based in New York, and they lost power during Sandy. What could you do if your network crashed, or you needed access to your system and someone else has all the passwords?

The most crucial factor is you shouldn’t trust one person or organization with passwords to vital systems. We don’t mean personal passwords to systems, we mean passwords to vital systems, like servers or Internet connections. If one person has the passwords, there’s just too much risk. If they are disgruntled, they have the power to do some serious damage, and if they are injured or are no longer alive, you’ll face untold amounts in lost profit, and fees in recovering passwords and information.

There are a number of things you can do to mitigate problems like these.

• Keep a password list - It could be a good idea to keep a physical list of the more important passwords. This is an important document, so it’s a good idea to not leave this one lying around. If you have a safety deposit box or safe in the office you can put the list here.
• Set passwords to the position, not the employee - Many companies will often give passwords to one person who will be in charge of these. When they advance, or if they switch roles, they will often take a password with them. Instead, look at organizing this a different way around: Assign a password to the position rather than an individual so that when they leave the person filling their role is given this password instead.
• Assign a person to be in charge of passwords – This is a good idea, especially if you work with Managed Service Providers. A person of authority within your organization should be the main contact person, and they should have copies of all passwords given to outside companies.
• Change passwords regularly - To avoid having employees steal things it’s a good idea to change your passwords on a regular basis. If an employee leaves a position and is in charge of an important password, you should take steps to change this scenario even if you trust the person.
• Create the right policy – If you are going to share passwords, or have a limited number of people who know them, it’s a good idea to create a policy that clearly defines: what position has access to what; what happens when someone leaves; how to recover passwords; how many backups will be kept; how and when the password is to be shared. Basically you want to ensure you aren’t caught flat footed. With employees, confidentiality agreements that explicitly state what they can and can’t share and the consequences of breaching the policy should also be clearly defined and followed.
• Pick who to trust - Important passwords shouldn’t be shared with everyone, and you should take steps to vet the trustworthiness of the person or company you will be giving passwords to. If you have an established sharing process, and a vendor you’re considering working with is pushing a policy that is different from yours, it may be a good idea to look for someone whose policies are closer to yours, or who can work around your policies.

If you are in the unfortunate position of not having the passwords to your system, it’s a good idea to get in touch with IT professionals like us, as we are often able to recover systems and passwords, or at the very least, reset them. After you recover your systems, it’s a good idea to test for vulnerabilities, especially if the last person in charge had a tendency to not share information. We can help with this and any other concerns with password management and recovery, so please contact us if you would like to learn more.

Who likes Spam? There’s Spam and eggs (a classic), Spam and bacon and eggs, eggs bacon and Spam, or even Spam, Spam, Spam, Spam, baked beans, Spam, Spam and Spam. Sound like a bit too much Spam? Monty Python thought so in their 1970 comedy sketch which highlighted how Spam seemed to be everywhere. Spam was so popular that the term was applied to email messages that no one wants. We all know and hate email spam, but, do you know how to spot spam?

There are about a million different kinds of spam messages, here’s nine of the most popular (in no particular order) and how to identify that they are spam:

• Emergency messages - These often come from family, or people on your contact list, usually asking you for money because they are stranded. While you may have relatives traveling, it’s a good idea to reach out to them using other means of communication when you get an email like this. Be wary, especially if they don’t want to give a phone number or exact location.
• Requests to update your account - These usually come in after a website has had a security breach. They almost always ask you to update contact information, and usually provide a link. Clicking this link will take you to a site that looks almost exactly the same as the real one, only this one usually has viruses or other malicious intent. If you ever get an email like this: Read the email and sender’s email address carefully – they usually have spelling mistakes – and don’t click any links. Instead, close and log out of your email, go to the website and log in.
• Requests for your password - Sometimes spammers don’t even bother to set up elaborate websites, they’ll just grab the company logo, make a fancy letterhead and send you an email, or message asking you for your password. This type of spam usually comes from scammers posing as representatives of a bank or credit card company. Never, ever reply with your password. Organizations do not ask for passwords over email.
• Obvious misspellings - Unless you work with people or companies with employees who aren’t native English speakers, obvious misspellings in messages e.g., ‘Here iS som3 FREE Stuffz’, usually indicate the message is spam. If you’re not sure, and know the sender, contact them. If you don’t know the sender, or the sender has an email address like: pradaoutletonlinestore4u.comGliemATgmail.com, it’s spam.
• Pleas for help - This is a tough one, we all want to help people, but when we receive pleas to help the poor starving hipsters of Manhattan, you have to be skeptical. Charities don’t email you unless you put your name on a mailing list, or gave them your email when you last donated.
• Contest winner - The main rule here is: If you didn’t enter the contest, you’re not a winner, no matter how sweet the prize. The same goes for those spam pop-ups on some of the more adult oriented websites. You’re not the 1,000,000th viewer and clicking on the link, or shooting the three ducks won’t get you a free iPad. You will get more spam however, or a virus if you’re a really good shot.
• Chain emails - These have been circling the globe more or less since the beginning of the Internet and have now made their way onto Facebook and other social networks. The vast majority of them are harmless, but, they are annoying. Think about it, you get one telling you to forward to 10 people or a cute, fluffy kitten will be shaved. If you forward it to 10 people, you’re now the spammer. If you get emails like these, they are spam, just delete them.
• Messages in attachments - Be extra cautious with this one. If you get an email from any contact that says something along the line of, “Please see my message in this attachment,” or has nothing at all in the body, it’s pretty much guaranteed to be spam. That attachment is likely some malicious software. No organizations or companies will send you messages in an attachment, so when you get one, just delete it.
• Awesome deals – Contacted out of the blue by someone offering you an all inclusive ski trip to Steamboat Springs Colorado for just a dollar? Or how about an LV Handbag for just USD$10? These deals seem too good to be true, and what’s the rule with things that seem too good to be true? They are. Just because it’s in an email, or chat message doesn’t mean it’s real. If you get these, don’t click on any links or even reply to the sender, just delete or ignore them.

There’s one thing in common with nearly all forms of spam, messages usually contain links. If you’re ever unsure about the link, hover your mouse over it for a few seconds, and your browser should tell you where the link will take you i.e., Chrome will display the address at the bottom of the window. If the link looks unfamiliar, or seems wrong, don’t click it.

An important thing to be aware of is that Spam is unwanted, or unasked for. If you sign up for a daily newsletter, that’s not spam, you agreed to allow the company to send you messages. Luckily, most of these have links you can press at the bottom of the message to unsubscribe. To learn more about spam, and how we can help you stop it, please contact us.

The world of tablets and smartphones is a fast one. It seems like a new device that pushes the boundaries is introduced each week. When it comes to Android, what devices set the boundaries for others to break? Google’s Nexus line. Nexus devices are what Google thinks of as the ‘benchmark’ Android device; what an Android device should be. On November 13, two brand new Nexus devices were made available for sale.

This year, there are two new Nexus devices to tempt eager buyers. There’s the Nexus 4, a 4.7 inch phone made by LG and the Nexus 10, a 10 inch tablet made by Samsung. Here’s a brief overview of the two devices based on the five most important aspects most business users look at when looking for a new phone.

The display
The display is one of the most important components of any mobile device, as it’s what enables us to use it. As such, development companies are pushing the envelope in terms of resolution. The Nexus 4 has a 4.7 inch display with a 1280X768 (HD) screen. The display is on par with other devices currently available, and many reviews have noted that the display is the best they’ve seen in midday sun.

Samsung is well known for their displays, take a look at a ES900 TV next time you’re in an electronics store and it’s hard not to stare in amazement at the picture clarity, not to mention the thinness. This quality transfers over to the Nexus 10. The display is 10.1 inches, and has a resolution of 2560X1600 – the same resolution as the new 13 inch MacBook-pro Retina display.

Another noteworthy point related to the display of these devices is that they both use Corning’s Gorilla Glass 2, which make them considerably more scratch resistant than older devices.

Battery life
For business users, the amount of time they can use a mobile device before needing to charge it is crucial. The battery on the Nexus 4 should be powerful enough to get you through the day with moderate usage. Reviews are coming back that the device is actually fairly poor in terms of battery life. According to engadget, “our standard video rundown test, which consists of looping a movie at 50 percent brightness with WiFi on (but not connected) and normal pull notifications for email and social media, (the Nexus 4) lasted for five hours and 18 minutes before the battery died.” Most business users will likely be charging this phone at the office.

The Nexus 10, when subjected to the same test by engadget writers, lasted almost seven and a half hours. This isn’t bad, considering the display, but it isn’t great either, almost every tablet of the same size lasted longer. The late 2012 iPad lasted for just over 11 hours for example.

Processing power
The faster the processor, the better the apps will run. The Nexus 4 has a 1.5GHz quad-core processor which is comparable to other high-end devices currently available. This processor should be more than capable at handling all you can throw at it, and likely will for at least the next year or two.

The Nexus 10 has a slightly more powerful 1.7GHz quad-core processor, which is currently one of the fastest processors available for mobile devices. As with the Nexus 4, the tablet should be able to hold its own for at least the next few years.

The OS
As is tradition, the release of new Nexus devices means a new version of Android. This year, Google has released 4.2, however, it’s an incremental update rather than a completely new version of Android – 4.2 is still called Jelly Bean. The new update brings a number of features including a small update to the layout, a new camera app and a new keyboard where you can swipe your finger over the letters to spell words.

The biggest new feature in 4.2 is the ability to set multiple users. Each user gets their own private environment with different apps, settings and files. The downside to the multi-user environment is that it’s only available for tablets at this time. It will likely be available for smartphones in a later update.

Price and availability
When it comes to picking devices for use at the office, price will play a large part of which device business users select. While the Nexus 7 tablet, released earlier this was ridiculously cheap considering it’s specs, both of these devices carry on this trend.

The Nexus 4 is available in a 8GB or 16GB versions for USD$299 and USD$349 respectively. Both versions come unlocked and can support nearly every network around the world. The only downside is, there’s no LTE. So if you upgraded to a LTE plan in the past few months, you may want to give this one a pass. Does the price seem a bit high? The next cheapest device with similar specs is USD$450. Based on price alone, this phone is worth it, and if you live in the US, UK, Canada, Australia, France, Germany or Spain, you can pick one up now. Other countries will likely have to wait a couple of months.

The Nexus 10 is available in either 16GB or 32GB for USD$399 or USD$499, respectively. While this is a fairly large chunk of change, the iPad starts at USD$100 more. Like the 4, the Nexus 10 is, comparatively, a good deal when looking at price alone.

All Nexus devices can be found on the Google Nexus Store.

Ultimately, are these devices worth it? If you’re looking for a new Android device that isn’t too costly and don’t want to bother being locked into a contract where you can’t replace your phone. these devices are a good to great choice. Wondering how they will work in your organization? Contact us, we may have a solution.

Freedom is something many take for granted, especially when it comes to the Internet. We tend to think that countries that block certain sites on the Internet, like China and their ‘great firewall’ are infringing on basic rights. While blocking sites and access might seem pernicious, there is some benefit that comes from it, especially for companies; a decreased security risk and better control. Does your company allow employees unrestricted Internet access? If so there might be some issues that could arise from this.

Here’s four potentially negative outcomes that can result from unrestricted Internet access.

Loss of productivity
We live in a world where we are reliant on the Internet and the once clear line between work and life has blurred into more or less the same thing. When we’re at work, it’s often hard to resist the temptation of checking our email, personal Facebook accounts, or even the news. When we do this, we aren’t focusing on work which could mean we are less productive as a result.

Legal liability
The potential legal liabilities from improper use of the Internet while at work could lead to some serious legal implications. For example, over 27% of Fortune 500 companies have been accused of sexual harassment stemming from inappropriate emails sent by employees. To go one step further, in the US, the Supreme Court has ruled that companies can be held liable for their employees forwarding offensive or illegal material.

Reputation damage
There are numerous cases where an employee has received an email and forwarded it to several other employees, who then in turn forward it on until it reaches someone who is unintentionally offended. It’s made worse when this email is plastered with company branding and from a work email address. In serious cases word can leak to the media and the company’s reputation takes a serious hit.

Increased bandwidth consumption
Websites like YouTube, or those with some sort of streaming media, can be bandwidth intensive. With services like these, you’ll notice that anything that relies on an Internet connection runs slower. This alone will increase costs, especially if you rely on the Internet and need to purchase more than one connection to keep speeds where they should be.

With these four outcomes, it seems like the answer might be obvious: you should limit or block non-essential websites. Be warned however, younger generations entering the workforce have come to rely on and expect openness, and freedom of the Internet. Watch your typical Gen Y work, and they will use the Internet both for work and relaxation. Draconian blocking of sites could in fact bring about an even larger decrease in productivity in these Internet-hungry employees, as they either focus on finding ways to circumvent the block instead of working, or simply leave the company.

So, what is the best solution? The answer is one many companies have struggled with. The truth is, it’s different for every company, but the one thing productive companies have in common is a policy on Internet use, combined with taking adequate steps in terms of security. Many tech companies allow free and open access to sites like Facebook in the belief that even if used for personal measures, the employee is spreading the word about the company. If you’re not an expert in this, or would like some guidance, we are happy to help, so please get in touch.

Security issues seem to follow cycles. An exploit or security weakness is found in an operating system and all of a sudden, there’s tons of hackers taking advantage of it. Then, the OS developers and security companies develop and implement a fix and things die down for a few weeks, only to have another exploit submerge. Microsoft knows this all too well, and has implemented some new security features into Windows 8 that will hopefully curb the cycle.

Below are three common security issues faced by all networks and how Windows 8 combats them.

Spear phishing
Spear phishing is a form of social engineering conducted over email. If a hacker wants to access a system, they will often pose as a customer and either send an email with an attachment, or send this over IM. The attachment contains a virus or trojan horse which then gives the hacker access to any system that the ‘attachment’ is downloaded onto.

The main way Windows 8 prevents this is through Windows Defender. This is a full antivirus and malware solution that is based on the Microsoft Security Essentials platform. If you aren’t currently working with a Managed Service Provider, or have decided to take on the migration in-house, Windows Defender can be a good device to protect you while you upgrade and before you implement other antivirus solutions, and is available on all versions of Windows 8.

Drive-by malware
One way to infect a network is to post a link to a website or file that contains malware. When a person clicks on the link, the malware is installed, often without the user knowing. To combat this, Windows 8 has two features: SmartScreen and Secure Boot.

SmartScreen has two functions. It scans URL links typed into a browser. When a URL is entered that’s known to contain malware, it blocks the user from accessing the website. While this isn’t a new feature, reports have noted that this is the best URL scanner among any modern browser. The other function of SmartScreen is to scan files that have been downloaded for malicious software.

Many users know there is a similar feature on Windows 7, that notifies you that a file has been downloaded from the Internet when you open it, and gives you choices on what to do with it. SmartScreen improves on this, and takes an active role in notifying you about the security of downloaded items. SmartScreen is available on all versions of Windows 8.

Secure Boot on the other hand works on a far more basic level. Developed for use on motherboards using UEFI – Unified Extensible Firmware Interface, a new form of firmware which will replace the aging BIOS. It works by validating the digital signature of all boot components – software and hardware that starts during the bootup of a computer – to look for any tampering. If a disparity is found, Windows Recovery will start and attempt to fix the problem. This will help cut down on the number of Rootkits – malware that modifies an OS before it starts up. Secure Boot is available on Windows 8 Pro and Enterprise

Out-of-date devices connecting to network
One of the more common trends in the past couple of years is employees wanting to bring their own devices to work (BYOD). While there are many benefits to this, a device that an employee brings in which isn’t up to date, or already infected, could pose a huge security risk. One way IT can manage this is through an approved list of programs that can be centrally managed.

Windows 8 allows this through a feature called Applocker. Applocker is an application control program that allows an administrator to create either a white (allowed) or black (not allowed) list of apps users are allowed to download on a company controlled system. If you create a BYOD policy where an employee can bring in their own device, but have to connect through a virtualized desktop, managed by the company, this is a great way to ensure malicious apps and unapproved programs aren’t downloaded and that company security is maintained. Applocker is available on Windows 8 Enterprise.

These are just a few of the common security issues faced by companies, and how Windows 8 can protect a network or system from them. If you’re thinking of upgrading to Windows 8, please contact us.

The job of a manager and entrepreneur requires an investment of serious time. You’re never focused on one task, rather you’re trying to focus on every job that needs to be done, yesterday. Sometimes you’re pulled in so many different directions that you can feel ineffective. One way to lessen this is by taking steps to hire an assistant, not just any assistant, a virtual assistant.

A virtual assistant (VA) fills the role of a traditional assistant but is just not physically present. Many roles, like replying to trivial emails, finishing presentations, writing or even answering your phones, can all be done through the computer. If you’re interested in virtualizing your assistant here’s five steps that will help you find the perfect assistant.

Step 1: Think about tasks you don’t like You’re not a superhero, there is always something, maybe many things, that you don’t like doing. Over the course of a week jot down what you do each day and whether you like/dislike the task. Beyond that, if you think someone could do it better, jot that down as well. At the end of the week, look over the list and see if you have to do the tasks yourself, or if you can outsource them. The tasks you can outsource can be given to your VA.

Step 2: Look for a VA Once you can justify a VA, start looking for one. Reach out to your network and see if your colleagues have assistants, and if they can provide you with a recommendation. Beyond that, consulting with organizations like the ivaa.org can return some great VAs.

Step 3: Screen candidates This step is just like hiring a physical candidate. You need to go through your list of potential hires and ask them questions to ensure they are both a good fit and what you're looking for. Some things you could ask include:

• If they have experience in the tasks you listed above.
• If they have time available to actually take on your requirements.
• Their working hours and holiday requirements.
• The services they do/don’t provide.
• Their rates.
• Their general experience.
• If they can provide references and previous examples of their work.

This is by no means an exhaustive list and you should ensure to conduct the interview and asks questions related to your specific needs. One thing you should be clear on are your expectations and budget. If you want a VA who will respond within 10 minutes and you’re located in San Diego, and your VA is located in Thailand, it could take longer than that due to the time difference.

Step 4: Baby steps Like learning to walk, you can’t start at a run, rather you have to take it slow. Start with a small project to test the waters as a way to vet the candidate. Be sure to let them know that this is a test, and not a final offer. This won’t be free, you should pay them at their normal rates.

Step 5: Onboard slowly, terminate quickly If the VA is a good fit, and the test project goes smoothly, you can start to wrap up. Generally, the onboarding process should be slower than a normal physical hiring as you have to invest more and vet them more carefully. If you find that down the line, the VA just isn’t working out, or keeps making the same mistakes, cut them loose. A VA isn’t like a normal employee, you shouldn’t have to invest thousands of dollars and man hours training them and as such, it isn’t as much of an investment.

If you’d like to learn more about virtualizing roles or services within your company, please contact us.

Standing in lines isn’t all that fun. Standing in lines waiting for a security check, like those conducted at airports is worse. There’s always this feeling of having to rush to get your laptop out of your bag and all the metal out of your pockets. Whether it’s the security of our country or our computer systems, security is a big issue. Many companies want to take steps to ensure their business is safe, but are unsure of what threats to secure themselves against.

Here’s an overview of the three most common security threats small to medium businesses face.

Targeted external attacks Large, organized cyber-crime groups do exist, with Anon proving that. When these groups set their sights on something, nothing is safe. Luckily, the possibility of a smaller business like yours coming under attack from targeted external attacks is pretty slim. While rare, it could still happen and you should take steps to ensure your server(s) and systems that connect to the Internet are up-to-date. You should also ensure your firewalls and/or virus scanners are properly configured, and internal systems (Intranet) are separated from the Internet.

Taking these steps will ensure your system is nearly 100% safe. Granted, skilled and determined hackers can always find ways into systems though. Systems that are harder to hack, or take longer to hack due to stronger security measures, will generally deter nearly all external attacks.

Targeted internal attacks Just because your systems are safe from external threats doesn’t mean you’re safe. In fact, most security threats to smaller businesses come from the inside. That last security breach likely wasn’t due to an uber hacking collective from Russia, but disgruntled Joe in accounting. If your internal systems are unsecured, or you store a list of machine passwords on a network drive - sounds silly, but you’d be surprised how many companies do this - you are basically inviting employees to steal information. Other security threats come from employees who just don’t know what they’re doing with some technology.

If this sounds like your company, it’s a good idea to take stock of who has access to what, and see if maybe you’ve been a little too liberal with it. You don’t want to completely lock systems and acces down though, as this could hinder your employees from doing their jobs. If you have servers or routers it probably isn’t a good idea to give all employees access to the settings of the system. Instead, either let someone with experience manage these systems, or work with a Managed Service Provider who can look after all this for you.

BYOD As technological devices proliferate, employees are increasingly tempted to want to bring their own devices to the office. This concept, commonly referred to as Bring Your Own Device (BYOD) has the potential to be disruptive - both for the better and worse. If done right, you could shave thousands off your budget. If done in the wrong way, your organization could be exposed to nearly every security threat  imaginable.

Many BYOD related security cases we’ve seen come from when an employee brings in a device that isn’t up-to-date and connects it to the network. Reading update notes for most programs will show that the patch fixes many known security issues; an unpatched machine makes it easier for hackers or other criminals to gain access to a network. Aside from that, many companies don’t have a method in place to identify what devices employees bring to the office. This makes it hard to pinpoint where security breaches happen, and how to fix them.

We’re not saying BYOD is bad, it just needs to be handled properly. You should create a list of approved devices along with a list of who brings in what devices, and establish a policy that employees must ensure their systems are up-to-date and follow company security measures. One of the easiest ways to do this is to have your security expert look at the devices connected to the network. Each device has a MAC address - a unique ID - that can be recorded and added to a security white list. If the device doesn’t meet established standards, or isn’t on the MAC address list, then it’s not allowed to connect without authorization.

Contact us to find out how we can help reduce security threats in your business.

Breaking Bad is a show about cooking drugs. Why mention it on our blog? Well, in an episode in the first season the two main characters are stuck in the New Mexico scrub with a dead battery. Through elementary level chemistry they power up their machine and are off on an adventure that makes one heck of a great show. This episode highlights that Batteries are an important part of modern life and it’s only when they’re not working properly or die minutes after charging that we realize this.

Here’s the top five battery life killers:

1. Exposure to extreme heat/cold. Leaving your device in the car during a hot day, or frigid night can and will reduce the life of batteries. You should be careful not to expose your device to these extreme conditions.
2. Moisture/Humidity. While most places in the US, Australia, the UK and Canada don’t have high enough humidity to noticeably affect battery life, rapid or sudden changes in moisture can and often will affect battery life. If you’re traveling from say Phoenix to Singapore, you should ensure there is a charge in the battery (above 40%) and to remove it from the device before traveling. This will help reduce shock due to an extreme change.
3. Incredibly bright screens. High quality displays like those found on the iPhone and most new Android phones have amazing image quality. Some are also super bright. If you have your brightness cranked, you will notice fast battery drain which could lead some users to think their battery is functioning poorly. If you turn your screen’s brightness down, you will have  increased battery life, which means less drain.
4. Data is fast…at draining batteries. 3G and 4G data connections are great, as you can surf the Internet at speeds that rival current high-speed landlines. The only problem is that coverage in most places can be a little spotty. The way most phones are set up is If you have mobile data turned on, the phone will be always searching for a connection. This constant action, especially when you don’t have 3G coverage, will drain the battery, and make most users think that their phone’s battery is dying. When not in use, turn off data connections.
5. Full discharge/recharge. Yes, believe it or not, phones with a lithium-Ion battery (nearly all new smartphones) will see decreased battery life if the user keeps doing full cycles – using the phone until it dies, then recharging it. Lithium-ion batteries work best when you keep them charged, fewer full cycles results in longer battery life. In other words: ABC (Always Be Charging). Combine this with tips three and four, and you will increase your battery’s life.

If you’d like to learn more about caring for your phone, please contact us.